Change8

v1.90.0

📦 litellmView on GitHub →
14 features🐛 24 fixes🔧 10 symbols

Summary

This release introduces Docker image signing via cosign for enhanced security and adds support for the new Claude Fable 5 model across multiple providers. Numerous fixes and improvements were made across the UI, MCP handling, and rate limit error standardization.

Migration Steps

  1. To verify Docker images, use the provided `cosign verify` command, preferably using the pinned commit hash for the strongest verification.
  2. If using JWT authentication, note that there is now an opt-in fallback to the DB team if a JWT claim cannot be resolved.

✨ New Features

  • Docker images are now signed with cosign; verification instructions provided.
  • Forward strict and additionalProperties to Converse toolSpec for Bedrock.
  • Added budget duration to edit team member form in the UI.
  • Standardized rate limit errors to include category, rate_limit_type, model, and llm_provider fields.
  • Added models and repository layers to LiteLLM core.
  • Included internal routes in the dashboard's generated OpenAPI types.
  • Published /v2/model/info endpoint in the Swagger OpenAPI spec.
  • Added health check support for UI callback test in Galileo.
  • Added opt-in fallback to DB team on unresolved JWT claim for JWT authentication.
  • Included organization metadata in Vantage FOCUS Tags export.
  • Added MAI-Image-2.5 image generation support for Azure AI.
  • Added support for Claude Fable 5 across Anthropic, Bedrock, Vertex AI, and Azure AI.
  • Added Claude Fable 5 cost map entries (data-only hotfix for the hosted map).
  • Added admin flag to disable in-product UI nudges for everyone.

🐛 Bug Fixes

  • Mapped system-only chat request to system input item in responses-bridge.
  • Highlighted MCP cards red when the logged-in user is missing per-user environment variables.
  • Made workflow runs page fill full width in the UI.
  • Defaulted guardrails page to the Guardrails tab in the UI.
  • Kept create guardrail modal open on outside click in the UI.
  • Labeled default key type as "Full Access" on the key edit page in the UI.
  • Unified migrated-route URLs and migrated the API Reference page.
  • Allowed non-creator users to OAuth into OBO-mode MCP servers from the Tools page.
  • Allowed deleting a BYOK model after its team is deleted.
  • Prevented blocking /team/update on unchanged team budget.
  • Enabled tool calling for glm-5p1 in the Fireworks model cost map.
  • Propagated Vertex AI metadata in streaming success callbacks.
  • Showed team projects to internal users on key creation.
  • Deleted a team's BYOK models when the team is deleted.
  • Read CrowdStrike AIDR identity from both metadata bags in guardrails.
  • Mirrored upstream token lifetime instead of forcing a 1h OBO expiry for MCP.
  • Loaded MCP tool configuration tools via the OBO/passthrough-aware GET path.
  • Reserved team budget raises for proxy admins on /team/update.
  • Extended response headers hook to streaming, TTS, image gen, and pass-through.
  • Reset OAuth state on create-server modal close to prevent token leakage into the next add-server session.
  • Allowed team access-group grants in OAuth authorize/token access check.
  • Authorized batch files using upload target_model_names (LIT-3593) in the proxy.
  • Restored stored prompt_tokens on embedding cache hits instead of recomputing.
  • Self-healed startup/reload prisma reads on engine disconnect in the proxy.

Affected Symbols