Skip to content

docs: langflow 1.5 auto-login security doc #9057

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mendonk merged 11 commits into from
Jul 23, 2025
Merged

docs: langflow 1.5 auto-login security doc #9057

Changes from 2 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
9522276
langflow-auto-login-security-doc
mendonk Jul 15, 2025
a164129
trailing-space
mendonk Jul 15, 2025
dbde843
auto-not-auth
mendonk Jul 15, 2025
9bd7c3d
clarify-new-behavior
mendonk Jul 15, 2025
085626c
Merge branch 'main' into docs-security-notice-recommendation
aimurphy Jul 17, 2025
630350e
Merge branch 'main' into docs-security-notice-recommendation
mendonk Jul 22, 2025
22a94b2
env-var-default
mendonk Jul 22, 2025
7c9c22a
security-md-and-var-names
mendonk Jul 22, 2025
9d26a86
Apply suggestions from code review
mendonk Jul 23, 2025
c87d644
Update docs/docs/Configuration/environment-variables.mdx
mendonk Jul 23, 2025
04f7887
Update docs/docs/Configuration/configuration-authentication.mdx
mendonk Jul 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,3 +49,12 @@ Langflow allows users to define and run **custom code components** through endpo
This means an attacker could send malicious code to the endpoint and have it executed on the server—leading to full system compromise, including data theft, remote shell access, or lateral movement within the network.

To address, upgrade to >= 1.3.0.

### No API key required if running Langflow with `LANGFLOW_AUTH_LOGIN=true` (fixed in 1.5.0)

In Langflow versions earlier than 1.5.0, if `LANGFLOW_AUTO_LOGIN` is set to `true`, Langflow automatically logs users in as a superuser without requiring authentication.
In this case, API requests don't require a Langflow API key.

To address, upgrade to >= 1.5.0.

For more information, see [Authentication](https://docs.langflow.org/configuration-authentication).
Loading