fix: reject bool values in ConnectionConfig int validators (Fixes #2076)#2077
Merged
dirkkul merged 1 commit intoJun 24, 2026
Merged
Conversation
Python's bool is a subclass of int, so isinstance(True, int) returns True. This allowed True/False to pass validation for session pool settings (connections, maxsize, retries, timeout). Add 'and not isinstance(x, bool)' guard to all four validators in ConnectionConfig.__post_init__ and to the check_number() helper in util.py. Fixes weaviate#2076 Signed-off-by: rtmalikian <rtmalikian@gmail.com>
![orca-security-eu[bot]](https://avatars.githubusercontent.com/in/276244?s=60&v=4){kind=small}
There was a problem hiding this comment.
Orca Security Scan Summary
| Status | Check | Issues by priority | |
|---|---|---|---|
 Passed |
Infrastructure as Code |  0  0  0  0 |
View in Orca |
| Passed |
SAST | 0 0 0 0 |
View in Orca |
| Passed |
Secrets | 0 0 0 0 |
View in Orca |
| Passed |
Vulnerabilities | 0 0 0 0 |
View in Orca |
|
To avoid any confusion in the future about your contribution to Weaviate, we work with a Contributor License Agreement. If you agree, you can simply add a comment to this PR that you agree with the CLA so that we can merge. |
Contributor
Author
|
I agree with the CLA. Thank you! |
dirkkul
approved these changes
Jun 24, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #2076
Problem
In
weaviate/config.py, theConnectionConfig.__post_init__method validates thatsession_pool_connections,session_pool_maxsize,session_pool_max_retries, andsession_pool_timeoutareinttypes usingisinstance(x, int).Since
boolis a subclass ofintin Python,isinstance(True, int)returnsTrue. This meansTrueandFalsesilently pass validation for these fields:The same pattern exists in
weaviate/util.py'scheck_number()helper function.Solution
Add
and not isinstance(x, bool)guard to all four validators inConnectionConfig.__post_init__and to thecheck_number()helper inutil.py.Verification
Changelog
Files Changed
or isinstance(x, bool)to all 4 int validatorscheck_number()helperAbout the Author: Raphael Malikian — Clinical AI Solutions Architect. I specialise in building and fixing AI/ML systems for healthcare, including vector databases, RAG pipelines, and clinical NLP. If you need help with your project or think I can add value to your organisation, feel free to reach out — I'd love to connect.
📧 rtmalikian@gmail.com
🔗 GitHub: https://github.com/rtmalikian
🔗 LinkedIn: http://www.linkedin.com/in/raphael-t-malikian-mbbs-bsc-hons-71075436a
Disclosure: This code was developed with assistance from mimo-v2.5-pro (Xiaomi) via Hermes Agent (Nous Research). All changes were reviewed, tested against the actual codebase, and verified for correctness.