Azure/azure-sdk-for-python azure-ai-evaluation

1.16.5 (2026-04-08)

Fixed Jinja2 Server-Side Template Injection (SSTI) vulnerability by replacing unsandboxed jinja2.Template with jinja2.sandbox.SandboxedEnvironment across all template rendering paths (CWE-1336).
Fixed sensitive_data_leakage risk category producing 0% attack success rate (false negatives) in the Foundry execution path. Agent-specific tool context (e.g., document_client_smode, email_client_smode) was stored in SeedObjective.metadata but never propagated to the target callback, so the agent could not access the sensitive data it was supposed to leak. Context is now delivered via prepended_conversation SeedPrompts and extracted from conversation history metadata, enabling the ACA runtime to build FunctionTool injections.
Fixed multi-turn and crescendo red team strategies producing output items identical to their baseline counterparts. The Foundry execution path was writing all strategies' conversations to a single shared JSONL file, causing each strategy to read all conversations and mislabel them. Now writes per-strategy JSONL files using PyRIT's scenario result grouping.