v1.83.5-nightly

LiteLLM Releases / 4/8/2026

📰 NewsDeveloper Stack & InfrastructureTools & Practical Usage

共有:

Key Points

LiteLLMのDockerイメージはcosignで署名されており、すべてのリリースが同一の署名鍵（commit 0112e53で導入）で検証できる仕様になっています。
推奨される検証方法は、固定されたコミットハッシュの公開鍵（cosign.pub）を指定して`cosign verify`を実行し、署名が指定鍵に対して正しく検証されたことを確認することです。
代替の検証方法として、リリースタグをキーにして同様に`cosign verify`する手順も用意されていますが、こちらはリポジトリのタグ保護ルールに依存する点が注意点です。
今回の更新内容として、セキュリティ強化に関するブログ（April 2026 post）のドキュメント追加が「What's Changed」に記載されています。

Verify Docker Image Signature

All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.

Verify using the pinned commit hash (recommended):

A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \
  ghcr.io/berriai/litellm:v1.83.5-nightly

Verify using the release tag (convenience):

Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/v1.83.5-nightly/cosign.pub \
  ghcr.io/berriai/litellm:v1.83.5-nightly

Expected output:

The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - The signatures were verified against the specified public key

What's Changed

docs(blog): add security hardening April 2026 post (#25101) by @ishaan-berri in #25102
Litellm ishaan april1 try2 by @ishaan-berri in #25110
bump: version 1.83.1 → 1.83.2 by @ishaan-berri in #25112
fix(ui): wire team_id filter to key alias dropdown on Virtual Keys tab by @ryan-crabbe-berri in #25114
fix(ui): add paginated team search to usage page filter by @ryan-crabbe-berri in #25107
fix(ui): allow changing team organization from team settings by @ryan-crabbe-berri in #25095
docs: document default_team_params in config reference by @ryan-crabbe-berri in #25032
feat(teams): resolve access group resources in team endpoints by @ryan-crabbe-berri in #25027
bump litellm-proxy-extras to 0.4.64 by @ishaan-berri in #25121
feat(proxy): add project-level guardrails support by @michelligabriele in #25087
fix(a2a): preserve JSON-RPC envelope for AgentCore A2A-native agents by @michelligabriele in #25092
feat(ui): add guardrails support to project create/edit forms by @michelligabriele in #25100
Fix broken codeql-action SHA in scorecard workflow by @joereyna in #24815
litellm ryan march 31 by @ryan-crabbe-berri in #25119
[Infra] Building UI for Release by @yuneng-berri in #25136
fix(ui): don't inject vector_store_ids: [] when editing a model by @ryan-crabbe-berri in #25133
Litellm ishaan april2 by @ishaan-berri in #25113
fix(docker): load enterprise hooks in non-root runtime image by @Sameerlite in #24917
Litellm ishaan march30 (#24887) by @ishaan-berri in #25151
[Fix] Team Model Update 500 Due to Unsupported Prisma JSON Path Filter by @yuneng-berri in #25152
Litellm team model group name routing fix (#25148) by @ishaan-berri in #25154
Litellm ishaan april4 2 by @ishaan-berri in #25150
feat(ui): expose Azure Entra ID credential fields in provider form by @ryan-crabbe-berri in #25137
feat(ui): add per-model rate limits to team edit/info views by @ryan-crabbe-berri in #25144
fix(ui): use entity key for usage export display by @ryan-crabbe-berri in #25153
Litellm ishaan march23 - MCP Toolsets + GCP Caching fix (#25146) by @ishaan-berri in #25155
cherry-pick: tag query fix + MCP metadata support by @ishaan-berri in #25145
feat: allow adding team guardrails from the UI by @ryan-crabbe-berri in #25038
Litellm ryan apr 4 by @ryan-crabbe-berri in #25156
[Infra] Rebuild UI for Release by @yuneng-berri in #25158
bump: version 1.83.2 → 1.83.3 by @yuneng-berri in #25162
bump litellm-proxy-extras to 0.4.65 by @ishaan-berri in #25163
bump litellm-enterprise to 0.1.36 by @ishaan-berri in #25164
fix: regenerate poetry.lock by @ishaan-berri in #25169
Litellm docs 1 83 3 by @ishaan-berri in #25166
[Nit] Small docs fix, fixing img + folder name by @ishaan-berri in #25171
docs: week 1 checklist by @mubashir1osmani in #25083
[Docs] Add cosign Docker image verification steps to security blog posts by @yuneng-berri in #25122
[Infra] Remove flaky proxy_e2e_azure_batches_tests CI workflow by @yuneng-berri in #25247
[Docs] Enforce Black Formatting in Contributor Docs by @yuneng-berri in #25135
[Infra] Remove Redundant Matrix Unit Test Workflow by @yuneng-berri in #25251
feat: add POST /team/permissions_bulk_update endpoint by @ryan-crabbe-berri in #25239
fix: batch-limit stale managed object cleanup to prevent 300K row UPD… by @ishaan-berri in #25258
bump litellm-enterprise to 0.1.37 by @ishaan-berri in #25265
bump litellm version to 1.83.4 by @ishaan-berri in #25266
Litellm aws gov cloud mode support by @shivamrawat1 in #25254
[Fix] Update check_responses_cost tests for _expire_stale_rows by @yuneng-berri in #25299
[Test] UI - E2E: Add Playwright tests with local PostgreSQL by @yuneng-berri in #25126
[Fix] Dockerfile.non_root: handle missing .npmrc gracefully by @yuneng-berri in #25307
fix(auth): allow JWT override OAuth2 routing without global OAuth2 enablement by @milan-berri in #25252
[Infra] Pin cosign.pub verification to initial commit hash by @yuneng-berri in #25273
[Refactor] Align /v2/key/info response handling with v1 by @yuneng-berri in #25313
Fix node-gyp symlink path after npm upgrade in Dockerfile by @joereyna in #25048
[Infra] Bump version 1.83.4 → 1.83.5 by @yuneng-berri in #25316