v0.14.16
Summary
This release (v0.14.16) of llama-index-core includes multiple security and stability fixes, including a critical security patch that adds RestrictedUnpickler to prevent unsafe deserialization (CWE-502, a vulnerability where untrusted data can be converted back into Python objects in unsafe ways). The update also introduces new rate-limiting features, fixes async/await issues that could block operations, and improves how the system handles tool calls and API retries across various AI model integrations.
Solution / Mitigation
Update to llama-index-core version 0.14.16 or later. The security fix is implemented in commit #20857: 'add RestrictedUnpickler to SimpleObjectNodeMapping (CWE-502)'.
Classification
Affected Vendors
Related Issues
Original source: https://github.com/run-llama/llama_index/releases/tag/v0.14.16
First tracked: March 10, 2026 at 04:00 PM
Classified by LLM (prompt v3) · confidence: 85%