pypi pydantic-ai 1.107.1
v1.107.1 (2026-07-10)

6 hours ago

What's Changed

🛡️ Security

This release patches GHSA-jpr8-2v3g-wgf9 (moderate, CWE-863) on the v1 line. On the AG-UI serving path (Agent.to_ag_ui() / AGUIAdapter), UIAdapter.sanitize_messages anchored its dangling-tool-call strip to an index computed before sanitization. When a trailing client message was dropped during sanitization (for example a client system message under the default manage_system_prompt='server'), a preceding assistant response carrying an unresolved tool call could be re-exposed as the new tail and executed with client-chosen arguments.

  • Affected: pydantic-ai / pydantic-ai-slim >= 1.88.0, < 1.107.1 (v1) and >= 2.0.0, < 2.5.0 (v2)
  • Patched: 1.107.1 (v1) and 2.5.0 (v2)
  • Not affected if every sensitive tool uses requires_approval=True / ApprovalRequiredToolset, or if your tool handlers validate their arguments and enforce authorization themselves.

See the advisory for details and workarounds.

🐛 Bug Fixes

  • Fix sanitize_messages tail handling when a trailing client message is dropped by @dsfaccini in #6407

Full Changelog: v1.107.0...v1.107.1

Don't miss a new pydantic-ai release

NewReleases is sending notifications on new releases.