[PR #17281] [MERGED] chore: Changelog 0.6.27 - New Changelog Style #11177

New Issue

GiteaMirror · 2025-11-11T19:24:19-06:00

GiteaMirror commented

2025-11-11 19:24:19 -06:00

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/17281
Author: @Classic298
Created: 9/8/2025
Status: ✅ Merged
Merged: 9/9/2025
Merged by: @tjbck

Base: dev ← Head: changelog-final

📝 Commits (3)

c6a4619 Changelog dev (#18)
218701e Update CHANGELOG.md
0cd32b0 Update CHANGELOG.md

📊 Changes

1 file changed (+56 additions, -0 deletions)

View changed files

📝 CHANGELOG.md (+56 -0)

📄 Description

Old changelog style here, in case new style is not wanted:

## [0.6.27] - 2025-09-09

### Added

- 🎨 **Azure OpenAI Image Generation Support**: Added comprehensive support for Azure OpenAI image generation by introducing the "IMAGES_OPENAI_API_VERSION" environment variable and corresponding admin UI configuration. Azure OpenAI's image generation API requires an "api-version" query parameter, which is now automatically appended to requests when configured. This enables seamless integration with Azure OpenAI's DALL-E endpoints alongside existing OpenAI compatibility, expanding image generation options for enterprise Azure environments.
- 📁 **Emoji Folder Icons**: Added customizable emoji icons for folders, allowing users to personalize their workspace organization with visual cues. Users can click on any folder icon to select from a comprehensive emoji picker, with the selected emoji displaying in both the folder view and sidebar navigation. The enhancement includes intelligent UI behavior where custom emoji icons show on hover in the sidebar while maintaining standard chevron indicators for folder expansion, improving both aesthetics and usability.
- 📁 **Knowledge Base File Count Display**: The "Search Collection" input field now dynamically displays the total number of files within the knowledge base directly in its placeholder text (e.g., "Search Collection (12)"). This provides users with an immediate overview of the content volume in large knowledge bases, streamlining content management.
- ☁️ **Manual Azure OpenAI Provider Selection**: Added provider toggle in connection settings that allows users to manually specify Azure OpenAI deployments regardless of the base URL structure. This enhancement accommodates enterprise setups using Azure API Management (APIM) or custom gateway URLs that don't contain "azure" in the hostname, eliminating the need for workarounds and enabling seamless integration with Azure OpenAI services behind custom domain configurations.
- ⚡ **Optimized Model List Caching Performance**: Fixed cache key generation for model list endpoints to use "user.id" instead of "Request" objects, enabling proper caching functionality and dramatically reducing redundant API calls to external model providers. Cache keys now use "provider_all_models_user_id" format with user isolation, improving cache hit rates for repeated requests while maintaining data separation between users and significantly reducing response times for model list operations.
- ⚡ **Comprehensive N+1 Query Performance Optimization**: Implemented systematic database query optimization across all major listing endpoints (models, prompts, tools, knowledge bases, and notes) by replacing individual user and group queries with efficient batch fetching. This reduces database query count from 1+N to 1+1 patterns, delivering up to 99% reduction in database queries for large datasets, significantly improved response times for all listing operations, and enhanced scalability for applications with numerous resources and users.
- ⚡ **Dynamic PDF.js Loading for Faster Page Loads**: Implemented dynamic loading of the PDF.js library, ensuring it is only loaded when needed for PDF file processing in temporary chats. This significantly reduces the initial page load size (by over 3MB) and improves overall application responsiveness, as the large PDF.js script no longer contributes to the initial JavaScript bundle.
- ⚡ **Dynamic HEIC Converter Loading for Faster Page Loads**: Implemented dynamic loading of the "heic2any" library across various message input components, including channels. This ensures the library is only loaded when HEIC image conversion is required, optimizing initial page loading speed by deferring the loading of this dependency until actively used, and improving overall application responsiveness.
- 📚 **Configurable File Deletion in Knowledge API**: Added "delete_file" query parameter to the knowledge file removal API endpoint, allowing granular control over whether files are completely deleted from the system or only removed from specific knowledge collections. When set to "false", files remain available for linking to other knowledge bases, enabling better file reuse and management workflows while maintaining backward compatibility with the default deletion behavior.
- 📊 **Llama.cpp Timing Statistics Integration**: Enhanced model performance visibility by automatically merging Llama.cpp timing statistics into the usage field, ensuring comprehensive performance metrics are displayed in the user interface. Users can now view detailed timing information alongside standard usage statistics, providing better insights into model performance and response generation efficiency for Llama.cpp-based models.
- 🗄️ **Configurable PGVector Extension Creation**: Added "PGVECTOR_CREATE_EXTENSION" environment variable to control whether the pgvector extension is automatically created during initialization. This provides greater flexibility for deployment environments where database extension creation requires specific permissions or is managed externally, particularly useful for Azure PostgreSQL Flexible Servers and other managed database services.
- 🔧 **Enhanced Tool Server Authentication with Header Forwarding**: Improved external tool server integration by adding "request_headers" authentication type that forwards complete request headers to tool servers. This enables more sophisticated authentication scenarios and better integration with enterprise identity systems, allowing tool servers to access user context and authentication details for personalized responses.
- 🔒 **Comprehensive Server-Side OAuth Token Management**: Implemented a robust server-side system for managing OAuth tokens, securely storing encrypted tokens in a new database table and introducing an automatic refresh mechanism. This centralized system enables seamless and secure forwarding of valid user-specific OAuth tokens to downstream services, including OpenAI-compatible endpoints and external tool servers (via the new "system_oauth" authentication type). This architecture resolves long-standing issues such as large token size limitations, stale/expired tokens, and reliable token propagation, enhancing overall security by minimizing client-side token exposure. Configurable via "ENABLE_OAUTH_ID_TOKEN_COOKIE" and "OAUTH_SESSION_TOKEN_ENCRYPTION_KEY" environment variables.
- 🔒 **Conditional Permission Hardening for OpenShift Deployments**: Added "USE_PERMISSION_HARDENING" build argument to enable optional permission hardening specifically for OpenShift and container environments with arbitrary UIDs. When enabled, the system configures group ownership and permissions for "/app" and "/root" directories with SGID bits, ensuring seamless operation in restricted Security Context Constraints while maintaining security best practices for enterprise Kubernetes deployments.
- 👥 **Regex Pattern Support for OAuth Blocked Groups**: Enhanced the "OAUTH_BLOCKED_GROUPS" environment variable to support regular expression and shell-style wildcard patterns in addition to exact string matching. This allows administrators to define more flexible and powerful group filtering rules, simplifying OAuth management and enabling easier configuration for organizations with structured group naming conventions.
- 💬 **Enhanced Web Search Result Display**: Improved the presentation of web search results by displaying rich details including titles and favicons alongside URLs. The updated UI provides a cleaner, more informative overview of search sources, enhancing clarity and usability.
- 💬 **Autosend Suggested Prompts**: Added a new setting to control whether clicking a suggested prompt automatically sends the message or only inserts the text into the input field. By default, suggested prompts are now automatically sent, streamlining user interaction.
- 🔄 **General Frontend and Backend Refactoring**: Implemented various improvements including Dockerfile optimizations, build process enhancements, chat submission logic refactoring, exception handling improvements, and UI styling refinements to improve performance, stability, and security, ensuring a more resilient and reliable platform for all users.
- 🌐 **Localization & Internationalization Improvements**: Enhanced and expanded translations for Portuguese (Brazil), Simplified Chinese, Catalan, and Spanish, with additional Chinese localization refinements, providing a more natural and professional user experience for speakers of these languages across the entire interface.

### Fixed

- 🔍 **Hybrid Search Functionality and Label Accuracy Restored**: Fixed two critical issues in hybrid search that caused errors and incorrect behavior. Resolved inverted lexical-semantic weight labels in the UI where BM25 weight=1 incorrectly indicated lexical when it should indicate semantic search, and eliminated AttributeError exceptions when BM25 weight was set to 0. The system now properly fetches collection data for all hybrid search configurations, enabling reranking with different cutoff values even when BM25 weight is disabled, ensuring reliable knowledge retrieval across all search modes.
- 🛑 **Task Stopping Error Prevention**: Fixed KeyError exceptions that occurred when users rapidly clicked the stop button, triggering multiple stop requests for the same task. The system now gracefully handles attempts to stop non-existent tasks by using a default value in the pop operation and returning a proper status response instead of raising an exception, preventing "Unexpected token" JSON parsing errors in the frontend and ensuring reliable task cancellation behavior.
- 🐍 **Code Execution Package Detection Precision**: Fixed overly broad package detection in pydiode code execution that incorrectly included packages like "regex" when code contained the letters "re" anywhere in the text. The system now uses precise import statement pattern matching with regex to detect actual import statements ("import re" or "from re"), preventing unnecessary package inclusions and eliminating spurious debug output during code execution.
- 🛠️ **Tool Message Format API Compliance**: Fixed schema violations in tool call responses sent to OpenAI-compatible endpoints where "content" fields were incorrectly set to null instead of empty strings. The system now properly handles tool results by ensuring content fields always contain valid string values, preventing request rejections from API providers like LM Studio that enforce strict OpenAI schema compliance and eliminating infinite hanging behavior during tool execution.
- 📱 **Mobile App Config API Authentication**: Fixed authentication compatibility for mobile applications by adding support for Authorization header token verification in the "/api/config" endpoint. The system now checks for tokens in both Authorization headers and cookies with proper fallback, ensuring iOS and Android apps can authenticate properly when requesting configuration data instead of being limited to cookie-based authentication only.
- 💾 **Knowledge File Save Race Condition Prevention**: Fixed race condition issues in file content updates where rapid user actions could trigger multiple concurrent save operations, potentially causing data inconsistency. The system now implements proper sequential execution with await for API calls and includes an "isSaving" guard that disables the save button during in-flight operations, ensuring only one save request is active at a time and preventing server state conflicts.
- 🔐 **OIDC PKCE Login Button Visibility Restored**: Fixed an issue where the SSO login button would not appear when using generic OIDC with PKCE authentication and no client secret configured. The system now correctly recognizes PKCE-based authentication flows by checking for either "OAUTH_CLIENT_SECRET" or "OAUTH_CODE_CHALLENGE_METHOD", ensuring the login interface appears properly for all valid OIDC configurations including those using Proof Key for Code Exchange without client secrets.
- 🔊 **TTS Request URL Formation with Trailing Slashes**: Fixed URL concatenation issues in Text-to-Speech API requests that caused failures when users included trailing slashes in their TTS base URL configuration. The system now uses proper URL joining methods instead of string concatenation, ensuring reliable TTS functionality regardless of how users format their endpoint URLs.
- 🛡️ **Admin Account Creation on Hugging Face Spaces Resolved**: Fixed a critical deployment issue where admin account creation failed on Hugging Face Spaces when using custom ports (such as 7860) due to hardcoded default port values in the startup script. The system now properly detects and uses the configured port for admin account initialization, ensuring reliable deployment and administrator setup across all Hugging Face Spaces configurations.
- 📁 **Unicode Filename Support in External Document Loaders**: Fixed an issue where files with special characters in their names (such as "ü.pdf") caused failures during upload or processing due to HTTP header encoding limitations. The system now properly URL-encodes filenames in the "X-Filename" header before transmission, ensuring seamless handling of international characters and special symbols in document workflows.
- 🔗 **Web Page and YouTube Attachment Processing Restored**: Fixed an issue where web page and YouTube attachments were not being processed correctly due to incorrect type classification. The system now properly handles these attachment types by setting them as "text" type and using collection names for accurate content retrieval, ensuring reliable knowledge integration from web sources.
- ✍️ **Message Input Composition Event Handling**: Fixed incorrect event binding syntax for composition end events in the message input component, ensuring proper text input handling for multilingual users utilizing Input Method Editors (IME). This resolves potential input issues when typing in Chinese, Japanese, Korean, and other languages that require text composition.
- 💬 **Follow-Up Tooltip Duplication Removed**: Fixed an issue where hovering over follow-up suggestions would display a redundant browser tooltip, streamlining the user interface and preventing visual clutter.
- 🎨 **Chat Button Text Display Corrected**: Fixed visual issues where descending characters on chat input buttons were clipped, and removed unnecessary capitalization of button text. This ensures proper display for all button labels, including custom filters, and improves overall UI consistency.
- 🧠 **RAG Loop/Error with Gemma 3.1 2B Instruct Fixed**: Resolved an issue where specific models (e.g., "gemma-3-12b-instruct") when used with RAG would cause an infinite loop and a "list object has no attribute 'get'" error. The system now correctly unwraps unexpected single-item list responses from models, preventing crashes and ensuring stable RAG functionality.
- 🖼️ **HEIC Conversion Bug Fixed**: Resolved an issue where image conversion failed for files with a ".heic" suffix but containing data in other image formats, improving the robustness of image handling and preventing conversion errors.
- 📦 **Slim Docker Image Size Regression Fixed**: Addressed a regression where the "slim" Docker image variant was larger than intended due to changes in conditional package installations. The build process has been refined to ensure "USE_SLIM=true" correctly excludes specified components, restoring the expected smaller image size for faster deployments and reduced resource consumption.
- 📁 **Knowledge Base Update Validation Error Fixed**: Resolved a "pydantic_core._pydantic_core.ValidationError" that prevented updates to knowledge bases via UI or API. The system now correctly passes "FileMetadataResponse" objects, resolving the schema validation issue and ensuring seamless knowledge base management.
- 🔐 **Web Search Override by User Settings Fixed**: Resolved a security and configuration issue where a global "always use websearch" user setting would override model-specific configurations intended to disable web search. The system now correctly prioritizes model-level web search capabilities, ensuring that web search is disabled for models where it's explicitly restricted, thereby preventing potential exposure of sensitive data to external search providers.
- 🔐 **OAuth Redirect Reliability Improved**: Fixed issues with OAuth login and redirect flows where users might not be consistently redirected to their intended destination page after successful authentication. The system now robustly preserves the intended redirect path using session storage and ensures correct redirection for a smoother user experience, particularly in multi-step OAuth processes.
- 🔐 **Chat Folder Knowledge Access Control**: Fixed a security vulnerability where knowledge bases added to chat folders remained accessible to users even after their group permissions to that knowledge were revoked. The system now automatically verifies user access to linked knowledge bases and files within folders, removing associations for unauthorized content to ensure strict adherence to access control policies.
- 🔒 **OIDC Access Denied Error Display Improved**: Fixed an issue where OIDC "access_denied" errors were displayed as raw JSON. The system now gracefully handles these authentication failures and presents them as user-friendly toast notifications, enhancing the user experience during failed login attempts.
- 💬 **Enhanced Chat Exception Handling**: Improved error handling and task cancellation in chat processing to prevent system instability when exceptions occur during message generation. The system now properly emits cancellation events, manages task cleanup, and handles both dictionary and string-based error messages, ensuring graceful error recovery and preventing hanging chat sessions during failures.
- 🔒 **Static Asset Authentication for Proxy Environments:** Fixed authentication issues in proxy and enterprise deployments by adding "crossorigin='use-credentials'" attributes to all static resource link elements including favicons, manifests, and stylesheets. Previously, these resources would fail to load in environments where authentication cookies or credentials were required for all requests, particularly affecting enterprise setups with proxy authentication, SSO configurations, or custom authentication middleware.

### Changed

- 🛠️ **External Tools Terminology Clarified**: Renamed "Tools" to "External Tools" throughout the user interface for improved clarity and distinction between built-in functionality and external tool server integrations. This change affects the Admin Settings navigation and Chat Settings modal, providing clearer context for users managing external tool server connections.
- 🛡️ **Enhanced Default Permission Validation for Message Actions:** Strengthened default security posture by implementing more restrictive permission validation for message regeneration and deletion operations. The system now enforces stricter access controls by default, ensuring that only users with explicit permissions can perform these sensitive chat operations.

Contributor License Agreement

By submitting this pull request, I confirm that I have read and fully agree to the Contributor License Agreement (CLA), and I am providing my contributions under its terms.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/17281 **Author:** [@Classic298](https://github.com/Classic298) **Created:** 9/8/2025 **Status:** ✅ Merged **Merged:** 9/9/2025 **Merged by:** [@tjbck](https://github.com/tjbck) **Base:** `dev` ← **Head:** `changelog-final` --- ### 📝 Commits (3) - [`c6a4619`](https://github.com/open-webui/open-webui/commit/c6a46195c06f9f954a8c6a2659250201a3b27f63) Changelog dev (#18) - [`218701e`](https://github.com/open-webui/open-webui/commit/218701e6174d6c04a4f6f58259e07312c983ec3b) Update CHANGELOG.md - [`0cd32b0`](https://github.com/open-webui/open-webui/commit/0cd32b015b3a39ff3eb11764d23cd806689b8947) Update CHANGELOG.md ### 📊 Changes **1 file changed** (+56 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `CHANGELOG.md` (+56 -0) </details> ### 📄 Description Old changelog style here, in case new style is not wanted: ``` ## [0.6.27] - 2025-09-09 ### Added - 🎨 **Azure OpenAI Image Generation Support**: Added comprehensive support for Azure OpenAI image generation by introducing the "IMAGES_OPENAI_API_VERSION" environment variable and corresponding admin UI configuration. Azure OpenAI's image generation API requires an "api-version" query parameter, which is now automatically appended to requests when configured. This enables seamless integration with Azure OpenAI's DALL-E endpoints alongside existing OpenAI compatibility, expanding image generation options for enterprise Azure environments. - 📁 **Emoji Folder Icons**: Added customizable emoji icons for folders, allowing users to personalize their workspace organization with visual cues. Users can click on any folder icon to select from a comprehensive emoji picker, with the selected emoji displaying in both the folder view and sidebar navigation. The enhancement includes intelligent UI behavior where custom emoji icons show on hover in the sidebar while maintaining standard chevron indicators for folder expansion, improving both aesthetics and usability. - 📁 **Knowledge Base File Count Display**: The "Search Collection" input field now dynamically displays the total number of files within the knowledge base directly in its placeholder text (e.g., "Search Collection (12)"). This provides users with an immediate overview of the content volume in large knowledge bases, streamlining content management. - ☁️ **Manual Azure OpenAI Provider Selection**: Added provider toggle in connection settings that allows users to manually specify Azure OpenAI deployments regardless of the base URL structure. This enhancement accommodates enterprise setups using Azure API Management (APIM) or custom gateway URLs that don't contain "azure" in the hostname, eliminating the need for workarounds and enabling seamless integration with Azure OpenAI services behind custom domain configurations. - ⚡ **Optimized Model List Caching Performance**: Fixed cache key generation for model list endpoints to use "user.id" instead of "Request" objects, enabling proper caching functionality and dramatically reducing redundant API calls to external model providers. Cache keys now use "provider_all_models_user_id" format with user isolation, improving cache hit rates for repeated requests while maintaining data separation between users and significantly reducing response times for model list operations. - ⚡ **Comprehensive N+1 Query Performance Optimization**: Implemented systematic database query optimization across all major listing endpoints (models, prompts, tools, knowledge bases, and notes) by replacing individual user and group queries with efficient batch fetching. This reduces database query count from 1+N to 1+1 patterns, delivering up to 99% reduction in database queries for large datasets, significantly improved response times for all listing operations, and enhanced scalability for applications with numerous resources and users. - ⚡ **Dynamic PDF.js Loading for Faster Page Loads**: Implemented dynamic loading of the PDF.js library, ensuring it is only loaded when needed for PDF file processing in temporary chats. This significantly reduces the initial page load size (by over 3MB) and improves overall application responsiveness, as the large PDF.js script no longer contributes to the initial JavaScript bundle. - ⚡ **Dynamic HEIC Converter Loading for Faster Page Loads**: Implemented dynamic loading of the "heic2any" library across various message input components, including channels. This ensures the library is only loaded when HEIC image conversion is required, optimizing initial page loading speed by deferring the loading of this dependency until actively used, and improving overall application responsiveness. - 📚 **Configurable File Deletion in Knowledge API**: Added "delete_file" query parameter to the knowledge file removal API endpoint, allowing granular control over whether files are completely deleted from the system or only removed from specific knowledge collections. When set to "false", files remain available for linking to other knowledge bases, enabling better file reuse and management workflows while maintaining backward compatibility with the default deletion behavior. - 📊 **Llama.cpp Timing Statistics Integration**: Enhanced model performance visibility by automatically merging Llama.cpp timing statistics into the usage field, ensuring comprehensive performance metrics are displayed in the user interface. Users can now view detailed timing information alongside standard usage statistics, providing better insights into model performance and response generation efficiency for Llama.cpp-based models. - 🗄️ **Configurable PGVector Extension Creation**: Added "PGVECTOR_CREATE_EXTENSION" environment variable to control whether the pgvector extension is automatically created during initialization. This provides greater flexibility for deployment environments where database extension creation requires specific permissions or is managed externally, particularly useful for Azure PostgreSQL Flexible Servers and other managed database services. - 🔧 **Enhanced Tool Server Authentication with Header Forwarding**: Improved external tool server integration by adding "request_headers" authentication type that forwards complete request headers to tool servers. This enables more sophisticated authentication scenarios and better integration with enterprise identity systems, allowing tool servers to access user context and authentication details for personalized responses. - 🔒 **Comprehensive Server-Side OAuth Token Management**: Implemented a robust server-side system for managing OAuth tokens, securely storing encrypted tokens in a new database table and introducing an automatic refresh mechanism. This centralized system enables seamless and secure forwarding of valid user-specific OAuth tokens to downstream services, including OpenAI-compatible endpoints and external tool servers (via the new "system_oauth" authentication type). This architecture resolves long-standing issues such as large token size limitations, stale/expired tokens, and reliable token propagation, enhancing overall security by minimizing client-side token exposure. Configurable via "ENABLE_OAUTH_ID_TOKEN_COOKIE" and "OAUTH_SESSION_TOKEN_ENCRYPTION_KEY" environment variables. - 🔒 **Conditional Permission Hardening for OpenShift Deployments**: Added "USE_PERMISSION_HARDENING" build argument to enable optional permission hardening specifically for OpenShift and container environments with arbitrary UIDs. When enabled, the system configures group ownership and permissions for "/app" and "/root" directories with SGID bits, ensuring seamless operation in restricted Security Context Constraints while maintaining security best practices for enterprise Kubernetes deployments. - 👥 **Regex Pattern Support for OAuth Blocked Groups**: Enhanced the "OAUTH_BLOCKED_GROUPS" environment variable to support regular expression and shell-style wildcard patterns in addition to exact string matching. This allows administrators to define more flexible and powerful group filtering rules, simplifying OAuth management and enabling easier configuration for organizations with structured group naming conventions. - 💬 **Enhanced Web Search Result Display**: Improved the presentation of web search results by displaying rich details including titles and favicons alongside URLs. The updated UI provides a cleaner, more informative overview of search sources, enhancing clarity and usability. - 💬 **Autosend Suggested Prompts**: Added a new setting to control whether clicking a suggested prompt automatically sends the message or only inserts the text into the input field. By default, suggested prompts are now automatically sent, streamlining user interaction. - 🔄 **General Frontend and Backend Refactoring**: Implemented various improvements including Dockerfile optimizations, build process enhancements, chat submission logic refactoring, exception handling improvements, and UI styling refinements to improve performance, stability, and security, ensuring a more resilient and reliable platform for all users. - 🌐 **Localization & Internationalization Improvements**: Enhanced and expanded translations for Portuguese (Brazil), Simplified Chinese, Catalan, and Spanish, with additional Chinese localization refinements, providing a more natural and professional user experience for speakers of these languages across the entire interface. ### Fixed - 🔍 **Hybrid Search Functionality and Label Accuracy Restored**: Fixed two critical issues in hybrid search that caused errors and incorrect behavior. Resolved inverted lexical-semantic weight labels in the UI where BM25 weight=1 incorrectly indicated lexical when it should indicate semantic search, and eliminated AttributeError exceptions when BM25 weight was set to 0. The system now properly fetches collection data for all hybrid search configurations, enabling reranking with different cutoff values even when BM25 weight is disabled, ensuring reliable knowledge retrieval across all search modes. - 🛑 **Task Stopping Error Prevention**: Fixed KeyError exceptions that occurred when users rapidly clicked the stop button, triggering multiple stop requests for the same task. The system now gracefully handles attempts to stop non-existent tasks by using a default value in the pop operation and returning a proper status response instead of raising an exception, preventing "Unexpected token" JSON parsing errors in the frontend and ensuring reliable task cancellation behavior. - 🐍 **Code Execution Package Detection Precision**: Fixed overly broad package detection in pydiode code execution that incorrectly included packages like "regex" when code contained the letters "re" anywhere in the text. The system now uses precise import statement pattern matching with regex to detect actual import statements ("import re" or "from re"), preventing unnecessary package inclusions and eliminating spurious debug output during code execution. - 🛠️ **Tool Message Format API Compliance**: Fixed schema violations in tool call responses sent to OpenAI-compatible endpoints where "content" fields were incorrectly set to null instead of empty strings. The system now properly handles tool results by ensuring content fields always contain valid string values, preventing request rejections from API providers like LM Studio that enforce strict OpenAI schema compliance and eliminating infinite hanging behavior during tool execution. - 📱 **Mobile App Config API Authentication**: Fixed authentication compatibility for mobile applications by adding support for Authorization header token verification in the "/api/config" endpoint. The system now checks for tokens in both Authorization headers and cookies with proper fallback, ensuring iOS and Android apps can authenticate properly when requesting configuration data instead of being limited to cookie-based authentication only. - 💾 **Knowledge File Save Race Condition Prevention**: Fixed race condition issues in file content updates where rapid user actions could trigger multiple concurrent save operations, potentially causing data inconsistency. The system now implements proper sequential execution with await for API calls and includes an "isSaving" guard that disables the save button during in-flight operations, ensuring only one save request is active at a time and preventing server state conflicts. - 🔐 **OIDC PKCE Login Button Visibility Restored**: Fixed an issue where the SSO login button would not appear when using generic OIDC with PKCE authentication and no client secret configured. The system now correctly recognizes PKCE-based authentication flows by checking for either "OAUTH_CLIENT_SECRET" or "OAUTH_CODE_CHALLENGE_METHOD", ensuring the login interface appears properly for all valid OIDC configurations including those using Proof Key for Code Exchange without client secrets. - 🔊 **TTS Request URL Formation with Trailing Slashes**: Fixed URL concatenation issues in Text-to-Speech API requests that caused failures when users included trailing slashes in their TTS base URL configuration. The system now uses proper URL joining methods instead of string concatenation, ensuring reliable TTS functionality regardless of how users format their endpoint URLs. - 🛡️ **Admin Account Creation on Hugging Face Spaces Resolved**: Fixed a critical deployment issue where admin account creation failed on Hugging Face Spaces when using custom ports (such as 7860) due to hardcoded default port values in the startup script. The system now properly detects and uses the configured port for admin account initialization, ensuring reliable deployment and administrator setup across all Hugging Face Spaces configurations. - 📁 **Unicode Filename Support in External Document Loaders**: Fixed an issue where files with special characters in their names (such as "ü.pdf") caused failures during upload or processing due to HTTP header encoding limitations. The system now properly URL-encodes filenames in the "X-Filename" header before transmission, ensuring seamless handling of international characters and special symbols in document workflows. - 🔗 **Web Page and YouTube Attachment Processing Restored**: Fixed an issue where web page and YouTube attachments were not being processed correctly due to incorrect type classification. The system now properly handles these attachment types by setting them as "text" type and using collection names for accurate content retrieval, ensuring reliable knowledge integration from web sources. - ✍️ **Message Input Composition Event Handling**: Fixed incorrect event binding syntax for composition end events in the message input component, ensuring proper text input handling for multilingual users utilizing Input Method Editors (IME). This resolves potential input issues when typing in Chinese, Japanese, Korean, and other languages that require text composition. - 💬 **Follow-Up Tooltip Duplication Removed**: Fixed an issue where hovering over follow-up suggestions would display a redundant browser tooltip, streamlining the user interface and preventing visual clutter. - 🎨 **Chat Button Text Display Corrected**: Fixed visual issues where descending characters on chat input buttons were clipped, and removed unnecessary capitalization of button text. This ensures proper display for all button labels, including custom filters, and improves overall UI consistency. - 🧠 **RAG Loop/Error with Gemma 3.1 2B Instruct Fixed**: Resolved an issue where specific models (e.g., "gemma-3-12b-instruct") when used with RAG would cause an infinite loop and a "list object has no attribute 'get'" error. The system now correctly unwraps unexpected single-item list responses from models, preventing crashes and ensuring stable RAG functionality. - 🖼️ **HEIC Conversion Bug Fixed**: Resolved an issue where image conversion failed for files with a ".heic" suffix but containing data in other image formats, improving the robustness of image handling and preventing conversion errors. - 📦 **Slim Docker Image Size Regression Fixed**: Addressed a regression where the "slim" Docker image variant was larger than intended due to changes in conditional package installations. The build process has been refined to ensure "USE_SLIM=true" correctly excludes specified components, restoring the expected smaller image size for faster deployments and reduced resource consumption. - 📁 **Knowledge Base Update Validation Error Fixed**: Resolved a "pydantic_core._pydantic_core.ValidationError" that prevented updates to knowledge bases via UI or API. The system now correctly passes "FileMetadataResponse" objects, resolving the schema validation issue and ensuring seamless knowledge base management. - 🔐 **Web Search Override by User Settings Fixed**: Resolved a security and configuration issue where a global "always use websearch" user setting would override model-specific configurations intended to disable web search. The system now correctly prioritizes model-level web search capabilities, ensuring that web search is disabled for models where it's explicitly restricted, thereby preventing potential exposure of sensitive data to external search providers. - 🔐 **OAuth Redirect Reliability Improved**: Fixed issues with OAuth login and redirect flows where users might not be consistently redirected to their intended destination page after successful authentication. The system now robustly preserves the intended redirect path using session storage and ensures correct redirection for a smoother user experience, particularly in multi-step OAuth processes. - 🔐 **Chat Folder Knowledge Access Control**: Fixed a security vulnerability where knowledge bases added to chat folders remained accessible to users even after their group permissions to that knowledge were revoked. The system now automatically verifies user access to linked knowledge bases and files within folders, removing associations for unauthorized content to ensure strict adherence to access control policies. - 🔒 **OIDC Access Denied Error Display Improved**: Fixed an issue where OIDC "access_denied" errors were displayed as raw JSON. The system now gracefully handles these authentication failures and presents them as user-friendly toast notifications, enhancing the user experience during failed login attempts. - 💬 **Enhanced Chat Exception Handling**: Improved error handling and task cancellation in chat processing to prevent system instability when exceptions occur during message generation. The system now properly emits cancellation events, manages task cleanup, and handles both dictionary and string-based error messages, ensuring graceful error recovery and preventing hanging chat sessions during failures. - 🔒 **Static Asset Authentication for Proxy Environments:** Fixed authentication issues in proxy and enterprise deployments by adding "crossorigin='use-credentials'" attributes to all static resource link elements including favicons, manifests, and stylesheets. Previously, these resources would fail to load in environments where authentication cookies or credentials were required for all requests, particularly affecting enterprise setups with proxy authentication, SSO configurations, or custom authentication middleware. ### Changed - 🛠️ **External Tools Terminology Clarified**: Renamed "Tools" to "External Tools" throughout the user interface for improved clarity and distinction between built-in functionality and external tool server integrations. This change affects the Admin Settings navigation and Chat Settings modal, providing clearer context for users managing external tool server connections. - 🛡️ **Enhanced Default Permission Validation for Message Actions:** Strengthened default security posture by implementing more restrictive permission validation for message regeneration and deletion operations. The system now enforces stricter access controls by default, ensuring that only users with explicit permissions can perform these sensitive chat operations. ``` ### Contributor License Agreement By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2025-11-11 19:24:19 -06:00

GiteaMirror closed this issue

2025-11-11 19:24:19 -06:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#11177