Skip to content

semantic-kernel

vpython-1.42.0 scope: python Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 20d AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai artificial-intelligence llm openai sdk

Affected surfaces

deps auth

ReleasePort's take

Light signal
editorial:auto 13d

Release python‑1.42.0 updates several Python dependencies and patches the NU1903 Kiota vulnerability.

Why it matters: Patch immediately to address the NU1903 security issue; update all listed dependencies per version constraints before next deployment cycle.

Summary

AI summary

Minor fixes and improvements.

Changes in this release

Security Medium

Update Kiota packages to fix NU1903 vulnerability

Update Kiota packages to fix NU1903 vulnerability

Source: llm_adapter@2026-05-21

Confidence: high
Security Medium

Harden HttpPlugin request validation

Harden HttpPlugin request validation

Source: granite4.1:30b@2026-05-22-audit

Confidence: low
Feature Low

Percent-encode OpenAPI path params and pin azure-search-documents

Percent-encode OpenAPI path params and pin azure-search-documents

Source: granite4.1:30b@2026-05-22-audit

Confidence: low
Feature Low

Improvements for MCP (Managed Cloud Platform)

Improvements for MCP (Managed Cloud Platform)

Source: granite4.1:30b@2026-05-22-audit

Confidence: low
Dependency Medium

Bump authlib from 1.6.9 to 1.6.11 in /python

Bump authlib from 1.6.9 to 1.6.11 in /python

Source: llm_adapter@2026-05-21

Confidence: high
Dependency Medium

Bump onnxruntime from 1.22.1 to 1.24.3 in /python

Bump onnxruntime from 1.22.1 to 1.24.3 in /python

Source: llm_adapter@2026-05-21

Confidence: high
Dependency Medium

Bump nbconvert from 7.17.0 to 7.17.1 in /python

Bump nbconvert from 7.17.0 to 7.17.1 in /python

Source: llm_adapter@2026-05-21

Confidence: high
Dependency Medium

Update boto3 requirement from <1.41.0,>=1.36.4 to >=1.36.4,<1.43.0 in /python

Update boto3 requirement from <1.41.0,>=1.36.4 to >=1.36.4,<1.43.0 in /python

Source: llm_adapter@2026-05-21

Confidence: high
Dependency Medium

Bump python-multipart from 0.0.22 to 0.0.26 in /python

Bump python-multipart from 0.0.22 to 0.0.26 in /python

Source: llm_adapter@2026-05-21

Confidence: high
Dependency Medium

Bump google-cloud-aiplatform from 1.114.0 to 1.133.0 in /python

Bump google-cloud-aiplatform from 1.114.0 to 1.133.0 in /python

Source: llm_adapter@2026-05-21

Confidence: high
Dependency Medium

Update google-genai requirement from ~=1.51.0 to >=1.51,<1.75 in /python

Update google-genai requirement from ~=1.51.0 to >=1.51,<1.75 in /python

Source: llm_adapter@2026-05-21

Confidence: high
Dependency Medium

Update pydantic requirement from !=2.10.0,!=2.10.1,!=2.10.2,!=2.10.3,<2.13,>=2.0 to >=2.0,!=2.10.0,!=2.10.1,!=2.10.2,!=2.10.3,<2.14 in /python

Update pydantic requirement from !=2.10.0,!=2.10.1,!=2.10.2,!=2.10.3,<2.13,>=2.0 to >=2.0,!=2.10.0,!=2.10.1,!=2.10.2,!=2.10.3,<2.14 in /python

Source: llm_adapter@2026-05-21

Confidence: high
Refactor Low

Stop accessing private Azure SDK attributes in Azure AI Search connector

Stop accessing private Azure SDK attributes in Azure AI Search connector

Source: granite4.1:30b@2026-05-22-audit

Confidence: low
Other Low

Bump Python package version to 1.42.0

Bump Python package version to 1.42.0

Source: granite4.1:30b@2026-05-22-audit

Confidence: low
Full changelog

What's Changed

  • Python: Docs: Add Microsoft Agent Framework successor callout to READMEs by @moonbox3 in https://github.com/microsoft/semantic-kernel/pull/13932
  • Python: Bump authlib from 1.6.9 to 1.6.11 in /python by @dependabot[bot] in https://github.com/microsoft/semantic-kernel/pull/13880
  • Python: Bump onnxruntime from 1.22.1 to 1.24.3 in /python by @dependabot[bot] in https://github.com/microsoft/semantic-kernel/pull/13868
  • Python: Bump nbconvert from 7.17.0 to 7.17.1 in /python by @dependabot[bot] in https://github.com/microsoft/semantic-kernel/pull/13906
  • Python: Update boto3 requirement from <1.41.0,>=1.36.4 to >=1.36.4,<1.43.0 in /python by @dependabot[bot] in https://github.com/microsoft/semantic-kernel/pull/13867
  • Python: Bump python-multipart from 0.0.22 to 0.0.26 in /python by @dependabot[bot] in https://github.com/microsoft/semantic-kernel/pull/13878
  • Python: Bump google-cloud-aiplatform from 1.114.0 to 1.133.0 in /python by @dependabot[bot] in https://github.com/microsoft/semantic-kernel/pull/13577
  • Update google-genai requirement from ~=1.51.0 to >=1.51,<1.75 in /python by @dependabot[bot] in https://github.com/microsoft/semantic-kernel/pull/13865
  • Python: Update pydantic requirement from !=2.10.0,!=2.10.1,!=2.10.2,!=2.10.3,<2.13,>=2.0 to >=2.0,!=2.10.0,!=2.10.1,!=2.10.2,!=2.10.3,<2.14 in /python by @dependabot[bot] in https://github.com/microsoft/semantic-kernel/pull/13864
  • Update Kiota packages to fix NU1903 vulnerability by @SergeyMenshykh in https://github.com/microsoft/semantic-kernel/pull/13966
  • Python: Percent-encode OpenAPI path params & pin azure-search-documents by @SergeyMenshykh in https://github.com/microsoft/semantic-kernel/pull/13967
  • Python: Stop accessing private Azure SDK attributes in Azure AI Search connector by @SergeyMenshykh in https://github.com/microsoft/semantic-kernel/pull/13971
  • Python: Harden HttpPlugin request validation by @SergeyMenshykh in https://github.com/microsoft/semantic-kernel/pull/13969
  • Python: Improvements for MCP by @moonbox3 in https://github.com/microsoft/semantic-kernel/pull/14003
  • Python: Bump Python pkg version to 1.42.0 for a release. by @moonbox3 in https://github.com/microsoft/semantic-kernel/pull/14007

Full Changelog: https://github.com/microsoft/semantic-kernel/compare/python-1.41.3...python-1.42.0

Security Fixes

  • Update Kiota packages to fix NU1903 vulnerability
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track semantic-kernel

Get notified when new releases ship.

Sign up free

About semantic-kernel

Integrate cutting-edge LLM technology quickly and easily into your apps

All releases →

Related context

Earlier breaking changes

Beta — feedback welcome: [email protected]