Change8

v1.88.3

📦 litellmView on GitHub →
1 features

Summary

This release introduces cryptographic signing for all LiteLLM Docker images using cosign to enhance supply chain security. Users are encouraged to verify image signatures upon pulling.

Migration Steps

  1. Users can verify Docker image signatures using the provided cosign commands, either pinning the key to commit hash 0112e53046018d726492c814b3644b7d376029d0 or using the release tag.
  2. To verify using the pinned commit hash, run: cosign verify --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub ghcr.io/berriai/litellm:v1.88.3

✨ New Features

  • LiteLLM Docker images are now signed with cosign, allowing users to verify image integrity using either a pinned commit hash or the release tag.