langchain

vlangchain-classic==1.0.6 scope: langchain-classic Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 29d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 2 known CVEs

Topics

agents ai ai-agents anthropic chatgpt deepagents

+11 more

enterprise gemini generative-ai langchain langgraph llm multiagent openai pydantic python typescript

Summary

AI summary

Harden deserialization and manifest loading to mitigate security risks.

Full changelog

Changes since langchain-classic==1.0.5

release(langchain-classic): 1.0.6 (#37211)
chore: bump jupyter-server from 2.17.0 to 2.18.0 in /libs/langchain (#37203)
fix(langchain): restrict deserialization in langchain_classic.storage._lc_store (#37208)
fix(langchain): use langchain-classic version for hub.pull deprecation (#37199)
fix(core, langchain): harden load() against untrusted manifests (#37197)

Security Fixes

Fix(langchain): restrict deserialization in `langchain_classic.storage._lc_store` (#37208)
Fix(core, langchain): harden `load()` against untrusted manifests (#37197)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track langchain

Get notified when new releases ship.

About langchain

The agent engineering platform

All releases →

Related context

Related tools

Earlier breaking changes

vlangchain-core==1.4.0 Deletes schema items marked for removal in schemas.py
vlangchain-core==1.4.0 Deletes function_calling.py utils marked for removal
vlangchain-core==1.4.0 Deletes get_relevant_documents function from API
vlangchain-core==1.4.0 Deletes pydantic_v1 module entirely from codebase
vlangchain-core==1.4.0 Deletes BaseMemory module, moved to langchain-classic