[v1.x] fix: return HTTP 404 for unknown session IDs instead of 400 (#…

…1945)

Co-authored-by: Maxime <67350340+max-rousseau@users.noreply.github.com>
Co-authored-by: Max Isbey <224885523+maxisbey@users.noreply.github.com>

ci: add v1.x branch to main-checks workflow (#1802)

fix: use correct python command name in test_stdio.py (#1782)

Signed-off-by: Ondrej Mosnáček <omosnacek@gmail.com>

chore: remove release-comment workflow (#1758)

fix: skip priming events and close_sse_stream for old protocol versio…

…ns (#1719)

chore: update LATEST_PROTOCOL_VERSION to 2025-11-25 (#1715)

Merge commit from fork

* Auto-enable DNS rebinding protection for localhost servers

When a FastMCP server is created with host="127.0.0.1" or "localhost"
and no explicit transport_security is provided, automatically enable
DNS rebinding protection. Both 127.0.0.1 and localhost are allowed
as valid hosts/origins since clients may use either to connect.

* Add tests for auto DNS rebinding protection on localhost

Tests verify that:
- Protection auto-enables for host=127.0.0.1
- Protection auto-enables for host=localhost
- Both 127.0.0.1 and localhost are in allowed hosts/origins
- Protection does NOT auto-enable for other hosts (e.g., 0.0.0.0)
- Explicit transport_security settings are not overridden

* Add IPv6 localhost (::1) support for DNS rebinding protection

Extend auto-enable DNS rebinding protection to also cover IPv6
localhost. When host="::1", protection is now auto-enabled with
appropriate allowed hosts ([::1]:*) and origins (http://[::1]:*).

* Fix import ordering in test file

docs: Update examples to use stateless HTTP with JSON responses (#1499)

fix get_client_metadata_scopes on 401 (#1631)

Co-authored-by: Max Isbey <224885523+maxisbey@users.noreply.github.com>

Fix CI highest resolution test to actually test highest versions (#1609)