Fetching from the wire…
Top 5 · 2026-07-13 · source-backed
If you run a production MCP server, you have a hard deadline. The 2026-07-28 spec removes the protocol-level session model entirely, and it's a breaking change.
The MCP release candidate makes every request carry its own protocol version, client info, and capabilities (Model Context Protocol Blog). A server that needed sticky sessions and a shared session store can now run behind a plain round-robin load balancer, routing on an Mcp-Method header. This is the largest MCP revision since launch. Servers built around session state will break.
I like this change, and I'll say why. Stateful protocols are where scaling pain lives. Sticky sessions mean you can't just add a box behind a load balancer. You need session affinity, a shared store, careful failover. Killing the session model at the protocol layer means MCP servers scale like any stateless HTTP service. That's the right architecture, and it's the kind of breaking change worth eating early.
The spec ships more than statelessness. The Tasks extension lets a server answer tools/call with a task handle the client drives via tasks/get, tasks/update, and tasks/cancel, which is purpose-built for index builds, deep searches, multi-minute jobs that today risk a client timeout (Stacktree). And Enterprise-Managed Authorization went stable, moving MCP access decisions to your IdP and killing per-server consent prompts (InfoQ).
This anchors a week saturated with MCP news. Apple shipped the Safari MCP server, the first official browser MCP from a major vendor. Microsoft's Agent Framework added Progressive MCP Disclosure so agents load and unload tool schemas on demand. And OX Security disclosed CVE-2026-30615, a zero-click chain where a cloned-repo README or poisoned tool description auto-registers a malicious MCP server into RCE, with 7,000+ publicly reachable MCP servers exposed.
What builders should do: make every request self-contained now. No session store, no server-side state between calls. Let clients cache tools/list. Wrap anything that might time out in a task handle. Then move auth to your IdP. You have until July 28. That's not much runway for a breaking protocol change.
Each link below shares sources, entities, or timing with this story.
MCP deprecates Sampling / Shared entities / Same source / Shared topic / Earlier coverage
Linked by a graph relationship (MCP deprecates Sampling); both cover July, MCP, Method, Then; cite the same source (Model Context Protocol Blog).
MCP uses OAuth / Shared entities / Same source / Shared topic / Earlier coverage
Linked by a graph relationship (MCP uses OAuth); both cover July, MCP, Stateful, Sticky; cite the same source (Model Context Protocol Blog).
Microsoft supports MCP / Shared entities / Shared topic / Earlier coverage / Tension
Linked by a graph relationship (Microsoft supports MCP); both cover CVE, HTTP, MCP, Microsoft; overlapping topics (server, tool).
Microsoft supports MCP / Shared entities / Same source / Shared topic / Earlier coverage
Linked by a graph relationship (Microsoft supports MCP); both cover July, MCP, Model Context Protocol Blog; cite the same source (Model Context Protocol Blog).
Microsoft supports MCP / Shared entities / Same source / Earlier coverage
Linked by a graph relationship (Microsoft supports MCP); both cover IdP, Managed Authorization, MCP, Microsoft; cite the same source (InfoQ).
Microsoft supports MCP / Shared entities / Same source domain / Shared topic / Earlier coverage
Linked by a graph relationship (Microsoft supports MCP); both cover CVE, MCP, Microsoft, Then; reported by the same outlet (ox.security).
Claude Code uses MCP / Shared entities / Earlier coverage
Linked by a graph relationship (Claude Code uses MCP); both cover Agent Framework, CVE, MCP, Microsoft; earlier Agent Framework coverage from 2026-03-05.
Anthropic released MCP / Shared entities / Same source domain / Shared topic / Earlier coverage
Linked by a graph relationship (Anthropic released MCP); both cover HTTP, MCP, RCE; reported by the same outlet (ox.security).