pypi pydantic-settings 2.14.2
v2.14.2
on Python PyPI

4 hours ago

What's Changed

This is a security patch release.

  • Prevent NestedSecretsSettingsSource from following symlinks outside secrets_dir by @hramezani in #889
  • Prepare release 2.14.2 by @hramezani in #890

Security

Fixes GHSA-4xgf-cpjx-pc3j: NestedSecretsSettingsSource with secrets_nested_subdir=True could follow a symbolic link inside secrets_dir pointing outside it, reading out-of-tree files into settings values and bypassing the secrets_dir_max_size cap. Affected versions: >= 2.12.0, < 2.14.2.

Full Changelog: v2.14.1...v2.14.2

Check out latest releases or
releases around pydantic-settings 2.14.2

Don't miss a new pydantic-settings release

NewReleases is sending notifications on new releases.

Get notifications