[Release] langchain-ai/langchain langchain==0.3.29: langchain==0.3.29

LangChain version 0.3.29 was released with critical security improvements. The release includes fixes to restrict deserialization in the langchain.storage._lc_store module and hardening of the load() function against untrusted manifests. These changes enhance the security posture of the framework by preventing potential deserialization attacks and manifest injection vulnerabilities.

Key Points

• •Security patch released for LangChain 0.3.29 addressing deserialization vulnerabilities
• •Deserialization restrictions implemented in langchain.storage._lc_store module to prevent unsafe object instantiation
• •load() function hardened to validate and sanitize untrusted manifest files
• •Protects against potential code injection attacks through malicious serialized objects
• •Protects against manifest-based attacks that could compromise application integrity
• •Upgrade recommended for all users running LangChain 0.3.28 or earlier
• •Changes affect core serialization and manifest loading mechanisms across the framework

Workflow Diagram

Concepts