langchain

vlangchain==0.3.29 scope: langchain Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 29d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 2 known CVEs

Topics

agents ai ai-agents anthropic chatgpt deepagents

+11 more

enterprise gemini generative-ai langchain langgraph llm multiagent openai pydantic python typescript

Summary

AI summary

Hardened deserialization to protect against untrusted manifests and restricted loading in _lc_store.

Full changelog

Changes since langchain==0.3.28

release(langchain): 0.3.29 (#37212)
fix(langchain): restrict deserialization in langchain.storage._lc_store (#37209)
fix(core, langchain): harden load() against untrusted manifests (#37201)

Security Fixes

Hardened `load()` against untrusted manifests (#37201)
Restricted deserialization in `langchain.storage._lc_store` (#37209)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track langchain

Get notified when new releases ship.

About langchain

The agent engineering platform

All releases →

Related context

Related tools

Earlier breaking changes

vlangchain-core==1.4.0 Deletes schema items marked for removal in schemas.py
vlangchain-core==1.4.0 Deletes function_calling.py utils marked for removal
vlangchain-core==1.4.0 Deletes get_relevant_documents function from API
vlangchain-core==1.4.0 Deletes pydantic_v1 module entirely from codebase
vlangchain-core==1.4.0 Deletes BaseMemory module, moved to langchain-classic