Skip to content

agno

v2.6.6 Security

This release patches 2 CVEs for security teams tracking exposure across their dependency inventory.

Published 20d AI Agents & Assistants
2 patched CVEs
Read the diff → Tool health → What is this tool? →
This release patches 2 known CVEs CVE-2023-4863 EPSS 93% CVE-2026-42208 EPSS 57%
2 CVEs patched

Topics

agents ai ai-agents developer-tools python

Affected surfaces

auth

ReleasePort's take

Moderate signal
editorial:auto 13d

Version v2.6.6 adds HITL multi-row approvals in Slack and fixes JWT user_id binding across WebSockets, traces, and approvals routers.

Why it matters: Test the new Slack approval flow in a dev environment; migrate any code relying on correct JWT subject binding to handle the fix before deploying v2.6.6.

Summary

AI summary

Slack HITL multi‑row approvals added and JWT subject now correctly binds user_id.

Changes in this release

Feature Medium

Added support for HITL multi-row approvals with all pause types in Slack Interface.

Added support for HITL multi-row approvals with all pause types in Slack Interface.

Source: llm_adapter@2026-05-21

Confidence: high
Feature Medium

Added NotionDatabaseBacked to wiki context provider.

Added NotionDatabaseBacked to wiki context provider.

Source: llm_adapter@2026-05-21

Confidence: high
Feature Medium

Added API client header to Gemini connectors.

Added API client header to Gemini connectors.

Source: llm_adapter@2026-05-21

Confidence: low
Dependency Medium

Pinned `tree-sitter-language-pack` to version <1.8.0 to unblock chonkie code chunker.

Pinned `tree-sitter-language-pack` to version <1.8.0 to unblock chonkie code chunker.

Source: llm_adapter@2026-05-21

Confidence: low
Deprecation Medium

Disabled agno[mistral] due to mistralai being quarantined on PyPI.

Disabled agno[mistral] due to mistralai being quarantined on PyPI.

Source: llm_adapter@2026-05-21

Confidence: high
Bugfix Medium

`aget_last_run_output` now returns None when agent.id is auto-generated during `arun()`.

`aget_last_run_output` now returns None when agent.id is auto-generated during `arun()`.

Source: llm_adapter@2026-05-21

Confidence: high
Bugfix Medium

Fixed forwarding dependencies and metadata to /continue endpoints via get_request_kwargs.

Fixed forwarding dependencies and metadata to /continue endpoints via get_request_kwargs.

Source: llm_adapter@2026-05-21

Confidence: high
Bugfix Medium

Fixed binding user_id to JWT subject in traces and approvals routers.

Fixed binding user_id to JWT subject in traces and approvals routers.

Source: llm_adapter@2026-05-21

Confidence: low
Bugfix Medium

Fixed binding WebSocket user_id to JWT subject for workflows.

Fixed binding WebSocket user_id to JWT subject for workflows.

Source: llm_adapter@2026-05-21

Confidence: low
Bugfix Medium

Injected LearningMachine context into Team system prompt.

Injected LearningMachine context into Team system prompt.

Source: llm_adapter@2026-05-21

Confidence: low
Full changelog

Changelog

New Features:

  • Slack Interface: Added support for HITL multi-row approvals with all pause types.

Improvements:

  • WikiContextProvider: Added NotionDatabaseBacked to wiki context provider.
  • Tools: Updated to warn on duplicate tool names when registering on agent or team.

Bug Fixes:

  • JWT:
    • fixed to bind user_id to JWT subject in traces and approvals routers
    • fixed to bind WebSocket user_id to JWT subject for workflows
  • RunOutput: fixed aget_last_run_output returns None when agent.id is auto-generated during arun().
  • /continue Endpoint: Fixed to forward dependencies and metadata to /continue endpoints via get_request_kwargs.
  • LearningMachine: Fixed to inject LearningMachine context into Team system prompt.

What's Changed

  • fix: bind user_id to JWT subject in traces and approvals routers by @ysolanky in https://github.com/agno-agi/agno/pull/7816
  • fix: bind WebSocket user_id to JWT subject to prevent IDOR by @ysolanky in https://github.com/agno-agi/agno/pull/7817
  • feat: add api client header to gemini connectors by @markmcd in https://github.com/agno-agi/agno/pull/7828
  • fix: warn on duplicate tool names when registering on agent or team by @ysolanky in https://github.com/agno-agi/agno/pull/7829
  • fix: add Anthropic context window patterns to CONTEXT_WINDOW_PATTERNS by @marcospin in https://github.com/agno-agi/agno/pull/7836
  • fix: aget_last_run_output returns None when agent.id is auto-generated during arun() by @kausmeows in https://github.com/agno-agi/agno/pull/7840
  • fix: forward dependencies and metadata to /continue endpoints via get_request_kwargs by @ysolanky in https://github.com/agno-agi/agno/pull/7849
  • fix: inject LearningMachine context into Team system prompt by @Mustafa-Esoofally in https://github.com/agno-agi/agno/pull/7818
  • chore: update S3 bucket URL from phidata-public to agno-public by @irfaan101 in https://github.com/agno-agi/agno/pull/7844
  • fix: pin tree-sitter-language-pack<1.8.0 to unblock chonkie code chunker by @sannya-singal in https://github.com/agno-agi/agno/pull/7869
  • feat: Slack HITL multi-row approvals with all pause types by @Mustafa-Esoofally in https://github.com/agno-agi/agno/pull/7574
  • fix: disable agno[mistral] (mistralai quarantined on PyPI) by @harshsinha03 in https://github.com/agno-agi/agno/pull/7877
  • [FIX] newsletter link in README by @kyleaton in https://github.com/agno-agi/agno/pull/7900
  • cookbook: rewrite 01_demo as minimal AgentOS demo by @ashpreetbedi in https://github.com/agno-agi/agno/pull/7906
  • feat: add NotionDatabaseBackend to wiki context provider by @ashpreetbedi in https://github.com/agno-agi/agno/pull/7914
  • chore: Release v2.6.6 by @kausmeows in https://github.com/agno-agi/agno/pull/7915

New Contributors

  • @markmcd made their first contribution in https://github.com/agno-agi/agno/pull/7828
  • @marcospin made their first contribution in https://github.com/agno-agi/agno/pull/7836
  • @irfaan101 made their first contribution in https://github.com/agno-agi/agno/pull/7844

Full Changelog: https://github.com/agno-agi/agno/compare/v2.6.5...v2.6.6

Security Fixes

  • Fixed JWT subject binding for WebSocket user_id to prevent IDOR
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track agno

Get notified when new releases ship.

Sign up free

About agno

Build, run, manage agentic software at scale.

All releases →

Related context

Beta — feedback welcome: [email protected]