Restricts unsafe deserialization in langchain.storage._lc_store to block object injection?

Restricts unsafe deserialization in langchain.storage._lc_store to block object injection

Hardens load() against untrusted manifests in both langchain and langchain-core?

Hardens load() against untrusted manifests in both langchain and langchain-core

No feature additions; purely a security patch requiring upgrade for production use?

No feature additions; purely a security patch requiring upgrade for production use

Agent Frameworks

LangChain 0.3.29 patches deserialization and load() security flaws

LangChain Releases May 06, 2026

⚡Two critical hardening fixes to prevent untrusted manifest attacks

Deep Dive

LangChain released version 0.3.29 with fixes that restrict deserialization in langchain.storage._lc_store and harden load() against untrusted manifests.

Key Points

Restricts unsafe deserialization in langchain.storage._lc_store to block object injection
Hardens load() against untrusted manifests in both langchain and langchain-core
No feature additions; purely a security patch requiring upgrade for production use

Why It Matters

Essential security patch for LangChain users; unpatched instances risk RCE via untrusted serialized data.

Read Original Article

LangChain 0.3.29 patches deserialization and load() security flaws

Why It Matters

Related Articles

🚀 Stay Ahead in AI