[Release] google/adk-python v2.0.0a2: v2.0.0a2

Google ADK Python v2.0.0-alpha.2 is a security-focused release addressing critical vulnerabilities and deployment safety. Key improvements include agent name validation to prevent arbitrary module imports, protection against unauthorized file access in the builder API, secure GKE deployment defaults, and dependency updates to exclude compromised LiteLLM versions. This release strengthens the framework's security posture for production AI agent development.

Key Points

• •Implement agent name validation to prevent arbitrary module imports and potential code injection attacks
• •Add protection mechanisms against arbitrary module imports across the framework
• •Enforce allowed file extensions for GET requests in the builder API to prevent unauthorized file access
• •Default GKE deployments to ClusterIP service type to prevent unintended public exposure
• •Gate builder endpoints behind web flag to control access to sensitive builder functionality
• •Pin LiteLLM dependency to version 1.82.6 to exclude compromised versions from the dependency chain
• •Update eval extras to use Vertex SDK package version with constrained LiteLLM upper bound for compatibility
• •Security-first approach: all changes prioritize preventing unauthorized access and module execution

Workflow Diagram

Concepts