v1.83.10-stable

LiteLLM Releases / 4/28/2026

📰 NewsDeveloper Stack & InfrastructureTools & Practical UsageIndustry & Market Moves

共有:

Key Points

All LiteLLM Docker images are signed using cosign, and each release uses the same signing key introduced in a specific Git commit (0112e53).
The recommended way to verify an image is to verify it against the pinned commit-based cosign public key URL, which provides strong assurance that the original signing key is unchanged.
As an easier alternative, users can verify using the release tag’s cosign public key, though this relies on repository tag protection rules.
Successful verification should confirm that cosign claims are validated and that signatures match the specified public key.
The article links to a full changelog comparing v1.83.10-nightly to v1.83.10-stable.

Verify Docker Image Signature

All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.

Verify using the pinned commit hash (recommended):

A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \
  ghcr.io/berriai/litellm:v1.83.10-stable

Verify using the release tag (convenience):

Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/v1.83.10-stable/cosign.pub \
  ghcr.io/berriai/litellm:v1.83.10-stable

Expected output:

The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - The signatures were verified against the specified public key

Full Changelog: v1.83.10-nightly...v1.83.10-stable