Skip to main content
This guide provides migration instructions for breaking changes and major updates when upgrading between FastMCP versions.

v2.14.0

OpenAPI Parser Promotion

The experimental OpenAPI parser is now the standard implementation. The legacy parser has been removed. If you were using the legacy parser: No code changes required. The new parser is a drop-in replacement with improved architecture. If you were using the experimental parser: Update your imports from the experimental module to the standard location: 
from fastmcp.experimental.server.openapi import FastMCPOpenAPI, RouteMap, MCPType
The experimental imports will continue working temporarily but will show deprecation warnings. The FASTMCP_EXPERIMENTAL_ENABLE_NEW_OPENAPI_PARSER environment variable is no longer needed and can be removed.

Deprecated Features Removed

The following deprecated features have been removed in v2.14.0: BearerAuthProvider (deprecated in v2.11): 
from fastmcp.server.auth.providers.bearer import BearerAuthProvider
Context.get_http_request() (deprecated in v2.2.11): 
request = context.get_http_request()
Top-level Image import (deprecated in v2.8.1): 
from fastmcp import Image
FastMCP dependencies parameter (deprecated in v2.11.4): 
mcp = FastMCP("server", dependencies=["requests", "pandas"])
Legacy resource prefix format: The resource_prefix_format parameter and “protocol” format have been removed. Only the “path” format is supported (this was already the default). FastMCPProxy client parameter: 
proxy = FastMCPProxy(client=my_client)
output_schema=False: 
@mcp.tool(output_schema=False)
def my_tool() -> str:
    return "result"

v2.13.0

OAuth Token Key Management

The OAuth proxy now issues its own JWT tokens to clients instead of forwarding upstream provider tokens. This improves security by maintaining proper token audience boundaries. What changed: The OAuth proxy now implements a token factory pattern - it receives tokens from your OAuth provider (GitHub, Google, etc.), encrypts and stores them, then issues its own FastMCP JWT tokens to clients. This requires cryptographic keys for JWT signing and token encryption. Default behavior (development): By default, FastMCP automatically manages keys based on your platform:
  • Mac/Windows: Keys are auto-managed via system keyring, surviving server restarts with zero configuration. Suitable only for development and local testing.
  • Linux: Keys are ephemeral (random salt at startup, regenerated on each restart).
This works fine for development and testing where re-authentication after restart is acceptable. For production: Production deployments must provide explicit keys and use persistent storage. Add these three things: 
auth = GitHubProvider(
    client_id=os.environ["GITHUB_CLIENT_ID"],
    client_secret=os.environ["GITHUB_CLIENT_SECRET"],
    base_url="https://your-server.com",

    # Explicit keys (required for production)
    jwt_signing_key=os.environ["JWT_SIGNING_KEY"],

    # Persistent network storage (required for production)
    client_storage=RedisStore(host="redis.example.com", port=6379)
)
More information: