This release includes 1 security fix for security teams reviewing exposed deployments.
Published 9mo
AI Agents & Assistants
✓ No known CVEs patched
This release patches 1 known CVE
Topics
agentic
agentic-ai
agents
ai
anthropic
autonomous-agents
+13 more
bedrock
genai
litellm
llama
llm
machine-learning
mcp
multi-agent-systems
ollama
openai
opentelemetry
python
strands-agents
Affected surfaces
rce_ssrf
Summary
AI summaryUpdates fix, a2a, and ci across a mixed release.
Full changelog
What's Changed
- fix: fix non-serializable parameter of agent from toolUse block by @JackYPCOnline in https://github.com/strands-agents/sdk-python/pull/568
- Add .DS_Store to .gitignore by @vawsgit in https://github.com/strands-agents/sdk-python/pull/681
- feat(a2a): support A2A FileParts and DataParts by @jer96 in https://github.com/strands-agents/sdk-python/pull/596
- ci: update pre-commit requirement from <4.2.0,>=3.2.0 to >=3.2.0,<4.4.0 by @dependabot[bot] in https://github.com/strands-agents/sdk-python/pull/706
- ci: update ruff requirement from <0.5.0,>=0.4.4 to >=0.4.4,<0.13.0 by @dependabot[bot] in https://github.com/strands-agents/sdk-python/pull/704
- ci: update pytest-asyncio requirement from <0.27.0,>=0.26.0 to >=0.26.0,<1.2.0 by @dependabot[bot] in https://github.com/strands-agents/sdk-python/pull/708
- fix: add system_prompt to structured_output_span before adding input_messages by @chengweitsai in https://github.com/strands-agents/sdk-python/pull/709
- feat(multiagent): Add call implementation to MultiAgentBase by @mkmeral in https://github.com/strands-agents/sdk-python/pull/645
- chore: Update pydantic minimum version by @mehtarac in https://github.com/strands-agents/sdk-python/pull/723
- tool executors by @pgrayy in https://github.com/strands-agents/sdk-python/pull/658
- feat: Add support for agent invoke with no input, or Message input by @Unshure in https://github.com/strands-agents/sdk-python/pull/653
- ci: bump actions/checkout from 4 to 5 by @dependabot[bot] in https://github.com/strands-agents/sdk-python/pull/711
- ci: bump actions/download-artifact from 4 to 5 by @dependabot[bot] in https://github.com/strands-agents/sdk-python/pull/712
- ci: update pytest-cov requirement from <5.0.0,>=4.1.0 to >=4.1.0,<7.0.0 by @dependabot[bot] in https://github.com/strands-agents/sdk-python/pull/705
- fix: prevent path traversal for message_id in file_session_manager by @mehtarac in https://github.com/strands-agents/sdk-python/pull/728
- fix: Add AgentInput TypeAlias by @Unshure in https://github.com/strands-agents/sdk-python/pull/738
- fix: Move AgentInput to types submodule by @Unshure in https://github.com/strands-agents/sdk-python/pull/746
New Contributors
- @vawsgit made their first contribution in https://github.com/strands-agents/sdk-python/pull/681
- @dependabot[bot] made their first contribution in https://github.com/strands-agents/sdk-python/pull/706
- @chengweitsai made their first contribution in https://github.com/strands-agents/sdk-python/pull/709
Full Changelog: https://github.com/strands-agents/sdk-python/compare/v1.5.0...v1.6.0
Security Fixes
- fix: prevent path traversal for message_id in file_session_manager
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About harness-sdk
A model-driven approach to building AI agents in just a few lines of code.
Related context
Related tools
Beta — feedback welcome: [email protected]