fix(deps): update module github.com/modelcontextprotocol/go-sdk to v1.3.1 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/modelcontextprotocol/go-sdk	v1.1.0 → v1.3.1

GitHub Vulnerability Alerts

CVE-2026-27896

The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc. Additionally, Go's standard library folds the Unicode characters ſ (U+017F) and K (U+212A) to their ASCII equivalents s and k, meaning fields like "paramſ" would match "params". This violated the JSON-RPC 2.0 specification, which defines exact field names.

Impact:

A malicious MCP peer may have been able to send protocol messages with non-standard field casing (e.g., "Method" instead of "method") that the SDK would silently accept. This had the potential for:

• Bypassing intermediary inspection: Proxies or policy layers that matched on exact field names may have failed to detect or filter these messages.
• Cross-implementation inconsistency: Other MCP SDKs (TypeScript, Python) use case-sensitive parsing and would reject the same messages, creating potential security-boundary confusion.

Fix:

Go's standard JSON unmarshaling was replaced with a case-sensitive decoder (github.com/segmentio/encoding) in commit 7b8d81c. Users are advised to update to v1.3.1 to resolve this issue.

Credits:

MCP Go SDK thanks Francesco Lacerenza (Doyensec) for reporting this issue.

---

Release Notes

modelcontextprotocol/go-sdk (github.com/modelcontextprotocol/go-sdk)

v1.3.1

Compare Source

This release is a patch release for v1.3.0.

It contains a cherry-pick for a security issue reported in #​805, which takes advantage of the default behavior of Go's standard library JSON decoder that allows case-insensitive matches to struct field names (or "json" tags). The issue has been addressed by changing the JSON decoder to one that supports case sensitive matching.

Fixes

• all: use case-sensitive JSON unmarshaling by @​maciej-kisiel in #​807

New external dependencies

• https://github.com/segmentio/encoding, which is the package that provides the new decoder.

Full Changelog: modelcontextprotocol/go-sdk@v1.3.0...v1.3.1

v1.3.0

Compare Source

This release is equivalent to v1.3.0-pre.1. Thank you to those who tested the pre-release.

This release includes several enhancements and bugfixes. Worth mentioning is the addition of schema caching, which significantly improves the performance in some stateless server deployment scenarios.

Dependency updates

• go.mod: upgrade to jsonschema v0.4.2 by @​jba in #​732

Enhancements

• perf: add schema caching to avoid repeated reflection by @​SamMorrowDrums in #​685
• mcp: add DisableListening option to StreamableClientTransport by @​zxxf18 in #​729
• feat: deprecated logger in client & add Logger in ClientOption by @​CocaineCong in #​738
• feat: deleted the old logger in client by @​CocaineCong in #​744
• Export GetError and SetError methods by @​jba in #​753

Bugfixes

• fix: connectStandaloneSSE checking Content-Type header by @​liushuangls in #​736
• mcp: fix SSEClientTransport to report HTTP errors properly by @​hassan123789 in #​740
• mcp: add Allow header to 405 responses per RFC 9110 §15.5.6 by @​SamMorrowDrums in #​757
• mcp: fix a race condition in logging by @​maciej-kisiel in #​761

Chores

• docs: adds SDK version support matrix by @​La002 in #​737
• .github/workflows: add nightly conformance tests by @​findleyr in #​752

New Contributors

• @​La002 made their first contribution in #​737
• @​hassan123789 made their first contribution in #​740
• @​liushuangls made their first contribution in #​736
• @​CocaineCong made their first contribution in #​738
• @​zxxf18 made their first contribution in #​729
• @​SamMorrowDrums made their first contribution in #​685
• @​maciej-kisiel made their first contribution in #​761

Full Changelog: modelcontextprotocol/go-sdk@v1.2.0...v1.3.0

v1.2.0

Compare Source

This release is equivalent to v1.2.0-pre.2. Thank you to those who tested the prerelease.

This release adds partial support for the 2025-11-25 version of the MCP spec and fixes some bugs in the streamable transports. It also includes some minor new APIs, changes to contributing flows, and small bugfixes.

Contributing changes

• CONTRIBUTING.md is updated to remove the ad-hoc antitrust policy (#​651), and add a dependency update policy (#​635).
• An example server (examples/server/conformance) is added for the new conformance tests at modelcontextprotocol/conformance. Test can be run with scripts/conformance.sh (#​650).

Partial support for the 2025-11-25 spec

The following SEPs from the 2025-11-25 spec are now supported. Please see #​725 for the proposed API additions included to support these SEPs.

• SEP-973: icons and metadata (#​570)
• SEP-986: tool name validation (#​640)
• SEP-1024: elicitation defaults (#​644)
• SEP-1036: URL mode elicitation (#​646)
• SEP-1699: SSE polling (#​663)
• SEP-1330: elicitation enum improvements (#​676)

Other API additions

• Common error codes are now available through the sentinel jsonrpc.Error (#​452)
• OAuth 2.0 Protected Resource Metadata support (#​643)
• ClientCapabilities.RootsV2 and RootCapabilities are added to work around an API bug (#​607)
• Capabilities fields are added to ServerOptions and ClientOptions, to simplify capability configuration (#​706)

Streamable fixes

Several bug fixes are included for the streamable transports:

• mcp: relax SSE connection response handling in non-strict mode by @​zhxie in #​611
• Fix: Skip non-message SSE events in processStream by @​raphaelmansuy in #​637
• mcp: better handling for streamable context cancellation by @​findleyr in #​677
• mcp: don't break the streamable client connection for transient errors by @​findleyr in #​723

Other notable bugfixes

• fix: handle Windows CRLF in MCP client by @​isfzhang in #​665
• auth, mcp: add UserID to TokenInfo for session hijacking prevention by @​findleyr in #​695
• internal/docs: document UserID for session hijacking prevention by @​findleyr in #​697
• mcp: allow re-using connections in more cases by @​howardjohn in #​709
• oauthex: validate URL schemes in auth server metadata and DCR by @​findleyr in #​712
• mcp: debounce server change notifications by @​findleyr in #​717
• oauthex: fix content type check in getJSON by @​nikolavp in #​721

New Contributors

• @​zhxie made their first contribution in #​611
• @​SpringMT made their first contribution in #​614
• @​raphaelmansuy made their first contribution in #​637
• @​markus-kusano made their first contribution in #​644
• @​isfzhang made their first contribution in #​665
• @​orius123 made their first contribution in #​643
• @​howardjohn made their first contribution in #​709
• @​nikolavp made their first contribution in #​721

Full Changelog: modelcontextprotocol/go-sdk@v1.1.0...v1.2.0

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated

Details:

Package	Change
github.com/google/jsonschema-go	v0.3.0 -> v0.4.2