fix(deps): update module github.com/modelcontextprotocol/go-sdk to v1.4.1 [security]#545
Open
renovate-sh-app[bot] wants to merge 1 commit intomainfrom
Conversation
….4.1 [security] | datasource | package | from | to | | ---------- | -------------------------------------- | ------ | ------ | | go | github.com/modelcontextprotocol/go-sdk | v1.3.1 | v1.4.1 | Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com>
Contributor
Author
ℹ️ Artifact update noticeFile name: go.modIn order to perform the update(s) described in the table above, Renovate ran the
Details:
|
grafana-plugins-platform-bot
bot
moved this from 📬 Triage
to 🔬 In review
in Grafana Catalog Team
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.3.1→v1.4.1Warning
Some dependencies could not be looked up. Check the warning logs for more information.
GitHub Vulnerability Alerts
GHSA-q382-vc8q-7jhj
The Go SDK recently transitioned to the
segmentio/encodinglibrary for JSON parsing in version 1.3.1. While this change addressed both case-insensitivity and ASCII folding issues, the new parser implemented aggressive key matching that treated keys withnullUnicode characters appended at the end as equivalent to their base strings.Impact
When combined with duplicate keys, the described behavior leads to a "last key wins" resolution that could override the intended MCP message. This had the potential for:
Fix:
The
segmentio/encodingpackage was patched with a fix in segmentio/encoding@7d5a25d and a new version of the package was released (v0.5.4). The SDK switched to the patched version of the dependency in 724dd47aa. Users are advised to update to v1.4.1 to resolve this issue.Credits:
Thank you to Francesco Lacerenza (Doyensec) for reporting this issue.
Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk
CVE-2026-33252 / GHSA-89xv-2j6f-qhc8
More information
Details
The Go SDK's Streamable HTTP transport accepted browser-generated cross-site
POSTrequests without validating theOriginheader and without requiringContent-Type: application/json. In deployments without Authorization, especially stateless or sessionless configurations, this allows an arbitrary website to send MCP requests to a local server and potentially trigger tool execution.Impact:
A malicious website may have been able to send cross-site POST requests with
Content-Type: text/plain, which due to CORS-safelisted properties would reach the MCP message handling without any CORS preflight barrier.Fix:
The SDK was modified to perform
Content-Typeheader validation for POST requests and introduced a configurable protection for verifying the origin of the request in commit a433a83. Users are advised to update to v1.4.1 to use this additional protection.Note: v1.4.1 requires Go 1.25 or later.
Credits:
Thank you to Lê Minh Quân for reporting the issue.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:LReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk
GHSA-q382-vc8q-7jhj
More information
Details
The Go SDK recently transitioned to the
segmentio/encodinglibrary for JSON parsing in version 1.3.1. While this change addressed both case-insensitivity and ASCII folding issues, the new parser implemented aggressive key matching that treated keys withnullUnicode characters appended at the end as equivalent to their base strings.Impact
When combined with duplicate keys, the described behavior leads to a "last key wins" resolution that could override the intended MCP message. This had the potential for:
Fix:
The
segmentio/encodingpackage was patched with a fix in segmentio/encoding@7d5a25d and a new version of the package was released (v0.5.4). The SDK switched to the patched version of the dependency in 724dd47aa. Users are advised to update to v1.4.1 to resolve this issue.Credits:
Thank you to Francesco Lacerenza (Doyensec) for reporting this issue.
Severity
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:NReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
Release Notes
modelcontextprotocol/go-sdk (github.com/modelcontextprotocol/go-sdk)
v1.4.1Compare Source
This release is a patch release for v1.4.0.
It contains cherry-picks for several security improvements. Security advisories will follow.
Fixes
Update of the
segmentio/encodingmodule versionThe JSON parsing library that was adopted to avoid attacks taking advantage of the Go's standard parser being case insensitive turned out to contain an issue itself. We have submitted the fix upstream and this release updates the dependency to the patched version.
Cross-origin requests protection
We have added additional protection against cross origin requests. From now on, we verify that
Content-Typefor JSON-RPCPOSTrequests is set toapplication/jsonand use the newhttp.CrossOriginProtectionfunctionality to verify the origin of the request. Usage of this functionality required increasing the required Go version to 1.25, which is in line with our Go version policy of supporting two newest Go versions. The behavior can be customized by passing a configuredhttp.CrossOriginProtectionobject toStreamableHTTPOptions.Since this is a behavior change, we introduced a compatibility parameter
disablecrossoriginprotectionthat will allow to temporarily disable it. It will be removed inv1.6.0version of the SDK. See here for more details about behavior changes and a history of compatibility parameters across SDK versions.Allowing customization of
http.Clientfor client-side OAuthWe have introduced an optional
http.Clientparameter toAuthorizationCodeHandlerConfig. This allows customization of the transport, for example implementing environment specific protection against Server-Side Request Forgery.Pull requests
Full Changelog: modelcontextprotocol/go-sdk@v1.4.0...v1.4.1
v1.4.0Compare Source
This release marks the completion of the full 2025-11-25 specification implementation, by introducing the support for Sampling with Tools and experimental client-side OAuth support. It also contains multiple bug fixes and improvements. Thanks to all contributors!
Client-side OAuth support
This release introduces experimental support for OAuth on the client side of the SDK. It aims to support the full scope of the current MCP specification for authorization. To use it, you need to compile the SDK with the
-tags mcp_go_client_oauthflag. Some changes may still be applied to this new API, based on developer feedback. The functionality is planned to become stable inv1.5.0release, expected by the end of March 2026. More details can be found at https://github.com/modelcontextprotocol/go-sdk/blob/main/docs/protocol.md#client.Sampling with Tools
Starting from this release, the server use the new
CreateMessageWithToolsmethod to create a sampling request to the client that contains tools that can be used by the client. On the client side,CreateMessageWithToolsHandlermay be used to handle such requests and issueToolUseresponses to the server.Behavior changes
We have two important behavior changes that were introduced to fix a bug or improve security posture. They can be temporarily turned off by specifying a special
MCPGODEBUGenvironment variable when running the SDK. Different options can be added together, separated by a comma.Introduced DNS rebinding protection
The requests arriving via a localhost address (
127.0.0.1,[::1]) that have a non-localhostHostheader will be rejected to protect against DNS rebinding attacks. The protection can be disabled by specifyingStreamableHTTPOptions.DisableLocalhostProtection, but it should be done only if security implications are understood (see documentation for the option).This protection is a behavior change, as the protection is now enabled by default. Because of that, we have introduced an
MCPGODEBUGoption to bring back the previous default behavior for users that need more time to adjust. However, if possible, we recommend specifyingDisableLocalhostProtectiondescribed above, as it is a more future-proof solution. TheMCPGODEBUGoption to remove this protection (disablelocalhostprotection=1) will be removed inv1.6.0.Removed JSON content escaping when marshaling
By default
encoding/jsonescapes the contents of the objects, which causes some servers to fail. We switched to no escaping by default, to be consistent with other SDKs. Since this is a behavior change, we introduced anMCPGODEBUGoption to bring back the previous behavior for users that need more time to adjust to it. That option (jsonescaping=1) will be removed inv1.6.0.Bug fixes
Security vulnerability caused by the case insensitive parsing behavior of
encoding/jsonhas been submitted (also release as a cherry pick inv1.3.1). Security advisory has been posted.Other fixes:
Enhancements
Notably, the SDK now supports the
extensionsfield in client and server capabilities, which should enable creation of MCP Apps.Other enhancements:
Repository organization
Some effort was put into better organization of the repository, as well as making sure it's up to date and secure. As a highlight, the repository is not integrated with OSSF Scorecard with a positive score of 8.7. Additionally, the full conformance test suite is now run on every PR and push to main.
dns-rebinding-protectionscenario as failing by @maciej-kisiel in #775New Contributors
Full Changelog: modelcontextprotocol/go-sdk@v1.3.0...v1.4.0
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
Need help?
You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section.