release: 2.4.0-rc1

[stainless-app]

Automated Release PR

2.4.0-rc1 (2026-01-12)

Full Changelog: v2.3.3-rc1...v2.4.0-rc1

Features

• api: manual updates (26cd543)
• api: manual updates (f95b625)

Bug Fixes

• types: allow pyright to infer TypedDict types within SequenceNotStr (d1f6535)
• use async_to_httpx_files in patch method (a6fbc3c)

Chores

• add missing docstrings (a3c938c)
• docs: use environment variables for authentication in code snippets (534af15)
• internal: add --fix argument to lint script (4b3b067)
• internal: add missing files argument to base client (9672ca2)
• internal: codegen related update (ddab89d)
• speedup initial import (4ae973c)
• update lockfile (abd7b3d)

Documentation

• prominently feature MCP server setup in root SDK readmes (8ed50d2)

---

This pull request is managed by Stainless's GitHub App.

The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.

For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.

🔗 Stainless website
📚 Read the docs
🙋 Reach out for help or questions

[pullrequest]

HackerOne Code Security Review

🟢 Scan Complete: ✔️ No issues detected
🟢 Validation Complete: The engineer who manually reviewed the code found one or more things that may need attention.
🟠 Issue(s) Resolved: 0 / 2

*We want to surface issues only when necessary and actionable. If we didn't get something right, or if there's more context we should take into account, reply to the comment so we'll know for the future.

Here's how the code changes were interpreted and info about the tools used for scanning.

🧰 Analysis tools

• [ ✅ ] HackerOne AI Code Analysis
• [ ✅ ] HackerOne AI Code Validation
• [ ✅ ] semgrep
• [ ✅ ] rubocop
• [ ✅ ] bandit

⏱️ Latest scan covered changes up to commit 975f9e0 (latest)

[pullrequest]

✅ Graham C reviewed all the included code changes and associated automation findings and determined that there were no immediately actionable security flaws. Note that they will continue to be notified of any new commits or comments and follow up as needed throughout the duration of this pull request's lifecycle.

Graham C

---

Reviewed with ❤️ by PullRequest

[pullrequest]

Graham C has submitted feedback.

Graham C

---

Reviewed with ❤️ by PullRequest

[pullrequest]

The url field accepts any string without validation, creating a potential Server-Side Request Forgery (SSRF) vulnerability. This field can contain external URLs or base64-encoded data URIs. Without validation, an attacker could provide URLs to internal services (like http://localhost:6379 or cloud metadata endpoints at http://169.254.169.254/) that the server can access but external users cannot.

According to the OWASP Input Validation Cheat Sheet, URL inputs should validate: allowed protocols (typically only https:// for external URLs), that destinations are not private IP ranges or localhost, and maximum string length. For base64 data URIs, validate the decoded size to prevent memory exhaustion.

Remediation:

Add validation in the API handler before processing URLs:

• Parse and verify scheme is https (or data for base64)
• For https URLs, block localhost, private IPs (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8)
• Enforce max length (e.g., 10KB for URLs, 10MB for data URIs)
• For data URIs, validate MIME type and decoded size

References:

• https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html
• https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
  

🔸 Vulnerability (Warning)

Graham C

[pullrequest]

The graph_ids field accepts a list of strings without maximum length validation on either array size or individual elements. An attacker could provide an extremely large array or very long ID strings, leading to memory exhaustion and denial of service. When processing queries against specified graphs, this could also cause database performance issues.

The OWASP Input Validation Cheat Sheet states that array inputs must have maximum length validation to prevent resource exhaustion. Without bounds, attackers can force excessive memory allocation, iterate over unreasonable item counts, or construct database queries with massive IN clauses. Note that the TypedDict version in src/writerai/types/shared_params/tool_param.py has the same issue.

Remediation:

Add Pydantic field validators:

from pydantic import field_validator

@field_validator('graph_ids')
@classmethod
def validate_graph_ids(cls, v):
    if len(v) > 50:
        raise ValueError('graph_ids cannot exceed 50 items')
    for graph_id in v:
        if len(graph_id) > 256:
            raise ValueError('individual graph_id cannot exceed 256 characters')
    return v

References:

• https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
• https://docs.pydantic.dev/latest/concepts/validators/
  

🔸 Vulnerability (Warning)

Graham C

[pullrequest]

PullRequest reviewed the updates made to #251 up until the latest commit (24004a4). No further issues were found.

Reviewed by:

Graham C

[pullrequest]

PullRequest reviewed the updates made to #251 up until the latest commit (4077eaa). No further issues were found.

Reviewed by:

Graham C

[stainless-app]

🤖 Release is at https://github.com/writer/writer-python/releases/tag/v2.4.0-rc1 🌻