andre/crewAI
1
0
Fork 0
mirror of https://github.com/crewAIInc/crewAI.git synced 2026-04-15 15:32:40 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity
Files
8d68d356225c7d43c7b6a8f2c805fa7b2f6b3f0a
crewAI/lib/crewai/tests
History
Devin AI 8d68d35622 fix: validate tool module imports in load_agent_from_repository to prevent RCE 
Add an allowlist of trusted module prefixes (crewai_tools., crewai.tools.) and
a BaseTool subclass check before dynamically importing and instantiating tool
classes from the repository API response.

Previously, tool['module'] and tool['name'] from the API were passed directly
to importlib.import_module() and getattr() without any validation, allowing
a compromised or MITM'd API to import arbitrary Python modules (e.g.
subprocess.Popen) and achieve Remote Code Execution.

Fixes #5446

Co-Authored-By: João <joao@crewai.com>
2026-04-14 07:33:22 +00:00
..
a2a
feat(a2ui): add A2UI extension with v0.8/v0.9 support, schemas, and docs
2026-04-02 04:46:07 +08:00
agents
chore: add deprecation decorator to LiteAgent
2026-04-14 00:51:11 +08:00
cassettes
test: re-record hierarchical verbose manager cassette
2026-04-11 02:35:00 +08:00
cli
feat: add deploy validation CLI and improve LLM initialization ergonomics
2026-04-12 16:00:46 +08:00
config
Release/v1.0.0 (#3618)
2025-10-20 14:10:19 -07:00
crew
feat: async crew support
2025-12-04 16:53:19 -05:00
events
feat: enrich LLM token tracking with reasoning tokens, cache creation tokens (#5389)
2026-04-10 00:22:27 -04:00
experimental
fix: ensure otel span is closed
2025-12-05 13:23:26 -05:00
hooks
fix: sanitize tool names in hook decorator filters
2026-04-08 21:02:25 +08:00
knowledge
refactor: replace InstanceOf[T] with plain type annotations
2026-03-31 08:11:21 +08:00
llms
feat: add deploy validation CLI and improve LLM initialization ergonomics
2026-04-12 16:00:46 +08:00
mcp
Addressing MCP tools resolutions & eliminates all shared mutable connection (#4792)
2026-03-10 14:00:40 -04:00
memory
fix: deflake MemoryRecord embedding serialization test
2026-04-11 02:01:23 +08:00
pipeline
chore: restructure test env, cassettes, and conftest; fix flaky tests
2025-11-29 16:55:24 -05:00
project
fix: hash callback args correctly to ensure caching works
2025-11-05 07:19:09 -05:00
rag
feat: runtime state checkpointing, event system, and executor refactor
2026-04-07 03:22:30 +08:00
security
Release/v1.0.0 (#3618)
2025-10-20 14:10:19 -07:00
skills
feat: agent skills
2026-03-24 19:03:35 +08:00
storage
New Unified Memory System (#4420)
2026-02-13 21:34:37 -03:00
task
feat: async task support (#4024)
2025-12-04 13:34:29 -08:00
telemetry
fix(telemetry): skip signal handler registration in non-main threads
2026-03-02 07:42:55 -05:00
tools
refactor: use shared I18N_DEFAULT singleton
2026-04-09 04:29:53 +08:00
tracing
perf: reduce framework overhead — lazy event bus, skip tracing when disabled (#5187)
2026-04-01 14:17:57 -03:00
utilities
fix: validate tool module imports in load_agent_from_repository to prevent RCE
2026-04-14 07:33:22 +00:00
__init__.py
Release/v1.0.0 (#3618)
2025-10-20 14:10:19 -07:00
test_agent_multimodal.py
Lorenze/feat/plan execute pattern (#4817)
2026-03-15 18:33:17 -07:00
test_async_human_feedback.py
refactor: convert Flow to Pydantic BaseModel
2026-04-01 03:48:41 +08:00
test_callback.py
refactor: replace Any-typed callback and model fields with serializable types
2026-03-20 15:18:50 -04:00
test_checkpoint.py
feat: checkpoint TUI with tree view, fork support, editable inputs/outputs
2026-04-10 21:24:49 +08:00
test_context.py
Lorenze/imp/native tool calling (#4258)
2026-01-22 17:44:03 -08:00
test_crew_multimodal.py
feat: native multimodal file handling; openai responses api
2026-01-23 15:13:25 -05:00
test_crew_thread_safety.py
Release/v1.0.0 (#3618)
2025-10-20 14:10:19 -07:00
test_crew.py
refactor: remove CodeInterpreterTool and deprecate code execution params (#5309)
2026-04-07 03:59:40 -03:00
test_custom_llm.py
feat: async llm support
2025-12-01 18:56:56 -05:00
test_event_record.py
feat: runtime state checkpointing, event system, and executor refactor
2026-04-07 03:22:30 +08:00
test_flow_ask.py
Implement user input handling in Flows (#4490)
2026-02-16 18:41:03 -03:00
test_flow_default_override.py
Release/v1.0.0 (#3618)
2025-10-20 14:10:19 -07:00
test_flow_human_input_integration.py
refactor: extract hitl to provider pattern
2026-02-04 15:40:22 -05:00
test_flow_multimodal.py
feat: native multimodal file handling; openai responses api
2026-01-23 15:13:25 -05:00
test_flow_persistence.py
Lorenze/enh decouple executor from crew (#4209)
2026-01-20 21:44:45 -08:00
test_flow_resumability_regression.py
Release/v1.0.0 (#3618)
2025-10-20 14:10:19 -07:00
test_flow_serializer.py
fix: use __router_paths__ for listener+router methods in FlowMeta (#5064)
2026-03-25 03:42:39 -03:00
test_flow_visualization.py
fix: ensure fuzzy returns are more strict, show type warning
2025-11-24 17:35:12 -05:00
test_flow.py
fix: add missing list/dict methods to LockedListProxy and LockedDictProxy
2026-03-09 09:38:35 -04:00
test_hallucination_guardrail.py
Release/v1.0.0 (#3618)
2025-10-20 14:10:19 -07:00
test_human_feedback_decorator.py
fix: preserve method return value as flow output for @human_feedback with emit (#5099)
2026-03-26 03:28:17 -03:00
test_human_feedback_integration.py
fix: preserve method return value as flow output for @human_feedback with emit (#5099)
2026-03-26 03:28:17 -03:00
test_imports.py
Release/v1.0.0 (#3618)
2025-10-20 14:10:19 -07:00
test_llm.py
feat: enrich LLM token tracking with reasoning tokens, cache creation tokens (#5389)
2026-04-10 00:22:27 -04:00
test_markdown_task.py
Release/v1.0.0 (#3618)
2025-10-20 14:10:19 -07:00
test_multimodal_validation.py
Release/v1.0.0 (#3618)
2025-10-20 14:10:19 -07:00
test_project.py
refactor: convert LLM classes to Pydantic BaseModel
2026-03-31 07:07:11 +08:00
test_streaming_integration.py
chore: restructure test env, cassettes, and conftest; fix flaky tests
2025-11-29 16:55:24 -05:00
test_streaming.py
feat: add aclose()/close() and async context manager to streaming outputs
2026-04-08 23:32:37 +08:00
test_task_guardrails.py
fix: resolve race condition in guardrail event emission test
2026-02-03 09:06:48 -05:00
test_task.py
fix: map output_pydantic/output_json to native structured output
2026-02-25 17:13:34 -05:00
utils.py
fix: add GPT-5 and o-series to multimodal vision prefixes (#5183)
2026-04-01 18:08:37 -03:00