Skip to content

langchain

vlangchain-core==1.3.3 scope: langchain-core Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 29d AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

agents ai ai-agents anthropic chatgpt deepagents
+11 more
enterprise gemini generative-ai langchain langgraph llm multiagent openai pydantic python typescript

Summary

AI summary

Hardened load() against untrusted manifests, preventing potential security issues.

Full changelog

Changes since langchain-core==1.3.2

release(core): 1.3.3 (#37198)
fix(core): set deprecation since to 1.3.3 to match release (#37200)
fix(core, langchain): harden load() against untrusted manifests (#37197)
chore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (#37109)
chore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (#37129)
fix(core): preserve structured inputs on tool runs in tracers (#37108)
release(perplexity): 1.2.0 (#37091)
chore(docs): update x handle references (#37081)
fix(core): make removal optional in warn_deprecated (#37056)
fix(core): validate batch_size in _batch and _abatch to prevent infinite loop (#36663)
chore(core): mark stream_v2/astream_v2 as beta (#36992)

Security Fixes

  • Hardened `load()` against untrusted manifests (#37197) — prevents potential security vulnerabilities.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track langchain

Get notified when new releases ship.

Sign up free

About langchain

The agent engineering platform

All releases →

Related context

Earlier breaking changes

Beta — feedback welcome: [email protected]