Browse All

LlamaIndex v0.14.18 is a release that deprecates Python 3.9 (stops supporting an older version of the Python programming language) across multiple packages and includes several bug fixes, such as preserving chat history during incomplete data streaming and preventing division-by-zero errors. The update also adds features like improved text filtering across different database backends and maintains dependencies across 51 directories.

Memray versions 1.19.1 and earlier had a stored XSS vulnerability (a type of attack where malicious code is permanently stored and executed when viewed) in their HTML reports because command-line arguments were inserted directly into the HTML without escaping (converting special characters so they display as text rather than code). An attacker who could control a program's script name or command-line arguments could inject JavaScript that would execute when someone opened the generated report in a browser.

This release (v0.14.16) of llama-index-core includes multiple security and stability fixes, including a critical security patch that adds RestrictedUnpickler to prevent unsafe deserialization (CWE-502, a vulnerability where untrusted data can be converted back into Python objects in unsafe ways). The update also introduces new rate-limiting features, fixes async/await issues that could block operations, and improves how the system handles tool calls and API retries across various AI model integrations.

OpenClaw had a vulnerability where it reused the gateway authentication token (the secret credential for accessing the gateway) as a fallback method for hashing owner IDs in system prompts (the instructions given to AI models). This meant the same secret was doing double duty across two different security areas, and the hashed values could be seen by third-party AI providers, potentially exposing the authentication secret.

OpenClaw, a Discord moderation bot package, had a security flaw where moderation actions like timeout, kick, and ban used untrusted sender identity from user requests instead of verified system context, allowing non-admin users to spoof their identity and perform these actions. The vulnerability affected all versions up to 2026.2.17 and was fixed in version 2026.2.18.

Fickling is a tool that checks whether pickle files (serialized Python objects) are safe to open. Researchers found that Fickling incorrectly marked dangerous pickle files as safe when they used network protocol constructors like SMTP, IMAP, FTP, POP3, Telnet, and NNTP, which establish outbound TCP connections during deserialization. The vulnerability has two causes: an incomplete blocklist of unsafe imports, and a logic flaw in the unused variable detector that fails to catch suspicious code patterns.

FFmpeg's TensorFlow backend has a bug where a task object gets freed twice in certain error situations, causing a double-free condition (a memory safety error where the same memory is released multiple times). This can crash FFmpeg or programs using it when processing TensorFlow-based DNN models (deep neural network models), resulting in a denial-of-service attack, but it does not allow attackers to run arbitrary code.

OpenClaw versions before 2026.2.13 logged WebSocket request headers (like Origin and User-Agent) without cleaning them up, allowing attackers to inject malicious text into logs. If those logs are later read by an LLM (large language model, an AI system that processes text) for tasks like debugging, the attacker's injected text could trick the AI into doing something unintended (a technique called indirect prompt injection or log poisoning).

OpenClaw's Slack integration had a vulnerability where Slack channel descriptions could be injected into the AI model's system prompt (the instructions that tell the AI how to behave). This allowed attackers to use prompt injection (tricking an AI by hiding instructions in its input) to potentially trigger unintended actions or expose data if tool execution was enabled.

LangChain's OpenAI integration released version 1.1.9, which fixes a bug where URLs in images weren't being properly cleaned up when the system counted how many tokens (units of text that an AI processes) were being used. The update also adds better error handling for when a prompt (input text to an AI) becomes too long to process.

LangChain (a framework for building AI agents and applications powered by large language models) versions before 1.2.11 have a vulnerability where the ChatOpenAI.get_num_tokens_from_messages() method doesn't validate image URLs, allowing attackers to perform SSRF attacks (server-side request forgery, where an attacker tricks a server into making unwanted requests to other systems). This vulnerability was fixed in version 1.2.11.

LlamaIndex version 0.14.14 is a maintenance release that fixes multiple bugs across core components and integrations, including issues with error handling in vector store queries, compatibility with deprecated Python functions, and empty responses from language models. The release also adds new features like a TokenBudgetHandler for cost governance and improves security defaults in core components. Several integrations with external services (OpenAI, Google Gemini, Anthropic, Bedrock) were updated to support new models and fix compatibility issues.

LangChain released version 1.2.8, which includes several updates and fixes such as reusing ToolStrategy in the agent factory to prevent name mismatches, upgrading urllib3 (a library for making web requests), and adding ToolCallRequest to middleware exports (the code that processes requests between different parts of an application).

LlamaIndex version 0.14.13 is a release that includes multiple updates across its core library and integrations, featuring new capabilities like early stopping in agent workflows, token-based code splitting, and distributed data ingestion via RayIngestionPipeline. The release also includes several bug fixes, such as correcting error handling in aggregation functions and fixing async integration issues, plus security improvements that removed exposed API keys from notebook outputs.

This is a release of llama-index v0.14.12, a framework for building AI applications, containing various updates across multiple components including bug fixes, new features for asynchronous tool support, and improvements to integrations with services like OpenAI, Google, Anthropic, and various vector stores (databases that store numerical representations of data for AI searching). Key fixes address issues like crashes in logging, missing parameters in tool handling, and compatibility improvements for newer Python versions.

Anthropic Sandbox Runtime is a tool that restricts what processes can access on a computer's filesystem (file storage) and network without needing containers (isolated computing environments). Before version 0.0.16, a bug prevented the network sandbox from working correctly when no allowed domains were specified, which could let code inside the sandbox make network requests it shouldn't be able to make.

PyTorch versions 2.5 and 2.7.1 have a bug where forgetting to call profiler.stop() can cause torch.profiler.profile (a Python tool that measures code performance) to crash or hang, resulting in a Denial of Service (DoS, where a system becomes unavailable). The underlying issue involves improper locking (a mechanism that controls how multiple processes access shared resources).

This release notes document describes version updates across multiple llama-index (a framework for building AI applications with language models) components, including fixes for bugs like a ReActOutputParser (a tool that interprets AI agent outputs) getting stuck, improved support for multiple AI model providers like OpenAI and Google Gemini, and updates to various integrations with external services. The updates span from core functionality fixes to documentation improvements and SDK compatibility updates across dozens of sub-packages.

LlamaIndex v0.14.6 is a software update released on October 26, 2025, that fixes various bugs across multiple components including support for parallel tool calls, metadata handling, embedding format compatibility, and SQL injection vulnerabilities (using parameterized queries instead of raw SQL string concatenation). The release also adds new features like async support for retrievers and integrations with new services like Helicone.