docs: add file upload support documentation for flows

- Add 'File Inputs' section to flows.mdx documenting:
  - Using crewai-files types (ImageFile, PDFFile, etc.) in flow state
  - CrewAI Platform (AMP) automatic file upload dropzone rendering
  - API usage with URL string coercion via Pydantic
- Update files.mdx with:
  - Example of file types in flow state
  - Note about CrewAI Platform integration for flows

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

docs/ar/changelog.mdx

@@ -4,29 +4,6 @@ description: "تحديثات المنتج والتحسينات وإصلاحات
 icon: "clock"
 mode: "wide"
 ---
-<Update label="25 مارس 2026">
-  ## v1.12.2
-
-  [عرض الإصدار على GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.12.2)
-
-  ## ما الذي تغير
-
-  ### الميزات
-  - إضافة مرحلة إصدار المؤسسات إلى إصدار أدوات المطورين
-
-  ### إصلاحات الأخطاء
-  - الحفاظ على قيمة إرجاع الطريقة كإخراج تدفق لـ @human_feedback مع emit
-
-  ### الوثائق
-  - تحديث سجل التغييرات والإصدار لـ v1.12.1
-  - مراجعة سياسة الأمان وتعليمات الإبلاغ
-
-  ## المساهمون
-
-  @alex-clawd, @greysonlalonde, @joaomdmoura, @theCyberTech
-
-</Update>
-
 <Update label="25 مارس 2026">
   ## v1.12.1
 

docs/ar/mcp/security.mdx

@@ -139,19 +139,7 @@ mode: "wide"
 - **الالتزام بمواصفات ترخيص MCP**: إذا كنت تنفذ المصادقة والترخيص، اتبع بدقة [مواصفات ترخيص MCP](https://modelcontextprotocol.io/specification/draft/basic/authorization).
 - **تدقيقات أمنية منتظمة**: إذا كان خادم MCP يتعامل مع بيانات حساسة، فكر في إجراء تدقيقات أمنية دورية.
 
-## 5. الإبلاغ عن الثغرات الأمنية
-
-إذا اكتشفت ثغرة أمنية في CrewAI، يرجى الإبلاغ عنها بشكل مسؤول من خلال برنامج الكشف عن الثغرات (VDP) الخاص بنا على Bugcrowd:
-
-**أرسل التقارير إلى:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
-
-<Warning>
-**لا تكشف** عن الثغرات عبر issues العامة على GitHub أو pull requests أو وسائل التواصل الاجتماعي. لن تتم مراجعة التقارير المقدمة عبر قنوات غير Bugcrowd.
-</Warning>
-
-لمزيد من التفاصيل، راجع [سياسة الأمان](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md) الخاصة بنا.
-
-## 6. قراءة إضافية
+## 5. قراءة إضافية
 
 لمزيد من المعلومات التفصيلية حول أمان MCP، راجع التوثيق الرسمي:
 - **[أمان نقل MCP](https://modelcontextprotocol.io/docs/concepts/transports#security-considerations)**

docs/ar/security.mdx

@@ -1,22 +0,0 @@
----
-title: سياسة الأمان
-description: تعرف على كيفية الإبلاغ عن الثغرات الأمنية وممارسات الأمان في CrewAI.
-icon: shield
-mode: "wide"
----
-
-## الإبلاغ عن الثغرات الأمنية
-
-إذا اكتشفت ثغرة أمنية في CrewAI، يرجى الإبلاغ عنها بشكل مسؤول من خلال برنامج الكشف عن الثغرات (VDP) الخاص بنا على Bugcrowd:
-
-**أرسل التقارير إلى:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
-
-<Warning>
-**لا تكشف** عن الثغرات عبر issues العامة على GitHub أو pull requests أو وسائل التواصل الاجتماعي. لن تتم مراجعة التقارير المقدمة عبر قنوات غير Bugcrowd.
-</Warning>
-
-لمزيد من التفاصيل، راجع [سياسة الأمان على GitHub](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md).
-
-## موارد الأمان
-
-- **[اعتبارات أمان MCP](/mcp/security)** — أفضل الممارسات لدمج خوادم MCP بأمان مع وكلاء CrewAI، بما في ذلك أمان النقل ومخاطر حقن الأوامر ونصائح تنفيذ الخادم.

docs/en/changelog.mdx

@@ -4,29 +4,6 @@ description: "Product updates, improvements, and bug fixes for CrewAI"
 icon: "clock"
 mode: "wide"
 ---
-<Update label="Mar 25, 2026">
-  ## v1.12.2
-
-  [View release on GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.12.2)
-
-  ## What's Changed
-
-  ### Features
-  - Add enterprise release phase to devtools release
-
-  ### Bug Fixes
-  - Preserve method return value as flow output for @human_feedback with emit
-
-  ### Documentation
-  - Update changelog and version for v1.12.1
-  - Revise security policy and reporting instructions
-
-  ## Contributors
-
-  @alex-clawd, @greysonlalonde, @joaomdmoura, @theCyberTech
-
-</Update>
-
 <Update label="Mar 25, 2026">
   ## v1.12.1
 

docs/en/concepts/files.mdx

@@ -134,6 +134,29 @@ result = flow.kickoff(
 )
 ```
 
+You can also define file types directly in your flow state for structured file handling:
+
+```python
+from pydantic import BaseModel
+from crewai.flow.flow import Flow, start
+from crewai_files import ImageFile, PDFFile
+
+class DocumentState(BaseModel):
+    document: PDFFile
+    cover_image: ImageFile
+    title: str = ""
+
+class DocumentFlow(Flow[DocumentState]):
+    @start()
+    def process(self):
+        content = self.state.document.read()
+        return {"processed": True}
+```
+
+<Note type="info" title="CrewAI Platform Integration">
+When deploying flows to the CrewAI Platform (AMP), file fields in your state automatically render as file upload dropzones in the UI. For API usage, you can pass URL strings directly and Pydantic coerces them to file objects automatically. See [Flows - File Inputs](/en/concepts/flows#file-inputs) for details.
+</Note>
+
 ### With Standalone Agents
 
 Pass files directly to agent kickoff:

docs/en/concepts/flows.mdx

@@ -341,6 +341,69 @@ flow.kickoff()
 
 By providing both unstructured and structured state management options, CrewAI Flows empowers developers to build AI workflows that are both flexible and robust, catering to a wide range of application requirements.
 
+## File Inputs
+
+Flows support file inputs through the `crewai-files` package, enabling you to build workflows that process images, PDFs, and other file types. When you use file types like `ImageFile` or `PDFFile` in your flow state, they integrate seamlessly with both local development and the CrewAI Platform.
+
+<Note type="info" title="Optional Dependency">
+File support requires the optional `crewai-files` package. Install it with:
+
+```bash
+uv add 'crewai[file-processing]'
+```
+</Note>
+
+### Using File Types in Flow State
+
+You can include file types directly in your structured flow state:
+
+```python
+from pydantic import BaseModel
+from crewai.flow.flow import Flow, start
+from crewai_files import ImageFile, PDFFile
+
+class DocumentProcessingState(BaseModel):
+    document: PDFFile        # Renders as file upload in CrewAI Platform
+    cover_image: ImageFile   # Renders as image upload
+    title: str = ""          # Renders as text input
+
+class DocumentFlow(Flow[DocumentProcessingState]):
+    @start()
+    def process_document(self):
+        # Access the file - works with URLs, paths, or uploaded files
+        content = self.state.document.read()
+        # Or pass to an agent with VisionTool, etc.
+        return {"processed": True}
+```
+
+### CrewAI Platform Integration
+
+When you deploy a flow to the CrewAI Platform (AMP), file fields in your state automatically render as file upload dropzones in the UI. This makes it easy to build user-facing applications that accept file uploads without any additional frontend work.
+
+| State Field Type | Platform UI Rendering |
+|:-----------------|:----------------------|
+| `ImageFile` | Image upload dropzone |
+| `PDFFile` | PDF upload dropzone |
+| `AudioFile` | Audio upload dropzone |
+| `VideoFile` | Video upload dropzone |
+| `TextFile` | Text file upload dropzone |
+| `str`, `int`, etc. | Standard form inputs |
+
+### API Usage
+
+When calling your flow via API, you can pass URL strings directly for file fields. Pydantic automatically coerces URLs into the appropriate file type:
+
+```python
+# API request body - URLs are automatically converted to file objects
+{
+    "document": "https://example.com/report.pdf",
+    "cover_image": "https://example.com/cover.png",
+    "title": "Q4 Report"
+}
+```
+
+For more details on file types, sources, and provider support, see the [Files documentation](/en/concepts/files).
+
 ## Flow Persistence
 
 The @persist decorator enables automatic state persistence in CrewAI Flows, allowing you to maintain flow state across restarts or different workflow executions. This decorator can be applied at either the class level or method level, providing flexibility in how you manage state persistence.

docs/en/enterprise/features/rbac.mdx

@@ -7,13 +7,11 @@ mode: "wide"
 
 ## Overview
 
-RBAC in CrewAI AMP enables secure, scalable access management through two layers:
-
-1. **Feature permissions** — control what each role can do across the platform (manage, read, or no access)
-2. **Entity-level permissions** — fine-grained access on individual automations, environment variables, LLM connections, and Git repositories
+RBAC in CrewAI AMP enables secure, scalable access management through a combination of organization‑level roles and automation‑level visibility controls.
 
 <Frame>
   <img src="/images/enterprise/users_and_roles.png" alt="RBAC overview in CrewAI AMP" />
+
 </Frame>
 
 ## Users and Roles
@@ -41,13 +39,6 @@ You can configure users and roles in Settings → Roles.
   </Step>
 </Steps>
 
-### Predefined Roles
-
-| Role       | Description                                                                 |
-| :--------- | :-------------------------------------------------------------------------- |
-| **Owner**  | Full access to all features and settings. Cannot be restricted.             |
-| **Member** | Read access to most features, manage access to Studio projects. Cannot modify organization or default settings. |
-
 ### Configuration summary
 
 | Area                  | Where to configure                 | Options                                 |
@@ -55,80 +46,23 @@ You can configure users and roles in Settings → Roles.
 | Users & Roles         | Settings → Roles                   | Predefined: Owner, Member; Custom roles |
 | Automation visibility | Automation → Settings → Visibility | Private; Whitelist users/roles          |
 
----
+## Automation‑level Access Control
 
-## Feature Permissions Matrix
+In addition to organization‑wide roles, CrewAI Automations support fine‑grained visibility settings that let you restrict access to specific automations by user or role.
 
-Every role has a permission level for each feature area. The three levels are:
-
-- **Manage** — full read/write access (create, edit, delete)
-- **Read** — view-only access
-- **No access** — feature is hidden/inaccessible
-
-| Feature                   | Owner   | Member (default) | Description                                                     |
-| :------------------------ | :------ | :--------------- | :-------------------------------------------------------------- |
-| `usage_dashboards`        | Manage  | Read             | View usage metrics and analytics                                |
-| `crews_dashboards`        | Manage  | Read             | View deployment dashboards, access automation details           |
-| `invitations`             | Manage  | Read             | Invite new members to the organization                          |
-| `training_ui`             | Manage  | Read             | Access training/fine-tuning interfaces                          |
-| `tools`                   | Manage  | Read             | Create and manage tools                                         |
-| `agents`                  | Manage  | Read             | Create and manage agents                                        |
-| `environment_variables`   | Manage  | Read             | Create and manage environment variables                         |
-| `llm_connections`         | Manage  | Read             | Configure LLM provider connections                              |
-| `default_settings`        | Manage  | No access        | Modify organization-wide default settings                       |
-| `organization_settings`   | Manage  | No access        | Manage billing, plans, and organization configuration           |
-| `studio_projects`         | Manage  | Manage           | Create and edit projects in Studio                              |
-
-<Tip>
-  When creating a custom role, you can set each feature independently to **Manage**, **Read**, or **No access** to match your team's needs.
-</Tip>
-
----
-
-## Deploying from GitHub or Zip
-
-One of the most common RBAC questions is: _"What permissions does a team member need to deploy?"_
-
-### Deploy from GitHub
-
-To deploy an automation from a GitHub repository, a user needs:
-
-1. **`crews_dashboards`**: at least `Read` — required to access the automations dashboard where deployments are created
-2. **Git repository access** (if entity-level RBAC for Git repositories is enabled): the user's role must be granted access to the specific Git repository via entity-level permissions
-3. **`studio_projects`: `Manage`** — if building the crew in Studio before deploying
-
-### Deploy from Zip
-
-To deploy an automation from a Zip file upload, a user needs:
-
-1. **`crews_dashboards`**: at least `Read` — required to access the automations dashboard
-2. **Zip deployments enabled**: the organization must not have disabled zip deployments in organization settings
-
-### Quick Reference: Minimum Permissions for Deployment
-
-| Action               | Required feature permissions          | Additional requirements                          |
-| :------------------- | :------------------------------------ | :----------------------------------------------- |
-| Deploy from GitHub   | `crews_dashboards: Read`              | Git repo entity access (if Git RBAC is enabled)  |
-| Deploy from Zip      | `crews_dashboards: Read`              | Zip deployments must be enabled at the org level |
-| Build in Studio      | `studio_projects: Manage`             | —                                                |
-| Configure LLM keys   | `llm_connections: Manage`             | —                                                |
-| Set environment vars  | `environment_variables: Manage`       | Entity-level access (if entity RBAC is enabled)  |
-
----
-
-## Automation‑level Access Control (Entity Permissions)
-
-In addition to organization‑wide roles, CrewAI supports fine‑grained entity-level permissions that restrict access to individual resources.
-
-### Automation Visibility
-
-Automations support visibility settings that restrict access by user or role. This is useful for:
+This is useful for:
 
 - Keeping sensitive or experimental automations private
 - Managing visibility across large teams or external collaborators
 - Testing automations in isolated contexts
 
-Deployments can be configured as private, meaning only whitelisted users and roles will be able to interact with them.
+Deployments can be configured as private, meaning only whitelisted users and roles will be able to:
+
+- View the deployment
+- Run it or interact with its API
+- Access its logs, metrics, and settings
+
+The organization owner always has access, regardless of visibility settings.
 
 You can configure automation‑level access control in Automation → Settings → Visibility tab.
 
@@ -165,92 +99,9 @@ You can configure automation‑level access control in Automation → Settings
 
 <Frame>
   <img src="/images/enterprise/visibility.png" alt="Automation Visibility settings in CrewAI AMP" />
+
 </Frame>
 
-### Deployment Permission Types
-
-When granting entity-level access to a specific automation, you can assign these permission types:
-
-| Permission           | What it allows                                      |
-| :------------------- | :-------------------------------------------------- |
-| `run`                | Execute the automation and use its API               |
-| `traces`             | View execution traces and logs                       |
-| `manage_settings`    | Edit, redeploy, rollback, or delete the automation   |
-| `human_in_the_loop`  | Respond to human-in-the-loop (HITL) requests         |
-| `full_access`        | All of the above                                     |
-
-### Entity-level RBAC for Other Resources
-
-When entity-level RBAC is enabled, access to these resources can also be controlled per user or role:
-
-| Resource               | Controlled by                    | Description                                           |
-| :--------------------- | :------------------------------- | :---------------------------------------------------- |
-| Environment variables  | Entity RBAC feature flag         | Restrict which roles/users can view or manage specific env vars |
-| LLM connections        | Entity RBAC feature flag         | Restrict access to specific LLM provider configurations |
-| Git repositories       | Git repositories RBAC org setting | Restrict which roles/users can access specific connected repos |
-
----
-
-## Common Role Patterns
-
-While CrewAI ships with Owner and Member roles, most teams benefit from creating custom roles. Here are common patterns:
-
-### Developer Role
-
-A role for team members who build and deploy automations but don't manage organization settings.
-
-| Feature                   | Permission |
-| :------------------------ | :--------- |
-| `usage_dashboards`        | Read       |
-| `crews_dashboards`        | Manage     |
-| `invitations`             | Read       |
-| `training_ui`             | Read       |
-| `tools`                   | Manage     |
-| `agents`                  | Manage     |
-| `environment_variables`   | Manage     |
-| `llm_connections`         | Read       |
-| `default_settings`        | No access  |
-| `organization_settings`   | No access  |
-| `studio_projects`         | Manage     |
-
-### Viewer / Stakeholder Role
-
-A role for non-technical stakeholders who need to monitor automations and view results.
-
-| Feature                   | Permission |
-| :------------------------ | :--------- |
-| `usage_dashboards`        | Read       |
-| `crews_dashboards`        | Read       |
-| `invitations`             | No access  |
-| `training_ui`             | Read       |
-| `tools`                   | Read       |
-| `agents`                  | Read       |
-| `environment_variables`   | No access  |
-| `llm_connections`         | No access  |
-| `default_settings`        | No access  |
-| `organization_settings`   | No access  |
-| `studio_projects`         | Read       |
-
-### Ops / Platform Admin Role
-
-A role for platform operators who manage infrastructure settings but may not build agents.
-
-| Feature                   | Permission |
-| :------------------------ | :--------- |
-| `usage_dashboards`        | Manage     |
-| `crews_dashboards`        | Manage     |
-| `invitations`             | Manage     |
-| `training_ui`             | Read       |
-| `tools`                   | Read       |
-| `agents`                  | Read       |
-| `environment_variables`   | Manage     |
-| `llm_connections`         | Manage     |
-| `default_settings`        | Manage     |
-| `organization_settings`   | Read       |
-| `studio_projects`         | Read       |
-
----
-
 <Card title="Need Help?" icon="headset" href="mailto:support@crewai.com">
   Contact our support team for assistance with RBAC questions.
 </Card>

docs/en/mcp/security.mdx

@@ -156,19 +156,7 @@ If you are developing an MCP server that CrewAI agents might connect to, conside
 - **Adherence to MCP Authorization Spec**: If implementing authentication and authorization, strictly follow the [MCP Authorization specification](https://modelcontextprotocol.io/specification/draft/basic/authorization) and relevant [OAuth 2.0 security best practices](https://datatracker.ietf.org/doc/html/rfc9700).
 - **Regular Security Audits**: If your MCP server handles sensitive data, performs critical operations, or is publicly exposed, consider periodic security audits by qualified professionals.
 
-## 5. Reporting Security Vulnerabilities
-
-If you discover a security vulnerability in CrewAI, please report it responsibly through our Bugcrowd Vulnerability Disclosure Program (VDP):
-
-**Submit reports to:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
-
-<Warning>
-**Do not** disclose vulnerabilities via public GitHub issues, pull requests, or social media. Reports submitted via channels other than Bugcrowd will not be reviewed.
-</Warning>
-
-For full details, see our [Security Policy](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md).
-
-## 6. Further Reading
+## 5. Further Reading
 
 For more detailed information on MCP security, refer to the official documentation:
 - **[MCP Transport Security](https://modelcontextprotocol.io/docs/concepts/transports#security-considerations)**

docs/en/security.mdx

@@ -1,22 +0,0 @@
----
-title: Security Policy
-description: Learn how to report security vulnerabilities and about CrewAI's security practices.
-icon: shield
-mode: "wide"
----
-
-## Reporting Security Vulnerabilities
-
-If you discover a security vulnerability in CrewAI, please report it responsibly through our Bugcrowd Vulnerability Disclosure Program (VDP):
-
-**Submit reports to:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
-
-<Warning>
-**Do not** disclose vulnerabilities via public GitHub issues, pull requests, or social media. Reports submitted via channels other than Bugcrowd will not be reviewed.
-</Warning>
-
-For full details, see our [Security Policy on GitHub](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md).
-
-## Security Resources
-
-- **[MCP Security Considerations](/mcp/security)** — Best practices for securely integrating MCP servers with your CrewAI agents, including transport security, prompt injection risks, and server implementation advice.

docs/ko/changelog.mdx

@@ -4,29 +4,6 @@ description: "CrewAI의 제품 업데이트, 개선 사항 및 버그 수정"
 icon: "clock"
 mode: "wide"
 ---
-<Update label="2026년 3월 25일">
-  ## v1.12.2
-
-  [GitHub 릴리스 보기](https://github.com/crewAIInc/crewAI/releases/tag/1.12.2)
-
-  ## 변경 사항
-
-  ### 기능
-  - devtools 릴리스에 기업 릴리스 단계 추가
-
-  ### 버그 수정
-  - @human_feedback과 함께 emit을 사용할 때 메서드 반환 값을 흐름 출력으로 유지
-
-  ### 문서
-  - v1.12.1에 대한 변경 로그 및 버전 업데이트
-  - 보안 정책 및 보고 지침 수정
-
-  ## 기여자
-
-  @alex-clawd, @greysonlalonde, @joaomdmoura, @theCyberTech
-
-</Update>
-
 <Update label="2026년 3월 25일">
   ## v1.12.1
 

docs/ko/mcp/security.mdx

@@ -156,19 +156,7 @@ CrewAI 에이전트가 연결할 수 있는 MCP 서버를 개발하고 있다면
 - **MCP 인증 사양 준수**: 인증 및 권한 부여를 구현할 경우, [MCP Authorization specification](https://modelcontextprotocol.io/specification/draft/basic/authorization) 및 관련 [OAuth 2.0 security best practices](https://datatracker.ietf.org/doc/html/rfc9700)를 엄격히 준수하세요.
 - **정기적인 보안 감사**: MCP 서버가 민감한 데이터를 처리하거나, 중요한 작업을 수행하거나, 대외적으로 노출된 경우 자격을 갖춘 전문가의 정기적인 보안 감사를 고려하세요.
 
-## 5. 보안 취약점 보고
-
-CrewAI에서 보안 취약점을 발견하셨다면, Bugcrowd 취약점 공개 프로그램(VDP)을 통해 책임감 있게 보고해 주세요:
-
-**보고서 제출:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
-
-<Warning>
-공개 GitHub 이슈, 풀 리퀘스트 또는 소셜 미디어를 통해 취약점을 공개하지 **마세요**. Bugcrowd 이외의 채널로 제출된 보고서는 검토되지 않습니다.
-</Warning>
-
-자세한 내용은 [보안 정책](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md)을 참조하세요.
-
-## 6. 추가 참고 자료
+## 5. 추가 참고 자료
 
 MCP 보안에 대한 자세한 내용은 공식 문서를 참고하세요:
 - **[MCP 전송 보안](https://modelcontextprotocol.io/docs/concepts/transports#security-considerations)**

docs/ko/security.mdx

@@ -1,22 +0,0 @@
----
-title: 보안 정책
-description: CrewAI의 보안 취약점 보고 방법과 보안 관행에 대해 알아보세요.
-icon: shield
-mode: "wide"
----
-
-## 보안 취약점 보고
-
-CrewAI에서 보안 취약점을 발견하셨다면, Bugcrowd 취약점 공개 프로그램(VDP)을 통해 책임감 있게 보고해 주세요:
-
-**보고서 제출:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
-
-<Warning>
-공개 GitHub 이슈, 풀 리퀘스트 또는 소셜 미디어를 통해 취약점을 공개하지 **마세요**. Bugcrowd 이외의 채널로 제출된 보고서는 검토되지 않습니다.
-</Warning>
-
-자세한 내용은 [GitHub 보안 정책](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md)을 참조하세요.
-
-## 보안 리소스
-
-- **[MCP 보안 고려사항](/mcp/security)** — MCP 서버를 CrewAI 에이전트와 안전하게 통합하기 위한 모범 사례로, 전송 보안, 프롬프트 인젝션 위험 및 서버 구현 권장 사항을 포함합니다.

docs/pt-BR/changelog.mdx

@@ -4,29 +4,6 @@ description: "Atualizações de produto, melhorias e correções do CrewAI"
 icon: "clock"
 mode: "wide"
 ---
-<Update label="25 mar 2026">
-  ## v1.12.2
-
-  [Ver release no GitHub](https://github.com/crewAIInc/crewAI/releases/tag/1.12.2)
-
-  ## O que Mudou
-
-  ### Recursos
-  - Adicionar fase de lançamento empresarial ao lançamento do devtools
-
-  ### Correções de Bugs
-  - Preservar o valor de retorno do método como saída de fluxo para @human_feedback com emit
-
-  ### Documentação
-  - Atualizar changelog e versão para v1.12.1
-  - Revisar política de segurança e instruções de relatório
-
-  ## Contributors
-
-  @alex-clawd, @greysonlalonde, @joaomdmoura, @theCyberTech
-
-</Update>
-
 <Update label="25 mar 2026">
   ## v1.12.1
 

docs/pt-BR/mcp/security.mdx

@@ -156,19 +156,7 @@ Se você está desenvolvendo um servidor MCP ao qual agentes CrewAI possam se co
 - **Aderência à Especificação de Autorização MCP**: Caso implemente autenticação e autorização, siga estritamente a [especificação de autorização MCP](https://modelcontextprotocol.io/specification/draft/basic/authorization) e as [melhores práticas de segurança OAuth 2.0](https://datatracker.ietf.org/doc/html/rfc9700) relevantes.
 - **Auditorias de Segurança Regulares**: Caso seu servidor MCP manipule dados sensíveis, realize operações críticas ou seja exposto publicamente, considere auditorias de segurança periódicas conduzidas por profissionais qualificados.
 
-## 5. Reportando Vulnerabilidades de Segurança
-
-Se você descobrir uma vulnerabilidade de segurança no CrewAI, por favor reporte de forma responsável através do nosso Programa de Divulgação de Vulnerabilidades (VDP) no Bugcrowd:
-
-**Envie relatórios para:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
-
-<Warning>
-**Não** divulgue vulnerabilidades por meio de issues públicas no GitHub, pull requests ou redes sociais. Relatórios enviados por outros canais que não o Bugcrowd não serão analisados.
-</Warning>
-
-Para mais detalhes, consulte nossa [Política de Segurança](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md).
-
-## 6. Leituras Adicionais
+## 5. Leituras Adicionais
 
 Para informações mais detalhadas sobre segurança MCP, consulte a documentação oficial:
 - **[Segurança de Transporte MCP](https://modelcontextprotocol.io/docs/concepts/transports#security-considerations)**

docs/pt-BR/security.mdx

@@ -1,22 +0,0 @@
----
-title: Política de Segurança
-description: Saiba como reportar vulnerabilidades de segurança e sobre as práticas de segurança do CrewAI.
-icon: shield
-mode: "wide"
----
-
-## Reportando Vulnerabilidades de Segurança
-
-Se você descobrir uma vulnerabilidade de segurança no CrewAI, por favor reporte de forma responsável através do nosso Programa de Divulgação de Vulnerabilidades (VDP) no Bugcrowd:
-
-**Envie relatórios para:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
-
-<Warning>
-**Não** divulgue vulnerabilidades por meio de issues públicas no GitHub, pull requests ou redes sociais. Relatórios enviados por outros canais que não o Bugcrowd não serão analisados.
-</Warning>
-
-Para mais detalhes, consulte nossa [Política de Segurança no GitHub](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md).
-
-## Recursos de Segurança
-
-- **[Considerações de Segurança MCP](/mcp/security)** — Melhores práticas para integrar servidores MCP com segurança aos seus agentes CrewAI, incluindo segurança de transporte, riscos de injeção de prompt e conselhos de implementação de servidor.

lib/crewai-files/src/crewai_files/__init__.py

@@ -152,4 +152,4 @@ __all__ = [
     "wrap_file_source",
 ]
 
-__version__ = "1.12.2"
+__version__ = "1.12.1"

lib/crewai-tools/pyproject.toml

@@ -11,7 +11,7 @@ dependencies = [
     "pytube~=15.0.0",
     "requests~=2.32.5",
     "docker~=7.1.0",
-    "crewai==1.12.2",
+    "crewai==1.12.1",
     "tiktoken~=0.8.0",
     "beautifulsoup4~=4.13.4",
     "python-docx~=1.2.0",

lib/crewai-tools/src/crewai_tools/__init__.py

@@ -309,4 +309,4 @@ __all__ = [
     "ZapierActionTools",
 ]
 
-__version__ = "1.12.2"
+__version__ = "1.12.1"

lib/crewai/pyproject.toml

@@ -54,7 +54,7 @@ Repository = "https://github.com/crewAIInc/crewAI"
 
 [project.optional-dependencies]
 tools = [
-    "crewai-tools==1.12.2",
+    "crewai-tools==1.12.1",
 ]
 embeddings = [
     "tiktoken~=0.8.0"

lib/crewai/src/crewai/__init__.py

@@ -42,7 +42,7 @@ def _suppress_pydantic_deprecation_warnings() -> None:
 
 _suppress_pydantic_deprecation_warnings()
 
-__version__ = "1.12.2"
+__version__ = "1.12.1"
 _telemetry_submitted = False
 
 

lib/crewai/src/crewai/cli/templates/crew/pyproject.toml

@@ -5,7 +5,7 @@ description = "{{name}} using crewAI"
 authors = [{ name = "Your Name", email = "you@example.com" }]
 requires-python = ">=3.10,<3.14"
 dependencies = [
-    "crewai[tools]==1.12.2"
+    "crewai[tools]==1.12.1"
 ]
 
 [project.scripts]

lib/crewai/src/crewai/cli/templates/flow/pyproject.toml

@@ -5,7 +5,7 @@ description = "{{name}} using crewAI"
 authors = [{ name = "Your Name", email = "you@example.com" }]
 requires-python = ">=3.10,<3.14"
 dependencies = [
-    "crewai[tools]==1.12.2"
+    "crewai[tools]==1.12.1"
 ]
 
 [project.scripts]

lib/crewai/src/crewai/cli/templates/tool/pyproject.toml

@@ -5,7 +5,7 @@ description = "Power up your crews with {{folder_name}}"
 readme = "README.md"
 requires-python = ">=3.10,<3.14"
 dependencies = [
-    "crewai[tools]==1.12.2"
+    "crewai[tools]==1.12.1"
 ]
 
 [tool.crewai]

lib/crewai/src/crewai/flow/flow.py

@@ -883,9 +883,7 @@ class Flow(Generic[T], metaclass=FlowMeta):
         self.human_feedback_history: list[HumanFeedbackResult] = []
         self.last_human_feedback: HumanFeedbackResult | None = None
         self._pending_feedback_context: PendingFeedbackContext | None = None
-        # Per-method stash for real @human_feedback output (keyed by method name)
-        # Used to decouple routing outcome from method return value when emit is set
-        self._human_feedback_method_outputs: dict[str, Any] = {}
+        self._human_feedback_method_output: Any = None  # Stashed real output from @human_feedback with emit
         self.suppress_flow_events: bool = suppress_flow_events
 
         # User input history (for self.ask())
@@ -2297,12 +2295,10 @@ class Flow(Generic[T], metaclass=FlowMeta):
             # For @human_feedback methods with emit, the result is the collapsed outcome
             # (e.g., "approved") used for routing. But we want the actual method output
             # to be the stored result (for final flow output). Replace the last entry
-            # if a stashed output exists. Dict-based stash is concurrency-safe and
-            # handles None return values (presence in dict = stashed, not value).
-            if method_name in self._human_feedback_method_outputs:
-                self._method_outputs[-1] = self._human_feedback_method_outputs.pop(
-                    method_name
-                )
+            # if a stashed output exists.
+            if self._human_feedback_method_output is not None:
+                self._method_outputs[-1] = self._human_feedback_method_output
+                self._human_feedback_method_output = None
 
             self._method_execution_counts[method_name] = (
                 self._method_execution_counts.get(method_name, 0) + 1

lib/crewai/src/crewai/flow/human_feedback.py

@@ -594,9 +594,8 @@ def human_feedback(
                 # Stash the real method output for final flow result when emit is set
                 # (result is the collapsed outcome string for routing, but we want to
                 # preserve the actual method output as the flow's final result)
-                # Uses per-method dict for concurrency safety and to handle None returns
                 if emit:
-                    self._human_feedback_method_outputs[func.__name__] = method_output
+                    self._human_feedback_method_output = method_output
 
                 return result
 
@@ -625,9 +624,8 @@ def human_feedback(
                 # Stash the real method output for final flow result when emit is set
                 # (result is the collapsed outcome string for routing, but we want to
                 # preserve the actual method output as the flow's final result)
-                # Uses per-method dict for concurrency safety and to handle None returns
                 if emit:
-                    self._human_feedback_method_outputs[func.__name__] = method_output
+                    self._human_feedback_method_output = method_output
 
                 return result
 

lib/crewai/tests/test_human_feedback_decorator.py

@@ -726,31 +726,3 @@ class TestHumanFeedbackFinalOutputPreservation:
         # _method_outputs should contain the real output
         assert len(flow._method_outputs) == 1
         assert flow._method_outputs[0] == {"data": "real output"}
-
-    @patch("builtins.input", return_value="looks good")
-    @patch("builtins.print")
-    def test_none_return_value_is_preserved(self, mock_print, mock_input):
-        """A method returning None should preserve None as flow output, not the outcome string."""
-
-        class NoneReturnFlow(Flow):
-            @start()
-            @human_feedback(
-                message="Review:",
-                emit=["approved", "rejected"],
-                llm="gpt-4o-mini",
-            )
-            def process(self):
-                # Method does work but returns None (implicit)
-                pass
-
-        flow = NoneReturnFlow()
-
-        with (
-            patch.object(flow, "_request_human_feedback", return_value=""),
-            patch.object(flow, "_collapse_to_outcome", return_value="approved"),
-        ):
-            result = flow.kickoff()
-
-        # Final output should be None (the method's real return), not "approved"
-        assert result is None, f"Expected None, got {result!r}"
-        assert flow.last_human_feedback.outcome == "approved"

lib/devtools/src/crewai_devtools/__init__.py

@@ -1,3 +1,3 @@
 """CrewAI development tools."""
 
-__version__ = "1.12.2"
+__version__ = "1.12.1"