fix(security): update all documentation to reflect patched langgraph and langchain-core versions

T-DevH · T-DevH · commit 48c8dc651451 · 2026-01-08T14:20:12.000-08:00
- Updated requirements.docker.txt to use langgraph>=1.0.5 and langchain-core>=1.2.6 - Updated SOFTWARE_INVENTORY.md with correct versions - Updated all security documentation to reference patched versions - Updated dependency blocklist script comments - All files now reference secure versions (1.0.5+ and 1.2.6+) instead of old vulnerable versions (0.2.30 and 0.3.80) Fixes security scanner false positives for CVE-2025-8709 and CVE-2025-68664
diff --git a/docs/SOFTWARE_INVENTORY.md b/docs/SOFTWARE_INVENTORY.md
@@ -43,8 +43,8 @@ The script automatically:
 | httpx | 0.27.0 | BSD License | https://pypi.org/project/httpx/ | Tom Christie <tom@tomchristie.com> | PyPI | pip | https://pypi.org/project/httpx/ |
 | isort | 5.12.0 | MIT | https://pycqa.github.io/isort/ | Timothy Crosley <timothy.crosley@gmail.com> | PyPI | pip | https://pypi.org/project/isort/ |
 | langchain | 0.1.0 | MIT | https://github.com/langchain-ai/langchain | N/A | PyPI | pip | https://pypi.org/project/langchain/ |
-| langchain-core | 0.3.80 | MIT | https://pypi.org/project/langchain-core/ | N/A | PyPI | pip | https://pypi.org/project/langchain-core/ |
-| langgraph | 0.2.30 | MIT | https://www.github.com/langchain-ai/langgraph | N/A | PyPI | pip | https://pypi.org/project/langgraph/ |
+| langchain-core | 1.2.6 | MIT | https://pypi.org/project/langchain-core/ | N/A | PyPI | pip | https://pypi.org/project/langchain-core/ |
+| langgraph | 1.0.5 | MIT | https://www.github.com/langchain-ai/langgraph | N/A | PyPI | pip | https://pypi.org/project/langgraph/ |
 | loguru | 0.7.0 | MIT license | https://github.com/Delgan/loguru | Delgan <delgan.py@gmail.com> | PyPI | pip | https://pypi.org/project/loguru/ |
 | mypy | 1.5.0 | MIT License | https://www.mypy-lang.org/ | Jukka Lehtosalo <jukka.lehtosalo@iki.fi> | PyPI | pip | https://pypi.org/project/mypy/ |
 | nemoguardrails | 0.19.0 | LICENSE.md | https://pypi.org/project/nemoguardrails/ | NVIDIA <nemoguardrails@nvidia.com> | PyPI | pip | https://pypi.org/project/nemoguardrails/ |
diff --git a/docs/security/LANGCHAIN_PATH_TRAVERSAL.md b/docs/security/LANGCHAIN_PATH_TRAVERSAL.md
@@ -34,7 +34,7 @@ load_chain(user_input)  # If user_input contains ../ sequences
 
 ✅ **This codebase is NOT affected**
 
-- **Current version**: `langchain-core==0.3.80` (well above patched version 0.1.29+)
+- **Current version**: `langchain-core>=1.2.6` (well above patched version 0.1.29+, includes CVE-2025-68664 fix)
 - **No usage**: The codebase does NOT use `load_chain`, `load_prompt`, or `load_agent` functions
 - **No LangChain Hub**: The codebase does NOT load chains from LangChain Hub (`lc://` paths)
 - **Safe usage**: Only uses `langchain_core.messages` and `langchain_core.tools` which are safe
diff --git a/docs/security/PYTHON_REPL_SECURITY.md b/docs/security/PYTHON_REPL_SECURITY.md
@@ -27,7 +27,7 @@ This document provides security guidelines for handling Python REPL (Read-Eval-P
 
 ✅ **This codebase does NOT use `langchain-experimental`**
 
-- Only `langchain-core>=0.3.80` is installed (patched for template injection)
+- Only `langchain-core>=1.2.6` is installed (patched for template injection and CVE-2025-68664)
 - No Python REPL or PALChain components are used
 - MCP tool discovery system includes security checks to block code execution tools
 
diff --git a/docs/security/VULNERABILITY_MITIGATIONS.md b/docs/security/VULNERABILITY_MITIGATIONS.md
@@ -798,9 +798,10 @@ Graph files: All use workflow.compile() without checkpointer ✅
 - **BDSA**: BDSA-2025-77504
 - **Severity**: High
 - **Component**: `langchain` / `langchain-core`
-- **Vulnerable Version**: 0.3.80 (reported in scan)
+- **Vulnerable Version**: 0.3.80 (reported in scan, historical reference)
 - **Patched Version**: Included in 1.2.3+ (latest: 1.2.6)
-- **Status**: ✅ **MITIGATED** - Using patched version and defensive architecture
+- **Current Version**: 1.2.6 (requirements.txt and requirements.lock)
+- **Status**: ✅ **MITIGATED** - Using patched version 1.2.6 and defensive architecture
 
 ### Why Scanners Flag This
 Vulnerability scanners check library versions and may flag `langchain-core` because:
diff --git a/docs/security/VULNERABILITY_RESEARCH_CVE-2025-8709_CVE-2025-68664.md b/docs/security/VULNERABILITY_RESEARCH_CVE-2025-8709_CVE-2025-68664.md
@@ -56,8 +56,8 @@ Serialization injection vulnerability in LangChain's `dumps()` and `dumpd()` fun
 - Side effects (network calls, file operations)
 
 ### Current Status
-- **requirements.lock:** `langchain-core==0.3.80` (matches vulnerable version in CSV)
-- **Installed in environment:** `langchain-core==1.2.3` ✅ (much newer, likely safe)
+- **requirements.txt:** `langchain-core>=1.2.6` ✅ (patched version)
+- **requirements.lock:** `langchain-core==1.2.6` ✅ (patched version)
 - **Latest available:** `langchain-core==1.2.6`
 
 ### Research Findings
@@ -100,11 +100,11 @@ Serialization injection vulnerability in LangChain's `dumps()` and `dumpd()` fun
 ## Version Discrepancy Analysis
 
 ### Current State
-| Package | requirements.lock | Installed | Latest Available | Status |
-|---------|------------------|-----------|------------------|--------|
-| `langgraph` | 0.6.11 | **1.0.5** | 1.0.5 | ⚠️ Out of sync |
-| `langgraph-checkpoint` | 2.1.2 | **3.0.1** | 3.0.1 | ⚠️ Out of sync |
-| `langchain-core` | 0.3.80 | **1.2.3** | 1.2.6 | ⚠️ Out of sync |
+| Package | requirements.txt | requirements.lock | Latest Available | Status |
+|---------|------------------|-------------------|------------------|--------|
+| `langgraph` | >=1.0.5 | 1.0.5 | 1.0.5 | ✅ Synced |
+| `langgraph-checkpoint` | (transitive) | 3.0.1 | 3.0.1 | ✅ Synced |
+| `langchain-core` | >=1.2.6 | 1.2.6 | 1.2.6 | ✅ Synced |
 
 ### Impact
 - **Positive:** Installed versions are newer and likely include security fixes
diff --git a/requirements.blocklist.txt b/requirements.blocklist.txt
@@ -22,7 +22,7 @@ langchain_experimental
 # LangChain (old package) - Contains path traversal vulnerability
 # CVE-2024-28088: Directory traversal in load_chain/load_prompt/load_agent
 # Affected: langchain <= 0.1.10, langchain-core < 0.1.29
-# Note: This codebase uses langchain-core>=0.3.80 (safe), but blocking
+# Note: This codebase uses langchain-core>=1.2.6 (safe, includes CVE-2025-68664 fix), but blocking
 # the old langchain package prevents accidental installation
 langchain<0.1.11
 
diff --git a/requirements.docker.txt b/requirements.docker.txt
@@ -4,11 +4,11 @@ pydantic>=2.7
 httpx>=0.27
 python-dotenv>=1.0
 loguru>=0.7
-langgraph>=0.2.30
+langgraph>=1.0.5  # Security: Fixed CVE-2025-8709 (SQL injection in langgraph-checkpoint-sqlite). We use 1.0.5+ (includes fix). Note: We use in-memory state (no SQLite checkpoint) as additional defense.
 asyncpg>=0.29.0
 pymilvus>=2.3.0
 numpy>=1.24.0
-langchain-core>=0.1.0
+langchain-core>=1.2.6  # Security: Fixed CVE-2025-68664 (serialization injection) and CVE-2024-28088 (directory traversal). We use 1.2.6 (latest, includes fixes). Note: We use json.dumps(), not LangChain serialization, as additional defense.
 aiohttp>=3.8.0
 PyJWT>=2.8.0
 passlib[bcrypt]>=1.7.4
diff --git a/scripts/security/dependency_blocklist.py b/scripts/security/dependency_blocklist.py
@@ -50,7 +50,7 @@
     "langchain": (
         "CVE-2024-28088: Directory traversal in load_chain/load_prompt/load_agent. "
         "Affected versions: langchain <= 0.1.10, langchain-core < 0.1.29. "
-        "This codebase uses langchain-core>=0.3.80 (safe). "
+        "This codebase uses langchain-core>=1.2.6 (safe, includes CVE-2025-68664 fix). "
         "Blocking old langchain package to prevent accidental installation."
     ),
     # Other potentially dangerous packages
