Change8

v1.84.5

📦 litellmView on GitHub →
1 features

Summary

This release introduces cryptographic signing for all LiteLLM Docker images using cosign to enhance supply chain security. It backports several staged fixes into the stable branch.

Migration Steps

  1. To verify Docker image signatures using the recommended method, use the following command, replacing the commit hash if necessary: cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \ ghcr.io/berriai/litellm:v1.84.5
  2. Alternatively, for convenience, verify using the release tag: cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/v1.84.5/cosign.pub \ ghcr.io/berriai/litellm:v1.84.5

✨ New Features

  • LiteLLM Docker images are now signed with cosign, allowing users to verify image integrity using either a pinned commit hash or the release tag.