Change8

v1.91.0-dev.2

📦 litellmView on GitHub →
12 features🐛 22 fixes🔧 13 symbols

Summary

This release introduces significant infrastructure improvements, including a new Rust router/AI-Gateway, enhanced Docker image security via cosign verification, and numerous fixes across MCP, Anthropic, and Vertex integrations. Key features include Rust OCR support and new model pricing.

Migration Steps

  1. Users running Docker images should verify signatures using the pinned commit hash or release tag as detailed in the release notes.
  2. If using MCP with X-Forwarded-For access control, review the new loud warning if XFF is present but use_x_forwarded_for is off.
  3. Users relying on specific Anthropic parameters should note that unsupported speed params are now dropped.

✨ New Features

  • Introduced minimal Rust router and axum ai-gateway calling router.realtime.
  • Added Dockerfile and render blueprint for Rust AI-Gateway.
  • Added POST /v1/callbacks/logs endpoint to replay logging payloads through callbacks.
  • Made Rust OCR async-first.
  • Packaged Rust OCR bridge in LiteLLM wheel.
  • Added Rust OCR providers.
  • Added pricing for gemini-3-pro-image and gemini-3.1-flash-image GA models.
  • Added openai/gpt-image-2 image model.
  • Added support for Mistral OCR 4 (mistral-ocr-4-0).
  • Stored litellm_call_id on spend logs for DB-to-trace correlation.
  • Added thin Rust OCR Python bridge.
  • Added opt-in least-privilege default for team key MCP access.

🐛 Bug Fixes

  • Fixed Bedrock Mantle to honor api_base for VPC endpoint routing.
  • Bumped wolfi-base digest to patch openssl CVE-2026-34182 in Docker images.
  • Resolved config-defined servers in per-user credential and env-var endpoints for MCP.
  • Dropped unsupported speed param with drop_params for Anthropic.
  • Expanded all-proxy-models sentinel in direct access lookup for proxy.
  • Sanitized tool_use ids on native /v1/messages path for Anthropic.
  • Persisted budget window deletion on virtual keys in UI.
  • Streamed OpenAI->Vertex batch JSONL uploads for vertex/files.
  • Allowed proxy admins to assign MCP servers to teamless keys.
  • Stopped double-decrypting email/slack alerting env vars in get_config for proxy.
  • Corrected misleading no-trusted-proxy warning for XFF access control in MCP.
  • Warned loudly when X-Forwarded-For is present but use_x_forwarded_for is off in MCP.
  • Resolved toolset tools by the server's known prefix in MCP.
  • Challenged delegate-auth OAuth servers with upstream resource_metadata in MCP.
  • Pointed OSS contributor workflows to litellm_oss_staging in CI.
  • Implemented word-sliced cache replay for stream=true cache hits.
  • Fixed hashable scope for _emit_once when guardrail_mode is list in OTEL.
  • Applied Redis namespace to all key operations in cache.
  • Clarified further that customer names shouldn't be made public.
  • Redacted api key from key/info client error messages in proxy/client.
  • Retargeted mistral-medium-latest to Medium 3.5 and added date-pinned aliases in cost-map.
  • Preserved Gemini Embedding 2 usageMetadata for cost tracking in Vertex.

Affected Symbols