Workflow

Rasa

Latest version: v3.6.21

Safety actively analyzes 724206 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 19 of 51

3.2.7

Not secure
- [11448](https://github.com/rasahq/rasa/issues/11448): Improve `rasa data validate` command so that it uses custom importers when they are defined in config file.

Bugfixes
- [11311](https://github.com/rasahq/rasa/issues/11311): Re-instates the REST channel metadata feature. Metadata can be provided on the `metadata` key.

3.2.6

Not secure
- [11433](https://github.com/rasahq/rasa/issues/11433): This fix makes sure that when a Domain object is loaded from multiple files where one file specifies a custom session config and the rest do not, the default session configuration does not override the custom session config.

Miscellaneous internal changes
- [11426](https://github.com/rasahq/rasa/issues/11426), [#11434](https://github.com/rasahq/rasa/issues/11434)

3.2.5

Not secure
- [11294](https://github.com/rasahq/rasa/issues/11294): Fix `KeyError` which resulted when `action_two_stage_fallback` got executed in a project whose domain contained slot mappings.
- [11390](https://github.com/rasahq/rasa/issues/11390): Fixes regression in which slot mappings were prioritized according to reverse order as they were listed in the domain, instead of in order from first to last, as was implicitly expected in `2.x`.
Clarifies this implicit priority order in the docs.
- [11394](https://github.com/rasahq/rasa/issues/11394): Enables the dispatching of bot messages returned as events by slot validation actions.

3.2.4

Not secure
- [11061](https://github.com/rasahq/rasa/issues/11061): Added session_config key as valid domain key during domain loading from directory containing a separate domain file with session configuration.
- [11362](https://github.com/rasahq/rasa/issues/11362): Run default action `action_extract_slots` after a custom action returns a `UserUttered` event to fill any applicable slots.
- [11368](https://github.com/rasahq/rasa/issues/11368): Handle the case when an `EndpointConfig` object is given as parameter to the `AwaitableTrackerStore.create()` method.

3.2.3

- [929](https://github.com/rasahq/rasa-sdk/issues/929): Added the ability to decompress deflate encoded
json payloads for the webhook endpoint of the
action server.

3.2.2

Not secure
- [11207](https://github.com/rasahq/rasa/issues/11207): Update documentation for customizable classes such as tracker stores, event brokers and lock stores.

Miscellaneous internal changes
- [11296](https://github.com/rasahq/rasa/issues/11296)

Page 19 of 51

Links

Releases

Has known vulnerabilities

Previous Next

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.