LoginSign Up
← Back to all sparks
F

Flowise

AI-ASSISTANTS
Velocity0.0

Open-source low-code tool to build LLM apps and AI agents visually.

flowiseai.com

AgentFlow SDK and a LangChain v1 migration, under a sustained wave of security hardening

low-code-aiagentflowlangchain-v1security-hardeningmcpmulti-package-release
Current state
Flowise is mid-transition on two fronts. v3.1.0 migrated the core to LangChain v1, added reasoning support, and shipped the first @flowiseai/agentflow SDK while flipping HTTP/SSRF security checks on by default as a breaking change. Since then, releases have been dominated by security fixes — CORS, mass-assignment, IDOR, and credential-leak patches, many from Workday-affiliated contributors — interleaved with AgentFlow editor work and new MCP integrations (Pipedream, Browserless).
Where it's heading
The center of gravity is the new AgentFlow SDK, which is steadily gaining inputs, variable/state handling, and editor parity with the legacy UI across the 3.1.x line. In parallel, a concentrated security-hardening campaign — most patches authored by @*-workday accounts — is draining a large backlog of access-control and injection issues, consistent with an enterprise-grade audit in progress.
Prediction
Expect AgentFlow to keep approaching feature parity and eventually become the default authoring canvas, with the security backlog continuing to drain across 3.1.x patch releases. New MCP and provider integrations will keep landing opportunistically.

Recent moves

  1. 1mo ago

    v3.1.2: security fixes, AgentFlow variables, MCP integrations

    A patch heavy on security remediation (CORS wildcard, mass-assignment, IDOR, credential-leak, cross-workspace disclosure) alongside real features — Pipedream and Browserless MCP support, an AgentFlow variable system, and a ChatOllama reasoning toggle. Continues the dual security-plus-AgentFlow cadence.

    View source ↗
  2. 1mo ago

    flowise-ui 3.1.2 package release

    The UI-package counterpart of the 3.1.2 release; packaging only.

    View source ↗
  3. 1mo ago

    flowise-components 3.1.2 package release

    A component-package release marker tied to the 3.1.2 cut; no standalone changes.

    View source ↗
  4. 2mo ago

    v3.1.1: AgentFlow editor and model updates

    Incremental AgentFlow work — a rich-text content editor, ConditionAgent scenarios with dynamic output ports, API-client deduplication — plus refreshed model support (GPT-5.4 mini/nano, zai-glm-4.7). Steady progress filling out the new canvas.

    View source ↗
  5. 2mo ago

    v3.1.0: LangChain v1, AgentFlow SDK, SSRF defaults on

    ⚡ SPARK

    The pivot release: a LangChain v1 migration, reasoning support, the first @flowiseai/agentflow SDK, and HTTP security checks (SSRF deny list) enabled by default as a breaking change. Sets the architectural direction for the entire 3.1.x line.

    View source ↗
  6. 2mo ago

    flowise-ui 3.1.0 minor cleanup

    A small UI-package change removing a redundant model check during image processing; no user-visible effect.

    View source ↗