v1.92.0-dev.1
📦 litellmView on GitHub →
✨ 10 features🐛 22 fixes🔧 8 symbols
Summary
This release introduces Docker image signature verification using cosign for enhanced security and adds features like declarative fallbacks and AES-256-GCM encryption for proxy credentials. Numerous bug fixes address issues across realtime processing, proxy permissions, Databricks tool calls, and UI stability.
Migration Steps
- Users running Docker images should verify image signatures using the provided cosign commands, preferably using the pinned commit hash for maximum security.
✨ New Features
- Implemented declarative fallback generalizations for unknown models.
- Added support for AES-256-GCM at-rest credential encryption with versioned format and re-encryption migration in the proxy.
- Added support for a2a-sdk 1.x proxy routing for 0.3 and 1.0 agents.
- Added Prometheus metric for litellm_overhead_with_guardrails_latency.
- Added support for tagging routing denylist via ! prefix in the router.
- Exposed streaming knobs on generic_guardrail_api.
- Added logging for per-token-type reasoning and cache cost breakdown in the cost calculator.
- Typed Customer Management response_model for OpenAPI coverage in the proxy.
- Emit a tools/list CLIENT span for MCP discovery under otel_v2.
- Added passthrough for /v1/messages to native endpoints via supported_endpoints.
🐛 Bug Fixes
- Stopped second Gemini Live setup, retried hung handshake, and closed guardrail bypass in realtime.
- Simplified unknown-model error message construction in the router.
- Kept virtual-keys filters across delete and refresh in the UI.
- Split parallel tool calls in Databricks so each tool message follows tool_calls.
- Gated non-admin /key/generate budget_limits and permissions in the proxy.
- Rejected non-finite budget_limits windows on /key/generate.
- Hard-rejected CLI session token personal-key budget_limits.
- Used single media upload for batch files to Vertex AI/files to fix 499s on large uploads.
- Counted only active users toward license seat limit in the proxy.
- Resolved per-user OAuth identity authoritatively at the token endpoint in MCP.
- Rejected team-scoped object_permission on personal keys for non-admins in the proxy.
- Dropped top-level additional_drop_params on /v1/messages in passthrough.
- Scanned file and document attachments with Model Armor in guardrails.
- Skipped health check for semantic auto_router deployments.
- Dropped unmappable Bedrock Responses tools instead of failing the request.
- Emitted x-litellm-response-cost header on /messages and /generateContent.
- Supported client_secret_basic for upstream OAuth token endpoints in MCP.
- Dropped unsignable Anthropic thinking blocks and allowed null signature in logging.
- Stopped Request Logs page from overflowing horizontally and sized its columns in the UI.
- Allowed any git host on the skills add form in the UI.
- Stopped one unauthenticated server from emptying the aggregate tools/list in MCP.
- Applied EMAIL_SIGNATURE to budget alert emails.