Verify Docker Image Signature
All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.
Verify using the pinned commit hash (recommended):
A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:
cosign verify \
--key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \
ghcr.io/berriai/litellm:v1.92.0-dev.2Verify using the release tag (convenience):
Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:
cosign verify \
--key https://raw.githubusercontent.com/BerriAI/litellm/v1.92.0-dev.2/cosign.pub \
ghcr.io/berriai/litellm:v1.92.0-dev.2Expected output:
The following checks were performed on each of these signatures:
- The cosign claims were validated
- The signatures were verified against the specified public key
What's Changed
- ci(codspeed): pin benchmark runner to ubuntu-24.04 by @yuneng-berri in #31746
- test(pass-through): de-flake vertex spend-log test by routing through the proxy by @mateo-berri in #31689
- fix(proxy): extend banned-params + admin-clear lists (VERIA-493) by @yucheng-berri in #31742
- fix(ui): fix Router Settings Loadbalancing tab save (LIT-4057) by @ryan-crabbe-berri in #31735
- fix(ui): rotate model credentials in a dedicated modal so a normal save can't overwrite secrets by @ryan-crabbe-berri in #28089
- feat(proxy): audit default user settings updates by @yucheng-berri in #31753
- fix(websearch): websearch_interception agentic loop fixes for chat completions and anthropic messages by @krrish-berri-2 in #31669
- feat(sandbox): reuse e2b container across requests when metadata.session_id is set by @krrish-berri-2 in #31688
- feat(proxy): support object_permission in default_key_generate_params by @krrish-berri-2 in #31776
- feat(guardrails/headroom): add CCR (compress-cache-retrieve) via agentic loop by @krrish-berri-2 in #31681
- feat: add cache control injection support for v1/messages endpoint by @devin-ai-integration[bot] in #31778
- feat(proxy): audit remaining system-wide settings updates by @yucheng-berri in #31754
- fix(prometheus): expose project_alias in custom metadata labels (LIT-3741) by @devin-ai-integration[bot] in #31784
- feat(mcp): add mcp_tool_search virtual tools for large tool catalogs by @krrish-berri-2 in #31777
- fix(proxy): hydrate MCP server registry from DB on startup when store_model_in_db is false by @tin-berri in #31775
- refactor(lint): collapse type/lint budgets to a single per-rule limit by @mateo-berri in #31883
- feat(ui): disclaim that the Update API Key modal only rotates api_key by @ryan-crabbe-berri in #31805
- revert: "chore: remove _experimental/out" (#31546) by @yuneng-berri in #31904
- fix(scripts): resolve worktree root before relative_to in type_check_gate by @yuneng-berri in #31906
- feat(bedrock_mantle): add xai.grok-4.3 to model cost map for SigV4 auth by @devin-ai-integration[bot] in #31916
- chore: make CLAUDE.md rules more concise by @mateo-berri in #31892
- fix(proxy): authorize /health/test_connection against loaded deployment's team_id (VERIA-441) by @yucheng-berri in #31767
- fix(proxy): admin-gate
permissionson /key/update and /key/regenerate (LIT-4092) by @yucheng-berri in #31810 - feat(github_copilot): route /v1/messages to Copilot native Anthropic endpoint by @mateo-berri in #31802
- feat(gdc): implement Google Distributed Cloud (GDC) Gemini provider by @mateo-berri in #31895
- fix(model_prices): apply claude-sonnet-5 introductory pricing through 2026-08-31 by @mateo-berri in #31917
- fix(proxy): tighten role gating on /get/config/callbacks response by @yucheng-berri in #31745
- chore(lint): remove dead E501 config, fix stale blame-ignore SHAs, note 120 line width by @mateo-berri in #31927
- fix(bedrock/converse): drop toolSpec.strict for Opus 4.7/4.8 (#31582) by @mateo-berri in #31923
- fix(bedrock): trigger Nova Sonic generation on response.create so realtime sessions stop hanging by @mateo-berri in #31924
- chore(ui): remove unused dep, delete dead file, and unblock knip by @ryan-crabbe-berri in #31933
- refactor(ui): colocate users page into route-level _components by @ryan-crabbe-berri in #31897
- test(bedrock): switch image gen live test off EOL Titan to Nova Canvas by @devin-ai-integration[bot] in #31937
- feat(vertex_ai): pass full imageConfig dict for Gemini image generation by @Sameerlite in #31811
- fix(bedrock): drop strict/additionalProperties from toolSpec for Claude Sonnet 4 by @Sameerlite in #31943
- feat(prometheus): expose MCP tool metadata in Prometheus metrics by @devin-ai-integration[bot] in #31899
- fix(mcp): byom visibility, preview UX, and admin settings gating by @Sameerlite in #31809
- test(e2e): add live batches suite across providers and routing scenarios by @Sameerlite in #30958
- fix(logging): resolve model_map_value for proxy custom pricing by @Sameerlite in #31940
- fix(mcp): roll up MCP tool spend to user counters and usage UI by @Sameerlite in #31576
- feat(proxy): track cost for unmanaged Vertex AI batch jobs by @Sameerlite in #31442
- fix(mcp): tighten role-based visibility on /v1/mcp/server/submissions by @yucheng-berri in #31932
- fix(mcp): gate OAuth authorize/token/register/discovery on auth_type=oauth2 by @tin-berri in #31736
- refactor(ui): drive cache settings form from a typed frontend schema by @yuneng-berri in #31939
- fix: merge metadata.tags into litellm_metadata on /v1/responses route by @devin-ai-integration[bot] in #31793
- fix(proxy): restore admin key/team callback_vars.turn_off_message_logging override (LIT-3587) by @yucheng-berri in #31905
- feat(mcp): bound outbound tool-call concurrency per MCP server by @tin-berri in #31641
- fix(release): make Create Release reliable for stable maintenance cuts by @yuneng-berri in #31986
- feat(s3_v2): send Content-MD5 on PUT and optional server-side encryption by @devin-ai-integration[bot] in #31928
- fix(bedrock): honor ttl for tool_config cache injection points by @shivamrawat1 in #31929
- test(e2e): add vertex_ai passthrough spend-log coverage by @mubashir1osmani in #31781
- fix(mcp): surface tools/list auth failures as a 401 challenge on single-server routes by @tin-berri in #31921
- feat(tencent): add Tencent TokenHub as a provider by @mateo-berri in #31903
- fix(bedrock): map guardrailConfig to InvokeModel guardrail headers by @mateo-berri in #31985
- feat(ui): shadcn migration foundation: Tailwind v4, shadcn init, antd cascade fix by @ryan-crabbe-berri in #31995
- chore(e2e): untrack gateway config and document e2e test location by @mubashir1osmani in #31914
- perf(lint): skip and cache base gate passes, parallelize make lint, skip redundant prisma generate by @mateo-berri in #32000
- fix(ui): include cache token columns in usage export by @mateo-berri in #32015
- fix(a2a): record agent cost_per_query and input tokens on native send path by @michelligabriele in #31979
- feat: litellm oss staging by @Sameerlite in #31935
- fix(a2a): populate response usage in a2a chat transformation by @michelligabriele in #31980
- fix(auth): deny model access for teamless keys with all-team-models by @devin-ai-integration[bot] in #32022
- fix(proxy): admin-gate
permissionson /user/new and /user/update (LIT-4138) by @yucheng-berri in #31998 - fix(proxy): admin-gate
allowed_routespresence on /key/update and /key/regenerate (LIT-4139) by @yucheng-berri in #31987 - fix(proxy): admin-gate
permissionson _process_single_key_update (LIT-4137) by @yucheng-berri in #32002 - fix(azure_ai): preserve content, tables, and keyValuePairs in doc-intelligence /v1/ocr by @mateo-berri in #32018
- bump: litellm-proxy-extras 0.4.75, litellm-enterprise 0.1.46 by @yuneng-berri in #32029
- feat(tinyfish): make search provider permissive, attribute errors by @tin-berri in #31997
- feat(ui): add token endpoint auth method selector to MCP OAuth forms by @tin-berri in #31739
- fix(mcp): persist DCR client_id so interactive OAuth token refresh works by @tin-berri in #31912
- fix(azure_sentinel): resolve audit stream from AZURE_SENTINEL_AUDIT_STREAM_NAME by @yucheng-berri in #32010
- fix(mcp): persist DCR client_id from on-create MCP OAuth Authorize & Fetch by @tin-berri in #31920
- fix(e2e): define SpendTagsResponse/TagSpend so spend suite collects by @mubashir1osmani in #32069
- feat(proxy): add key-level budget_fallbacks to reroute requests when a per-model budget is exceeded by @krrish-berri-2 in #31783
- feat(ui): re-add chat UI, allow simple UI for MCP OBO auth by @krrish-berri-2 in #31893
- chore(ci): promote internal staging to main by @yuneng-berri in #32027
New Contributors
- @devin-ai-integration[bot] made their first contribution in #31778
Full Changelog: v1.92.0-dev.1...v1.92.0-dev.2