Verify Docker Image Signature
All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.
Verify using the pinned commit hash (recommended):
A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:
cosign verify \
--key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \
ghcr.io/berriai/litellm:v1.88.0-dev.1Verify using the release tag (convenience):
Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:
cosign verify \
--key https://raw.githubusercontent.com/BerriAI/litellm/v1.88.0-dev.1/cosign.pub \
ghcr.io/berriai/litellm:v1.88.0-dev.1Expected output:
The following checks were performed on each of these signatures:
- The cosign claims were validated
- The signatures were verified against the specified public key
What's Changed
- fix(proxy): gate team allowed_passthrough_routes to proxy admins by @ryan-crabbe-berri in #28097
- fix(tests): stabilize image-edit VCR cassettes to stop live gpt-image-1 spend by @mateo-berri in #28110
- fix(bedrock/cohere): send embedding_types as JSON array, not string by @ishaan-berri in #28172
- fix(tests): migrate realtime + rerank tests off shut-down upstream models by @yuneng-berri in #28191
- fix(caching): replay openai/responses bridge cache hits as chat streams by @Sameerlite in #28158
- Litellm oss staging by @Sameerlite in #28161
- feat(prometheus): add user_email and user_alias to user budget metrics by @Sameerlite in #28155
- test(callbacks): harden flaky proxy callback-leak detector by @yuneng-berri in #28195
- fix(bedrock): sanitize batch metadata to prevent Pydantic ValidationError by @mateo-berri in #28202
- fix(deepseek): use native /anthropic/v1/messages endpoint and sanitize tools by @mateo-berri in #28200
- feat(ui): add Interactions API endpoint to playground with SSE streaming by @Sameerlite in #28156
- fix(proxy): decode bytes and pass-through SSE for Google-native streamGenerateContent (#27444) by @Sameerlite in #28213
- refactor(bedrock/sagemaker): switch to lazy loading for response stre… by @harish-berri in #28189
- [Refactor] UI - Spend Logs: consolidate filter state and extract components by @ryan-crabbe-berri in #25847
- fix(tests): replace shut-down gpt-4o-audio-preview with gpt-audio-1.5 by @yuneng-berri in #28281
- chore(ci): bump versions by @yuneng-berri in #28287
- feat: propagate team_id and team_alias to all child OTEL spans by @yassin-berriai in #28273
- Day 0 support : Gemini 3.5 Flash by @Sameerlite in #28268
- Gemini managed agents support by @Sameerlite in #28270
- chore(ci): promote internal staging to main by @yuneng-berri in #28292
- feat(gemini): add gemini-3.1-flash-lite model cost map by @Sameerlite in #28320
- fix(spend_counter): seed Redis counter via SET NX to prevent cross-pod double-seed by @milan-berri in #27854
- fix(proxy): normalize batch file IDs before ManagedObjectTable write by @Sameerlite in #28339
- fix(router): use forwarded model_id for native Azure container IDs by @Sameerlite in #27921
- fix(ui): restore log filter loading indicator by @ryan-crabbe-berri in #28282
- test(e2e): migrate runner to uv, add All Proxy Models key test by @ryan-crabbe-berri in #28313
- feat(ui): team passthrough routes create parity + edit load fix by @ryan-crabbe-berri in #28098
- fix(mcp): JWT on tools/list and REST tools/call server resolution by @Sameerlite in #28227
- feat(interactions): migrate to Google Interactions API steps schema (May 2026) by @Sameerlite in #28153
- test(ui-e2e): admin key creation with a specific proxy model by @ryan-crabbe-berri in #28365
- fix(vertex_ai): omit function_call id on Vertex Gemini 3.5+ tool turns by @Sameerlite in #28324
- feat(mcp): allow native MCP OAuth support for cursor by @Sameerlite in #28327
- fix(interactions): never drop streamed text deltas; always emit terminal completion by @mateo-berri in #28394
- fix(proxy): expose Prisma idle/connect timeout + extra DB URL params by @yassin-berriai in #28395
- Litellm oss staging 1 by @Sameerlite in #28337
- fix: serialize guardrail_response to JSON in OTEL traces by @yassin-berriai in #28362
- chore(ci): merge dev branch by @yuneng-berri in #28314
- test(realtime): expect session.created as xAI realtime initial event by @yuneng-berri in #28424
- feat(tests): behavior-pinning harness + Key Tier-1 matrix by @yuneng-berri in #28321
- fix(proxy): hydrate wildcard discovery credentials (#28284) - CCI Run by @yuneng-berri in #28419
- Litellm oss staging 04 21 2026 2 by @Sameerlite in #26569
- chore(ci): merge dev branch by @yuneng-berri in #28290
- fix(vertex_gemma): strip
context_managementfrom request body by @mateo-berri in #28438 - fix(logging): recalculate cost after router retry failures by @milan-berri in #28476
- fix(otel): emit guardrail span on violation, surface status + categories by @yassin-berriai in #28364
- test(proxy): behavior-pinning matrix for team management endpoints by @yuneng-berri in #28441
- test(vertex_ai): tolerate transient 500 in google maps grounding test by @yuneng-berri in #28503
- fix(docker): restore npm to non_root builder image by @yuneng-berri in #28519
- chore(ci): bump deps by @yuneng-berri in #28524
- build(deps-dev): bump black to 26.3.1 and apply formatting by @yuneng-berri in #28525
- chore(deps): bump deps by @yuneng-berri in #28528
- test(e2e): forward LITELLM_LICENSE to UI e2e proxy by @ryan-crabbe-berri in #28398
- Add granian as a ASGI compliant web server. Provider better throughput stability, by @harish-berri in #26027
- Fix conflicts and UI by @Sameerlite in #28477
- Add error_description and hint for oauth flows by @Sameerlite in #28471
- feat(mcp): Add tool call and tool list support via UI for Oauth mcps by @Sameerlite in #28454
- feat(proxy): persist allowlisted OIDC claims in CLI SSO poll by @Sameerlite in #28463
- fix(responses): use OpenAI SSEDecoder for Responses API streaming by @Sameerlite in #28566
- Litellm oss staging 2 by @Sameerlite in #28582
- [internal copy of #28269] Codex cli jwt team alias by @mateo-berri in #28621
- fix(check_licenses): read PEP 639 license-expression metadata by @yuneng-berri in #28529
- test(proxy): behavior-pinning matrix for tier-2/3 key + team management endpoints by @yuneng-berri in #28620
- chore(test): remove dead old Playwright e2e suite by @ryan-crabbe-berri in #28632
- fix(sagemaker): send native Cohere embed payload to Cohere SageMaker endpoints by @milan-berri in #28613
- style: apply black formatting to fix lint CI (LIT-3274) (#28639) by @krrish-berri-2 in #28641
- fix(bedrock): decouple STS region from Bedrock aws_region_name by @milan-berri in #28245
- test(streaming): tolerate Vertex 429 wrapped in MidStreamFallbackError by @yuneng-berri in #28669
- feat(guardrails): add Microsoft Purview DLP guardrail by @Sameerlite in #24966
- fix(mcp): forward upstream initialize instructions on cold gateway init by @milan-berri in #28231
- chore(ci): promote internal staging to main by @yuneng-berri in #28680
- CI: copy of #25177 (OCI GenAI: embeddings, streaming/reasoning fixes, model catalog) by @mateo-berri in #28223
- Encrypt callback_vars in key/team metadata in DB by @Michael-RZ-Berri in #27141
- perf: reduce per-request and per-chunk overhead across Anthropic streaming hot paths by @yassin-berriai in #28289
- feat(azure): add Speech STT config support by @ishaan-berri in #27482
- test(proxy): phase-4 payload behavior pinning for tier-2/3 key + team management endpoints by @yuneng-berri in #28681
- feat(prometheus): emit per-token-type detail metrics (LIT-3220) (#28372) by @ishaan-berri in #28378
- fix(otel): stamp http.response.status_code on all error responses by @ryan-crabbe-berri in #28405
- chore(ui): build ui by @yuneng-berri in #28707
- fix(helm): drop main- prefix from default image tag by @yuneng-berri in #28710
- test(model_prices): allow audio_transcription_config in schema by @yuneng-berri in #28708
- chore(ci): promote internal staging to main by @yuneng-berri in #28709
- fix(team): refresh team cache on team_model_add/delete (LIT-3244) by @yuneng-berri in #28683
- fix(ui/add-model): stop vertex_ai-anthropic_models from leaking into Anthropic dropdown by @ryan-crabbe-berri in #28723
- Fix spend logs v2 route permissions by @ryan-crabbe-berri in #28705
- fix(proxy): Bedrock Knowledge Base pass-through: preserve SigV4 headers and signed request body by @milan-berri in #27526
- chore(tests): migrate Bedrock CI to AWS account 941277531214 by @mateo-berri in #28728
- fix(otel): export SERVER span on management-endpoint success without http_request by @yassin-berriai in #28794
- chore(ci): merge dev branch by @yuneng-berri in #28801
- chore(ci): merge dev branch by @yuneng-berri in #28657
- fix(ui): show 2-decimal precision for max_budget on key overview by @ryan-crabbe-berri in #28809
- feat(proxy): allow
llm_api_routesvirtual keys to list MCP servers by @ryan-crabbe-berri in #28442 - chore(ci): merge dev branch by @yuneng-berri in #28807
- fix(team): keep team_alias cache in sync on _cache_team_object writes by @yuneng-berri in #28737
- chore(ci): merge dev branch by @yuneng-berri in #28822
- ci: daily oss-agent-shin canonical branch by @ishaan-berri in #28829
- test(proxy): add harness for proxy_server.py behavior-pinning by @yuneng-berri in #28827
- feat(openai): apply regional-processing cost uplift for EU/US data residency by @mateo-berri in #28626
- chore(admin-ui): regenerate static export with trailingSlash: true by @mateo-berri in #28112
- fix(azure): preserve AD token refresh in v1 OpenAI client path by @mateo-berri in #28627
- fix(ui): route API Reference back to query-param page by @ryan-crabbe-berri in #28726
- fix(model-edit): allow clearing custom pricing on wildcard models by @ryan-crabbe-berri in #28719
- fix(tests/vcr): make Redis cassette cache replay deterministically (zero VCR misses on consecutive runs) by @mateo-berri in #28826
- fix(proxy): strip LiteLLM policy tracking from OpenAI batch metadata by @shivamrawat1 in #28425
- Litellm OpenAI double prefix bug by @shivamrawat1 in #28661
- Litellm oss staging 250526 by @Sameerlite in #28770
- fix(bedrock): align toolUse/toolSpec names and allow hyphens by @Sameerlite in #28874
- fix(realtime): send TEXT frames and valid guardrail session.update by @Sameerlite in #28848
- fix(mcp): extend key access-group union to MCP servers by @ryan-crabbe-berri in #28890
- fix(galileo): support hosted v2 spans API and string output extraction by @Sameerlite in #28771
- fix(proxy): exclude proxy_server_request from its own body snapshot by @michelligabriele in #28618
- [Feat] Add tool calling support for gemini and vertex ai live api by @Sameerlite in #26590
- refactor(ui): remove dead App Router scaffolding in (dashboard)/* by @ryan-crabbe-berri in #28891
- fix(docker): use system Node in componentized builders + retry apk add by @yassin-berriai in #28888
- docs(agents): require consent before writing new third-party names by @yuneng-berri in #28908
- refactor(ui): extract auth state into AuthContext by @ryan-crabbe-berri in #28910
- fix(mcp): resolve team.access_group_ids → MCP servers by @ryan-crabbe-berri in #28997
- test(ui): e2e cover team model edit + admin identity in navbar by @ryan-crabbe-berri in #28652
- test(e2e): cover add-fallback flow in Router Settings by @ryan-crabbe-berri in #29069
- test(e2e): cover Team-BYOK add-model flow as proxy admin by @ryan-crabbe-berri in #29068
- fix(containers): record ownership for service-account keys + fix Prisma Json serialization by @Sameerlite in #28990
- test(e2e): cover add-MCP-server flow via discovery → custom form by @ryan-crabbe-berri in #29070
- test(e2e): cover AI Hub make-public flow and public model_hub_table by @ryan-crabbe-berri in #29071
- [internal copy of #28877] feat: add support for claude code goal mode for bedrock opus output config by @mateo-berri in #28898
- feat(guardrails): wire apply_guardrail into proxy logging callbacks by @Sameerlite in #28970
- chore(ci): merge dev brach by @yuneng-berri in #29192
- perf(streaming): cut per-chunk overhead ~30% on Anthropic + Bedrock hot path by @yassin-berriai in #28720
- fix(proxy): enforce tag budgets for key-level tags by @Sameerlite in #29108
- fix(vertex-ai): use DB credentials in video handlers + implement Veo video edit by @Sameerlite in #29098
- fix(datadog): drain cost-management queue + opt-in FinOps tag allowlist by @michelligabriele in #28487
- feat(helm): split per-component ServiceAccounts for gateway, backend, and UI by @yassin-berriai in #28712
- chore(ci): bump deps (#29208) by @yuneng-berri in #29226
- fix(tests/vcr): mint Google OAuth tokens live to prevent stale-token replay by @yuneng-berri in #29229
- chore(cookbook): bump Go directive to 1.26.3 in gollem example by @yuneng-berri in #29234
- chore(ci): bump version by @yuneng-berri in #29242
- feat(anthropic): add Claude Opus 4.8 and prune reasoning-effort flags by @mateo-berri in #29238
- chore(ci): promote internal staging to main by @yuneng-berri in #29243
Full Changelog: v1.86.0...v1.88.0-dev.1