Tags: langflow-ai/langflow
Tags
fix(security): remove the disabled Python Code Structured tool compon… …ent (#13560) * fix(security): remove the disabled Python Code Structured tool component Follow-up to #13538, which neutered PythonCodeStructuredTool to a non-executable stub "for one release cycle, full removal later." This completes that removal. - Delete the component and its registration in lfx.components.tools. - Drop its entry from the component index (num_components 355 -> 354, sha256 recomputed surgically) and from stable_hash_history.json. - Remove its 18 i18n keys from every locale file. - Replace the dedicated stub unit test with a removal test in test_dynamic_import_integration.py. - Add a regressions entry to regressions/1.10.x.yaml. The unauthenticated public-build RCE fix (report H1-3754930) is unaffected: PythonCodeStructuredTool stays in CODE_EXECUTION_COMPONENT_TYPES, so build_public_tmp still rejects any saved or crafted flow that carries the type. instantiate_class execs the node's stored `code` field regardless of whether the class still exists, so the type-name block -- not the class -- is what closes the path. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * docs: document removal * docs: typo * Apply suggestion from @mendonk Co-authored-by: Mendon Kissling <59585235+mendonk@users.noreply.github.com> --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Co-authored-by: Mendon Kissling <59585235+mendonk@users.noreply.github.com>
PreviousNext