pydantic-ai v1.107.1 patches security vulnerability
Pydantic-ai v1.107.1 addresses a moderate security vulnerability (GHSA-jpr8-2v3g-wgf9) in its AG-UI serving path that could expose and execute tool calls with client-chosen arguments. This fix impacts users of `pydantic-ai` and `pydantic-ai-slim` versions >= 1.88.0 and < 2.5.0, with patches available in v1.107.1 and v2.5.0. Users can also mitigate this by configuring tools to require approval or by implementing their own argument validation and authorization.
- →Affected: pydantic-ai / pydantic-ai-slim >= 1.88.0, < 1.107.1 (v1) and >= 2.0.0, < 2.5.0 (v2)
- →Patched: 1.107.1 (v1) and 2.5.0 (v2)
Security (3) ›
- Affected: pydantic-ai / pydantic-ai-slim >= 1.88.0, < 1.107.1 (v1) and >= 2.0.0, < 2.5.0 (v2)
- Patched: 1.107.1 (v1) and 2.5.0 (v2)
Not affected if every sensitive tool uses requires_approval=True / ApprovalRequiredToolset, or if your tool handlers validate their arguments and enforce authorization themselves
Fixes (1) ›
Fix sanitize_messages tail handling when a trailing client message is dropped by @dsfaccini in https://github.com/pydantic/pydantic-ai/pull/6407
https://github.com/pydantic/pydantic-ai/releases/tag/v1.107.1
Related releases
- Pydantic-AI v2.9.0: Security fix, GPT-5.6 models, usage command Pydantic AI Releases ·
- LangGraph 1.2.7: Fixes for delta overwrites and UUID generation LangGraph Releases ·
- pydantic-ai v2.1.0: Anthropic web tools, serialization, and bug fixes Pydantic AI Releases ·
- pydantic-ai v2.5.1: Bug Fixes and Model Compatibility Pydantic AI Releases ·
- crewAI 1.15.0: Conversational Flow Tracking and Declarative Flow Loading CrewAI Releases ·
- OpenAI Agents Python Library v0.17.8: Enhancements and Fixes OpenAI Agents SDK (Python) Releases ·