Merge remote-tracking branch 'origin/release-1.9.2' into flip-wxo-ff

Author: jordanrfrazier

docs/docs/Develop/contributing-telemetry.mdx

@@ -90,4 +90,26 @@ This telemetry event is sent when an unhandled exception is captured by Langflow
 - **Type**: The exception class name, such as `ValueError`.
 - **Message**: The exception message that was raised.
 - **Context**: Additional contextual information related to where the exception occurred, such as route, component, or operation details, when available.
-- **StackTraceHash**: A hash of the stack trace used to group similar exceptions for easier analysis.
+- **StackTraceHash**: A hash of the stack trace used to group similar exceptions for easier analysis.
+
+### Deployment provider
+
+This telemetry event is sent for various lifecycle operations on deployment provider accounts, such as create, delete, and update.
+
+- **DeploymentAction**: The specific action performed, such as `provider.create` or `provider.delete`.
+- **DeploymentProvider**: The deployment provider used, such as `watsonx-orchestrate`.
+- **DeploymentSeconds**: Duration in seconds for the operation, providing performance insights.
+- **DeploymentSuccess**: Boolean value indicating whether the operation was successful.
+- **DeploymentErrorMessage**: Error message details if the operation was unsuccessful.
+- **WxoTenantId**: A unique identifier for the tenant, populated only for `watsonx-orchestrate` deployments, used to understand multi-tenant usage patterns without collecting personal information.
+
+### Deployment
+
+This telemetry event is sent for various lifecycle operations on deployment resources, such as create, delete, and update.
+
+- **DeploymentAction**: The specific action performed, such as `deployment.create`.
+- **DeploymentProvider**: The deployment provider used, such as `watsonx-orchestrate`.
+- **DeploymentSeconds**: Duration in seconds for the operation, providing performance insights.
+- **DeploymentSuccess**: Boolean value indicating whether the operation was successful.
+- **DeploymentErrorMessage**: Error message details if the operation was unsuccessful.
+- **WxoTenantId**: A unique identifier for the tenant, populated only for `watsonx-orchestrate` deployments, used to understand multi-tenant usage patterns without collecting personal information.

docs/versioned_docs/version-1.9.0/Deployment/deployment-wxo.mdx

@@ -8,6 +8,14 @@ import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';
 import PartialGlobalModelProviders from '@site/docs/_partial-global-model-providers.mdx';
 
+:::tip
+As of Langflow 1.9.2, the IBM watsonx Orchestrate deployments feature is behind a feature flag. To enable it, set the following environment variable before starting Langflow:
+
+```bash
+LANGFLOW_FEATURE_WXO_DEPLOYMENTS=true
+```
+:::
+
 Create a flow and deploy it to [IBM watsonx Orchestrate](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=getting-started-watsonx-orchestrate).
 
 Deploying a flow on IBM watsonx Orchestrate is different from the other Langflow deployment options.

docs/versioned_docs/version-1.9.0/Develop/contributing-telemetry.mdx

@@ -90,4 +90,26 @@ This telemetry event is sent when an unhandled exception is captured by Langflow
 - **Type**: The exception class name, such as `ValueError`.
 - **Message**: The exception message that was raised.
 - **Context**: Additional contextual information related to where the exception occurred, such as route, component, or operation details, when available.
-- **StackTraceHash**: A hash of the stack trace used to group similar exceptions for easier analysis.
+- **StackTraceHash**: A hash of the stack trace used to group similar exceptions for easier analysis.
+
+### Deployment provider
+
+This telemetry event is sent for various lifecycle operations on deployment provider accounts, such as create, delete, and update.
+
+- **DeploymentAction**: The specific action performed, such as `provider.create` or `provider.delete`.
+- **DeploymentProvider**: The deployment provider used, such as `watsonx-orchestrate`.
+- **DeploymentSeconds**: Duration in seconds for the operation, providing performance insights.
+- **DeploymentSuccess**: Boolean value indicating whether the operation was successful.
+- **DeploymentErrorMessage**: Error message details if the operation was unsuccessful.
+- **WxoTenantId**: A unique identifier for the tenant, populated only for `watsonx-orchestrate` deployments, used to understand multi-tenant usage patterns without collecting personal information.
+
+### Deployment
+
+This telemetry event is sent for various lifecycle operations on deployment resources, such as create, delete, and update.
+
+- **DeploymentAction**: The specific action performed, such as `deployment.create`.
+- **DeploymentProvider**: The deployment provider used, such as `watsonx-orchestrate`.
+- **DeploymentSeconds**: Duration in seconds for the operation, providing performance insights.
+- **DeploymentSuccess**: Boolean value indicating whether the operation was successful.
+- **DeploymentErrorMessage**: Error message details if the operation was unsuccessful.
+- **WxoTenantId**: A unique identifier for the tenant, populated only for `watsonx-orchestrate` deployments, used to understand multi-tenant usage patterns without collecting personal information.

docs/versioned_docs/version-1.9.0/Support/release-notes.mdx

@@ -112,6 +112,8 @@ For all changes, see the [Changelog](https://github.com/langflow-ai/langflow/rel
     This workflow packages a selected flow version for use in IBM watsonx Orchestrate.
     For more information, see [Deploy Langflow on watsonx Orchestrate](../Deployment/deployment-wxo.mdx).
 
+    As of Langflow 1.9.2, this feature is behind a feature flag. To enable it, set `LANGFLOW_FEATURE_WXO_DEPLOYMENTS=true` before starting Langflow.
+
 - **Policies** component (beta)
 
     The **Policies** component uses [ToolGuard](https://github.com/AgentToolkit/toolguard) to generate guard code from natural-language business policies and apply it to agent tools.

src/backend/base/langflow/api/utils/__init__.py

@@ -43,6 +43,7 @@
     build_graph_from_db,
     build_graph_from_db_no_cache,
     cascade_delete_flow,
+    scope_session_to_namespace,
     verify_public_flow_and_get_user,
 )
 
@@ -85,6 +86,7 @@
     "parse_value",
     "raise_error_if_astra_cloud_env",
     "remove_api_keys",
+    "scope_session_to_namespace",
     "validate_is_component",
     "verify_public_flow_and_get_user",
 ]

src/backend/base/langflow/api/utils/flow_utils.py

@@ -135,6 +135,26 @@ def compute_virtual_flow_id(identifier: str | uuid.UUID, flow_id: uuid.UUID) ->
     return uuid.uuid5(uuid.NAMESPACE_DNS, f"{identifier}_{flow_id}")
 
 
+def scope_session_to_namespace(session: str | None, namespace: str) -> str | None:
+    """Wrap a caller-supplied session ID under a (client_id, flow_id) namespace.
+
+    Mitigates CVE-2026-33017: an unauthenticated public-flow caller cannot
+    address a session that lives outside its own namespace through a Memory
+    component, regardless of whether the caller supplies a non-empty,
+    pre-prefixed, or empty string.
+
+    Returns ``None`` unchanged. Returns the value unchanged when it equals the
+    namespace or already starts with ``f"{namespace}:"``. Otherwise prefixes
+    it -- including the empty-string case, which becomes ``f"{namespace}:"``.
+    """
+    if session is None:
+        return session
+    prefix = f"{namespace}:"
+    if session == namespace or session.startswith(prefix):
+        return session
+    return f"{prefix}{session}"
+
+
 async def verify_public_flow_and_get_user(
     flow_id: uuid.UUID,
     client_id: str | None,

src/backend/base/langflow/api/v1/chat.py

@@ -31,6 +31,7 @@
     format_exception_message,
     get_top_level_vertices,
     parse_exception,
+    scope_session_to_namespace,
     verify_public_flow_and_get_user,
 )
 from langflow.api.v1.schemas import (
@@ -661,6 +662,9 @@ async def build_public_tmp(
     - The 'data' parameter is NOT accepted to prevent flow definition tampering
     - Public flows must execute the stored flow definition only
     - The flow definition is always loaded from the database
+    - Caller-supplied 'inputs.session' is namespaced under the (client_id,
+      flow_id) virtual flow ID so an unauthenticated caller cannot address a
+      session that lives outside its own namespace (CVE-2026-33017)
 
     The endpoint:
     1. Verifies the requested flow is marked as public in the database
@@ -703,6 +707,12 @@ async def build_public_tmp(
             authenticated_user_id=authenticated_user_id,
         )
 
+        # Defends CVE-2026-33017: scope caller session into the (client_id, flow_id) namespace.
+        if inputs is not None and inputs.session is not None:
+            scoped_session = scope_session_to_namespace(inputs.session, str(new_flow_id))
+            if scoped_session != inputs.session:
+                inputs = inputs.model_copy(update={"session": scoped_session})
+
         # Validate the stored flow data after the public-access boundary.
         # Public flows never accept client-supplied data.
         async with session_scope() as session: