coze-studio

v0.5.1 Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 3mo AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 3 known CVEs

Topics

agent agent-platform ai-plugins llm chatbot-framework coze

+10 more

coze-platform generative-ai go kouzi low-code-ai multimodel-ai no-code studio typescript workflow

Summary

AI summary

Add conversation retrieve API with section ID and support non‑stream OpenAPI chat.

Full changelog

Image Version

cozedev/coze-studio-server:0.5.1
cozedev/coze-studio-web:0.5.1

What's Changed

feat: if .venv python not found ues system python by @fanlv in https://github.com/coze-dev/coze-studio/pull/2404
feat: update readme for model managerment by @fanlv in https://github.com/coze-dev/coze-studio/pull/2405
feat: add conversation retrieve api & return section id field in chat… by @junwen-lee in https://github.com/coze-dev/coze-studio/pull/2408
feat: optimize embedding configuration to support omitting model dims by @fanlv in https://github.com/coze-dev/coze-studio/pull/2412
feat: model configuration and embedding configuration optimization. by @fanlv in https://github.com/coze-dev/coze-studio/pull/2414
feat: update code owner by @fanlv in https://github.com/coze-dev/coze-studio/pull/2417
feat: remove showWorkspaceContent by @fanlv in https://github.com/coze-dev/coze-studio/pull/2420
feat: add NATS EventBus implementation by @pozen in https://github.com/coze-dev/coze-studio/pull/2385
feat: support openapi chat with non-stream by @junwen-lee in https://github.com/coze-dev/coze-studio/pull/2431
fix: custom plugin validate by @yanwencheng in https://github.com/coze-dev/coze-studio/pull/2436
fix: api horizontal privilege by @junwen-lee in https://github.com/coze-dev/coze-studio/pull/2434
feat: support conversation isolation by @junwen-lee in https://github.com/coze-dev/coze-studio/pull/2443
fix: ark ResponseFormat by @fanlv in https://github.com/coze-dev/coze-studio/pull/2446
fix: ensure admin email check is case-insensitive by @fanlv in https://github.com/coze-dev/coze-studio/pull/2448
fix: close io reader properly by @fanlv in https://github.com/coze-dev/coze-studio/pull/2464
fix: pkg name by @junwen-lee in https://github.com/coze-dev/coze-studio/pull/2465
fix: revert es relation type by @junwen-lee in https://github.com/coze-dev/coze-studio/pull/2463
feat(plugin): set X-Aiplugin-Connector-Identifier header to 'CozeUID' in conversation flow by @DMIAOCHEN in https://github.com/coze-dev/coze-studio/pull/2477
fix: change the configuration of ng default timeout by @junwen-lee in https://github.com/coze-dev/coze-studio/pull/2480
feat: eyurtsev/pyodide-sandbox -> langchain/pyodide-sandbox by @fanlv in https://github.com/coze-dev/coze-studio/pull/2498
fix: always select ID in GetAll pagination to prevent infinite loop by @zero4197 in https://github.com/coze-dev/coze-studio/pull/2497
perf: optimize MySQL connection pool settings by @zero4197 in https://github.com/coze-dev/coze-studio/pull/2524
perf: make MinIO SSL setting configurable via environment variable by @zero4197 in https://github.com/coze-dev/coze-studio/pull/2525
fix: chatsdk bot add quest and input node by @tomasyu985 in https://github.com/coze-dev/coze-studio/pull/2540
fix: memory sql injection by @N3kox in https://github.com/coze-dev/coze-studio/pull/2545
feat: update helm by @fanlv in https://github.com/coze-dev/coze-studio/pull/2553
fix(workflow): resolve batch node copy error by using clipboard service by @louisyoungx in https://github.com/coze-dev/coze-studio/pull/2555
fix(model): input messages do not contain elements with the role of user by @fanlv in https://github.com/coze-dev/coze-studio/pull/2557
feat: add knowledge openapi by @junwen-lee in https://github.com/coze-dev/coze-studio/pull/2562
fix(backend): fixed the Workflow Icon URL expiration issue & workflow create conversation check permission by @zhuangjie1125 in https://github.com/coze-dev/coze-studio/pull/2563
fix: remove unsafe file python_script.py by @fanlv in https://github.com/coze-dev/coze-studio/pull/2572
feat: Add 'Client-Platform' header for server processing for PP-OCR and PP-Structure by @Bobholamovic in https://github.com/coze-dev/coze-studio/pull/2575
fix(helm): shrink model_meta.json to avoid ConfigMap annotation limit by @fanlv in https://github.com/coze-dev/coze-studio/pull/2579
docs: fix incorrect information in README.md by @axolo in https://github.com/coze-dev/coze-studio/pull/2583
fix(passport): forbid cross-account password reset via email mismatch by @fanlv in https://github.com/coze-dev/coze-studio/pull/2594
pref: Update .env file path in README.zh_CN.md by @axolo in https://github.com/coze-dev/coze-studio/pull/2584

New Contributors

@pozen made their first contribution in https://github.com/coze-dev/coze-studio/pull/2385
@DMIAOCHEN made their first contribution in https://github.com/coze-dev/coze-studio/pull/2477
@zero4197 made their first contribution in https://github.com/coze-dev/coze-studio/pull/2497
@louisyoungx made their first contribution in https://github.com/coze-dev/coze-studio/pull/2555
@axolo made their first contribution in https://github.com/coze-dev/coze-studio/pull/2583

Full Changelog: https://github.com/coze-dev/coze-studio/compare/v0.5.0...v0.5.1

Breaking Changes

Removed `showWorkspaceContent` feature

Security Fixes

Fix horizontal privilege vulnerability in API
Prevent SQL injection in memory queries
Remove unsafe `python_script.py` file

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track coze-studio

Get notified when new releases ship.

About coze-studio

All releases →