The release candidate for MCP 2026-07-28 is out. The protocol is now stateless: no handshake, no session id, any request can hit any server instance. Plus extensions as first-class (MCP Apps, Tasks), auth hardening, and a proper deprecation policy so we don’t have to do this again.

The 2026-07-28 MCP Specification Release Candidate

Source: https://blog.modelcontextprotocol.io/posts/2026-07-28-release-candidate/ The release candidate for MCP**2026\-07\-28**is now available. It is the largest revision of the protocol since launch and delivers on the2026 roadmap:

• a stateless corethat scales on ordinary HTTP infrastructure
• extensionsincluding server-rendered UIs throughMCP Appsand long-running work through theTasks extension
• authorizationthat aligns more closely with OAuth and OpenID Connect deployments
• a formal deprecation policyso the protocol can evolve without breaking what you’ve built,

and many other changes.

The practical effect on a production deployment is immediate. A remote MCP server that previously needed sticky sessions, a shared session store, and deep packet inspection at the gateway can now run behind a plain round-robin load balancer, route traffic on anMcp\-Methodheader, and let clients cachetools/listresponses for as long as the server’sttlMspermits.

The release candidate is available today and the final specification ships onJuly 28, 2026. This release contains breaking changes; seeRelease Timeline and Validationfor the details.

A Stateless Protocol

The headline change is that MCP is now stateless at the protocol layer. SixSpecification Enhancement Proposals(SEPs) work together to get there, completing the plan we laid out inThe Future of MCP Transportsin December.

Before and after

In2025\-11\-25, calling a tool over Streamable HTTP means establishing a session first:

POST /mcp HTTP/1.1
Content-Type: application/json

{"jsonrpc":"2.0","id":1,"method":"initialize",
 "params":{"protocolVersion":"2025-11-25","capabilities":{},
           "clientInfo":{"name":"my-app","version":"1.0"}}}

The server responds with anMcp\-Session\-Idthat every subsequent request must carry, pinning the client to whichever instance issued it:

POST /mcp HTTP/1.1
Mcp-Session-Id: 1868a90c-3a3f-4f5b
Content-Type: application/json

{"jsonrpc":"2.0","id":2,"method":"tools/call",
 "params":{"name":"search","arguments":{"q":"otters"}}}

In2026\-07\-28, the same call is a single self-contained request that any server instance can handle:

POST /mcp HTTP/1.1
MCP-Protocol-Version: 2026-07-28
Mcp-Method: tools/call
Mcp-Name: search
Content-Type: application/json

{"jsonrpc":"2.0","id":1,"method":"tools/call",
 "params":{"name":"search","arguments":{"q":"otters"},
           "_meta":{"io.modelcontextprotocol/clientInfo":{"name":"my-app","version":"1.0"}}}}

The handshake and session are gone

Theinitialize/initializedhandshake is removed (SEP-2575). The protocol version, client info, and client capabilities that used to be exchanged once at connection time now travel in\_metaon every request, and a newserver/discovermethod lets clients fetch server capabilities when they need them up front.

TheMcp\-Session\-Idheader and the protocol-level session that came with it are also removed (SEP-2567). With both gone, any MCP request can land on any server instance, and the sticky routing and shared session stores that horizontal deployments needed before are no longer required at the protocol layer.

Stateless protocol, stateful applications

Removing the protocol-level session does not mean your application has to be stateless. Servers that need to carry state across calls can do what HTTP APIs have always done: mint an explicit handle (abasket\_id, abrowser\_id) from a tool and have the model pass it back as an ordinary argument on later calls.

In practice, we’ve found this pattern (the model threading an identifier from one tool call to the next) to be more than just a workable substitute for session state. It’s often a more powerful one. The model can compose handles across tools, reason about them, and hand them off between steps in ways that externally managed session state, hidden in transport metadata, never really allowed.

The protocol no longer manages that state for you, but it doesn’t prevent you from managing it yourself. The explicit-handle pattern simply makes the state visible to the model rather than hidden away.

Server-to-client requests, restructured

A stateless protocol still needs a way for servers to ask the client for something mid-call, such as an elicitation prompt. Two SEPs rebuild that flow so it works without a persistent connection.

Server-initiated requests may now only be issued while the server is actively processing a client request (SEP-2260). Earlier spec versions recommended this; it’s now required. A user is never prompted out of nowhere, and every elicitation traces back to something they (or their agent) started.

Multi Round-Trip Requests (SEP-2322) change how those prompts are delivered. Instead of holding a Server-Sent Events (SSE) stream open, the server returns anInputRequiredResult:

{
  "resultType": "inputRequired",
  "inputRequests": {
    "confirm": {
      "type": "elicitation",
      "message": "Delete 3 files?",
      "schema": { "type": "boolean" }
    }
  },
  "requestState": "eyJzdGVwIjoxLCJmaWxlcyI6WyJhIiwiYiIsImMiXX0="
}

The client gathers the answers and re-issues the original call withinputResponsesand the echoedrequestState. Any server instance can pick that retry up because everything it needs is in the payload.

Routable, cacheable, traceable

Three smaller changes make the resulting traffic easier to operate.

The Streamable HTTP transport now requiresMcp\-MethodandMcp\-Nameheaders (SEP-2243) so load balancers, gateways, and rate-limiters can route on the operation without inspecting the body. Servers reject requests where the headers and body disagree.

List and resource read results now carryttlMsandcacheScope(SEP-2549), modeled on HTTPCache\-Control. Clients know exactly how long atools/listresponse is fresh and whether it’s safe to share across users, and a long-lived SSE stream is no longer the only way to learn that a list changed.

W3C Trace Context propagation in\_metais now documented (SEP-414), locking down thetraceparent,tracestate, andbaggagekey names so distributed traces correlate across SDKs and gateways. Several SDKs and tools were already doing this; with the key names fixed in the spec, a trace that starts in a host application can follow a tool call through the client SDK, the MCP server, and whatever the server calls downstream, and show up as a single span tree in anOpenTelemetry-compatible backend.

Extensions Become First-Class

Extensions existed in the2025\-11\-25release but had no formal process behind them.SEP-2133adds that: extensions are identified by reverse-DNS IDs, negotiated through anextensionsmap on client and server capabilities, live in their ownext\-\*repositories with delegated maintainers, and version independently of the specification. A new Extensions Track in the SEP process gives them a path from experimental to official.

This release includes two official extensions.

MCP Apps: server-rendered user interfaces

MCP Apps(SEP-1865) lets servers ship interactive HTML interfaces that hosts render in a sandboxed iframe. Tools declare their UI templates ahead of time so hosts can prefetch, cache, and security-review them before anything runs. The rendered UI talks back to the host over the same JSON-RPC base protocol used everywhere else in MCP, so every UI-initiated action goes through the same audit and consent path as a direct tool call.

Tasks graduates to an extension

Tasks shipped as an experimental core feature in2025\-11\-25. Production use surfaced enough redesign that the right home for it is an extension rather than the specification.

TheTasks extensionreshapes the lifecycle around the stateless model: a server can answertools/callwith a task handle, and the client drives it withtasks/get,tasks/update, andtasks/cancel. Task creation is server-directed: the client advertises the extension and the server decides when a call should run as a task.tasks/listis removed because it can’t be scoped safely without sessions.

Anyone who shipped against the2025\-11\-25experimental Tasks API will need to migrate to the new lifecycle.

Six SEPs harden theauthorization specificationto align more closely with how OAuth 2.0 and OpenID Connect are deployed in practice.

Clients must now validate theissparameter on authorization responses perRFC 9207(SEP-2468). This is a low-cost mitigation for a class of mix-up attack that is more prevalent in MCP’s single-client, many-server deployment pattern. In a future version, clients will be expected to reject responses that omitiss, so authorization servers should begin supplying it now if they don’t already.

Clients now declare their OpenID Connectapplication\_typeduring Dynamic Client Registration (SEP-837), avoiding the common case where an authorization server defaults a desktop or CLI client to"web"and rejects its localhost redirect URI. Clients bind registered credentials to the issuing authorization server’sissuerand re-register when a resource migrates between authorization servers (SEP-2352). The spec also documents how to request refresh tokens from OpenID Connect-style authorization servers (SEP-2207), and clarifies scope accumulation during step-up (SEP-2350) and the\.well\-knowndiscovery suffix (SEP-2351).

Roots, Sampling, and Logging Are Deprecated

Three core features are deprecated under the newfeature lifecycle policy(SEP-2577):

FeatureReplacementRootsTool parameters, resource URIs, or server configurationSamplingDirect integration with LLM provider APIsLoggingstderrfor stdio transports;OpenTelemetryfor structured observabilityThese are annotation-only deprecations. The methods, types, and capability flags continue to work in this release and in every specification version published within a year of it, and removing any of them will require a separate SEP under the lifecycle policy.

ToolinputSchemaandoutputSchemaare lifted to fullJSON Schema 2020-12(SEP-2106). Input schemas keep thetype: "object"root constraint but now allow composition (oneOf,anyOf,allOf), conditionals, and references ($ref,$defs). Output schemas are unrestricted, andstructuredContentcan now be any JSON value rather than only an object. Implementations must not auto-dereference external$refURIs and should bound schema depth and validation time.

Separately, the error code for a missing resource changes from the MCP-custom\-32002to the JSON-RPC standard\-32602Invalid Params (SEP-2164). If your client matches on the literal\-32002value, update it.

How the Protocol Evolves From Here

This release contains breaking changes. We don’t intend for that to be the norm.

Three governance SEPs in this release are designed so that future revisions can evolve the protocol without breaking core capabilities. Thefeature lifecycle policygives every feature anActive,Deprecated, andRemovedlifecycle with at least twelve months between deprecation and the earliest possible removal. TheExtensions frameworkmeans new capabilities can ship as opt-in extensions and stabilize there before, if ever, moving into the specification. And a Standards Track SEP can no longer reach Final status until a matching scenario lands in theconformance suite(SEP-2484), which is the same suite the newSDK tier systemscores official SDKs against.

The stateless rework in this release is the kind of foundational change that needed a clean break. With it landed, and with deprecation windows and extensions as the standard tools going forward, our expectation is that implementers targeting2026\-07\-28will be able to adopt future revisions without rewriting their transport or lifecycle code.

Release Timeline and Validation

The release candidate is locked as ofMay 21, 2026. The final specification will be published onJuly 28, 2026. The ten-week window is for SDK maintainers and client implementers to validate the changes against real workloads; under theSDK tier system, Tier 1 SDKs are expected to ship support within this window.

The full release candidate is in thedraft specification, and thechangelogwill list every change against2025\-11\-25.

If you find a problem, open an issue in thespecification repository. For implementation questions, the relevantWorking Groupchannel in thecontributor Discordis the fastest path to an answer.

Looking Ahead

This release gives MCP the foundation we expect it to grow on for a long time: a protocol that runs statelessly on commodity HTTP infrastructure, an extensions framework where capabilities like Tasks and MCP Apps can ship on their own timeline, and a lifecycle policy that lets implementers build on2026\-07\-28knowing what they ship will keep working.

Thank you to everyone who shaped these proposals through the Working Groups and a great deal of patient review. We’re looking forward to making this final with the community on July 28.