v1.91.0-dev.2
📦 litellmView on GitHub →
✨ 12 features🐛 22 fixes🔧 13 symbols
Summary
This release introduces significant infrastructure improvements, including a new Rust router/AI-Gateway, enhanced Docker image security via cosign verification, and numerous fixes across MCP, Anthropic, and Vertex integrations. Key features include Rust OCR support and new model pricing.
Migration Steps
- Users running Docker images should verify signatures using the pinned commit hash or release tag as detailed in the release notes.
- If using MCP with X-Forwarded-For access control, review the new loud warning if XFF is present but use_x_forwarded_for is off.
- Users relying on specific Anthropic parameters should note that unsupported speed params are now dropped.
✨ New Features
- Introduced minimal Rust router and axum ai-gateway calling router.realtime.
- Added Dockerfile and render blueprint for Rust AI-Gateway.
- Added POST /v1/callbacks/logs endpoint to replay logging payloads through callbacks.
- Made Rust OCR async-first.
- Packaged Rust OCR bridge in LiteLLM wheel.
- Added Rust OCR providers.
- Added pricing for gemini-3-pro-image and gemini-3.1-flash-image GA models.
- Added openai/gpt-image-2 image model.
- Added support for Mistral OCR 4 (mistral-ocr-4-0).
- Stored litellm_call_id on spend logs for DB-to-trace correlation.
- Added thin Rust OCR Python bridge.
- Added opt-in least-privilege default for team key MCP access.
🐛 Bug Fixes
- Fixed Bedrock Mantle to honor api_base for VPC endpoint routing.
- Bumped wolfi-base digest to patch openssl CVE-2026-34182 in Docker images.
- Resolved config-defined servers in per-user credential and env-var endpoints for MCP.
- Dropped unsupported speed param with drop_params for Anthropic.
- Expanded all-proxy-models sentinel in direct access lookup for proxy.
- Sanitized tool_use ids on native /v1/messages path for Anthropic.
- Persisted budget window deletion on virtual keys in UI.
- Streamed OpenAI->Vertex batch JSONL uploads for vertex/files.
- Allowed proxy admins to assign MCP servers to teamless keys.
- Stopped double-decrypting email/slack alerting env vars in get_config for proxy.
- Corrected misleading no-trusted-proxy warning for XFF access control in MCP.
- Warned loudly when X-Forwarded-For is present but use_x_forwarded_for is off in MCP.
- Resolved toolset tools by the server's known prefix in MCP.
- Challenged delegate-auth OAuth servers with upstream resource_metadata in MCP.
- Pointed OSS contributor workflows to litellm_oss_staging in CI.
- Implemented word-sliced cache replay for stream=true cache hits.
- Fixed hashable scope for _emit_once when guardrail_mode is list in OTEL.
- Applied Redis namespace to all key operations in cache.
- Clarified further that customer names shouldn't be made public.
- Redacted api key from key/info client error messages in proxy/client.
- Retargeted mistral-medium-latest to Medium 3.5 and added date-pinned aliases in cost-map.
- Preserved Gemini Embedding 2 usageMetadata for cost tracking in Vertex.