Verify Docker Image Signature
All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.
Verify using the pinned commit hash (recommended):
A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:
cosign verify \
--key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \
ghcr.io/berriai/litellm:v1.83.7.rc.1Verify using the release tag (convenience):
Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:
cosign verify \
--key https://raw.githubusercontent.com/BerriAI/litellm/v1.83.7.rc.1/cosign.pub \
ghcr.io/berriai/litellm:v1.83.7.rc.1Expected output:
The following checks were performed on each of these signatures:
- The cosign claims were validated
- The signatures were verified against the specified public key
⚠️ Breaking Changes
Prometheus default latency histogram buckets reduced (#25527)
The default LATENCY_BUCKETS has been reduced from 35 to 18 boundaries. If you have existing Prometheus dashboards or PromQL SLO queries that reference specific le values (e.g. le="1.5", le="9.5"), those series will no longer exist after upgrading. Review and update any affected queries or dashboard panels.
What's Changed
- fix(proxy): improve input validation on management endpoints by @jaydns in #25445
- fix(proxy): use parameterized query for combined_view token lookup by @jaydns in #25467
- [Fix] Harden file path resolution in skill archive extraction by @yuneng-berri in #25475
- merge main by @Sameerlite in #25524
- [Fix] Align v1 guardrail and agent list responses with v2 field handling by @yuneng-berri in #25478
- [Fix] Flush Tremor Tooltip timers in user_edit_view tests by @yuneng-berri in #25480
- [Infra] Merge Dev Branch with Main by @yuneng-berri in #25526
- docs: document april townhall announcements by @krrish-berri-2 in #25537
- feat(anthropic): support advisor_20260301 tool type by @ishaan-berri in #25525
- fix: a2a create a2a client default 60 second timeout by @milan-berri in #25514
- fix(websearch_interception): ensure spend/cost logging runs when stream=True by @Sameerlite in #25424
- fix(responses): map refusal stop_reason to incomplete status in streaming by @Sameerlite in #25498
- feat(guardrails): optional skip system message in unified guardrail inputs by @Sameerlite in #25481
- feat(bedrock): skip dummy user continue for assistant prefix prefill by @Sameerlite in #25419
- feat(containers): Azure routing, managed container IDs, delete response parsing by @Sameerlite in #25287
- fix(logging): preserve proxy key-auth metadata on /v1/messages Langfuse traces by @michelligabriele in #25448
- Reduce default latency histogram bucket cardinality by @J-Byron in #25527
- fix(s3): add retry with exponential backoff for transient S3 503/500 errors by @jimmychen-p72 in #25530
- fix(proxy): preserve dict guardrail HTTPException.detail + bedrock context by @michelligabriele in #25558
- Add "Screenshots / Proof of Fix" section to PR template by @krrish-berri-2 in #25564
- fix(spend): session-TZ-independent date filtering for spend/error log queries by @ryan-crabbe-berri in #25542
- [Fix] Align Org and Team Endpoint Permission Checks by @yuneng-berri in #25554
- Litellm ishaan april10 by @ishaan-berri in #25545
- Add file content streaming support for OpenAI and related utilities by @harish876 in #25450
- [Infra] Merge dev with main by @yuneng-berri in #25568
- Litellm harish april11 by @ishaan-berri in #25569
- [Infra] Build UI for release by @yuneng-berri in #25571
- added applyguardrail to inline iam by @shivamrawat1 in #25241
- Team member permission /spend/logs for team-wide spend logs (UI + RBAC) by @shivamrawat1 in #25458
- [Infra] Rebuild UI by @yuneng-berri in #25573
- fix(proxy): pass-through multipart uploads and Bedrock JSON body by @shivamrawat1 in #25464
- Litellm internal staging 04 11 2026 by @krrish-berri-2 in #25562
- [Infra] Rebuild UI by @yuneng-berri in #25577
- bump: version 1.83.6 → 1.83.7 by @yuneng-berri in #25578
New Contributors
- @jimmychen-p72 made their first contribution in #25530
Full Changelog: v1.83.6-nightly...v1.83.7.rc.1