phoenix

varize-phoenix-v15.8.0 scope: arize-phoenix Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 21d Tracing

✓ No known CVEs patched

This release patches 1 known CVE

Topics

agents ai-monitoring ai-observability aiengineering anthropic datasets

+10 more

evals langchain llamaindex llm-eval llm-evaluation llmops llms openai prompt-engineering smolagents

Affected surfaces

rce_ssrf

ReleasePort's take

Light signal

editorial:auto 13d

The release fixes a prototype pollution vulnerability in DatasetPreviewTable and updates model token prices.

Why it matters: Patch immediately to prevent prototype‑pollution attacks; update cost module with new token prices.

AI summary

Prevent prototype pollution vulnerability in DatasetPreviewTable.

Type	Severity	Summary	CVE
Security	Medium	Prevented prototype pollution in DatasetPreviewTable. Prevented prototype pollution in DatasetPreviewTable. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Agents populate project_sessions for /chat and /summary traces. Agents populate project_sessions for /chat and /summary traces. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Playground adds Anthropic and Google thinking controls. Playground adds Anthropic and Google thinking controls. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Validated projection expressions and sandboxed eval globals. Validated projection expressions and sandboxed eval globals. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Updated built-in model token prices in cost module. Updated built-in model token prices in cost module. Source: llm_adapter@2026-05-21 Confidence: low	—
Refactor	Medium	Pxi tool layout rebalanced. Pxi tool layout rebalanced. Source: llm_adapter@2026-05-21 Confidence: low	—

Full changelog

agents: populate project_sessions for /chat and /summary traces (#13187) (11275b4)
playground: Add Anthropic and Google thinking controls (#13164) (c132f0c)
pxi tool layout rebalancing (#13168) (d8d5322)

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track phoenix

Get notified when new releases ship.

About phoenix

AI Observability & Evaluation

varize-phoenix-v17.0.0 Adds system settings for admin-managed assistant enablement and trace recording policy
varize-phoenix-v16.0.0 Sandboxing and Code Evaluators introduce breaking changes in Phoenix v16.0.0.
varize-phoenix-v15.7.0 Removes v1 /chat route and associated code