Verify Docker Image Signature
All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.
Verify using the pinned commit hash (recommended):
A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:
cosign verify \
--key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \
ghcr.io/berriai/litellm:v1.94.0-dev.2Verify using the release tag (convenience):
Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:
cosign verify \
--key https://raw.githubusercontent.com/BerriAI/litellm/v1.94.0-dev.2/cosign.pub \
ghcr.io/berriai/litellm:v1.94.0-dev.2Expected output:
The following checks were performed on each of these signatures:
- The cosign claims were validated
- The signatures were verified against the specified public key
What's Changed
- fix(proxy): route master key to team-scoped models by @kunal2002 in #32926
- fix(bedrock_mantle): route xai.grok-4.3 via /openai/v1 frontier path by @marty-sullivan in #33027
- feat(guardrails): streaming text transformation in generic_guardrail_api by @yucheng-berri in #33110
- test(e2e): cover model-aware mid-conversation system handling on Bedrock Invoke /v1/messages by @mateo-berri in #32963
- test(claude_code): move the Claude Code compatibility matrix under tests/e2e by @devin-ai-integration[bot] in #32548
- chore(ci): sync litellm_internal_staging into daily OSS branch by @yuneng-berri in #33337
- feat(bedrock guardrails): add resource-less InvokeGuardrailChecks (detect-only) mode by @yucheng-berri in #33299
- Revert "chore(ci): sync litellm_internal_staging into daily OSS branch" by @yuneng-berri in #33339
- fix(websearch): intercept web search on the Responses API by @devin-ai-integration[bot] in #33129
- fix(anthropic-adapter): drop empty content_block_delta events by @mateo-berri in #33315
- fix(mcp): persist discovered OAuth endpoints and keep last known good on failed re-discovery by @tin-berri in #33286
- test(e2e): otel trace completeness on streaming chat, messages, and responses (LIT-3787) by @yucheng-berri in #33234
- feat(router): resolve auto-router routing plugins from proxy YAML config by @krrish-berri-2 in #33251
- test(e2e): failed request error span carries the full untruncated message and status (LIT-4179) by @yucheng-berri in #33304
- refactor(ui): migrate tags table onto shared DataTable by @yuneng-berri in #33314
- fix(cli): surface actionable CLI SSO errors when CLI and proxy versions skew by @ryan-crabbe-berri in #33309
- feat(bedrock_mantle): add GPT-5.6 sol/terra/luna to model cost map by @mateo-berri in #33412
- chore(codeowners): exempt generated schema.d.ts from UI ownership by @yuneng-berri in #33411
- feat(proxy): push-based OTLP billable-request metering for enterprise deployments by @yassin-berriai in #31592
- fix(mcp): cap per-user OAuth token cache TTL at the token's own lifetime by @tin-berri in #33346
- feat(ui): move Caching out of Experimental into Developer Tools by @devin-ai-integration[bot] in #33432
- chore(ci): promote internal staging to main by @yuneng-berri in #33425
- chore(ci): merge daily internal staging branch by @yuneng-berri in #33335
- feat(guardrails): add Compresr guardrail for query-aware context compression by @yucheng-berri in #33295
- fix(logging): preserve callback order in get_combined_callback_list by @devin-ai-integration[bot] in #33005
- fix(logging): redact assistant tool call arguments in spend logs by @devin-ai-integration[bot] in #33111
- fix(anthropic): honor messages request timeout by @yucheng-berri in #33418
- fix(llm_guard): apply sanitized prompt returned by moderation API to request by @devin-ai-integration[bot] in #33331
- fix(logging): stop pinning large request payloads past request end by @yassin-berriai in #33455
- feat(guardrails): forward optional metadata on POST /guardrails/apply_guardrail by @devin-ai-integration[bot] in #33067
- build: raise requires-python cap to <3.15 so Python 3.14 installs current releases by @ryan-crabbe-berri in #33438
- feat(ui): add reusable BetaBadge and use it for Projects sidebar item by @devin-ai-integration[bot] in #33449
- fix(mcp): discover missing OAuth scopes and token_url when authorization_url is set manually by @tin-berri in #33317
- feat(ui): show exact license expiration date in usage cards by @yuneng-berri in #33478
- test(claude_code): rename misleading REPO_ROOT to SUITE_ROOT in test_v0_layout by @mateo-berri in #33472
- build(deps): update ddtrace to the 4.x line by @yuneng-berri in #33484
- fix(complexity_router): return empty dict from _classifier_call_metadata when metadata is absent by @devin-ai-integration[bot] in #33452
- fix(ui/chat): resolve chat routes at render time so navigation works under server_root_path by @yuneng-berri in #33446
- fix(key management): enforce minimum custom key length and mask short keys in key_name by @yucheng-berri in #33462
- chore(ui): remove unmounted UsageIndicator and the Hide Usage Indicator flag by @yuneng-berri in #33482
- test(e2e/claude_code): add passthrough matrix row for the big-3 clouds and Anthropic API by @mateo-berri in #33473
- chore(ci): promote internal staging to main by @yuneng-berri in #33491
Full Changelog: v1.94.0-dev.1...v1.94.0-dev.2