LangChain: Critical Security Patch and Hub Deprecation

LangChain addressed a critical path traversal vulnerability (CVE-2026-34070) with backports to v0.3, while deprecating hub functionality and releasing new versions across multiple packages.

Duration: PT2M2S

Episode overview

This episode is a short developer briefing from LangChain.

It explains recent repository work in plain language.

  • Show: LangChain
  • Published: 2026-05-08T10:00:31Z
  • Audio duration: PT2M2S

Transcript excerpt

This excerpt keeps the crawler page concise. Listen to the episode or use the RSS feed for the full update.

Good morning, this is your LangChain development briefing for May 8th, 2026.

Yesterday brought significant security updates and architectural changes to the LangChain ecosystem. Erny merged a critical security fix backporting a path traversal vulnerability patch to version 0.3. This addresses CVE-2026-34070, a security issue in langchain_core.prompts.loading that was previously fixed in the…

Eugene Yurtsev led multiple related changes, merging pull requests to deprecate hub functionality in both the classic and standard LangChain packages. The hub classic and hub runnable components are being phased out as they primarily served users with very old versions of the LangSmith SDK. These changes also…

Following these updates, the team released new versions across the ecosystem. LangChain Classic reached version 1.0.7, the main LangChain package hit 0.3.30, and LangChain Core was bumped to 0.3.86. All releases were merged by ccurme and eyurtsev with minimal review cycles, indicating these were priority security…

The additional commits reinforced the hub deprecation work and version releases, with eugeny yurtsev's commits focusing on the security hardening efforts.

What's next: Teams…

Nearby episodes from LangChain

  1. Version 1.3.0 Release and CI Security Updates
  2. Core 1.4.0 Release and Major Version Bump
  3. Python 3.14 Compatibility Fix
  4. Agent Streaming Fix and Version Release
  5. Schema Resolution Fix and Alpha Release
  6. Security Fortress - Hardening Against Untrusted Code
  7. Weekly Recap - Streaming Enhancements and Partner Integrations
  8. Stream Events v3 Protocol and Partner Updates