github BerriAI/litellm v1.88.0-rc.2
on GitHub

pre-release6 hours ago

Verify Docker Image Signature

All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.

Verify using the pinned commit hash (recommended):

A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key: 

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \
  ghcr.io/berriai/litellm:v1.88.0-rc.2

Verify using the release tag (convenience):

Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules: 

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/v1.88.0-rc.2/cosign.pub \
  ghcr.io/berriai/litellm:v1.88.0-rc.2

Expected output: 

The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - The signatures were verified against the specified public key

What's Changed

  • chore(release): patch v1.88.0-rc.1 with four staged fixes by @mateo-berri in #29632
  • chore(release): patch v1.88.0-rc.1 with #29612 (session-token budget-ceiling exemption) by @mateo-berri in #29637
  • fix(key_generate): harden GHSA-q775 session-token exemption against default_key_generate_params (1.88 rc) by @mateo-berri in #29639

Full Changelog: v1.88.0-rc.1...v1.88.0-rc.2

Check out latest releases or
releases around BerriAI/litellm v1.88.0-rc.2

Don't miss a new litellm release

NewReleases is sending notifications on new releases.

Get notifications