Verify Docker Image Signature
All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.
Verify using the pinned commit hash (recommended):
A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:
cosign verify \
--key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \
ghcr.io/berriai/litellm:v1.87.0-dev.1Verify using the release tag (convenience):
Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:
cosign verify \
--key https://raw.githubusercontent.com/BerriAI/litellm/v1.87.0-dev.1/cosign.pub \
ghcr.io/berriai/litellm:v1.87.0-dev.1Expected output:
The following checks were performed on each of these signatures:
- The cosign claims were validated
- The signatures were verified against the specified public key
What's Changed
- fix(proxy): gate team allowed_passthrough_routes to proxy admins by @ryan-crabbe-berri in #28097
- fix(tests): stabilize image-edit VCR cassettes to stop live gpt-image-1 spend by @mateo-berri in #28110
- fix(bedrock/cohere): send embedding_types as JSON array, not string by @ishaan-berri in #28172
- fix(tests): migrate realtime + rerank tests off shut-down upstream models by @yuneng-berri in #28191
- fix(caching): replay openai/responses bridge cache hits as chat streams by @Sameerlite in #28158
- Litellm oss staging by @Sameerlite in #28161
- feat(prometheus): add user_email and user_alias to user budget metrics by @Sameerlite in #28155
- test(callbacks): harden flaky proxy callback-leak detector by @yuneng-berri in #28195
- fix(bedrock): sanitize batch metadata to prevent Pydantic ValidationError by @mateo-berri in #28202
- fix(deepseek): use native /anthropic/v1/messages endpoint and sanitize tools by @mateo-berri in #28200
- feat(ui): add Interactions API endpoint to playground with SSE streaming by @Sameerlite in #28156
- fix(proxy): decode bytes and pass-through SSE for Google-native streamGenerateContent (#27444) by @Sameerlite in #28213
- refactor(bedrock/sagemaker): switch to lazy loading for response stre… by @harish-berri in #28189
- [Refactor] UI - Spend Logs: consolidate filter state and extract components by @ryan-crabbe-berri in #25847
- fix(tests): replace shut-down gpt-4o-audio-preview with gpt-audio-1.5 by @yuneng-berri in #28281
- chore(ci): bump versions by @yuneng-berri in #28287
- feat: propagate team_id and team_alias to all child OTEL spans by @yassin-berriai in #28273
- Day 0 support : Gemini 3.5 Flash by @Sameerlite in #28268
- Gemini managed agents support by @Sameerlite in #28270
- chore(ci): promote internal staging to main by @yuneng-berri in #28292
Full Changelog: v1.86.0-rc.1...v1.87.0-dev.1