microsoft · westey-m · Apr 29, 2026 · Apr 21, 2026 · Apr 21, 2026 · Apr 28, 2026
@@ -24,8 +24,8 @@
     <PackageVersion Include="Azure.AI.ContentSafety" Version="1.0.0" />
     <PackageVersion Include="Azure.AI.OpenAI" Version="2.9.0-beta.1" />
     <PackageVersion Include="Azure.AI.Projects" Version="2.0.0-beta.2" />
-    <PackageVersion Include="Azure.Identity" Version="1.19.0" />
-    <PackageVersion Include="Azure.Monitor.OpenTelemetry.Exporter" Version="1.5.0" />
+    <PackageVersion Include="Azure.Identity" Version="1.21.0" />
+    <PackageVersion Include="Azure.Monitor.OpenTelemetry.Exporter" Version="1.7.0" />
     <PackageVersion Include="Azure.Search.Documents" Version="11.7.0" />
     <PackageVersion Include="Community.OData.Linq" Version="2.1.0" />
     <PackageVersion Include="Dapr.Actors" Version="1.16.1" />
@@ -65,7 +65,7 @@
     <PackageVersion Include="Microsoft.Azure.Kusto.Data" Version="12.2.8" />
     <PackageVersion Include="Microsoft.Azure.WebJobs.Extensions.OpenApi" Version="1.5.1" />
     <PackageVersion Include="Microsoft.Azure.WebJobs.Extensions.Storage" Version="5.3.2" />
-    <PackageVersion Include="Microsoft.Bcl.AsyncInterfaces" Version="10.0.4" />
+    <PackageVersion Include="Microsoft.Bcl.AsyncInterfaces" Version="10.0.6" />
     <PackageVersion Include="Microsoft.Bcl.HashCode" Version="1.1.1" />
     <PackageVersion Include="Microsoft.Bcl.Memory" Version="10.0.4" />
     <PackageVersion Include="Microsoft.Bcl.Numerics" Version="10.0.2" />
@@ -92,38 +92,41 @@
     <PackageVersion Include="Npgsql" Version="8.0.7" />
     <PackageVersion Include="OData2Linq" Version="2.2.0" />
     <PackageVersion Include="OllamaSharp" Version="5.4.12" />
-    <PackageVersion Include="OpenAI" Version="2.9.1" />
-    <PackageVersion Include="OpenTelemetry.Exporter.Console" Version="1.14.0" />
-    <PackageVersion Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.14.0" />
-    <PackageVersion Include="OpenTelemetry.Extensions.Hosting" Version="1.14.0" />
-    <PackageVersion Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.14.0" />
-    <PackageVersion Include="OpenTelemetry.Instrumentation.Http" Version="1.14.0" />
-    <PackageVersion Include="OpenTelemetry.Instrumentation.Runtime" Version="1.14.0" />
+    <PackageVersion Include="OpenAI" Version="2.10.0" />
+    <PackageVersion Include="OpenTelemetry" Version="1.15.3" />
+    <PackageVersion Include="OpenTelemetry.Api" Version="1.15.3" />
+    <PackageVersion Include="OpenTelemetry.Api.ProviderBuilderExtensions" Version="1.15.3" />
+    <PackageVersion Include="OpenTelemetry.Exporter.Console" Version="1.15.3" />
+    <PackageVersion Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.15.3" />
+    <PackageVersion Include="OpenTelemetry.Extensions.Hosting" Version="1.15.3" />
+    <PackageVersion Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.15.2" />
+    <PackageVersion Include="OpenTelemetry.Instrumentation.Http" Version="1.15.1" />
+    <PackageVersion Include="OpenTelemetry.Instrumentation.Runtime" Version="1.15.1" />
     <PackageVersion Include="PdfPig" Version="0.1.13" />
     <PackageVersion Include="Pinecone.Client" Version="3.1.0" />
     <PackageVersion Include="Prompty.Core" Version="0.2.3-beta" />
-    <PackageVersion Include="Scriban" Version="6.6.0" />
+    <PackageVersion Include="Scriban" Version="7.1.0" />
     <PackageVersion Include="PuppeteerSharp" Version="20.2.5" />
     <PackageVersion Include="System.Diagnostics.DiagnosticSource" Version="10.0.2" />
     <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="8.15.0" />
     <PackageVersion Include="System.IO.Packaging" Version="10.0.2" />
     <PackageVersion Include="System.Linq.AsyncEnumerable" Version="10.0.4" />
     <PackageVersion Include="System.Memory.Data" Version="10.0.2" />
     <PackageVersion Include="System.Net.Http" Version="4.3.4" />
-    <PackageVersion Include="System.Numerics.Tensors" Version="10.0.4" />
-    <PackageVersion Include="System.Text.Json" Version="10.0.4" />
-    <PackageVersion Include="System.ValueTuple" Version="4.6.1" />
+    <PackageVersion Include="System.Numerics.Tensors" Version="10.0.6" />
+    <PackageVersion Include="System.Text.Json" Version="10.0.6" />
+    <PackageVersion Include="System.ValueTuple" Version="4.6.2" />
     <PackageVersion Include="System.Threading.Tasks.Extensions" Version="4.6.3" />
     <PackageVersion Include="A2A" Version="0.3.1-preview" />
     <PackageVersion Include="A2A.AspNetCore" Version="0.3.1-preview" />
     <PackageVersion Include="System.CommandLine" Version="2.0.0-beta4.22272.1" />
     <!-- Tokenizers -->
     <PackageVersion Include="Microsoft.ML.Tokenizers" Version="2.0.0" />
     <!-- Microsoft.Extensions.* -->
-    <PackageVersion Include="Microsoft.Extensions.AI" Version="10.4.0" />
-    <PackageVersion Include="Microsoft.Extensions.AI.Abstractions" Version="10.4.0" />
+    <PackageVersion Include="Microsoft.Extensions.AI" Version="10.5.0" />
+    <PackageVersion Include="Microsoft.Extensions.AI.Abstractions" Version="10.5.0" />
     <PackageVersion Include="Microsoft.Extensions.AI.AzureAIInference" Version="10.0.0-preview.1.25559.3" />
-    <PackageVersion Include="Microsoft.Extensions.AI.OpenAI" Version="10.4.0" />
+    <PackageVersion Include="Microsoft.Extensions.AI.OpenAI" Version="10.5.0" />
     <PackageVersion Include="Microsoft.Extensions.Configuration" Version="10.0.2" />
     <PackageVersion Include="Microsoft.Extensions.Configuration.Abstractions" Version="10.0.2" />
     <PackageVersion Include="Microsoft.Extensions.Configuration.Binder" Version="10.0.2" />
@@ -139,7 +142,7 @@
     <PackageVersion Include="Microsoft.Extensions.Http.Resilience" Version="10.2.0" />
     <PackageVersion Include="Microsoft.Extensions.ServiceDiscovery" Version="10.2.0" />
     <PackageVersion Include="Microsoft.Extensions.Logging" Version="10.0.2" />
-    <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.4" />
+    <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.6" />
     <PackageVersion Include="Microsoft.Extensions.Logging.Console" Version="10.0.2" />
     <PackageVersion Include="Microsoft.Extensions.Logging.Debug" Version="10.0.2" />
     <PackageVersion Include="Microsoft.Extensions.Options.DataAnnotations" Version="10.0.2" />
@@ -152,7 +155,7 @@
     <PackageVersion Include="Moq" Version="[4.18.4]" />
     <PackageVersion Include="FluentAssertions" Version="8.2.0" />
     <PackageVersion Include="System.Text.RegularExpressions" Version="4.3.1" />
-    <PackageVersion Include="System.Threading.Channels" Version="10.0.4" />
+    <PackageVersion Include="System.Threading.Channels" Version="10.0.6" />
     <PackageVersion Include="System.Threading.Tasks.Dataflow" Version="10.0.2" />
     <PackageVersion Include="xunit" Version="2.9.3" />
     <PackageVersion Include="xunit.abstractions" Version="2.0.3" />

@@ -3,74 +3,8 @@
     "path": "SK-dotnet.slnx",
     "projects":
     [
-      "src\\SemanticKernel.Abstractions\\SemanticKernel.Abstractions.csproj",
-      "src\\SemanticKernel.Core\\SemanticKernel.Core.csproj",
-      "src\\SemanticKernel.MetaPackage\\SemanticKernel.MetaPackage.csproj",
-
-      "src\\Agents\\A2A\\Agents.A2A.csproj",
-      "src\\Agents\\Abstractions\\Agents.Abstractions.csproj",
-      "src\\Agents\\AzureAI\\Agents.AzureAI.csproj",
-      "src\\Agents\\Bedrock\\Agents.Bedrock.csproj",
-      "src\\Agents\\Copilot\\Agents.CopilotStudio.csproj",
-      "src\\Agents\\Core\\Agents.Core.csproj",
-      "src\\Agents\\Magentic\\Agents.Magentic.csproj",
-      "src\\Agents\\OpenAI\\Agents.OpenAI.csproj",
-      "src\\Agents\\Orchestration\\Agents.Orchestration.csproj",
-      "src\\Agents\\Yaml\\Agents.Yaml.csproj",
-
-      "src\\Agents\\Runtime\\Abstractions\\Runtime.Abstractions.csproj",
-      "src\\Agents\\Runtime\\Core\\Runtime.Core.csproj",
-      "src\\Agents\\Runtime\\InProcess\\Runtime.InProcess.csproj",
-
-      "src\\Connectors\\Connectors.Amazon\\Connectors.Amazon.csproj",
-      "src\\Connectors\\Connectors.AzureAIInference\\Connectors.AzureAIInference.csproj",
-      "src\\Connectors\\Connectors.AzureOpenAI\\Connectors.AzureOpenAI.csproj",
-      "src\\Connectors\\Connectors.Google\\Connectors.Google.csproj",
-      "src\\Connectors\\Connectors.HuggingFace\\Connectors.HuggingFace.csproj",
-      "src\\Connectors\\Connectors.MistralAI\\Connectors.MistralAI.csproj",
-      "src\\Connectors\\Connectors.Ollama\\Connectors.Ollama.csproj",
-      "src\\Connectors\\Connectors.Onnx\\Connectors.Onnx.csproj",
-      "src\\Connectors\\Connectors.OpenAI\\Connectors.OpenAI.csproj",
-
-      "src\\VectorData\\AzureAISearch\\AzureAISearch.csproj",
-      "src\\VectorData\\Chroma\\Chroma.csproj",
-      "src\\VectorData\\CosmosMongoDB\\CosmosMongoDB.csproj",
-      "src\\VectorData\\CosmosNoSql\\CosmosNoSql.csproj",
-      "src\\VectorData\\InMemory\\InMemory.csproj",
-      "src\\VectorData\\Milvus\\Milvus.csproj",
-      "src\\VectorData\\MongoDB\\MongoDB.csproj",
-      "src\\VectorData\\PgVector\\PgVector.csproj",
-      "src\\VectorData\\Pinecone\\Pinecone.csproj",
-      "src\\VectorData\\Qdrant\\Qdrant.csproj",
       "src\\VectorData\\Redis\\Redis.csproj",
-      "src\\VectorData\\SqliteVec\\SqliteVec.csproj",
       "src\\VectorData\\SqlServer\\SqlServer.csproj",
-      "src\\VectorData\\VectorData.Abstractions\\VectorData.Abstractions.csproj",
-      "src\\VectorData\\Weaviate\\Weaviate.csproj",
-
-      "src\\Experimental\\Orchestration.Flow\\Experimental.Orchestration.Flow.csproj",
-
-      "src\\Experimental\\Process.Abstractions\\Process.Abstractions.csproj",
-      "src\\Experimental\\Process.Core\\Process.Core.csproj",
-      "src\\Experimental\\Process.LocalRuntime\\Process.LocalRuntime.csproj",
-      "src\\Experimental\\Process.Runtime.Dapr\\Process.Runtime.Dapr.csproj",
-
-      "src\\Functions\\Functions.Grpc\\Functions.Grpc.csproj",
-      "src\\Functions\\Functions.OpenApi.Extensions\\Functions.OpenApi.Extensions.csproj",
-      "src\\Functions\\Functions.OpenApi\\Functions.OpenApi.csproj",
-      "src\\Functions\\Functions.Prompty\\Functions.Prompty.csproj",
-      "src\\Functions\\Functions.Yaml\\Functions.Yaml.csproj",
-
-      "src\\Extensions\\PromptTemplates.Handlebars\\PromptTemplates.Handlebars.csproj",
-      "src\\Extensions\\PromptTemplates.Liquid\\PromptTemplates.Liquid.csproj",
-
-      "src\\Plugins\\Plugins.AI\\Plugins.AI.csproj",
-      "src\\Plugins\\Plugins.Core\\Plugins.Core.csproj",
-      "src\\Plugins\\Plugins.Document\\Plugins.Document.csproj",
-      "src\\Plugins\\Plugins.Memory\\Plugins.Memory.csproj",
-      "src\\Plugins\\Plugins.MsGraph\\Plugins.MsGraph.csproj",
-      "src\\Plugins\\Plugins.StructuredData.EntityFramework\\Plugins.StructuredData.EntityFramework.csproj",
-      "src\\Plugins\\Plugins.Web\\Plugins.Web.csproj"
     ]
   }
 }
@@ -1,7 +1,7 @@
 <Project>
   <PropertyGroup>
     <!-- Central version prefix - applies to all nuget packages. -->
-    <VersionPrefix>1.74.0</VersionPrefix>
+    <VersionPrefix>1.74.1</VersionPrefix>
     <PackageVersion Condition="'$(VersionSuffix)' != ''">$(VersionPrefix)-$(VersionSuffix)</PackageVersion>
     <PackageVersion Condition="'$(VersionSuffix)' == ''">$(VersionPrefix)</PackageVersion>
 

@@ -13,6 +13,10 @@
 
   <ItemGroup>
     <PackageReference Include="Azure.Identity" />
+    <PackageReference Include="OpenTelemetry" />
+    <PackageReference Include="OpenTelemetry.Api" />
+    <PackageReference Include="OpenTelemetry.Api.ProviderBuilderExtensions" />
+    <PackageReference Include="OpenTelemetry.Extensions.Hosting" />
     <PackageReference Include="Azure.Monitor.OpenTelemetry.Exporter" />
     <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" />
     <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" />

@@ -720,7 +720,7 @@ private static (Func<KernelFunction, Kernel, KernelArguments, CancellationToken,
                     return value;
                 }
 
-                if (converter is not null && value is not JsonElement or JsonDocument or JsonNode)
+                if (converter is not null && value is not JsonElement)
                 {
                     try
                     {

@@ -258,8 +258,8 @@ private void TranslateAny(Expression source, LambdaExpression lambda)
 
     private static string SanitizeStringConstant(string value)
 #if NET
-        => value.Replace("\"", "\\\"", StringComparison.Ordinal);
+        => value.Replace("\\", "\\\\", StringComparison.Ordinal).Replace("\"", "\\\"", StringComparison.Ordinal);
 #else
-        => value.Replace("\"", "\\\"");
+        => value.Replace("\\", "\\\\").Replace("\"", "\\\"");
 #endif
 }
@@ -31,7 +31,7 @@ internal static List<SqlCommand> CreateTable(
         if (ifNotExists)
         {
             sb.Append("IF OBJECT_ID(N'");
-            sb.AppendTableName(schema, tableName);
+            sb.AppendTableNameInsideLiteral(schema, tableName);
             sb.AppendLine("', N'U') IS NULL");
         }
         sb.AppendLine("BEGIN");
@@ -125,22 +125,22 @@ internal static List<SqlCommand> CreateTable(
             // Full-text indexes require a unique index (we use the primary key)
             sb.AppendLine("DECLARE @pkIndexName NVARCHAR(128);");
             sb.Append("SELECT @pkIndexName = name FROM sys.indexes WHERE object_id = OBJECT_ID(N'");
-            sb.AppendTableName(schema, tableName);
+            sb.AppendTableNameInsideLiteral(schema, tableName);
             sb.AppendLine("') AND is_primary_key = 1;");
 
             sb.AppendLine("DECLARE @ftSql NVARCHAR(MAX);");
             sb.Append("SET @ftSql = N'CREATE FULLTEXT INDEX ON ");
-            sb.AppendTableName(schema, tableName).Append(" (");
+            sb.AppendTableNameInsideLiteral(schema, tableName).Append(" (");
             for (int i = 0; i < fullTextProperties.Count; i++)
             {
-                sb.AppendIdentifier(fullTextProperties[i].StorageName);
+                sb.AppendIdentifierInsideLiteral(fullTextProperties[i].StorageName);
                 if (i < fullTextProperties.Count - 1)
                 {
                     sb.Append(',');
                 }
             }
             sb.Append(") KEY INDEX ' + QUOTENAME(@pkIndexName) + N' ON ");
-            sb.AppendIdentifier(catalogName).AppendLine("';");
+            sb.AppendIdentifierInsideLiteral(catalogName).AppendLine("';");
             sb.AppendLine("EXEC sp_executesql @ftSql;");
         }
 
@@ -864,6 +864,30 @@ internal static StringBuilder AppendIdentifier(this StringBuilder sb, string ide
         return sb;
     }
 
+    /// <summary>
+    /// Same as <see cref="AppendTableName"/>, but for use inside a SQL string literal (N'...'),
+    /// where single quotes must be escaped by doubling them.
+    /// </summary>
+    internal static StringBuilder AppendTableNameInsideLiteral(this StringBuilder sb, string? schema, string tableName)
+    {
+        int start = sb.Length;
+        sb.AppendTableName(schema, tableName);
+        sb.Replace("'", "''", start, sb.Length - start);
+        return sb;
+    }
+
+    /// <summary>
+    /// Same as <see cref="AppendIdentifier"/>, but for use inside a SQL string literal (N'...'),
+    /// where single quotes must be escaped by doubling them.
+    /// </summary>
+    internal static StringBuilder AppendIdentifierInsideLiteral(this StringBuilder sb, string identifier)
+    {
+        int start = sb.Length;
+        sb.AppendIdentifier(identifier);
+        sb.Replace("'", "''", start, sb.Length - start);
+        return sb;
+    }
+
     private static StringBuilder AppendIdentifiers(this StringBuilder sb,
         IEnumerable<PropertyModel> properties,
         string? prefix = null,

@@ -108,6 +108,58 @@ public void Equal_with_double_quote_in_value()
         Assert.Equal("""@Name:{"foo\"bar"}""", result);
     }
 
+    [Fact]
+    public void Equal_with_backslash_in_value()
+    {
+        var result = Translate<TestRecord>(r => r.Name == "foo\\bar");
+        Assert.Equal("""@Name:{"foo\\bar"}""", result);
+    }
+
+    [Fact]
+    public void Equal_with_single_backslash()
+    {
+        var result = Translate<TestRecord>(r => r.Name == "\\");
+        Assert.Equal("""@Name:{"\\"}""", result);
+    }
+
+    [Fact]
+    public void Equal_with_backslash_quote_injection_attempt()
+    {
+        // Input: \" which should NOT break out of the quoted string
+        var result = Translate<TestRecord>(r => r.Name == "\\\"");
+        Assert.Equal("""@Name:{"\\\""}""", result);
+    }
+
+    [Fact]
+    public void Equal_with_backslash_quote_wildcard_injection()
+    {
+        // The specific attack payload: \" | * | \"
+        var result = Translate<TestRecord>(r => r.Name == "\\\" | * | \\\"");
+        Assert.Equal("""@Name:{"\\\" | * | \\\""}""", result);
+    }
+
+    [Fact]
+    public void Contains_with_backslash_in_value()
+    {
+        var result = Translate<TestRecord>(r => r.Tags.Contains("foo\\bar"));
+        Assert.Equal("""@Tags:{"foo\\bar"}""", result);
+    }
+
+    [Fact]
+    public void Contains_with_backslash_quote_injection_attempt()
+    {
+        var result = Translate<TestRecord>(r => r.Tags.Contains("\\\""));
+        Assert.Equal("""@Tags:{"\\\""}""", result);
+    }
+
+    [Fact]
+    public void Any_with_backslash_in_values()
+    {
+        var values = new[] { "a\\b", "c\\d" };
+        var result = Translate<TestRecord>(r => r.Tags.Any(t => values.Contains(t)));
+        Assert.Equal("""@Tags:{"a\\b" | "c\\d"}""", result);
+    }
+
     private static string Translate<TRecord>(Expression<Func<TRecord, bool>> filter)
     {
         var model = BuildModel();
-Original file line number
+Diff line change
@@ Expand Up @@
                         return value;
                     }
-                    if (converter is not null && value is not JsonElement or JsonDocument or JsonNode)
+                    if (converter is not null && value is not JsonElement)
                     {
                         try
                         {
@@ Expand Down @@