github HKUDS/DeepTutor v1.3.10
DeepTutor-v1.3.10
on GitHub

4 hours ago

DeepTutor v1.3.10 Release Notes

Release Date: 2026.05.10

v1.3.10 is a focused reliability release for the issues reported after v1.3.9.
It restores smoother remote Docker access, makes self-signed LLM endpoints work
consistently across SDK-backed providers, protects code snippets from citation
rewrites, and splits Matrix E2EE into an explicit opt-in dependency.

Highlights

Remote Docker and CORS Recovery

  • Remote single-user Docker works out of the box again - when
    AUTH_ENABLED=false, DeepTutor now accepts browser origins over HTTP/HTTPS so
    LAN or remote-server frontends no longer hit the v1.3.8/v1.3.9 CORS
    regression reported in #463.
  • Authenticated deployments stay explicit - when AUTH_ENABLED=true, CORS
    still requires a concrete allowlist through CORS_ORIGIN or CORS_ORIGINS,
    preserving the credentialed-auth safety boundary.
  • Multiple deployment origins are supported - CORS_ORIGINS accepts comma
    or newline separated values, and both Docker Compose files pass the setting
    through to the backend container.
  • Settings no longer drop network flags - CORS_ORIGIN, CORS_ORIGINS, and
    DISABLE_SSL_VERIFY are part of the canonical .env write order.

Provider TLS and Rendering Fixes

  • DISABLE_SSL_VERIFY now reaches OpenAI SDK paths - OpenAI-compatible,
    Azure OpenAI, executor, TutorBot, and legacy embedding SDK clients all receive
    a shared httpx.AsyncClient(verify=False) when the flag is enabled, fixing
    self-signed HTTPS LLM endpoints reported in #464.
  • Production still blocks unsafe TLS bypasses - ENVIRONMENT=prod or
    ENVIRONMENT=production rejects DISABLE_SSL_VERIFY, with a single warning
    logged in non-production use.
  • Code blocks keep array indexes intact - Markdown citation linkification now
    masks fenced and inline code before rewriting references, so values[0] stays
    code instead of becoming a #references citation link (#468).

Matrix Install Compatibility

  • Matrix no longer installs E2EE by default - the standard matrix extra and
    requirements/matrix.txt now use plain matrix-nio, avoiding the
    python-olm / libolm build failures seen on macOS Python 3.14 and Apple
    Clang 21 (#462).
  • Encrypted rooms are an explicit add-on - install deeptutor[matrix-e2e]
    or requirements/matrix-e2e.txt when E2EE support is needed and libolm is
    available.
  • Runtime failures are clearer - Matrix defaults to non-E2EE mode, and
    enabling E2EE without crypto dependencies now raises an actionable install
    message instead of failing at import time.

Multi-User Runtime Compatibility

  • Default workspace paths stay stable outside user scope - when no current
    multi-user context is active, path resolution falls back to the default data
    workspace rather than forcing an admin scope.
  • Legacy test and monkeypatch hooks remain available - session and settings
    routers keep compatibility shims used by tests and older integrations.
  • Local agent artifacts are ignored - .claude/ is now excluded from Git so
    local worktrees and agent metadata do not accidentally enter releases.

Tests

  • Added CORS setting tests for unauthenticated remote origins and authenticated
    explicit allowlists.
  • Added shared OpenAI SDK HTTP-client tests across provider-core, Azure,
    executors, TutorBot, and embedding adapters.
  • Added Markdown display tests for prose citations, fenced code, inline code,
    and explicit backticked citations.
  • Added Matrix dependency split tests to keep default installs free of
    matrix-nio[e2e].
  • Re-ran targeted Python tests, web node tests, Ruff checks, and diff whitespace
    validation for the release patch.

Upgrade Notes

  • If you run remote Docker with AUTH_ENABLED=false, no extra CORS setting is
    required for normal HTTP/HTTPS browser origins.
  • If you run a shared or authenticated deployment with AUTH_ENABLED=true, set
    CORS_ORIGIN or CORS_ORIGINS to the exact frontend origin(s), for example
    https://learn.example.com.
  • Use DISABLE_SSL_VERIFY=true only for local, self-signed, or air-gapped test
    LLM endpoints. It remains blocked in ENVIRONMENT=prod and
    ENVIRONMENT=production.
  • Matrix installs are now non-E2EE by default. For encrypted Matrix rooms,
    install .[matrix-e2e] or requirements/matrix-e2e.txt, ensure libolm is
    present, and set e2ee_enabled=true in the Matrix channel config.
  • If you previously installed .[matrix] only to get non-encrypted Matrix
    messaging, reinstalling after this release should no longer require native
    libolm build tooling.

Full Changelog: v1.3.9...v1.3.10

Check out latest releases or
releases around HKUDS/DeepTutor v1.3.10

Don't miss a new DeepTutor release

NewReleases is sending notifications on new releases.

Get notifications