From 9485948b89537dab061c2d0504ebf79fac6d326c Mon Sep 17 00:00:00 2001
From: CodeCaster <codecaster365@outlook.com>
Date: Fri, 9 Jan 2026 16:50:14 +0800
Subject: [PATCH] =?UTF-8?q?security:=20=E5=8D=87=E7=BA=A7=20langchain-core?=
 =?UTF-8?q?=20=E5=88=B0=200.3.81=20=E4=BF=AE=E5=A4=8D=20CVE-2025-68664?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 修复序列化注入漏洞 (GHSA-c67j-w6g6-q2cm)
- 从 0.3.68 升级到 0.3.81 (小版本升级)
- 影响评估: 无破坏性变更,向后兼容
- 安全加固: 默认禁用环境变量加载,限制反序列化类

Fixes Dependabot Alert #23
Resolves CVE-2025-68664

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 framework/fel/python/requirements.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/framework/fel/python/requirements.txt b/framework/fel/python/requirements.txt
index 7caa4dc45..90026ddb4 100644
--- a/framework/fel/python/requirements.txt
+++ b/framework/fel/python/requirements.txt
@@ -1,4 +1,4 @@
 llama-index==0.12.46
-langchain-core==0.3.68
+langchain-core==0.3.81
 langchain_community==0.3.27
-langchain-openai==0.3.28
\ No newline at end of file
+langchain-openai==0.3.28