github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 19:08:59 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

Issue: Audio data submitted via notes is not being deleted and remains stored on the server #5056

New Issue
Closed
opened 2025-11-11 16:11:02 -06:00 by GiteaMirror · 5 comments
GiteaMirror commented 2025-11-11 16:11:02 -06:00
Owner
Copy Link

Originally created by @nboehlke on GitHub (May 6, 2025).

Check Existing Issues

  • I have searched the existing issues and discussions.
  • I am using the latest version of Open WebUI.

Installation Method

Other

Open WebUI Version

v0.6.6

Ollama Version (if applicable)

0.6.8

Operating System

RHEL 9.5

Browser (if applicable)

No response

Confirmation

  • I have read and followed all instructions in README.md.
  • I am using the latest version of both Open WebUI and Ollama.
  • I have included the browser console logs.
  • I have included the Docker container logs.
  • I have listed steps to reproduce the bug in detail.

Expected Behavior

If a user intentionally deletes an audio file from the note, it must also be removed from the server.

Actual Behavior

If a user deletes an audio file, it is simply disassociated from the note, but the file itself remains stored on the server. This means it can be accessed by anyone with backend server privileges.
Also: If a company or any organization within the EU uses this feature in the application, it is most likely a violation of the GDPR.

Steps to Reproduce

  1. Navigate to the "Notes" section.
  2. Click "Record" to capture an audio file.
  3. Save the recording and then delete it after it has been transcribed.
  4. Check the backend and the storage location for the audio data using f.e.:
    podman exec -it open-webui sh
    find / -name "*.webm" 2>/dev/null

Logs & Screenshots

podman exec -it open-webui sh 2>/devfind / -name "*.webm" 2>/dev/null# /app/backend/data/uploads/7990eeb7-5ae1-49f5-8056-a70fcff2c4d0_Recording-06.05.2025 08:51.webm /app/backend/data/uploads/d0a55466-12ed-4244-9002-019adf57788d_Recording-06.05.2025 08:55.webm /app/backend/data/uploads/490de51a-2362-4bf8-8429-2c6f16768c10_Recording-06.05.2025 08:57.webm /app/backend/data/uploads/0e4ee1af-7531-40f2-a3b8-f16277a5f36c_Recording-06.05.2025 09:06.webm

Image

Additional Information

Current workaround: A scheduled script is used to delete all audio files, ensuring that audio data is not retained on the server. This process may also remove audio data that users have not explicitly requested to delete.

Users can be notified via the "banner function" to inform them that audio files will be deleted after a specific period (f.e. up to 24 hours)

Originally created by @nboehlke on GitHub (May 6, 2025). ### Check Existing Issues - [x] I have searched the existing issues and discussions. - [x] I am using the latest version of Open WebUI. ### Installation Method Other ### Open WebUI Version v0.6.6 ### Ollama Version (if applicable) 0.6.8 ### Operating System RHEL 9.5 ### Browser (if applicable) _No response_ ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have listed steps to reproduce the bug in detail. ### Expected Behavior If a user intentionally deletes an audio file from the note, it must also be removed from the server. ### Actual Behavior If a user deletes an audio file, it is simply disassociated from the note, but the file itself remains stored on the server. This means it can be accessed by anyone with backend server privileges. Also: If a company or any organization within the EU uses this feature in the application, it is most likely a violation of the GDPR. ### Steps to Reproduce 1. Navigate to the "Notes" section. 2. Click "Record" to capture an audio file. 3. Save the recording and then delete it after it has been transcribed. 4. Check the backend and the storage location for the audio data using f.e.: `podman exec -it open-webui sh` `find / -name "*.webm" 2>/dev/null` ### Logs & Screenshots `podman exec -it open-webui sh 2>/devfind / -name "*.webm" 2>/dev/null# /app/backend/data/uploads/7990eeb7-5ae1-49f5-8056-a70fcff2c4d0_Recording-06.05.2025 08:51.webm /app/backend/data/uploads/d0a55466-12ed-4244-9002-019adf57788d_Recording-06.05.2025 08:55.webm /app/backend/data/uploads/490de51a-2362-4bf8-8429-2c6f16768c10_Recording-06.05.2025 08:57.webm /app/backend/data/uploads/0e4ee1af-7531-40f2-a3b8-f16277a5f36c_Recording-06.05.2025 09:06.webm` ![Image](https://github.com/user-attachments/assets/78860764-f7d5-4cba-ab3f-e92f89e4e00a) ### Additional Information Current workaround: A scheduled script is used to delete all audio files, ensuring that audio data is not retained on the server. This process may also remove audio data that users have not explicitly requested to delete. Users can be notified via the "banner function" to inform them that audio files will be deleted after a specific period (f.e. up to 24 hours)
GiteaMirror added the bug label 2025-11-11 16:11:02 -06:00
GiteaMirror commented 2025-11-11 16:11:03 -06:00
Author
Owner
Copy Link

@Classic298 commented on GitHub (May 6, 2025):

Related:

https://github.com/open-webui/open-webui/discussions/5199#discussioncomment-12958883
https://github.com/open-webui/open-webui/discussions/13001#discussioncomment-12958876
https://github.com/open-webui/scripts/pull/2#event-17470370038
https://github.com/open-webui/open-webui/discussions/12091#discussioncomment-13010171
https://github.com/open-webui/open-webui/discussions/7465#discussioncomment-13010185
https://github.com/open-webui/open-webui/pull/13396#issuecomment-2848292992
https://github.com/open-webui/open-webui/discussions/12280#discussioncomment-13029385
https://github.com/open-webui/open-webui/issues/7181#issuecomment-2768901775

@Classic298 commented on GitHub (May 6, 2025): Related: https://github.com/open-webui/open-webui/discussions/5199#discussioncomment-12958883 https://github.com/open-webui/open-webui/discussions/13001#discussioncomment-12958876 https://github.com/open-webui/scripts/pull/2#event-17470370038 https://github.com/open-webui/open-webui/discussions/12091#discussioncomment-13010171 https://github.com/open-webui/open-webui/discussions/7465#discussioncomment-13010185 https://github.com/open-webui/open-webui/pull/13396#issuecomment-2848292992 https://github.com/open-webui/open-webui/discussions/12280#discussioncomment-13029385 https://github.com/open-webui/open-webui/issues/7181#issuecomment-2768901775
GiteaMirror commented 2025-11-11 16:11:03 -06:00
Author
Owner
Copy Link

@tjbck commented on GitHub (May 6, 2025):

Intended behaviour.

@tjbck commented on GitHub (May 6, 2025): Intended behaviour.
GiteaMirror commented 2025-11-11 16:11:03 -06:00
Author
Owner
Copy Link

@Ithanil commented on GitHub (May 7, 2025):

I think GDPR compliance can be achieved by running something like https://github.com/open-webui/scripts/tree/main/scripts/cleanup_pg frequently. Nevertheless, noone from the EU will understand how this could possibly be intended behavior.

@Ithanil commented on GitHub (May 7, 2025): I _think_ GDPR compliance can be achieved by running something like https://github.com/open-webui/scripts/tree/main/scripts/cleanup_pg frequently. Nevertheless, noone from the EU will understand how this could possibly be intended behavior.
GiteaMirror commented 2025-11-11 16:11:03 -06:00
Author
Owner
Copy Link

@nboehlke commented on GitHub (May 7, 2025):

Intended behaviour.

@tjbck
Could you explain the reasoning behind this intended behavior?
I'm not entirely sure I see the benefit here. Also, ignoring compliance for now, I'm concerned that without the right tools, we might end up needing a lot more data storage if there is no auto-delete or a reliable cleanup-function (f.e. via tagging items that can be removed).

@nboehlke commented on GitHub (May 7, 2025): > Intended behaviour. @tjbck Could you explain the reasoning behind this intended behavior? I'm not entirely sure I see the benefit here. Also, ignoring compliance for now, I'm concerned that without the right tools, we might end up needing a lot more data storage if there is no auto-delete or a reliable cleanup-function (f.e. via tagging items that can be removed).
GiteaMirror commented 2025-11-11 16:11:03 -06:00
Author
Owner
Copy Link

@nboehlke commented on GitHub (Jun 16, 2025):

@Ithanil
The issue has been resolved in the most recent versions, in case it wasn’t noticed

@nboehlke commented on GitHub (Jun 16, 2025): @Ithanil The issue has been resolved in the most recent versions, in case it wasn’t noticed
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#5056
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?