[LangGraph] Upgrade for CVE found in langgraph-checkpoint < 3.0

XMLWordPrintableJSON

    • 🔵 Done
    • Python Drivers
    • Not Needed
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?
    • None
    • None
    • None
    • None
    • None
    • None

      Context

      A high risk security vulnerability was found in langgraph-checkpoint's fallback serializer, "JsonSerializer". It is described in detail here: RCE in json mode of JsonPlusSerializer.

      Definition of done

      • Update minimum requirements of langgraph-checkpoint to 3.0.
      • Investigate whether any further changes need to be made [done]. See linked ticket.
      • Create test of case described in CVE description.
      • Release ASAP.

      Pitfalls

      What should the implementer watch out for? What are the risks?

            Assignee:
            Casey Clements
            Reporter:
            Casey Clements
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: