Note
Two things to be aware of about the non-root image in this release:
- Dockerfile build patch. The non-root Dockerfile failed to build at the v1.86.0 tag, and a patch was applied to produce
ghcr.io/berriai/litellm-non_root:v1.86.0. The non-root image was built from commita13cd212c82f00d73456a375dd0d89cef85244a8. - No cosign attestation. The non-root image was published without a cosign signature. If you run
cosign verifyon images before deploying, this image will not pass verification and you will not be able to upgrade to it.
The ghcr.io/berriai/litellm:v1.86.0 and ghcr.io/berriai/litellm-database:v1.86.0 images are signed normally. v1.86.1 ships early next week with signed builds of all three images.
Verify Docker Image Signature
All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.
Verify using the pinned commit hash (recommended):
A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:
cosign verify \
--key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \
ghcr.io/berriai/litellm:v1.86.0Verify using the release tag (convenience):
Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:
cosign verify \
--key https://raw.githubusercontent.com/BerriAI/litellm/v1.86.0/cosign.pub \
ghcr.io/berriai/litellm:v1.86.0Expected output:
The following checks were performed on each of these signatures:
- The cosign claims were validated
- The signatures were verified against the specified public key
What's Changed
- fix: tighten budget field validation and authorization checks by @krrish-berri-2 in #27897
- fix(guardrails): improve CrowdStrike AIDR input handling by @kenany in #26658
- feat(lasso): add tool-calling support to LassoGuardrail by @vladpolevoi in #27648
- perf: optimize chat completions fast path by @yassin-berriai in #27858
- ci(mutmut): enable mutate_only_covered_lines to fit in CI budget by @ryan-crabbe-berri in #27910
- fix(rate-limit): stop v3 limiter from leaking internal stash to provider body by @mateo-berri in #27913
- fix: allow for allowlisted redirect URIs by @dennishenry in #27761
- Emit native web_search_tool_result blocks for Anthropic clients (Claude Desktop / Cowork citations) by @ishaan-berri in #27886
- test(vcr): classify cache verdicts, surface cost leaks, and fix the two biggest leakers by @mateo-berri in #27795
- chore(ci): remove unused GitHub Actions workflows and orphan files by @yuneng-berri in #27957
- test(ui): preserve global Button/Tooltip mocks in per-file @tremor/react vi.mock by @yuneng-berri in #27958
- fix(mcp): expose delegate_auth_to_upstream in MCP server list API by @Sameerlite in #27936
- feat(proxy): fix vector store retrieve/list/update/delete without model by @Sameerlite in #27929
- fix(managed_batches): convert raw output_file_id to managed ID in CheckBatchCost poller by @Sameerlite in #27984
- fix(vertex-ai): fix zero cost/usage on completed Vertex AI batch jobs by @Sameerlite in #27912
- ci: use --cov=./litellm so coverage paths resolve unambiguously in Codecov by @yuneng-berri in #27960
- fix(mcp): delegate PKCE bypass for internal MCP servers by @Sameerlite in #27977
- Feat: Add Weighted-Routing Failover by @Sameerlite in #27980
- fix(bedrock-mantle): use /anthropic/v1/messages path for Mantle endpo… by @ishaan-berri in #27976
- fix(utils): import get_secret at runtime by @Sameerlite in #28014
- chore(ci): modernize model references in tests and configs by @mateo-berri in #27856
- fix(proxy): make /config/update env-var encryption idempotent by @yuneng-berri in #28022
- feat: support OTEL GenAI semconv by @Michael-RZ-Berri in #27418
- test(proxy): isolate run_server CLI tests from prisma DB-setup path by @yuneng-berri in #28029
- test(interactions): validate response fields against Interaction schema by @yuneng-berri in #28037
- test(gemini): de-flake test_gemini_image_size_limit_exceeded by @yuneng-berri in #28039
- feat: componentize gateway, ui-backend, and ui as separate services by @yassin-berriai in #27557
- test(ci): add reasoning_effort grid e2e regression suite by @mateo-berri in #28036
- fix(ci): flag codecov uploads, enable carryforward, close coverage gaps by @yuneng-berri in #28028
- feat(otel): OTel-standard attributes on the proxy SERVER span (status code, route/path, preprocessing latency) by @ryan-crabbe-berri in #28040
- build(deps): pin openai==2.33.0 in uv.lock by @yuneng-berri in #28088
- feat(model_catalog): add Azure AI Foundry GPT-5.4 model metadata by @shivamrawat1 in #28030
- feat(otel): set http.response.status_code on the success SERVER span by @ryan-crabbe-berri in #28090
- [IInfra] Build UI by @yuneng-berri in #28095
- fix(proxy): sort BYOK models by their displayed name in /v2/model/info by @shivamrawat1 in #28079
- feat(terraform): add AWS ECS + GCP Cloud Run stacks for componentized gateway by @yassin-berriai in #27673
- fix(mcp-oauth): PROXY_BASE_URL escape hatch + diagnostic logging for {"detail":"invalid_request"} by @mateo-berri in #28086
- [Infra] Bump versions by @yuneng-berri in #28094
- [Infra] Promote internal staging to main by @yuneng-berri in #28100
New Contributors
- @vladpolevoi made their first contribution in #27648
Full Changelog: v1.85.0...v1.86.0