Change8

1.81.16-nightly

📦 litellmView on GitHub →
17 features🐛 16 fixes🔧 17 symbols

Summary

This release focuses heavily on security fixes, performance optimizations across various components, and significant feature additions to the proxy, guardrails, and UI, including support for new models and enhanced logging/tracing.

Migration Steps

  1. If using custom code guardrails, be aware of fixes addressing Unauthenticated RCE and Sandbox Escape.
  2. If using Lakera v2, note that PII masking has been fixed in the post-call hook.

✨ New Features

  • Added support for limiting concurrent health checks via the `health_check_concurrency` parameter in the proxy.
  • Introduced an opt-in stream label (`litellm_proxy_total_requests_metric`) for Prometheus metrics.
  • Added support for OpenAI codex 5.3 day 0.
  • Implemented tool policies in the proxy, including auto-discovery of tools and policy enforcement guardrails.
  • Added UI feature to allow using AI to understand Usage patterns.
  • Introduced Virtual Keys management features in the UI, including adding a KeyInfoHeader component.
  • Enabled assignment of virtual keys to agents.
  • Added support for forwarding provider authentication headers.
  • Added new code execution dataset.
  • Added support for Claims Agent guardrails (5 categories + policy template).
  • Added new Azure OpenAI Models (2026-02-25).
  • Added guardrails support for the /v1/realtime WebSocket endpoint.
  • Added a new `block_code_execution` guardrail to prevent agents from executing code.
  • Enabled Vertex AI Gemini Live via the unified /realtime endpoint.
  • Added `end_session_after_n_fails` and Endpoint Settings wizard step for realtime guardrails.
  • Added UI banner warning for detailed debug mode.
  • Added Lakera v2 post-call hook and tests (fixed PII masking).

🐛 Bug Fixes

  • Fixed passing the timeout parameter to the Bedrock rerank HTTP client.
  • Restricted Edit Settings access to key owners in the UI for Virtual Keys.
  • Emitted the `x-litellm-overhead-duration-ms` header for streaming requests in the router.
  • Fixed an issue where the healthcheck model_id was incorrect.
  • Fixed UI to show real tool names in logs for Anthropic-format tools.
  • Fixed a typo (extra comma).
  • Updated status enum values to match Google Interactions OpenAPI spec in tests.
  • Enriched Failure Spend Logs with Key/Team Metadata.
  • Prevented Presidio crash on non-JSON responses in guardrails.
  • Fixed Unauthenticated RCE and Sandbox Escape in Custom Code Guardrail.
  • Fixed a TypeError: 'NoneType' object is not a mapping when handling None responses.
  • Fixed test connect failing for Bedrock batches mode.
  • Fixed UI issue: removed duplicate antd import in ToolPolicies.
  • Fixed UI issue: Made auth value optional for create flow in MCP Servers.
  • Fixed PII masking issue related to Lakera v2 post-call hook.
  • Fixed CICD pipeline issues.

Affected Symbols

bedrock rerank http clientModelResponse.__init__is_model_o_series_model_safe_get_request_headersMCP server error handler_cached_get_model_group_infoOpenAIAnthropic-format toolsGoogle Interactions OpenAPI specpresidioCustom Code Guardrailgemini trace idbedrock batches modeToolPoliciesMCP Servers/v1/realtime WebSocket endpointLakera v2