phoenix

varize-phoenix-v15.7.0 scope: arize-phoenix Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 22d Tracing

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

agents ai-monitoring ai-observability aiengineering anthropic datasets

+10 more

evals langchain llamaindex llm-eval llm-evaluation llmops llms openai prompt-engineering smolagents

Affected surfaces

rce_ssrf

ReleasePort's take

Light signal

editorial:auto 13d

Version arize-phoenix‑v15.7.0 removes the v1 /chat route and its associated code for agents.

Why it matters: If your application or agent relies on the deprecated /chat endpoint, update integrations immediately to avoid request failures after upgrading to v15.7.0.

Summary

AI summary

Removed /chat route and associated code for agents.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Prevents format-string injection in f-string template formatter Prevents format-string injection in f-string template formatter Source: llm_adapter@2026-05-21 Confidence: low	—
Breaking	Medium	Removes v1 /chat route and associated code Removes v1 /chat route and associated code Source: llm_adapter@2026-05-21 Confidence: low	—
Feature
Feature	Medium	Adds trace user feedback annotations Adds trace user feedback annotations Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Makes session turn messages expandable Makes session turn messages expandable Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Adds session-tagged identifiers for open/axial coding workflows Adds session-tagged identifiers for open/axial coding workflows Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Moves toast notifications to top-center with sonner-style stacking Moves toast notifications to top-center with sonner-style stacking Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Keeps PXI send button visible in stop mode while streaming Keeps PXI send button visible in stop mode while streaming Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Shows playground validation errors to users Shows playground validation errors to users Source: llm_adapter@2026-05-21 Confidence: high	—

Full changelog

15.7.0 (2026-05-13)

Features

add trace user feedback annotations (#13099) (3797110)
agents: rip v1 /chat route and associated code (#13140) (71ceeb3)
make session turn messages expandable (#13057) (f898dc0)
session-tagged identifiers for open/axial coding workflows (#13083) (6dceb10)
ui: move toasts to top-center with sonner-style stacking (#13177) (1cc1ce7)

Bug Fixes

keep PXI send button in stop mode while streaming (#13188) (73b0d62)
prevent format-string injection in f-string template formatter (#13197) (e7224a6)
surface playground validation errors (#13139) (44b07ac)

Breaking Changes

Removed `/chat` route and associated code in agents

Security Fixes

Prevent format-string injection in f-string template formatter

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track phoenix

Get notified when new releases ship.

About phoenix

AI Observability & Evaluation

All releases →

Related context

Related tools

Earlier breaking changes

varize-phoenix-v17.0.0 Adds system settings for admin-managed assistant enablement and trace recording policy
varize-phoenix-v16.0.0 Sandboxing and Code Evaluators introduce breaking changes in Phoenix v16.0.0.