⚠️ Security Advisory
IMPORTANT: The element feature currently contains a known security vulnerability that could allow unauthorized file access. We strongly recommend against using elements in production environments until a comprehensive fix is implemented in an upcoming release.
Breaking Changes
This release drops support for FastAPI versions before 0.115.3 and Starlette versions before 0.41.2 due to a severe security vulnerability (CVE-2024-47874). We strongly encourage all downstream dependencies to upgrade as well.
While this is technically a breaking change in a patch release, we are prioritizing security over strict semantic versioning in this case. We strongly encourage all users to upgrade to this version immediately for the latest security improvements.
Security Updates
- Critical dependency updates to address CVE-2024-47874 (#1493):
- Upgraded fastapi to 0.115.3
- Upgraded starlette to 0.41.2
- Upgraded werkzeug to 3.0.6
Bug Fixes
- Fixed incorrect message ordering in UI by @pmercier (#1501):
- Messages now display in the correct chronological order
- Resolved race conditions in message display logic
- Improved message state management
Contributors
- @dokterbob
- @pmercier made their first contribution in #1501
Full Changelog: 1.3.1...1.3.2
