Apr 17, 2026·1 min readAgent Frameworks & Tools

LangChain Core 1.3.0 released with tracing and SSRF fixes

`langchain-core==1.3.0` is out, bringing chat model invocation param tracing, SSRF policy hardening, reduced streaming metadata overhead, and reference-counted run trees for better memory management.

GitHub: langchain-ai/langchain·github-actions[bot]

Read at source

Composite

4.6

out of 10

Novelty · 25%

Novelty

Impact · 35%

Impact

Credibility · 20%

Credibility

Depth · 20%

Depth

Weights applied. How scores work ↗

Why it matters

Upgrade to `langchain-core==1.3.0` to gain richer LLM tracing metadata, fix potential SSRF security gaps, and benefit from memory-safe run tree handling — especially important for long-running agentic pipelines.

01Released as `langchain-core==1.3.0`, succeeding `1.2.31` after three alpha versions (`1.3.0a1`, `1.3.0a2`, `1.3.0a3`).
02Chat model and LLM invocation parameters are now included in traceable metadata for improved observability (PR #36771).
03Two PRs hardened private SSRF utilities in `core`; a separate fix restores cloud metadata IPs and link-local address ranges to the SSRF policy (PRs #36816, #36768).

Summary— our read of the original

`langchain-core==1.3.0` is the stable release following three alpha versions (`1.3.0a1`, `1.3.0a2`, `1.3.0a3`), and it introduces a meaningful set of fixes and enhancements over `1.2.31`. The headline feature is the addition of chat model and LLM invocation parameters to traceable metadata, giving developers richer observability into how models were called during traced runs. On the reliability side, two separate PRs hardened SSRF (Server-Side Request Forgery) utilities in `core`, and a dedicated fix restores cloud metadata IPs and link-local address ranges that had been inadvertently dropped from the SSRF policy.\n\nMemory management also received attention: a fix introduces reference counting for storing inherited run trees, which now properly supports garbage collection and prevents memory leaks in long-running agentic workflows. Streaming performance was improved by reducing the amount of metadata emitted during streaming, with `checkpoint_ns` behavior preserved for backwards compatibility. A bug fix for the OpenAI integration handles content blocks that are missing a `type` key during responses API conversion. The release also bumps `pytest` to `9.0.3` across the core library.

Key facts

01Released as `langchain-core==1.3.0`, succeeding `1.2.31` after three alpha versions (`1.3.0a1`, `1.3.0a2`, `1.3.0a3`).
02Chat model and LLM invocation parameters are now included in traceable metadata for improved observability (PR #36771).
03Two PRs hardened private SSRF utilities in `core`; a separate fix restores cloud metadata IPs and link-local address ranges to the SSRF policy (PRs #36816, #36768).
04Reference counting was introduced for storing inherited run trees to enable proper garbage collection (PR #36660).
05Streaming metadata overhead was reduced for performance improvements, with `checkpoint_ns` behavior kept for backwards compatibility (PRs #36588, #36828).
06A bug fix handles OpenAI responses API content blocks that are missing a `type` key (PR #36725).
07The `pytest` dependency was bumped to `9.0.3` (PRs #36801, #36719).

Topics

#agent-framework #open-source #langchain

Score breakdown

Key facts

Topics