github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-07 19:38:46 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

issue: 0.6.10 Submits Entire Files as Web Search Queries #5223

New Issue
Closed
opened 2025-11-11 16:15:00 -06:00 by GiteaMirror · 1 comment
GiteaMirror commented 2025-11-11 16:15:00 -06:00
Owner
Copy Link

Originally created by @sempervictus on GitHub (May 19, 2025).

Check Existing Issues

  • I have searched the existing issues and discussions.
  • I am using the latest version of Open WebUI.

Installation Method

Git Clone

Open WebUI Version

0.6.10

Ollama Version (if applicable)

No response

Operating System

22.04

Browser (if applicable)

No response

Confirmation

  • I have read and followed all instructions in README.md.
  • I am using the latest version of both Open WebUI and Ollama.
  • I have included the browser console logs.
  • I have included the Docker container logs.
  • I have listed steps to reproduce the bug in detail.

Expected Behavior

Web search does not leak information - forms logical queries vs shoving globs of user content into search engines.

Actual Behavior

Working on a docker-compose setup w/ llama4 using o4-mini-reasoning as my task model, i just caught open-webui throwing a chunk of the YAML being set up for prometheus scrapers as a diff for some reason into searxng flooding the buffer capacity and failing the search while prepending some rather nonensical phrasing.

The data leakage concern here is non-trivial - it might be a good idea to bound the logic behind how web searches are performed and with what content to avoid spraying user data upstream (like default passwords in compose fall-through variables)...

Steps to Reproduce

Use web search while asking the prompt to rewrite its work product over the last few iterations concisely

Logs & Screenshots

[WARNING] unable to add QUERY_STRING=q=%23%23%23+Updated+Prometheus+Configuration%0ATo+collect+metrics+from+all+of+the+scraping+points+in+the+original+services%2C+you+can+update+the+Prometheus+configuration+to+include+the+following+scrape+configurations%3A%0A%0A%23%23%23+prometheus.yml%0A%0A%60%60%60yml%0Aglobal%3A%0A++scrape_interval%3A+10s%0A%0Ascrape_configs%3A%0A++-+job_name%3A+%27docker%27%0A++++static_configs%3A%0A++++++
... 
&language=en-US&time_range=&categories=&theme=simple&image_proxy=0 to uwsgi packet, consider increasing buffer size

Additional Information

Searxng set up per the openwebui docs, worked a few minutes ago on the last version just fine.

Originally created by @sempervictus on GitHub (May 19, 2025). ### Check Existing Issues - [x] I have searched the existing issues and discussions. - [x] I am using the latest version of Open WebUI. ### Installation Method Git Clone ### Open WebUI Version 0.6.10 ### Ollama Version (if applicable) _No response_ ### Operating System 22.04 ### Browser (if applicable) _No response_ ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have listed steps to reproduce the bug in detail. ### Expected Behavior Web search does not leak information - forms logical queries vs shoving globs of user content into search engines. ### Actual Behavior Working on a docker-compose setup w/ llama4 using o4-mini-reasoning as my task model, i just caught open-webui throwing a chunk of the YAML being set up for prometheus scrapers as a _diff_ for some reason into searxng flooding the buffer capacity and failing the search while prepending some rather nonensical phrasing. The data leakage concern here is non-trivial - it might be a good idea to bound the logic behind how web searches are performed and with what content to avoid spraying user data upstream (like default passwords in compose fall-through variables)... ### Steps to Reproduce Use web search while asking the prompt to rewrite its work product over the last few iterations concisely ### Logs & Screenshots ``` [WARNING] unable to add QUERY_STRING=q=%23%23%23+Updated+Prometheus+Configuration%0ATo+collect+metrics+from+all+of+the+scraping+points+in+the+original+services%2C+you+can+update+the+Prometheus+configuration+to+include+the+following+scrape+configurations%3A%0A%0A%23%23%23+prometheus.yml%0A%0A%60%60%60yml%0Aglobal%3A%0A++scrape_interval%3A+10s%0A%0Ascrape_configs%3A%0A++-+job_name%3A+%27docker%27%0A++++static_configs%3A%0A++++++ ... &language=en-US&time_range=&categories=&theme=simple&image_proxy=0 to uwsgi packet, consider increasing buffer size ``` ### Additional Information Searxng set up per the openwebui docs, worked a few minutes ago on the last version just fine.
GiteaMirror added the bug label 2025-11-11 16:15:00 -06:00
GiteaMirror commented 2025-11-11 16:15:01 -06:00
Author
Owner
Copy Link

@tjbck commented on GitHub (May 19, 2025):

Exact steps to reproduce?

@tjbck commented on GitHub (May 19, 2025): Exact steps to reproduce?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#5223
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?