Change8

v1.81.16.custm-auth.dev

📦 litellmView on GitHub →
17 features🐛 23 fixes🔧 23 symbols

Summary

This release focuses heavily on security fixes, performance optimizations across various components, and significant feature additions to the proxy and UI, particularly around tool policies, agent key assignment, and real-time guardrails. Critical security vulnerabilities were also addressed.

Migration Steps

  1. If using custom code guardrails, be aware of fixes addressing Unauthenticated RCE and Sandbox Escape.
  2. If using Lakera, note the fix for PII masking in the v2 post-call hook.

✨ New Features

  • Added support for limiting concurrent health checks via the `health_check_concurrency` parameter in the proxy.
  • Introduced an opt-in stream label (`litellm_proxy_total_requests_metric`) for Prometheus metrics.
  • Added support for OpenAI codex 5.3 day 0.
  • Implemented tool policies in the proxy, including auto-discovery of tools and policy enforcement guardrails.
  • Added UI feature to allow using AI to understand Usage patterns.
  • Enabled assignment of virtual keys to agents.
  • Added support for forwarding provider authentication headers.
  • Added new code execution dataset.
  • Added support for Lakera v2 post-call hook and fixed PII masking.
  • Added claims agent guardrails (5 categories + policy template).
  • Added support for new Azure OpenAI Models 2026-02-25.
  • Added guardrails support for the /v1/realtime WebSocket endpoint.
  • Added the `block_code_execution` guardrail to prevent agents from executing code.
  • Added Vertex AI Gemini Live support via the unified /realtime endpoint.
  • Added `end_session_after_n_fails` and Endpoint Settings wizard step for realtime guardrails.
  • Added logging, spend tracking support, and Tool Tracing for the Realtime API.
  • Added UI banner warning for detailed debug mode.

🐛 Bug Fixes

  • Fixed passing of the timeout parameter to the Bedrock rerank HTTP client.
  • Restricted Edit Settings in UI Virtual Keys to key owners.
  • Emitted `x-litellm-overhead-duration-ms` header for streaming requests in the router.
  • Fixed dead code cleanup in the MCP server error handler.
  • Added cache invalidation for `_cached_get_model_group_info`.
  • Added `prompt_cache_key` and `prompt_cache_retention` support for OpenAI.
  • Fixed UI to show real tool names in logs for Anthropic-format tools.
  • Fixed a typo (removed extra comma).
  • Updated status enum values to match Google Interactions OpenAPI spec in tests.
  • Enriched Failure Spend Logs With Key/Team Metadata.
  • Prevented Presidio crash on non-JSON responses in guardrails.
  • Fixed Unauthenticated RCE and Sandbox Escape in Custom Code Guardrail.
  • Fixed TypeError: 'NoneType' object is not a mapping when handling None responses.
  • Fixed test connect failing for Bedrock batches mode.
  • Fixed UI issue: removed duplicate antd import in ToolPolicies.
  • Fixed healthcheck model_id issue.
  • Fixed UI issue: made auth value optional for create flow in MCP Servers.
  • Fixed PII masking in Lakera v2 post-call hook.
  • Fixed CICD pipeline issues.
  • Fixed proxy to honor `MAX_STRING_LENGTH_PROMPT_IN_DB` from config environment variables.
  • Improved auth exception logging levels and added structured context in the proxy.
  • Fixed guardrails with pre_call/post_call mode to work on realtime WebSocket.
  • Fixed UI Build issues.

Affected Symbols

bedrock rerank http clientModelResponse.__init__is_model_o_series_modelMCP server error handler_safe_get_request_headers_cached_get_model_group_infoAnthropic-format toolsGoogle Interactions OpenAPI specpresidioCustom Code GuardrailOpenAIbedrock batches modeantdgemini trace idLakera v2 post-call hookclaims agent guardrailsAzure OpenAI Models 2026-02-25/v1/realtime WebSocket endpointblock_code_execution guardrailVertex AI Gemini Liverealtime guardrailsMAX_STRING_LENGTH_PROMPT_IN_DBauth exception logging