github/langchain
1
0
Fork 0
mirror of https://github.com/hwchase17/langchain.git synced 2026-02-21 06:33:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
langchain/libs/partners/perplexity/pyproject.toml
Tune 68a14844b5 fix(nomic,openai,perplexity): update pillow version to >= 12.1.1, <13.0.0 (#35254) 
Updates the minimum Pillow version to address CVE-2026-25990 (HIGH
severity out-of-bounds write vulnerability affecting versions 10.3.0
through 12.1.0).

Changes:
langchain-nomic: pillow>=10.3.0,<13.0.0 → pillow>=12.1.1,<13.0.0
langchain-openai: pillow>=10.3.0,<13.0.0 → pillow>=12.1.1,<13.0.0
langchain-perplexity: pillow>=10.3.0,<13.0.0 → pillow>=12.1.1,<13.0.0
Safety: This is a minimum version bump within the existing constraint
range (<13.0.0), so no breaking changes are introduced.

CVE Details:
CVE-2026-25990: An out-of-bounds write may be triggered when loading a
specially crafted PSD image
Affected versions: 10.3.0 to <12.1.1
Fixed in: 12.1.1
Reference: https://nvd.nist.gov/vuln/detail/CVE-2026-25990

** Claude Helped me write this nice message **
The original findings was thanks to a Trivy scan

---------

Co-authored-by: Mason Daugherty <mason@langchain.dev>
2026-02-16 23:17:32 -05:00

3.3 KiB
Raw Permalink Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink