DocsGPT

v0.17.2 Security

This release patches 1 CVE for security teams tracking exposure across their dependency inventory.

Published 11d AI Agents & Assistants

View tool

1 patched CVE

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE CVE-2023-4863 EPSS 93%

1 CVEs patched

Topics

agent-builder agents ai chatgpt docsgpt hacktoberfest2025

+11 more

information-retrieval language-model llm machine-learning natural-language-processing python pytorch react search semantic-search transformers

Affected surfaces

deps breaking_upgrade

ReleasePort's take

Moderate signal

editorial:auto 10d

ReleasePort Layer 1 version 0.17.2 updates multiple frontend and extension dependencies while introducing durability, idempotency keys, a notification UI, and default tooling configuration.

Why it matters: Dependency bumps (react-i18next → 17.0.6, lodash‑es → 4.18.1, react-dropzone → 15.0.0, styled-components → 6.4.1, flow-bin → 0.311.0, xmldom → 0.9.10, react‑router‑dom → 7.14.2) address bug fixes and minor version improvements; new durability/idempotency keys enhance reliability for developers and SREs.

Summary

AI summary

Updates deps, deps-dev, and fix across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Security	High	Fixes glibc memory overflow vulnerability. Fixes glibc memory overflow vulnerability. Source: granite4.1:30b@2026-05-24-audit Confidence: low	—
Security	High	Hardens protection with pinned requests and path‑param encoding. Hardens protection with pinned requests and path‑param encoding. Source: granite4.1:30b@2026-05-24-audit Confidence: low	—
Feature
Feature	Medium	Adds durability and idempotency keys. Adds durability and idempotency keys. Source: llm_adapter@2026-05-24 Confidence: high	—
Feature	Medium	Adds a notification system. Adds a notification system. Source: llm_adapter@2026-05-24 Confidence: high	—
Feature	Medium	Adds default tools configuration. Adds default tools configuration. Source: llm_adapter@2026-05-24 Confidence: low	—
Feature	Medium	Adds search functionality for conversations. Adds search functionality for conversations. Source: granite4.1:30b@2026-05-24-audit Confidence: low	—
Dependency
Dependency	Medium	Bump react-i18next from 17.0.2 to 17.0.6 in /frontend. Bump react-i18next from 17.0.2 to 17.0.6 in /frontend. Source: llm_adapter@2026-05-24 Confidence: low	—
Dependency	Medium	Bump lodash-es from 4.17.23 to 4.18.1 in /frontend. Bump lodash-es from 4.17.23 to 4.18.1 in /frontend. Source: llm_adapter@2026-05-24 Confidence: low	—
Dependency	Medium	Bump react-dropzone from 14.3.8 to 15.0.0 in /frontend. Bump react-dropzone from 14.3.8 to 15.0.0 in /frontend. Source: llm_adapter@2026-05-24 Confidence: low	—
Dependency	Medium	Bump styled-components from 6.4.0 to 6.4.1 in /extensions/react-widget. Bump styled-components from 6.4.0 to 6.4.1 in /extensions/react-widget. Source: llm_adapter@2026-05-24 Confidence: low	—
Dependency	Medium	Bump flow-bin from 0.309.0 to 0.311.0 in /extensions/react-widget. Bump flow-bin from 0.309.0 to 0.311.0 in /extensions/react-widget. Source: llm_adapter@2026-05-24 Confidence: low	—
Dependency	Medium	Bump @xmldom/xmldom from 0.9.9 to 0.9.10 in /docs. Bump @xmldom/xmldom from 0.9.9 to 0.9.10 in /docs. Source: llm_adapter@2026-05-24 Confidence: low	—
Dependency	Medium	Bump react-router-dom from 7.14.1 to 7.14.2 in /frontend. Bump react-router-dom from 7.14.1 to 7.14.2 in /frontend. Source: llm_adapter@2026-05-24 Confidence: low	—
Performance	Low	Implements throttling and debouncing mechanisms. Implements throttling and debouncing mechanisms. Source: granite4.1:30b@2026-05-24-audit Confidence: low	—
Bugfix
Bugfix	Medium	Marks executed tool calls on webhooks. Marks executed tool calls on webhooks. Source: granite4.1:30b@2026-05-24-audit Confidence: low	—
Bugfix	Medium	Improves source upload status handling and fixes reconciliation issue. Improves source upload status handling and fixes reconciliation issue. Source: granite4.1:30b@2026-05-24-audit Confidence: low	—
Bugfix	Medium	Adjusts batch limits and failed task requeue limit. Adjusts batch limits and failed task requeue limit. Source: granite4.1:30b@2026-05-24-audit Confidence: low	—
Bugfix	Low	Updates message text and renames conversation triggers. Updates message text and renames conversation triggers. Source: granite4.1:30b@2026-05-24-audit Confidence: low	—
Bugfix	Low	Resolves broken synchronization issues. Resolves broken synchronization issues. Source: granite4.1:30b@2026-05-24-audit Confidence: low	—
Bugfix	Low	Prevents overscrolling when opening the tool‑calls dialog. Prevents overscrolling when opening the tool‑calls dialog. Source: granite4.1:30b@2026-05-24-audit Confidence: low	—
Refactor	Low	Defines conversation_id and initial_user_id on BaseAgent. Defines conversation_id and initial_user_id on BaseAgent. Source: granite4.1:30b@2026-05-24-audit Confidence: low	—

Full changelog

What's Changed

chore(deps): bump react-i18next from 17.0.2 to 17.0.6 in /frontend by @dependabot[bot] in https://github.com/arc53/DocsGPT/pull/2415
chore(deps): bump lodash-es from 4.17.23 to 4.18.1 in /frontend in the npm_and_yarn group across 1 directory by @dependabot[bot] in https://github.com/arc53/DocsGPT/pull/2412
chore(deps): bump react-dropzone from 14.3.8 to 15.0.0 in /frontend by @dependabot[bot] in https://github.com/arc53/DocsGPT/pull/2417
chore(deps-dev): bump globals from 15.15.0 to 17.5.0 in /extensions/react-widget by @dependabot[bot] in https://github.com/arc53/DocsGPT/pull/2428
chore(deps): bump styled-components from 6.4.0 to 6.4.1 in /extensions/react-widget by @dependabot[bot] in https://github.com/arc53/DocsGPT/pull/2429
chore(deps): bump flow-bin from 0.309.0 to 0.311.0 in /extensions/react-widget by @dependabot[bot] in https://github.com/arc53/DocsGPT/pull/2430
chore(deps-dev): bump postcss from 8.5.8 to 8.5.12 in /frontend in the npm_and_yarn group across 1 directory by @dependabot[bot] in https://github.com/arc53/DocsGPT/pull/2435
chore(deps-dev): bump @babel/preset-react from 7.24.6 to 7.28.5 in /extensions/react-widget by @dependabot[bot] in https://github.com/arc53/DocsGPT/pull/2431
chore(deps-dev): bump @typescript-eslint/eslint-plugin from 8.59.0 to 8.59.1 in /extensions/react-widget by @dependabot[bot] in https://github.com/arc53/DocsGPT/pull/2434
chore(deps): bump @xmldom/xmldom from 0.9.9 to 0.9.10 in /docs in the npm_and_yarn group across 1 directory by @dependabot[bot] in https://github.com/arc53/DocsGPT/pull/2426
chore(deps-dev): bump typescript from 5.9.3 to 6.0.3 in /frontend by @dependabot[bot] in https://github.com/arc53/DocsGPT/pull/2408
chore(deps-dev): bump @typescript-eslint/eslint-plugin from 8.58.2 to 8.59.1 in /frontend by @dependabot[bot] in https://github.com/arc53/DocsGPT/pull/2438
chore(deps-dev): bump vite from 8.0.8 to 8.0.10 in /frontend by @dependabot[bot] in https://github.com/arc53/DocsGPT/pull/2436
chore(deps): bump react-router-dom from 7.14.1 to 7.14.2 in /frontend by @dependabot[bot] in https://github.com/arc53/DocsGPT/pull/2437
feat: durability and idempotency keys by @dartpain in https://github.com/arc53/DocsGPT/pull/2450
fix: update message and rename conversation triggers by @mustafa-sayyed in https://github.com/arc53/DocsGPT/pull/2439
Throttle + debounce by @ManishMadan2882 in https://github.com/arc53/DocsGPT/pull/2458
Feat notification system by @dartpain in https://github.com/arc53/DocsGPT/pull/2472
define conversation_id and initial_user_id on BaseAgent by @pabik in https://github.com/arc53/DocsGPT/pull/2474
feat: fix glibc memory overflow by @dartpain in https://github.com/arc53/DocsGPT/pull/2478
fix: marking executed tool calls on webhooks by @dartpain in https://github.com/arc53/DocsGPT/pull/2479
fix: broken syncs by @dartpain in https://github.com/arc53/DocsGPT/pull/2480
fix: overscrolling on opening tool calls dialog by @ManishMadan2882 in https://github.com/arc53/DocsGPT/pull/2477
fix: better source upload status and fix reconciliation issue by @dartpain in https://github.com/arc53/DocsGPT/pull/2482
fix: batch limits and failed task reque limit by @dartpain in https://github.com/arc53/DocsGPT/pull/2484
feat: default tools by @dartpain in https://github.com/arc53/DocsGPT/pull/2485
Feature to search conversations by @ManishMadan2882 in https://github.com/arc53/DocsGPT/pull/2471
Harden protection with pinned requests and path-param encoding by @pabik in https://github.com/arc53/DocsGPT/pull/2486

New Contributors

@mustafa-sayyed made their first contribution in https://github.com/arc53/DocsGPT/pull/2439

Full Changelog: https://github.com/arc53/DocsGPT/compare/0.17.1...0.17.2

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track DocsGPT

Get notified when new releases ship.

About DocsGPT

Private AI platform for agents, assistants and enterprise search. Built-in Agent Builder, Deep research, Document analysis, Multi-model support, and API connectivity for agents.

DocsGPT

ReleasePort's take

Summary

Changes in this release

What's Changed

New Contributors

Related context

Related tools

Related CVEs