What's Changed
🛡️ Security
- Expand IPv6 transition-form handling in URL validation by @DouweM in #5596
- Security advisory: SSRF cloud-metadata blocklist bypass via additional IPv6 transition forms GHSA-cg7w-rg45-pc59
- You are affected only if your application explicitly opts a
FileUrlintoforce_download='allow-local'on a URL that is, or could be, influenced by untrusted input, AND runs on a NAT64- or ISATAP-configured network (e.g. some IPv6-only or dual-stack-with-NAT64 Kubernetes setups). - You are not affected if you run on a standard dual-stack cloud VM or container, which does not route these forms in practice.
- You are not affected if you use any of the bundled integrations to ingest user input:
Agent.to_web/clai web;VercelAIAdapter;AGUIAdapter/Agent.to_ag_ui
🐛 Bug Fixes
- Don't auto-promote
strict=Nonetools to strict mode with Bedrock, and skipstrictfield whenbotocoreis too old by @shailendher in #5580 - fix(bedrock): Disable Opus 4.7 native structured output by @cosmopolitan033 in #5582
- fix(instrumentation): Prevent false positive
variable_instructionsspan attribute by @madanlalit in #5487 - Fix:
VercelAIAdapternow acceptsproviderExecuted/titleon dynamic-tool message parts by @he-yufeng in #5474 - Normalize trailing dot and case in
WebFetchTooldomain matching by @DouweM in #5592
New Contributors
- @cosmopolitan033 made their first contribution in #5582
- @he-yufeng made their first contribution in #5474
Full Changelog: v1.101.0...v1.102.0