agno

v2.6.7 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 19d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

agents ai ai-agents developer-tools python

Affected surfaces

auth rbac rce_ssrf

Summary

AI summary

Added per‑user data isolation layer for AgentOS and a GeminiInteractions model class.

Changes in this release

Type	Severity	Summary	CVE
Feature
Feature	Medium	Added GeminiInteractions model class for Google's new stateful interactions API Added GeminiInteractions model class for Google's new stateful interactions API Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Added opt-in per-user data isolation layer for AgentOS authenticated endpoints Added opt-in per-user data isolation layer for AgentOS authenticated endpoints Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Added allowed_hosts parameter to URL-fetching readers to restrict outbound fetches Added allowed_hosts parameter to URL-fetching readers to restrict outbound fetches Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix
Bugfix	Medium	Fixed duplicate sparse encoder call in Qdrant async_insert Fixed duplicate sparse encoder call in Qdrant async_insert Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Prevented child agent's spans from overwriting parent trace session IDs Prevented child agent's spans from overwriting parent trace session IDs Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Workflow HITL continue path now uses async acleanup_run function in async contexts Workflow HITL continue path now uses async acleanup_run function in async contexts Source: llm_adapter@2026-05-21 Confidence: low	—

Full changelog

Changelog

New Features:

Gemini Interactions: Added a new GeminiInteractions model class that makes use of Googles new stateful interactions API
AgentOS: Added an opt-in per-user data isolation layer for AgentOS authenticated endpoints.

Improvements:

Knowledge Readers: Added allowed_hosts parameter to URL-fetching readers to restrict outbound fetches.

Bug Fixes:

Qdrant: Fixed to remove duplicate sparse encoder call in Qdrant async_insert.
Traces: Fixed the parent trace's session_id / agent_id / team_id from being overwritten by a child agent's spans when both share a trace_id. Most visible when a Team uses a post-hook (e.g. @hook(run_in_background=True).
Workflow: Fixed workflow’s HITL continue path to use corresponding async function acleanup_run if running in an async context.

What's Changed

fix: remove duplicate sparse encoder call in Qdrant async_insert by @sannya-singal in https://github.com/agno-agi/agno/pull/7893
fix: traces update db level by @kausmeows in https://github.com/agno-agi/agno/pull/7796
cookbook: update notion mcp example to current server by @ashpreetbedi in https://github.com/agno-agi/agno/pull/7921
feat: per-user data isolation across AgentOS endpoints by @SamJupe in https://github.com/agno-agi/agno/pull/7606
fix: Calling acleanup_run instead of cleanup_run by @abhi10691 in https://github.com/agno-agi/agno/pull/7916
[fix] fix duplicated word in docker container network_mode comment by @otjdiepluong in https://github.com/agno-agi/agno/pull/7913
fix: add allowed_hosts SSRF guard to knowledge readers by @sannya-singal in https://github.com/agno-agi/agno/pull/7892
fix: use SESSION_ID_REQUIRED constant in continue-run routes by @ysolanky in https://github.com/agno-agi/agno/pull/7936
feat: add GeminiInteractions model for Google's Interactions API by @ysolanky in https://github.com/agno-agi/agno/pull/7926
chore: Release v2.6.7 by @kausmeows in https://github.com/agno-agi/agno/pull/7931

New Contributors

@otjdiepluong made their first contribution in https://github.com/agno-agi/agno/pull/7913

Full Changelog: https://github.com/agno-agi/agno/compare/v2.6.6...v2.6.7

Security Fixes

Added `allowed_hosts` parameter to knowledge readers as an SSRF guard

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track agno

Get notified when new releases ship.

About agno

Build, run, manage agentic software at scale.

All releases →