Change8

v1.85.4

📦 litellmView on GitHub →
1 features

Summary

This release introduces cryptographic signing for all LiteLLM Docker images using cosign to enhance supply chain security. It primarily backports several staged fixes into the stable 1.85.x branch.

Migration Steps

  1. Users wishing to verify Docker image signatures should use the provided `cosign verify` commands, either using the pinned commit hash (recommended) or the release tag.
  2. To verify using the pinned commit hash, use the key located at: `https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub` against the image `ghcr.io/berriai/litellm:v1.85.4`.

✨ New Features

  • LiteLLM Docker images are now signed with cosign, allowing users to verify image integrity using either a pinned commit hash or the release tag.