Microsoft's Semantic Kernel .NET 1.76.0 boosts security and adds ImageContent support
New release hardens plugins, fixes vulnerabilities, and enables image handling in AI agents.
Microsoft has shipped version 1.76.0 of its Semantic Kernel .NET SDK, the popular open-source framework for integrating AI models into applications. This release introduces several notable features and security fixes. Chief among the new capabilities is support for ImageContent in tool and function results (PR #13431), enabling AI agents to return and process images directly—critical for multimodal workflows like computer vision. Additionally, the ExtraBody property is now available in OpenAIPromptExecutionSettings (PR #12307), giving developers finer control over OpenAI API request payloads.
Security hardening is a major theme of this release. The CloudDrivePlugin now enforces strict default restrictions on upload directories and includes path validation. The OpenAPI plugin input validation is improved, and gRPC plugin address handling is hardened. Two high-severity vulnerabilities—one in Snappier (GHSA-pggp-6c3x-2xmx) and one in Kiota packages—are patched. Other fixes include proper fallback to ToString() for unregistered types when logging, corrected VertexAI endpoint URI construction, and a fix for DocumentPlugin path validation order. This update makes Semantic Kernel more secure and reliable for enterprise deployments.
- ImageContent support in tool results enables AI agents to handle images (PR #13431).
- Security fixes include hardened CloudDrivePlugin, OpenAPI/gRPC validation, and patching of two high-severity vulnerabilities (NU1903).
- New ExtraBody property in OpenAIPromptExecutionSettings for custom request payloads (PR #12307).
Why It Matters
Developers get a more secure, feature-rich AI orchestration SDK for building multimodal and enterprise-grade agents.