The MCP protocol has released a significant update, with its 2026-07-28 release candidate introducing major changes to its specification. Key among these is the protocol's shift to a stateless design at the protocol layer, requiring clients and servers to adapt their transport assumptions and handle state explicitly within application handles rather than relying on session IDs. Server-initiated requests are now only possible during active client requests, necessitating robust client-side data preservation and replay mechanisms. Additionally, MCP Apps are being treated as distinct application surfaces with implications for security and developer experience, requiring hosts to test iframe isolation and servers to ensure deterministic UI template declarations. The release candidate also enhances authorization by tightening standards around OAuth 2.0 and OpenID Connect, with clients needing to validate the `iss` parameter and authorization servers expected to provide it. AI
IMPACT Requires developers to update clients and servers to maintain compatibility with the stateless protocol design and updated authorization standards.
RANK_REASON This is a technical specification update for a protocol, not a new product release or significant industry event.
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →