langserve icon indicating copy to clipboard operation
langserve copied to clipboard

Published 20 hours ago verified publisher icon langchain-ai

Security: Update FastAPI to address CVE-2025-62727 in Starlette

Open ColeMurray opened this issue 3 weeks ago • 0 comments
trafficstars

Description

LangServe currently allows FastAPI versions as old as 0.90.1, which includes vulnerable versions of Starlette affected by CVE-2025-62727.

Impact

The vulnerability in Starlette could potentially affect applications using LangServe with older FastAPI versions.

Proposed Solution

Update the minimum FastAPI version requirement to 0.120.2, which includes the patched version of Starlette.

Reference

  • CVE Details: https://www.cve.org/CVERecord?id=CVE-2025-62727
  • Pull Request: https://github.com/langchain-ai/langserve/pull/832

Related

This issue is addressed by PR #832 which updates FastAPI to >=0.120.2 across all dependency groups.

ColeMurray avatar Oct 30 '25 00:10 ColeMurray