v1.88.3
📦 litellmView on GitHub →
✨ 1 features
Summary
This release introduces cryptographic signing for all LiteLLM Docker images using cosign to enhance supply chain security. Users are encouraged to verify image signatures upon pulling.
Migration Steps
- Users can verify Docker image signatures using the provided cosign commands, either pinning the key to commit hash 0112e53046018d726492c814b3644b7d376029d0 or using the release tag.
- To verify using the pinned commit hash, run: cosign verify --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub ghcr.io/berriai/litellm:v1.88.3
✨ New Features
- LiteLLM Docker images are now signed with cosign, allowing users to verify image integrity using either a pinned commit hash or the release tag.