Safety vulnerability ID: 62143
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Langchain 0.0.329 includes a fix for CVE-2023-32786: Server-Side Request Forgery vulnerability.
https://github.com/advisories/GHSA-6h8p-4hx9-w66c
Latest version: 0.3.14
Building applications with LLMs through composability
What's Changed
* Add Runnable.with_listeners() by nfcampos in https://github.com/langchain-ai/langchain/pull/12549
* Improve Runnable type inference for input_schemas by nfcampos in https://github.com/langchain-ai/langchain/pull/12630
* bind_functions convenience method by hinthornw in https://github.com/langchain-ai/langchain/pull/12518
* Install and use `ruff format` instead of black for code formatting. by obi1kenobi in https://github.com/langchain-ai/langchain/pull/12585
* Conversational Feedback by hinthornw in https://github.com/langchain-ai/langchain/pull/12590
* Minor updates to READMEs by rlancemartin in https://github.com/langchain-ai/langchain/pull/12642
* added template to use Vertex Vector Search for q&a by lkuligin in https://github.com/langchain-ai/langchain/pull/12622
* template updates by efriis in https://github.com/langchain-ai/langchain/pull/12646
* Rename Template by hinthornw in https://github.com/langchain-ai/langchain/pull/12649
* Show ruff output inline in GitHub PRs. by obi1kenobi in https://github.com/langchain-ai/langchain/pull/12647
* Fix small typo on Founcational -> Router notebook by BrianMcBrayer in https://github.com/langchain-ai/langchain/pull/12634
* fix template py verisons by efriis in https://github.com/langchain-ai/langchain/pull/12650
* Support release-testing packages with dashes in their names. by obi1kenobi in https://github.com/langchain-ai/langchain/pull/12654
* Upgrade to `actions/checkoutv4` in the docs lint job. by obi1kenobi in https://github.com/langchain-ai/langchain/pull/12581
* Relax python version and remove need for explicit setup step by hemidactylus in https://github.com/langchain-ai/langchain/pull/12637
* LM Format Enforcer Integration + Sample Notebook by noamgat in https://github.com/langchain-ai/langchain/pull/12625
* Add RAG template for Timescale Vector by rlancemartin in https://github.com/langchain-ai/langchain/pull/12651
* Overwrite existing distributions when uploading to test PyPI. by obi1kenobi in https://github.com/langchain-ai/langchain/pull/12658
* update lc version by efriis in https://github.com/langchain-ai/langchain/pull/12655
* Remove `print()` statements which seemed leftover from debugging. by obi1kenobi in https://github.com/langchain-ai/langchain/pull/12648
* Update README for Hybrid Search Weaviate by erika-cardenas in https://github.com/langchain-ai/langchain/pull/12661
* Update MosaicML Embedding Input Key by margaretqian in https://github.com/langchain-ai/langchain/pull/12657
* fix plate chain by hwchase17 in https://github.com/langchain-ai/langchain/pull/12673
* Use `ruff` for both linting and formatting in `langchain-cli`. by obi1kenobi in https://github.com/langchain-ai/langchain/pull/12672
* Remove the CLI package's pydantic compatibility tests. by obi1kenobi in https://github.com/langchain-ai/langchain/pull/12675
* Update Vertex template by rlancemartin in https://github.com/langchain-ai/langchain/pull/12644
* PGVector fix by theromis in https://github.com/langchain-ai/langchain/pull/12592
* Add quip loader by shufanhao in https://github.com/langchain-ai/langchain/pull/12259
* Adds version CLI command by jacoblee93 in https://github.com/langchain-ai/langchain/pull/12619
* Use black to lint notebooks and docs for now. by obi1kenobi in https://github.com/langchain-ai/langchain/pull/12679
* Use an in-project virtualenv in the CLI package. by obi1kenobi in https://github.com/langchain-ai/langchain/pull/12678
* Both lint and format `templates` with ruff v0.1.3. by obi1kenobi in https://github.com/langchain-ai/langchain/pull/12676
* fix for `YahooFinanceNewsTool` by leo-gan in https://github.com/langchain-ai/langchain/pull/12665
* link to templates by efriis in https://github.com/langchain-ai/langchain/pull/12680
* Add RAG input types by rlancemartin in https://github.com/langchain-ai/langchain/pull/12684
* fix elastic rag template in playground by efriis in https://github.com/langchain-ai/langchain/pull/12682
* properly increment version in cli by efriis in https://github.com/langchain-ai/langchain/pull/12685
* Use separate jobs for building and publishing test releases. by obi1kenobi in https://github.com/langchain-ai/langchain/pull/12671
* Only publish to test PyPI from the `_test_release.yml` workflow. by obi1kenobi in https://github.com/langchain-ai/langchain/pull/12668
* Remove `black` caching config from CI lint workflow. by obi1kenobi in https://github.com/langchain-ai/langchain/pull/12594
* Fix typo highlighted by `ruff` autoformatter. by obi1kenobi in https://github.com/langchain-ai/langchain/pull/12691
* Mask API key for Anyscale LLM by aidoskanapyanov in https://github.com/langchain-ai/langchain/pull/12406
* Adding a template for Solo Performance Prompting Agent by Sandy247 in https://github.com/langchain-ai/langchain/pull/12627
* Weaviate - Fix schema existence check by dudanogueira in https://github.com/langchain-ai/langchain/pull/12711
* feat: Add page metadata on PDFMinerLoader by blue-hope in https://github.com/langchain-ai/langchain/pull/12277
* PyPDFLoader use url in metadata source if file is a web path by 123-fake-st in https://github.com/langchain-ai/langchain/pull/12092
* dash not underscore by efriis in https://github.com/langchain-ai/langchain/pull/12716
* bump 328, exp 37 by baskaryan in https://github.com/langchain-ai/langchain/pull/12722
* use http.client instead of urllib3 by efriis in https://github.com/langchain-ai/langchain/pull/12660
* Update template index w/ Timescale by rlancemartin in https://github.com/langchain-ai/langchain/pull/12729
* template updates by efriis in https://github.com/langchain-ai/langchain/pull/12736
* Use jinja2 sandboxing by default by eyurtsev in https://github.com/langchain-ai/langchain/pull/12733
* Demo Server, Fix Timescale by efriis in https://github.com/langchain-ai/langchain/pull/12746
* APIChain add restrictions to domains (CVE-2023-32786) by eyurtsev in https://github.com/langchain-ai/langchain/pull/12747
* Update google_vertex_ai_palm.ipynb by bustosjuan in https://github.com/langchain-ai/langchain/pull/12715
* Fixes 'Nonetype' not iterable for ObsidianLoader by efriis in https://github.com/langchain-ai/langchain/pull/12751
* Semantic search within postgreSQL using pgvector by manuel-soria in https://github.com/langchain-ai/langchain/pull/12365
* Update llama.cpp integration by ElliotKetchup in https://github.com/langchain-ai/langchain/pull/11864
* Update chat prompt structure in LLaMA SQL cookbook by rlancemartin in https://github.com/langchain-ai/langchain/pull/12364
* Fixes to the docs for timescale vector template by cevian in https://github.com/langchain-ai/langchain/pull/12756
* bump 329 by baskaryan in https://github.com/langchain-ai/langchain/pull/12778
New Contributors
* noamgat made their first contribution in https://github.com/langchain-ai/langchain/pull/12625
* shufanhao made their first contribution in https://github.com/langchain-ai/langchain/pull/12259
* aidoskanapyanov made their first contribution in https://github.com/langchain-ai/langchain/pull/12406
* Sandy247 made their first contribution in https://github.com/langchain-ai/langchain/pull/12627
* dudanogueira made their first contribution in https://github.com/langchain-ai/langchain/pull/12711
* blue-hope made their first contribution in https://github.com/langchain-ai/langchain/pull/12277
* 123-fake-st made their first contribution in https://github.com/langchain-ai/langchain/pull/12092
* bustosjuan made their first contribution in https://github.com/langchain-ai/langchain/pull/12715
CVEs
CVE-2023-32786 -- resolved by APIChain add restrictions to domains (https://github.com/advisories/GHSA-6h8p-4hx9-w66c) by eyurtsev in https://github.com/langchain-ai/langchain/pull/12747
**Full Changelog**: https://github.com/langchain-ai/langchain/compare/v0.0.327...v0.0.329
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application