Change8

v1.85.0

📦 litellmView on GitHub →
5 features🐛 32 fixes🔧 10 symbols

Summary

This release focuses heavily on security hardening, including fixing multiple SSRF vulnerabilities and tightening access controls across various components. New features include support for the Z.AI GLM-5 model and enhancements to Gemini multimodal embeddings.

Migration Steps

  1. If you rely on the signing key for Docker image verification, use the pinned commit hash method with key from commit `0112e53` for strongest verification.

✨ New Features

  • Added support for Z.AI GLM-5 model on Bedrock.
  • Enabled support for combined multimodal embeddings via nested input for Gemini.
  • Added support for passing `parallel_tool_calls` to supported parameters for XAI.
  • Implemented Model Garden OpenAPI support for publisher model IDs in Vertex AI.
  • Set default OpenAI-path `encoding_format` to float for embeddings.

🐛 Bug Fixes

  • Stripped 'openrouter/' prefix from model names.
  • Gemini now returns separate embeddings for multimodal inputs.
  • Removed duplicate definition of `MAX_SIZE_PER_ITEM_IN_MEMORY_CACHE_IN_KB`.
  • Added missing 'zai' (Z.AI / Zhipu AI) provider to Add-Model dropdown in UI.
  • Set `verbose_logger` level when `LITELLM_LOG=INFO` in proxy.
  • The `_set_usage_outputs` method now handles raw OpenAI Pydantic CompletionUsage for Arize.
  • Passed `output_config` through to backends that accept it for adapters and Vertex AI.
  • Fixed managed file `model_mappings` when router resolves a single deployment dict (batch models with id == model_name).
  • Proxy now routes Azure container file requests by decoded deployment.
  • Optimized LiteLLM token verification query.
  • Preserved OAuth2 M2M auth for tools routes in MCP.
  • Fixed /metrics hang when `require_auth_for_metrics_endpoint` is true and authentication succeeds.
  • Fixed project dropdown being empty for internal_user (3 bugs).
  • Blocked path traversal SSRF in BitBucket, Arize Phoenix, and AssemblyAI clients.
  • Scoped /health response to caller's models and tidied display fields.
  • Added Your Usage view for admin users on the usage page in UI.
  • Scoped CLI stored token to `base_url` to prevent cross-domain credential leakage.
  • Trigger fallbacks on mid-stream `httpx.TimeoutException`.
  • Implemented targeted per-section writes and dropped `store_model_in_db` gate for /config/update.
  • Closed two unaddressed SSRF cases.
  • Tightened tool permission checks for guardrails.
  • Aligned resource model auth checks in proxy.
  • Returned 503 status when targeted model is unhealthy or DB is disconnected from /health endpoint.
  • Fixed misplaced import in Lazy OpenAPI Snapshot Test.
  • Tightened managed store access for vector stores.
  • Ensured post call guardrail is called only once.
  • Tightened budget spend admission in proxy.
  • Aligned Bedrock count-tokens endpoint assertions with URL-encoded model ID.
  • Fixed post-call guardrail firing more than once.
  • Omitted `system_instruction`/`tools`/`toolConfig` when `cachedContent` is set for Vertex AI.
  • Skipped Personal Budget Hook When Reservation Covers Counter in Proxy.
  • Removed insecure `?token=` usage in UI.

Affected Symbols

__set_usage_outputs/health/metrics/config/updateBitBucket clientArize Phoenix clientAssemblyAI clientBedrock count-tokens endpointVertex AI backendOpenAI path embedding configuration