IAST false positives fixed; PyYAML cleanup crash resolved
v4.8.13
2 fixesThis release2 fixesBug fixesAI-tallied from the release notes
From the original release noteView original ↗
Bug Fixes
- bootstrap: keep
yaml/_yamlloaded during module cleanup, fixing an issue that broke PyYAML consumers such as Airflow.
- IAST: This fix resolves an issue where IAST could report a false positive vulnerability against a request whose input did not actually contain tainted data. A concurrent or still-open request holding a tainted value could leak its taint into the current request's checks. Queries are now scoped to the calling request's slot.
Fetched July 16, 2026


