URL path injection vulnerability fixed in Python sandbox
v0.10.1
1 feature3 fixesThis release1 featureNew capabilities3 fixesBug fixesAI-tallied from the release notes
What's Changed
- fix: bound voice streaming audio buffers by @jkennedyvz in https://github.com/langchain-ai/langsmith-sdk/pull/3169
- fix: escape insights report html repr by @corridor-security[bot] in https://github.com/langchain-ai/langsmith-sdk/pull/3176
- chore: bump _MIN_BACKEND_VERSION to 0.16.12rc1 by @langtions-bot[bot] in https://github.com/langchain-ai/langsmith-sdk/pull/3178
- Fix URL Path Injection via Unencoded Resource Names in Python Sandbox Client (Sync) by @corridor-security[bot] in https://github.com/langchain-ai/langsmith-sdk/pull/3177
- feat(js): expose openapi client error classes by @KiewanVillatel in https://github.com/langchain-ai/langsmith-sdk/pull/3181
- release(py): 0.10.1 by @KiewanVillatel in https://github.com/langchain-ai/langsmith-sdk/pull/3184
New Contributors
- @corridor-security[bot] made their first contribution in https://github.com/langchain-ai/langsmith-sdk/pull/3176
Full Changelog: https://github.com/langchain-ai/langsmith-sdk/compare/v0.10.0...v0.10.1
Fetched July 9, 2026


