alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions 4 Activity

Update ghcr.io/open-webui/open-webui Docker tag to v0.6.35 #1979

Merged
renovate-bot merged 1 commits from renovate/ghcr.io-open-webui-open-webui-0.x into main 2025-11-06 19:02:14 +00:00
Conversation 0 Commits 1 Files Changed 1 +1 -1
renovate-bot commented 2025-11-06 19:02:00 +00:00
Collaborator
Copy Link

This PR contains the following updates:

Package Update Change
ghcr.io/open-webui/open-webui patch 0.6.34 -> 0.6.35

Release Notes

open-webui/open-webui (ghcr.io/open-webui/open-webui)

v0.6.35

Compare Source

Added
  • 🖼️ Image generation system received a comprehensive overhaul with major new capabilities including full image editing support allowing users to modify existing images using text prompts with OpenAI, Gemini, or ComfyUI engines, adding Gemini 2.5 Flash Image (Nano Banana) support, Qwen Image Edit integration, resolution of base64-encoded image display issues, streamlined AUTOMATIC1111 configuration by consolidating parameters into a flexible JSON parameters field, and enhanced UI with a code editor modal for ComfyUI workflow management. #​17434, #​16976, Commit, Commit, Commit, Commit
  • 🔒 CORS origin validation was added to WebSocket connections as a defense-in-depth security measure against cross-site WebSocket hijacking attacks. #​18411, #​18410
  • 🔄 Automatic page refresh now occurs when a version update is detected via WebSocket connection, ensuring users always run the latest version without cache issues. Commit
  • 🐍 Experimental initial preparations for Python 3.13 compatibility by updating dependencies with security enhancements and cryptographic improvements. #​18430, #​18424
  • Image compression now preserves the original image format instead of converting to PNG, significantly reducing file sizes and improving chat loading performance. #​18506
  • 🎤 Mistral Voxtral model support was added for text-to-speech, including voxtral-small and voxtral-mini models with both transcription and chat completion API support. #​18934
  • 🔊 Text-to-speech now uses a global audio queue system to prevent overlapping playback, ensuring only one TTS instance plays at a time with proper stop/start controls and automatic cleanup when switching between messages. #​16152, #​18744, #​16150
  • 🔊 ELEVENLABS_API_BASE_URL environment variable now allows configuration of custom ElevenLabs API endpoints, enabling support for EU residency API requirements. #​18402
  • 🔐 OAUTH_ROLES_SEPARATOR environment variable now allows custom role separators for OAuth roles that contain commas, useful for roles specified in LDAP syntax. #​18572
  • 📄 External document loaders can now optionally forward user information headers when ENABLE_FORWARD_USER_INFO_HEADERS is enabled, enabling cost tracking, audit logs, and usage analytics for external services. #​18731
  • 📄 MISTRAL_OCR_API_BASE_URL environment variable now allows configuration of custom Mistral OCR API endpoints for flexible deployment options. Commit
  • ⌨️ Keyboard shortcut hints are now displayed on sidebar buttons with a refactored shortcuts modal that accurately reflects all available hotkeys across different keyboard layouts. #​18473
  • 🛠️ Tooltips now display tool descriptions when hovering over tool names on the model edit page, improving usability and providing immediate context. #​18707
  • 📝 "Create a new note" from the search modal now immediately creates a new private note and opens it in the editor instead of navigating to the generic notes page. #​18255
  • 🖨️ Code block output now preserves whitespace formatting with monospace font to accurately reflect terminal behavior. #​18352
  • ✏️ Edit button is now available in the three-dot menu of models in the workspace section for quick access to model editing, with the menu reorganized for better user experience and Edit, Clone, Copy Link, and Share options logically grouped. #​18574
  • 📌 Sidebar models section is now collapsible, allowing users to expand and collapse the pinned models list for better sidebar organization. Commit
  • 🌙 Dark mode styles for select elements were added using Tailwind CSS classes, improving consistency across the interface. #​18636
  • 🔄 Various improvements were implemented across the frontend and backend to enhance performance, stability, and security.
  • 🌐 Translations for Portuguese (Brazil), Greek, German, Traditional Chinese, Simplified Chinese, Spanish, Georgian, Danish, and Estonian were enhanced and expanded.
Fixed
  • 🔒 Server-Sent Event (SSE) code injection vulnerability in Direct Connections is resolved by blocking event emission from untrusted external model servers; event emitters from direct connected model servers are no longer supported, preventing arbitrary JavaScript execution in user browsers. Commit
  • 🛡️ DOM XSS vulnerability in "Insert Prompt as Rich Text" is resolved by sanitizing HTML content with DOMPurify before rendering. Commit
  • ⚙️ MCP server cancellation scope corruption is prevented by reversing disconnection order to follow LIFO and properly handling exceptions, resolving 100% CPU usage when resuming chats with expired tokens or using multiple streamable MCP servers. #​18537
  • 🔧 UI freeze when querying models with knowledge bases containing inconsistent distance metrics is resolved by properly initializing the distances array in citations. #​18585
  • 🤖 Duplicate model IDs from multiple OpenAI endpoints are now automatically deduplicated server-side, preventing frontend crashes for users with unified gateway proxies that aggregate multiple providers. Commit
  • 🔐 Login failures with passwords longer than 72 bytes are resolved by safely truncating oversized passwords for bcrypt compatibility. #​18157
  • 🔐 OAuth 2.1 MCP tool connections now automatically re-register clients when stored client IDs become stale, preventing unauthorized_client errors after editing tool endpoints and providing detailed error messages for callback failures. #​18415, #​18309
  • 🔓 OAuth 2.1 discovery, metadata fetching, and dynamic client registration now correctly use HTTP proxy environment variables when trust_env is enabled. Commit
  • 🔌 MCP server connection failures now display clear error messages in the chat interface instead of silently failing. #​18892, #​18889
  • 💬 Chat titles are now properly generated even when title auto-generation is disabled in interface settings, fixing an issue where chats would remain labeled as "New chat". #​18761, #​18717, #​6478
  • 🔍 Chat query errors are prevented by properly validating and handling the "order_by" parameter to ensure requested columns exist. #​18400, #​18452
  • 🔧 Root-level max_tokens parameter is no longer dropped when proxying to Ollama, properly converting to num_predict to limit output token length as intended. #​18618
  • 🔑 Self-hosted Marker instances can now be used without requiring an API key, while keeping it optional for datalab Marker service users. #​18617
  • 🔧 OpenAPI specification endpoint conflict between "/api/v1/models" and "/api/v1/models/" is resolved by changing the models router endpoint to "/list", preventing duplicate operationId errors when generating TypeScript API clients. #​18758
  • 🏷️ Model tags are now de-duplicated case-insensitively in both the model selector and workspace models page, preventing duplicate entries with different capitalization from appearing in filter dropdowns. #​18716, #​18711
  • 📄 Docling RAG parameter configuration is now correctly saved in the admin UI by fixing the typo in the "DOCLING_PARAMS" parameter name. #​18390
  • 📃 Tika document processing now automatically detects content types instead of relying on potentially incorrect browser-provided mime-types, improving file handling accuracy for formats like RTF. #​18765, #​18683
  • 🖼️ Image and video uploads to knowledge bases now display proper error messages instead of showing an infinite spinner when the content extraction engine does not support these file types. #​18514
  • 📝 Notes PDF export now properly detects and applies dark mode styling consistently across both the notes list and individual note pages, with a shared utility function to eliminate code duplication. #​18526
  • 💭 Details tags for reasoning content are now correctly identified and rendered even when the same tag is present in user messages. #​18840, #​18294
  • 📊 Mermaid and Vega rendering errors now display inline with the code instead of showing repetitive toast notifications, improving user experience when models generate invalid diagram syntax. Commit
  • 📈 Mermaid diagram rendering errors no longer cause UI unavailability or display error messages below the input box. #​18493, #​18340
  • 🔗 Web search SSL verification is now asynchronous, preventing the website from hanging during web search operations. #​18714, #​18699
  • 🌍 Web search results now correctly use HTTP proxy environment variables when WEB_SEARCH_TRUST_ENV is enabled. #​18667, #​7008
  • 🔍 Google Programmable Search Engine now properly includes referer headers, enabling API keys with HTTP referrer restrictions configured in Google Cloud Console. #​18871, #​18870
  • YouTube video transcript fetching now works correctly when using a proxy connection. #​18419
  • 🎙️ Speech-to-text transcription no longer deletes or replaces existing text in the prompt input field, properly preserving any previously entered content. #​18540
  • 🎙️ The "Instant Auto-Send After Voice Transcription" setting now functions correctly and automatically sends transcribed text when enabled. #​18466
  • ⚙️ Chat settings now load properly when reopening a tab or starting a new session by initializing defaults when sessionStorage is empty. #​18438
  • 🔎 Folder tag search in the sidebar now correctly handles folder names with multiple spaces by replacing all spaces with underscores. Commit
  • 🛠️ Functions page now updates immediately after deleting a function, removing the need for a manual page reload. #​18912, #​18908
  • 🛠️ Native tool calling now properly supports sequential tool calls with shared context, allowing tools to access images and data from previous tool executions in the same conversation. #​18664
  • 🎯 Globally enabled actions in the model editor now correctly apply as global instead of being treated as disabled. #​18577
  • 📋 Clipboard images pasted via the "{{CLIPBOARD}}" prompt variable are now correctly converted to base64 format before being sent to the backend, resolving base64 encoding errors. #​18432, #​18425
  • 📋 File list is now cleared when switching to models that do not support file uploads, preventing files from being sent to incompatible models. #​18496
  • 📂 Move menu no longer displays when folders are empty. #​18484
  • 📁 Folder and channel creation now validates that names are not empty, preventing creation of folders or channels with no name and showing an error toast if attempted. #​18564
  • 🖊️ Rich text input no longer removes text between equals signs when pasting code with comparison operators. #​18551
  • ⌨️ Keyboard shortcuts now display the correct keys for international and non-QWERTY keyboard layouts by detecting the user's layout using the Keyboard API. #​18533
  • 🌐 "Attach Webpage" button now displays with correct disabled styling when a model does not support file uploads. #​18483
  • 🎚️ Divider no longer displays in the integrations menu when no integrations are enabled. #​18487
  • 📱 Chat controls button is now properly hidden on mobile for users without admin or explicit chat control permissions. #​18641
  • 📍 User menu, download submenu, and move submenu are now repositioned to prevent overlap with the Chat Controls sidebar when it is open. Commit
  • 🎯 Artifacts button no longer appears in the chat menu when there are no artifacts to display. Commit
  • 🎨 Artifacts view now automatically displays when opening an existing conversation containing artifacts, improving user experience. #​18215
  • 🖌️ Formatting toolbar is no longer hidden under images or code blocks in chat and now displays correctly above all message content.
  • 🎨 Layout shift near system instructions is prevented by properly rendering the chat component when system prompts are empty. #​18594
  • 📐 Modal layout shift caused by scrollbar appearance is prevented by adding a stable scrollbar gutter. #​18591
  • Spacing between icon and label in the user menu dropdown items is now consistent. #​18595
  • 💬 Duplicate prompt suggestions no longer cause the webpage to freeze or throw JavaScript errors by implementing proper key management with composite keys. #​18841, #​18566
  • 🔍 Chat preview loading in the search modal now works correctly for all search results by fixing an index boundary check that previously caused out-of-bounds errors. #​18911
  • Screen reader support was enhanced by wrapping messages in semantic elements with descriptive aria-labels, adding "Assistant is typing" and "Response complete" announcements for improved accessibility. #​18735
  • 🔒 Incorrect await call in the OAuth 2.1 flow is removed, eliminating a logged exception during authentication. #​18236
  • 🛡️ Duplicate crossorigin attribute in the manifest file was removed. #​18413
Changed
  • 🔄 Firecrawl integration was refactored to use the official Firecrawl SDK instead of direct HTTP requests and langchain_community FireCrawlLoader, improving reliability and performance with batch scraping support and enhanced error handling. #​18635
  • 📄 MinerU content extraction engine now only supports PDF files following the upstream removal of LibreOffice document conversion in version 2.0.0; users needing to process office documents should convert them to PDF format first. #​18448

v0.6.35

Compare Source

[0.6.35] - 2025-11-06

Added
  • 🖼️ Image generation system received a comprehensive overhaul with major new capabilities including full image editing support allowing users to modify existing images using text prompts with OpenAI, Gemini, or ComfyUI engines, adding Gemini 2.5 Flash Image (Nano Banana) support, Qwen Image Edit integration, resolution of base64-encoded image display issues, streamlined AUTOMATIC1111 configuration by consolidating parameters into a flexible JSON parameters field, and enhanced UI with a code editor modal for ComfyUI workflow management. #​17434, #​16976, Commit, Commit, Commit, Commit
  • 🔒 CORS origin validation was added to WebSocket connections as a defense-in-depth security measure against cross-site WebSocket hijacking attacks. #​18411, #​18410
  • 🔄 Automatic page refresh now occurs when a version update is detected via WebSocket connection, ensuring users always run the latest version without cache issues. Commit
  • 🐍 Experimental initial preparations for Python 3.13 compatibility by updating dependencies with security enhancements and cryptographic improvements. #​18430, #​18424
  • Image compression now preserves the original image format instead of converting to PNG, significantly reducing file sizes and improving chat loading performance. #​18506
  • 🎤 Mistral Voxtral model support was added for text-to-speech, including voxtral-small and voxtral-mini models with both transcription and chat completion API support. #​18934
  • 🔊 Text-to-speech now uses a global audio queue system to prevent overlapping playback, ensuring only one TTS instance plays at a time with proper stop/start controls and automatic cleanup when switching between messages. #​16152, #​18744, #​16150
  • 🔊 ELEVENLABS_API_BASE_URL environment variable now allows configuration of custom ElevenLabs API endpoints, enabling support for EU residency API requirements. #​18402
  • 🔐 OAUTH_ROLES_SEPARATOR environment variable now allows custom role separators for OAuth roles that contain commas, useful for roles specified in LDAP syntax. #​18572
  • 📄 External document loaders can now optionally forward user information headers when ENABLE_FORWARD_USER_INFO_HEADERS is enabled, enabling cost tracking, audit logs, and usage analytics for external services. #​18731
  • 📄 MISTRAL_OCR_API_BASE_URL environment variable now allows configuration of custom Mistral OCR API endpoints for flexible deployment options. Commit
  • ⌨️ Keyboard shortcut hints are now displayed on sidebar buttons with a refactored shortcuts modal that accurately reflects all available hotkeys across different keyboard layouts. #​18473
  • 🛠️ Tooltips now display tool descriptions when hovering over tool names on the model edit page, improving usability and providing immediate context. #​18707
  • 📝 "Create a new note" from the search modal now immediately creates a new private note and opens it in the editor instead of navigating to the generic notes page. #​18255
  • 🖨️ Code block output now preserves whitespace formatting with monospace font to accurately reflect terminal behavior. #​18352
  • ✏️ Edit button is now available in the three-dot menu of models in the workspace section for quick access to model editing, with the menu reorganized for better user experience and Edit, Clone, Copy Link, and Share options logically grouped. #​18574
  • 📌 Sidebar models section is now collapsible, allowing users to expand and collapse the pinned models list for better sidebar organization. Commit
  • 🌙 Dark mode styles for select elements were added using Tailwind CSS classes, improving consistency across the interface. #​18636
  • 🔄 Various improvements were implemented across the frontend and backend to enhance performance, stability, and security.
  • 🌐 Translations for Portuguese (Brazil), Greek, German, Traditional Chinese, Simplified Chinese, Spanish, Georgian, Danish, and Estonian were enhanced and expanded.
Fixed
  • 🔒 Server-Sent Event (SSE) code injection vulnerability in Direct Connections is resolved by blocking event emission from untrusted external model servers; event emitters from direct connected model servers are no longer supported, preventing arbitrary JavaScript execution in user browsers. Commit
  • 🛡️ DOM XSS vulnerability in "Insert Prompt as Rich Text" is resolved by sanitizing HTML content with DOMPurify before rendering. Commit
  • ⚙️ MCP server cancellation scope corruption is prevented by reversing disconnection order to follow LIFO and properly handling exceptions, resolving 100% CPU usage when resuming chats with expired tokens or using multiple streamable MCP servers. #​18537
  • 🔧 UI freeze when querying models with knowledge bases containing inconsistent distance metrics is resolved by properly initializing the distances array in citations. #​18585
  • 🤖 Duplicate model IDs from multiple OpenAI endpoints are now automatically deduplicated server-side, preventing frontend crashes for users with unified gateway proxies that aggregate multiple providers. Commit
  • 🔐 Login failures with passwords longer than 72 bytes are resolved by safely truncating oversized passwords for bcrypt compatibility. #​18157
  • 🔐 OAuth 2.1 MCP tool connections now automatically re-register clients when stored client IDs become stale, preventing unauthorized_client errors after editing tool endpoints and providing detailed error messages for callback failures. #​18415, #​18309
  • 🔓 OAuth 2.1 discovery, metadata fetching, and dynamic client registration now correctly use HTTP proxy environment variables when trust_env is enabled. Commit
  • 🔌 MCP server connection failures now display clear error messages in the chat interface instead of silently failing. #​18892, #​18889
  • 💬 Chat titles are now properly generated even when title auto-generation is disabled in interface settings, fixing an issue where chats would remain labeled as "New chat". #​18761, #​18717, #​6478
  • 🔍 Chat query errors are prevented by properly validating and handling the "order_by" parameter to ensure requested columns exist. #​18400, #​18452
  • 🔧 Root-level max_tokens parameter is no longer dropped when proxying to Ollama, properly converting to num_predict to limit output token length as intended. #​18618
  • 🔑 Self-hosted Marker instances can now be used without requiring an API key, while keeping it optional for datalab Marker service users. #​18617
  • 🔧 OpenAPI specification endpoint conflict between "/api/v1/models" and "/api/v1/models/" is resolved by changing the models router endpoint to "/list", preventing duplicate operationId errors when generating TypeScript API clients. #​18758
  • 🏷️ Model tags are now de-duplicated case-insensitively in both the model selector and workspace models page, preventing duplicate entries with different capitalization from appearing in filter dropdowns. #​18716, #​18711
  • 📄 Docling RAG parameter configuration is now correctly saved in the admin UI by fixing the typo in the "DOCLING_PARAMS" parameter name. #​18390
  • 📃 Tika document processing now automatically detects content types instead of relying on potentially incorrect browser-provided mime-types, improving file handling accuracy for formats like RTF. #​18765, #​18683
  • 🖼️ Image and video uploads to knowledge bases now display proper error messages instead of showing an infinite spinner when the content extraction engine does not support these file types. #​18514
  • 📝 Notes PDF export now properly detects and applies dark mode styling consistently across both the notes list and individual note pages, with a shared utility function to eliminate code duplication. #​18526
  • 💭 Details tags for reasoning content are now correctly identified and rendered even when the same tag is present in user messages. #​18840, #​18294
  • 📊 Mermaid and Vega rendering errors now display inline with the code instead of showing repetitive toast notifications, improving user experience when models generate invalid diagram syntax. Commit
  • 📈 Mermaid diagram rendering errors no longer cause UI unavailability or display error messages below the input box. #​18493, #​18340
  • 🔗 Web search SSL verification is now asynchronous, preventing the website from hanging during web search operations. #​18714, #​18699
  • 🌍 Web search results now correctly use HTTP proxy environment variables when WEB_SEARCH_TRUST_ENV is enabled. #​18667, #​7008
  • 🔍 Google Programmable Search Engine now properly includes referer headers, enabling API keys with HTTP referrer restrictions configured in Google Cloud Console. #​18871, #​18870
  • YouTube video transcript fetching now works correctly when using a proxy connection. #​18419
  • 🎙️ Speech-to-text transcription no longer deletes or replaces existing text in the prompt input field, properly preserving any previously entered content. #​18540
  • 🎙️ The "Instant Auto-Send After Voice Transcription" setting now functions correctly and automatically sends transcribed text when enabled. #​18466
  • ⚙️ Chat settings now load properly when reopening a tab or starting a new session by initializing defaults when sessionStorage is empty. #​18438
  • 🔎 Folder tag search in the sidebar now correctly handles folder names with multiple spaces by replacing all spaces with underscores. Commit
  • 🛠️ Functions page now updates immediately after deleting a function, removing the need for a manual page reload. #​18912, #​18908
  • 🛠️ Native tool calling now properly supports sequential tool calls with shared context, allowing tools to access images and data from previous tool executions in the same conversation. #​18664
  • 🎯 Globally enabled actions in the model editor now correctly apply as global instead of being treated as disabled. #​18577
  • 📋 Clipboard images pasted via the "{{CLIPBOARD}}" prompt variable are now correctly converted to base64 format before being sent to the backend, resolving base64 encoding errors. #​18432, #​18425
  • 📋 File list is now cleared when switching to models that do not support file uploads, preventing files from being sent to incompatible models. #​18496
  • 📂 Move menu no longer displays when folders are empty. #​18484
  • 📁 Folder and channel creation now validates that names are not empty, preventing creation of folders or channels with no name and showing an error toast if attempted. #​18564
  • 🖊️ Rich text input no longer removes text between equals signs when pasting code with comparison operators. #​18551
  • ⌨️ Keyboard shortcuts now display the correct keys for international and non-QWERTY keyboard layouts by detecting the user's layout using the Keyboard API. #​18533
  • 🌐 "Attach Webpage" button now displays with correct disabled styling when a model does not support file uploads. #​18483
  • 🎚️ Divider no longer displays in the integrations menu when no integrations are enabled. #​18487
  • 📱 Chat controls button is now properly hidden on mobile for users without admin or explicit chat control permissions. #​18641
  • 📍 User menu, download submenu, and move submenu are now repositioned to prevent overlap with the Chat Controls sidebar when it is open. Commit
  • 🎯 Artifacts button no longer appears in the chat menu when there are no artifacts to display. Commit
  • 🎨 Artifacts view now automatically displays when opening an existing conversation containing artifacts, improving user experience. #​18215
  • 🖌️ Formatting toolbar is no longer hidden under images or code blocks in chat and now displays correctly above all message content.
  • 🎨 Layout shift near system instructions is prevented by properly rendering the chat component when system prompts are empty. #​18594
  • 📐 Modal layout shift caused by scrollbar appearance is prevented by adding a stable scrollbar gutter. #​18591
  • Spacing between icon and label in the user menu dropdown items is now consistent. #​18595
  • 💬 Duplicate prompt suggestions no longer cause the webpage to freeze or throw JavaScript errors by implementing proper key management with composite keys. #​18841, #​18566
  • 🔍 Chat preview loading in the search modal now works correctly for all search results by fixing an index boundary check that previously caused out-of-bounds errors. #​18911
  • Screen reader support was enhanced by wrapping messages in semantic elements with descriptive aria-labels, adding "Assistant is typing" and "Response complete" announcements for improved accessibility. #​18735
  • 🔒 Incorrect await call in the OAuth 2.1 flow is removed, eliminating a logged exception during authentication. #​18236
  • 🛡️ Duplicate crossorigin attribute in the manifest file was removed. #​18413
Changed
  • 🔄 Firecrawl integration was refactored to use the official Firecrawl SDK instead of direct HTTP requests and langchain_community FireCrawlLoader, improving reliability and performance with batch scraping support and enhanced error handling. #​18635
  • 📄 MinerU content extraction engine now only supports PDF files following the upstream removal of LibreOffice document conversion in version 2.0.0; users needing to process office documents should convert them to PDF format first. #​18448

[!TIP]
Looking for an Enterprise Plan?Speak with Our Sales Team Today!

Get enhanced capabilities, including custom theming and branding, Service Level Agreement (SLA) support, and more!

👏 Massive thanks to our incredible contributors for their hard work and dedication to making this release possible:
@​joaoback, @​kaiwinut, @​taylorwilsdon, @​Classic298, @​duncansmart, @​silentoplayz, @​sinejespersen, @​acomarcho, @​Davixk, @​Ithanil, @​zhsh-12, @​athoik, @​acomarcho, @​wangweixuan, @​ShirasawaSama, @​acwoo97, @​IllimarR, @​rgaricano, @​OAburub, @​iPagar, @​mkhludnev, @​jmleksan, @​attilaolah, @​htulipe, @​ricdikulous, @​andrewbbaek, @​Tsafaras, @​Classic298, @​ivanostanin, @​wei840222

Sponsors 🙌

🚀 We'd like to extend a heartfelt thank you to our amazing sponsors for their generous support (Note: We've excluded private sponsors from this list. If you'd like to get featured here, feel free to reach out to us!)

@​amd, @​roosi-gmbh, @​rndmcnlly, @​feddersen-group, @​SRKConsulting, @​mushmax, @​icanbwell, @​agency-agency, @​Classic298, @​loitragg, @​haka4githu6, @​GenieDev101, @​CubicleGangster, @​TOWaB, @​comet-ml, @​FominVO, @​catalyst-net-nz, @​JrdnHans, @​hkosm, @​VeroFess, @​joaoback

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/open-webui/open-webui](https://github.com/open-webui/open-webui) | patch | `0.6.34` -> `0.6.35` | --- ### Release Notes <details> <summary>open-webui/open-webui (ghcr.io/open-webui/open-webui)</summary> ### [`v0.6.35`](https://github.com/open-webui/open-webui/blob/HEAD/CHANGELOG.md#0635---2025-11-06) [Compare Source](https://github.com/open-webui/open-webui/compare/v0.6.35...v0.6.35) ##### Added - 🖼️ Image generation system received a comprehensive overhaul with major new capabilities including full image editing support allowing users to modify existing images using text prompts with OpenAI, Gemini, or ComfyUI engines, adding Gemini 2.5 Flash Image (Nano Banana) support, Qwen Image Edit integration, resolution of base64-encoded image display issues, streamlined AUTOMATIC1111 configuration by consolidating parameters into a flexible JSON parameters field, and enhanced UI with a code editor modal for ComfyUI workflow management. [#&#8203;17434](https://github.com/open-webui/open-webui/pull/17434), [#&#8203;16976](https://github.com/open-webui/open-webui/issues/16976), [Commit](https://github.com/open-webui/open-webui/commit/8e5690aab4f632a57027e2acf880b8f89a8717c0), [Commit](https://github.com/open-webui/open-webui/commit/72f8539fd2e679fec0762945f22f4b8a6920afa0), [Commit](https://github.com/open-webui/open-webui/commit/8d34fcb586eeee1fac6da2f991518b8a68b00b72), [Commit](https://github.com/open-webui/open-webui/commit/72900cd686de1fa6be84b5a8a2fc857cff7b91b8) - 🔒 CORS origin validation was added to WebSocket connections as a defense-in-depth security measure against cross-site WebSocket hijacking attacks. [#&#8203;18411](https://github.com/open-webui/open-webui/pull/18411), [#&#8203;18410](https://github.com/open-webui/open-webui/issues/18410) - 🔄 Automatic page refresh now occurs when a version update is detected via WebSocket connection, ensuring users always run the latest version without cache issues. [Commit](https://github.com/open-webui/open-webui/commit/989f192c92d2fe55daa31336e7971e21798b96ae) - 🐍 Experimental initial preparations for Python 3.13 compatibility by updating dependencies with security enhancements and cryptographic improvements. [#&#8203;18430](https://github.com/open-webui/open-webui/pull/18430), [#&#8203;18424](https://github.com/open-webui/open-webui/pull/18424) - ⚡ Image compression now preserves the original image format instead of converting to PNG, significantly reducing file sizes and improving chat loading performance. [#&#8203;18506](https://github.com/open-webui/open-webui/pull/18506) - 🎤 Mistral Voxtral model support was added for text-to-speech, including voxtral-small and voxtral-mini models with both transcription and chat completion API support. [#&#8203;18934](https://github.com/open-webui/open-webui/pull/18934) - 🔊 Text-to-speech now uses a global audio queue system to prevent overlapping playback, ensuring only one TTS instance plays at a time with proper stop/start controls and automatic cleanup when switching between messages. [#&#8203;16152](https://github.com/open-webui/open-webui/pull/16152), [#&#8203;18744](https://github.com/open-webui/open-webui/pull/18744), [#&#8203;16150](https://github.com/open-webui/open-webui/issues/16150) - 🔊 ELEVENLABS\_API\_BASE\_URL environment variable now allows configuration of custom ElevenLabs API endpoints, enabling support for EU residency API requirements. [#&#8203;18402](https://github.com/open-webui/open-webui/issues/18402) - 🔐 OAUTH\_ROLES\_SEPARATOR environment variable now allows custom role separators for OAuth roles that contain commas, useful for roles specified in LDAP syntax. [#&#8203;18572](https://github.com/open-webui/open-webui/pull/18572) - 📄 External document loaders can now optionally forward user information headers when ENABLE\_FORWARD\_USER\_INFO\_HEADERS is enabled, enabling cost tracking, audit logs, and usage analytics for external services. [#&#8203;18731](https://github.com/open-webui/open-webui/pull/18731) - 📄 MISTRAL\_OCR\_API\_BASE\_URL environment variable now allows configuration of custom Mistral OCR API endpoints for flexible deployment options. [Commit](https://github.com/open-webui/open-webui/commit/415b93c7c35c2e2db4425e6da1b88b3750f496b0) - ⌨️ Keyboard shortcut hints are now displayed on sidebar buttons with a refactored shortcuts modal that accurately reflects all available hotkeys across different keyboard layouts. [#&#8203;18473](https://github.com/open-webui/open-webui/pull/18473) - 🛠️ Tooltips now display tool descriptions when hovering over tool names on the model edit page, improving usability and providing immediate context. [#&#8203;18707](https://github.com/open-webui/open-webui/pull/18707) - 📝 "Create a new note" from the search modal now immediately creates a new private note and opens it in the editor instead of navigating to the generic notes page. [#&#8203;18255](https://github.com/open-webui/open-webui/pull/18255) - 🖨️ Code block output now preserves whitespace formatting with monospace font to accurately reflect terminal behavior. [#&#8203;18352](https://github.com/open-webui/open-webui/pull/18352) - ✏️ Edit button is now available in the three-dot menu of models in the workspace section for quick access to model editing, with the menu reorganized for better user experience and Edit, Clone, Copy Link, and Share options logically grouped. [#&#8203;18574](https://github.com/open-webui/open-webui/pull/18574) - 📌 Sidebar models section is now collapsible, allowing users to expand and collapse the pinned models list for better sidebar organization. [Commit](https://github.com/open-webui/open-webui/commit/82c08a3b5d189f81c96b6548cc872198771015b0) - 🌙 Dark mode styles for select elements were added using Tailwind CSS classes, improving consistency across the interface. [#&#8203;18636](https://github.com/open-webui/open-webui/pull/18636) - 🔄 Various improvements were implemented across the frontend and backend to enhance performance, stability, and security. - 🌐 Translations for Portuguese (Brazil), Greek, German, Traditional Chinese, Simplified Chinese, Spanish, Georgian, Danish, and Estonian were enhanced and expanded. ##### Fixed - 🔒 Server-Sent Event (SSE) code injection vulnerability in Direct Connections is resolved by blocking event emission from untrusted external model servers; event emitters from direct connected model servers are no longer supported, preventing arbitrary JavaScript execution in user browsers. [Commit](https://github.com/open-webui/open-webui/commit/8af6a4cf21b756a66cd58378a01c60f74c39b7ca) - 🛡️ DOM XSS vulnerability in "Insert Prompt as Rich Text" is resolved by sanitizing HTML content with DOMPurify before rendering. [Commit](https://github.com/open-webui/open-webui/commit/eb9c4c0e358c274aea35f21c2856c0a20051e5f1) - ⚙️ MCP server cancellation scope corruption is prevented by reversing disconnection order to follow LIFO and properly handling exceptions, resolving 100% CPU usage when resuming chats with expired tokens or using multiple streamable MCP servers. [#&#8203;18537](https://github.com/open-webui/open-webui/pull/18537) - 🔧 UI freeze when querying models with knowledge bases containing inconsistent distance metrics is resolved by properly initializing the distances array in citations. [#&#8203;18585](https://github.com/open-webui/open-webui/pull/18585) - 🤖 Duplicate model IDs from multiple OpenAI endpoints are now automatically deduplicated server-side, preventing frontend crashes for users with unified gateway proxies that aggregate multiple providers. [Commit](https://github.com/open-webui/open-webui/commit/fdf7ca11d4f3cc8fe63e81c98dc0d1e48e52ba36) - 🔐 Login failures with passwords longer than 72 bytes are resolved by safely truncating oversized passwords for bcrypt compatibility. [#&#8203;18157](https://github.com/open-webui/open-webui/issues/18157) - 🔐 OAuth 2.1 MCP tool connections now automatically re-register clients when stored client IDs become stale, preventing unauthorized\_client errors after editing tool endpoints and providing detailed error messages for callback failures. [#&#8203;18415](https://github.com/open-webui/open-webui/pull/18415), [#&#8203;18309](https://github.com/open-webui/open-webui/issues/18309) - 🔓 OAuth 2.1 discovery, metadata fetching, and dynamic client registration now correctly use HTTP proxy environment variables when trust\_env is enabled. [Commit](https://github.com/open-webui/open-webui/commit/bafeb76c411483bd6b135f0edbcdce048120f264) - 🔌 MCP server connection failures now display clear error messages in the chat interface instead of silently failing. [#&#8203;18892](https://github.com/open-webui/open-webui/pull/18892), [#&#8203;18889](https://github.com/open-webui/open-webui/issues/18889) - 💬 Chat titles are now properly generated even when title auto-generation is disabled in interface settings, fixing an issue where chats would remain labeled as "New chat". [#&#8203;18761](https://github.com/open-webui/open-webui/pull/18761), [#&#8203;18717](https://github.com/open-webui/open-webui/issues/18717), [#&#8203;6478](https://github.com/open-webui/open-webui/issues/6478) - 🔍 Chat query errors are prevented by properly validating and handling the "order\_by" parameter to ensure requested columns exist. [#&#8203;18400](https://github.com/open-webui/open-webui/pull/18400), [#&#8203;18452](https://github.com/open-webui/open-webui/pull/18452) - 🔧 Root-level max\_tokens parameter is no longer dropped when proxying to Ollama, properly converting to num\_predict to limit output token length as intended. [#&#8203;18618](https://github.com/open-webui/open-webui/issues/18618) - 🔑 Self-hosted Marker instances can now be used without requiring an API key, while keeping it optional for datalab Marker service users. [#&#8203;18617](https://github.com/open-webui/open-webui/issues/18617) - 🔧 OpenAPI specification endpoint conflict between "/api/v1/models" and "/api/v1/models/" is resolved by changing the models router endpoint to "/list", preventing duplicate operationId errors when generating TypeScript API clients. [#&#8203;18758](https://github.com/open-webui/open-webui/issues/18758) - 🏷️ Model tags are now de-duplicated case-insensitively in both the model selector and workspace models page, preventing duplicate entries with different capitalization from appearing in filter dropdowns. [#&#8203;18716](https://github.com/open-webui/open-webui/pull/18716), [#&#8203;18711](https://github.com/open-webui/open-webui/issues/18711) - 📄 Docling RAG parameter configuration is now correctly saved in the admin UI by fixing the typo in the "DOCLING\_PARAMS" parameter name. [#&#8203;18390](https://github.com/open-webui/open-webui/pull/18390) - 📃 Tika document processing now automatically detects content types instead of relying on potentially incorrect browser-provided mime-types, improving file handling accuracy for formats like RTF. [#&#8203;18765](https://github.com/open-webui/open-webui/pull/18765), [#&#8203;18683](https://github.com/open-webui/open-webui/issues/18683) - 🖼️ Image and video uploads to knowledge bases now display proper error messages instead of showing an infinite spinner when the content extraction engine does not support these file types. [#&#8203;18514](https://github.com/open-webui/open-webui/issues/18514) - 📝 Notes PDF export now properly detects and applies dark mode styling consistently across both the notes list and individual note pages, with a shared utility function to eliminate code duplication. [#&#8203;18526](https://github.com/open-webui/open-webui/issues/18526) - 💭 Details tags for reasoning content are now correctly identified and rendered even when the same tag is present in user messages. [#&#8203;18840](https://github.com/open-webui/open-webui/pull/18840), [#&#8203;18294](https://github.com/open-webui/open-webui/issues/18294) - 📊 Mermaid and Vega rendering errors now display inline with the code instead of showing repetitive toast notifications, improving user experience when models generate invalid diagram syntax. [Commit](https://github.com/open-webui/open-webui/commit/fdc0f04a8b7dd0bc9f9dc0e7e30854f7a0eea3e9) - 📈 Mermaid diagram rendering errors no longer cause UI unavailability or display error messages below the input box. [#&#8203;18493](https://github.com/open-webui/open-webui/pull/18493), [#&#8203;18340](https://github.com/open-webui/open-webui/issues/18340) - 🔗 Web search SSL verification is now asynchronous, preventing the website from hanging during web search operations. [#&#8203;18714](https://github.com/open-webui/open-webui/pull/18714), [#&#8203;18699](https://github.com/open-webui/open-webui/issues/18699) - 🌍 Web search results now correctly use HTTP proxy environment variables when WEB\_SEARCH\_TRUST\_ENV is enabled. [#&#8203;18667](https://github.com/open-webui/open-webui/pull/18667), [#&#8203;7008](https://github.com/open-webui/open-webui/discussions/7008) - 🔍 Google Programmable Search Engine now properly includes referer headers, enabling API keys with HTTP referrer restrictions configured in Google Cloud Console. [#&#8203;18871](https://github.com/open-webui/open-webui/pull/18871), [#&#8203;18870](https://github.com/open-webui/open-webui/issues/18870) - ⚡ YouTube video transcript fetching now works correctly when using a proxy connection. [#&#8203;18419](https://github.com/open-webui/open-webui/pull/18419) - 🎙️ Speech-to-text transcription no longer deletes or replaces existing text in the prompt input field, properly preserving any previously entered content. [#&#8203;18540](https://github.com/open-webui/open-webui/issues/18540) - 🎙️ The "Instant Auto-Send After Voice Transcription" setting now functions correctly and automatically sends transcribed text when enabled. [#&#8203;18466](https://github.com/open-webui/open-webui/issues/18466) - ⚙️ Chat settings now load properly when reopening a tab or starting a new session by initializing defaults when sessionStorage is empty. [#&#8203;18438](https://github.com/open-webui/open-webui/pull/18438) - 🔎 Folder tag search in the sidebar now correctly handles folder names with multiple spaces by replacing all spaces with underscores. [Commit](https://github.com/open-webui/open-webui/commit/a8fe979af68e47e4e4bb3eb76e48d93d60cd2a45) - 🛠️ Functions page now updates immediately after deleting a function, removing the need for a manual page reload. [#&#8203;18912](https://github.com/open-webui/open-webui/pull/18912), [#&#8203;18908](https://github.com/open-webui/open-webui/issues/18908) - 🛠️ Native tool calling now properly supports sequential tool calls with shared context, allowing tools to access images and data from previous tool executions in the same conversation. [#&#8203;18664](https://github.com/open-webui/open-webui/pull/18664) - 🎯 Globally enabled actions in the model editor now correctly apply as global instead of being treated as disabled. [#&#8203;18577](https://github.com/open-webui/open-webui/pull/18577) - 📋 Clipboard images pasted via the "{{CLIPBOARD}}" prompt variable are now correctly converted to base64 format before being sent to the backend, resolving base64 encoding errors. [#&#8203;18432](https://github.com/open-webui/open-webui/pull/18432), [#&#8203;18425](https://github.com/open-webui/open-webui/issues/18425) - 📋 File list is now cleared when switching to models that do not support file uploads, preventing files from being sent to incompatible models. [#&#8203;18496](https://github.com/open-webui/open-webui/pull/18496) - 📂 Move menu no longer displays when folders are empty. [#&#8203;18484](https://github.com/open-webui/open-webui/pull/18484) - 📁 Folder and channel creation now validates that names are not empty, preventing creation of folders or channels with no name and showing an error toast if attempted. [#&#8203;18564](https://github.com/open-webui/open-webui/pull/18564) - 🖊️ Rich text input no longer removes text between equals signs when pasting code with comparison operators. [#&#8203;18551](https://github.com/open-webui/open-webui/issues/18551) - ⌨️ Keyboard shortcuts now display the correct keys for international and non-QWERTY keyboard layouts by detecting the user's layout using the Keyboard API. [#&#8203;18533](https://github.com/open-webui/open-webui/pull/18533) - 🌐 "Attach Webpage" button now displays with correct disabled styling when a model does not support file uploads. [#&#8203;18483](https://github.com/open-webui/open-webui/pull/18483) - 🎚️ Divider no longer displays in the integrations menu when no integrations are enabled. [#&#8203;18487](https://github.com/open-webui/open-webui/pull/18487) - 📱 Chat controls button is now properly hidden on mobile for users without admin or explicit chat control permissions. [#&#8203;18641](https://github.com/open-webui/open-webui/pull/18641) - 📍 User menu, download submenu, and move submenu are now repositioned to prevent overlap with the Chat Controls sidebar when it is open. [Commit](https://github.com/open-webui/open-webui/commit/414ab51cb6df1ab0d6c85ac6c1f2c5c9a5f8e2aa) - 🎯 Artifacts button no longer appears in the chat menu when there are no artifacts to display. [Commit](https://github.com/open-webui/open-webui/commit/ed6449d35f84f68dc75ee5c6b3f4748a3fda0096) - 🎨 Artifacts view now automatically displays when opening an existing conversation containing artifacts, improving user experience. [#&#8203;18215](https://github.com/open-webui/open-webui/pull/18215) - 🖌️ Formatting toolbar is no longer hidden under images or code blocks in chat and now displays correctly above all message content. - 🎨 Layout shift near system instructions is prevented by properly rendering the chat component when system prompts are empty. [#&#8203;18594](https://github.com/open-webui/open-webui/pull/18594) - 📐 Modal layout shift caused by scrollbar appearance is prevented by adding a stable scrollbar gutter. [#&#8203;18591](https://github.com/open-webui/open-webui/pull/18591) - ✨ Spacing between icon and label in the user menu dropdown items is now consistent. [#&#8203;18595](https://github.com/open-webui/open-webui/pull/18595) - 💬 Duplicate prompt suggestions no longer cause the webpage to freeze or throw JavaScript errors by implementing proper key management with composite keys. [#&#8203;18841](https://github.com/open-webui/open-webui/pull/18841), [#&#8203;18566](https://github.com/open-webui/open-webui/issues/18566) - 🔍 Chat preview loading in the search modal now works correctly for all search results by fixing an index boundary check that previously caused out-of-bounds errors. [#&#8203;18911](https://github.com/open-webui/open-webui/pull/18911) - ♿ Screen reader support was enhanced by wrapping messages in semantic elements with descriptive aria-labels, adding "Assistant is typing" and "Response complete" announcements for improved accessibility. [#&#8203;18735](https://github.com/open-webui/open-webui/pull/18735) - 🔒 Incorrect await call in the OAuth 2.1 flow is removed, eliminating a logged exception during authentication. [#&#8203;18236](https://github.com/open-webui/open-webui/pull/18236) - 🛡️ Duplicate crossorigin attribute in the manifest file was removed. [#&#8203;18413](https://github.com/open-webui/open-webui/pull/18413) ##### Changed - 🔄 Firecrawl integration was refactored to use the official Firecrawl SDK instead of direct HTTP requests and langchain\_community FireCrawlLoader, improving reliability and performance with batch scraping support and enhanced error handling. [#&#8203;18635](https://github.com/open-webui/open-webui/pull/18635) - 📄 MinerU content extraction engine now only supports PDF files following the upstream removal of LibreOffice document conversion in version 2.0.0; users needing to process office documents should convert them to PDF format first. [#&#8203;18448](https://github.com/open-webui/open-webui/issues/18448) ### [`v0.6.35`](https://github.com/open-webui/open-webui/releases/tag/v0.6.35) [Compare Source](https://github.com/open-webui/open-webui/compare/v0.6.34...v0.6.35) #### \[0.6.35] - 2025-11-06 ##### Added - 🖼️ Image generation system received a comprehensive overhaul with major new capabilities including full image editing support allowing users to modify existing images using text prompts with OpenAI, Gemini, or ComfyUI engines, adding Gemini 2.5 Flash Image (Nano Banana) support, Qwen Image Edit integration, resolution of base64-encoded image display issues, streamlined AUTOMATIC1111 configuration by consolidating parameters into a flexible JSON parameters field, and enhanced UI with a code editor modal for ComfyUI workflow management. [#&#8203;17434](https://github.com/open-webui/open-webui/pull/17434), [#&#8203;16976](https://github.com/open-webui/open-webui/issues/16976), [Commit](https://github.com/open-webui/open-webui/commit/8e5690aab4f632a57027e2acf880b8f89a8717c0), [Commit](https://github.com/open-webui/open-webui/commit/72f8539fd2e679fec0762945f22f4b8a6920afa0), [Commit](https://github.com/open-webui/open-webui/commit/8d34fcb586eeee1fac6da2f991518b8a68b00b72), [Commit](https://github.com/open-webui/open-webui/commit/72900cd686de1fa6be84b5a8a2fc857cff7b91b8) - 🔒 CORS origin validation was added to WebSocket connections as a defense-in-depth security measure against cross-site WebSocket hijacking attacks. [#&#8203;18411](https://github.com/open-webui/open-webui/pull/18411), [#&#8203;18410](https://github.com/open-webui/open-webui/issues/18410) - 🔄 Automatic page refresh now occurs when a version update is detected via WebSocket connection, ensuring users always run the latest version without cache issues. [Commit](https://github.com/open-webui/open-webui/commit/989f192c92d2fe55daa31336e7971e21798b96ae) - 🐍 Experimental initial preparations for Python 3.13 compatibility by updating dependencies with security enhancements and cryptographic improvements. [#&#8203;18430](https://github.com/open-webui/open-webui/pull/18430), [#&#8203;18424](https://github.com/open-webui/open-webui/pull/18424) - ⚡ Image compression now preserves the original image format instead of converting to PNG, significantly reducing file sizes and improving chat loading performance. [#&#8203;18506](https://github.com/open-webui/open-webui/pull/18506) - 🎤 Mistral Voxtral model support was added for text-to-speech, including voxtral-small and voxtral-mini models with both transcription and chat completion API support. [#&#8203;18934](https://github.com/open-webui/open-webui/pull/18934) - 🔊 Text-to-speech now uses a global audio queue system to prevent overlapping playback, ensuring only one TTS instance plays at a time with proper stop/start controls and automatic cleanup when switching between messages. [#&#8203;16152](https://github.com/open-webui/open-webui/pull/16152), [#&#8203;18744](https://github.com/open-webui/open-webui/pull/18744), [#&#8203;16150](https://github.com/open-webui/open-webui/issues/16150) - 🔊 ELEVENLABS\_API\_BASE\_URL environment variable now allows configuration of custom ElevenLabs API endpoints, enabling support for EU residency API requirements. [#&#8203;18402](https://github.com/open-webui/open-webui/issues/18402) - 🔐 OAUTH\_ROLES\_SEPARATOR environment variable now allows custom role separators for OAuth roles that contain commas, useful for roles specified in LDAP syntax. [#&#8203;18572](https://github.com/open-webui/open-webui/pull/18572) - 📄 External document loaders can now optionally forward user information headers when ENABLE\_FORWARD\_USER\_INFO\_HEADERS is enabled, enabling cost tracking, audit logs, and usage analytics for external services. [#&#8203;18731](https://github.com/open-webui/open-webui/pull/18731) - 📄 MISTRAL\_OCR\_API\_BASE\_URL environment variable now allows configuration of custom Mistral OCR API endpoints for flexible deployment options. [Commit](https://github.com/open-webui/open-webui/commit/415b93c7c35c2e2db4425e6da1b88b3750f496b0) - ⌨️ Keyboard shortcut hints are now displayed on sidebar buttons with a refactored shortcuts modal that accurately reflects all available hotkeys across different keyboard layouts. [#&#8203;18473](https://github.com/open-webui/open-webui/pull/18473) - 🛠️ Tooltips now display tool descriptions when hovering over tool names on the model edit page, improving usability and providing immediate context. [#&#8203;18707](https://github.com/open-webui/open-webui/pull/18707) - 📝 "Create a new note" from the search modal now immediately creates a new private note and opens it in the editor instead of navigating to the generic notes page. [#&#8203;18255](https://github.com/open-webui/open-webui/pull/18255) - 🖨️ Code block output now preserves whitespace formatting with monospace font to accurately reflect terminal behavior. [#&#8203;18352](https://github.com/open-webui/open-webui/pull/18352) - ✏️ Edit button is now available in the three-dot menu of models in the workspace section for quick access to model editing, with the menu reorganized for better user experience and Edit, Clone, Copy Link, and Share options logically grouped. [#&#8203;18574](https://github.com/open-webui/open-webui/pull/18574) - 📌 Sidebar models section is now collapsible, allowing users to expand and collapse the pinned models list for better sidebar organization. [Commit](https://github.com/open-webui/open-webui/commit/82c08a3b5d189f81c96b6548cc872198771015b0) - 🌙 Dark mode styles for select elements were added using Tailwind CSS classes, improving consistency across the interface. [#&#8203;18636](https://github.com/open-webui/open-webui/pull/18636) - 🔄 Various improvements were implemented across the frontend and backend to enhance performance, stability, and security. - 🌐 Translations for Portuguese (Brazil), Greek, German, Traditional Chinese, Simplified Chinese, Spanish, Georgian, Danish, and Estonian were enhanced and expanded. ##### Fixed - 🔒 Server-Sent Event (SSE) code injection vulnerability in Direct Connections is resolved by blocking event emission from untrusted external model servers; event emitters from direct connected model servers are no longer supported, preventing arbitrary JavaScript execution in user browsers. [Commit](https://github.com/open-webui/open-webui/commit/8af6a4cf21b756a66cd58378a01c60f74c39b7ca) - 🛡️ DOM XSS vulnerability in "Insert Prompt as Rich Text" is resolved by sanitizing HTML content with DOMPurify before rendering. [Commit](https://github.com/open-webui/open-webui/commit/eb9c4c0e358c274aea35f21c2856c0a20051e5f1) - ⚙️ MCP server cancellation scope corruption is prevented by reversing disconnection order to follow LIFO and properly handling exceptions, resolving 100% CPU usage when resuming chats with expired tokens or using multiple streamable MCP servers. [#&#8203;18537](https://github.com/open-webui/open-webui/pull/18537) - 🔧 UI freeze when querying models with knowledge bases containing inconsistent distance metrics is resolved by properly initializing the distances array in citations. [#&#8203;18585](https://github.com/open-webui/open-webui/pull/18585) - 🤖 Duplicate model IDs from multiple OpenAI endpoints are now automatically deduplicated server-side, preventing frontend crashes for users with unified gateway proxies that aggregate multiple providers. [Commit](https://github.com/open-webui/open-webui/commit/fdf7ca11d4f3cc8fe63e81c98dc0d1e48e52ba36) - 🔐 Login failures with passwords longer than 72 bytes are resolved by safely truncating oversized passwords for bcrypt compatibility. [#&#8203;18157](https://github.com/open-webui/open-webui/issues/18157) - 🔐 OAuth 2.1 MCP tool connections now automatically re-register clients when stored client IDs become stale, preventing unauthorized\_client errors after editing tool endpoints and providing detailed error messages for callback failures. [#&#8203;18415](https://github.com/open-webui/open-webui/pull/18415), [#&#8203;18309](https://github.com/open-webui/open-webui/issues/18309) - 🔓 OAuth 2.1 discovery, metadata fetching, and dynamic client registration now correctly use HTTP proxy environment variables when trust\_env is enabled. [Commit](https://github.com/open-webui/open-webui/commit/bafeb76c411483bd6b135f0edbcdce048120f264) - 🔌 MCP server connection failures now display clear error messages in the chat interface instead of silently failing. [#&#8203;18892](https://github.com/open-webui/open-webui/pull/18892), [#&#8203;18889](https://github.com/open-webui/open-webui/issues/18889) - 💬 Chat titles are now properly generated even when title auto-generation is disabled in interface settings, fixing an issue where chats would remain labeled as "New chat". [#&#8203;18761](https://github.com/open-webui/open-webui/pull/18761), [#&#8203;18717](https://github.com/open-webui/open-webui/issues/18717), [#&#8203;6478](https://github.com/open-webui/open-webui/issues/6478) - 🔍 Chat query errors are prevented by properly validating and handling the "order\_by" parameter to ensure requested columns exist. [#&#8203;18400](https://github.com/open-webui/open-webui/pull/18400), [#&#8203;18452](https://github.com/open-webui/open-webui/pull/18452) - 🔧 Root-level max\_tokens parameter is no longer dropped when proxying to Ollama, properly converting to num\_predict to limit output token length as intended. [#&#8203;18618](https://github.com/open-webui/open-webui/issues/18618) - 🔑 Self-hosted Marker instances can now be used without requiring an API key, while keeping it optional for datalab Marker service users. [#&#8203;18617](https://github.com/open-webui/open-webui/issues/18617) - 🔧 OpenAPI specification endpoint conflict between "/api/v1/models" and "/api/v1/models/" is resolved by changing the models router endpoint to "/list", preventing duplicate operationId errors when generating TypeScript API clients. [#&#8203;18758](https://github.com/open-webui/open-webui/issues/18758) - 🏷️ Model tags are now de-duplicated case-insensitively in both the model selector and workspace models page, preventing duplicate entries with different capitalization from appearing in filter dropdowns. [#&#8203;18716](https://github.com/open-webui/open-webui/pull/18716), [#&#8203;18711](https://github.com/open-webui/open-webui/issues/18711) - 📄 Docling RAG parameter configuration is now correctly saved in the admin UI by fixing the typo in the "DOCLING\_PARAMS" parameter name. [#&#8203;18390](https://github.com/open-webui/open-webui/pull/18390) - 📃 Tika document processing now automatically detects content types instead of relying on potentially incorrect browser-provided mime-types, improving file handling accuracy for formats like RTF. [#&#8203;18765](https://github.com/open-webui/open-webui/pull/18765), [#&#8203;18683](https://github.com/open-webui/open-webui/issues/18683) - 🖼️ Image and video uploads to knowledge bases now display proper error messages instead of showing an infinite spinner when the content extraction engine does not support these file types. [#&#8203;18514](https://github.com/open-webui/open-webui/issues/18514) - 📝 Notes PDF export now properly detects and applies dark mode styling consistently across both the notes list and individual note pages, with a shared utility function to eliminate code duplication. [#&#8203;18526](https://github.com/open-webui/open-webui/issues/18526) - 💭 Details tags for reasoning content are now correctly identified and rendered even when the same tag is present in user messages. [#&#8203;18840](https://github.com/open-webui/open-webui/pull/18840), [#&#8203;18294](https://github.com/open-webui/open-webui/issues/18294) - 📊 Mermaid and Vega rendering errors now display inline with the code instead of showing repetitive toast notifications, improving user experience when models generate invalid diagram syntax. [Commit](https://github.com/open-webui/open-webui/commit/fdc0f04a8b7dd0bc9f9dc0e7e30854f7a0eea3e9) - 📈 Mermaid diagram rendering errors no longer cause UI unavailability or display error messages below the input box. [#&#8203;18493](https://github.com/open-webui/open-webui/pull/18493), [#&#8203;18340](https://github.com/open-webui/open-webui/issues/18340) - 🔗 Web search SSL verification is now asynchronous, preventing the website from hanging during web search operations. [#&#8203;18714](https://github.com/open-webui/open-webui/pull/18714), [#&#8203;18699](https://github.com/open-webui/open-webui/issues/18699) - 🌍 Web search results now correctly use HTTP proxy environment variables when WEB\_SEARCH\_TRUST\_ENV is enabled. [#&#8203;18667](https://github.com/open-webui/open-webui/pull/18667), [#&#8203;7008](https://github.com/open-webui/open-webui/discussions/7008) - 🔍 Google Programmable Search Engine now properly includes referer headers, enabling API keys with HTTP referrer restrictions configured in Google Cloud Console. [#&#8203;18871](https://github.com/open-webui/open-webui/pull/18871), [#&#8203;18870](https://github.com/open-webui/open-webui/issues/18870) - ⚡ YouTube video transcript fetching now works correctly when using a proxy connection. [#&#8203;18419](https://github.com/open-webui/open-webui/pull/18419) - 🎙️ Speech-to-text transcription no longer deletes or replaces existing text in the prompt input field, properly preserving any previously entered content. [#&#8203;18540](https://github.com/open-webui/open-webui/issues/18540) - 🎙️ The "Instant Auto-Send After Voice Transcription" setting now functions correctly and automatically sends transcribed text when enabled. [#&#8203;18466](https://github.com/open-webui/open-webui/issues/18466) - ⚙️ Chat settings now load properly when reopening a tab or starting a new session by initializing defaults when sessionStorage is empty. [#&#8203;18438](https://github.com/open-webui/open-webui/pull/18438) - 🔎 Folder tag search in the sidebar now correctly handles folder names with multiple spaces by replacing all spaces with underscores. [Commit](https://github.com/open-webui/open-webui/commit/a8fe979af68e47e4e4bb3eb76e48d93d60cd2a45) - 🛠️ Functions page now updates immediately after deleting a function, removing the need for a manual page reload. [#&#8203;18912](https://github.com/open-webui/open-webui/pull/18912), [#&#8203;18908](https://github.com/open-webui/open-webui/issues/18908) - 🛠️ Native tool calling now properly supports sequential tool calls with shared context, allowing tools to access images and data from previous tool executions in the same conversation. [#&#8203;18664](https://github.com/open-webui/open-webui/pull/18664) - 🎯 Globally enabled actions in the model editor now correctly apply as global instead of being treated as disabled. [#&#8203;18577](https://github.com/open-webui/open-webui/pull/18577) - 📋 Clipboard images pasted via the "{{CLIPBOARD}}" prompt variable are now correctly converted to base64 format before being sent to the backend, resolving base64 encoding errors. [#&#8203;18432](https://github.com/open-webui/open-webui/pull/18432), [#&#8203;18425](https://github.com/open-webui/open-webui/issues/18425) - 📋 File list is now cleared when switching to models that do not support file uploads, preventing files from being sent to incompatible models. [#&#8203;18496](https://github.com/open-webui/open-webui/pull/18496) - 📂 Move menu no longer displays when folders are empty. [#&#8203;18484](https://github.com/open-webui/open-webui/pull/18484) - 📁 Folder and channel creation now validates that names are not empty, preventing creation of folders or channels with no name and showing an error toast if attempted. [#&#8203;18564](https://github.com/open-webui/open-webui/pull/18564) - 🖊️ Rich text input no longer removes text between equals signs when pasting code with comparison operators. [#&#8203;18551](https://github.com/open-webui/open-webui/issues/18551) - ⌨️ Keyboard shortcuts now display the correct keys for international and non-QWERTY keyboard layouts by detecting the user's layout using the Keyboard API. [#&#8203;18533](https://github.com/open-webui/open-webui/pull/18533) - 🌐 "Attach Webpage" button now displays with correct disabled styling when a model does not support file uploads. [#&#8203;18483](https://github.com/open-webui/open-webui/pull/18483) - 🎚️ Divider no longer displays in the integrations menu when no integrations are enabled. [#&#8203;18487](https://github.com/open-webui/open-webui/pull/18487) - 📱 Chat controls button is now properly hidden on mobile for users without admin or explicit chat control permissions. [#&#8203;18641](https://github.com/open-webui/open-webui/pull/18641) - 📍 User menu, download submenu, and move submenu are now repositioned to prevent overlap with the Chat Controls sidebar when it is open. [Commit](https://github.com/open-webui/open-webui/commit/414ab51cb6df1ab0d6c85ac6c1f2c5c9a5f8e2aa) - 🎯 Artifacts button no longer appears in the chat menu when there are no artifacts to display. [Commit](https://github.com/open-webui/open-webui/commit/ed6449d35f84f68dc75ee5c6b3f4748a3fda0096) - 🎨 Artifacts view now automatically displays when opening an existing conversation containing artifacts, improving user experience. [#&#8203;18215](https://github.com/open-webui/open-webui/pull/18215) - 🖌️ Formatting toolbar is no longer hidden under images or code blocks in chat and now displays correctly above all message content. - 🎨 Layout shift near system instructions is prevented by properly rendering the chat component when system prompts are empty. [#&#8203;18594](https://github.com/open-webui/open-webui/pull/18594) - 📐 Modal layout shift caused by scrollbar appearance is prevented by adding a stable scrollbar gutter. [#&#8203;18591](https://github.com/open-webui/open-webui/pull/18591) - ✨ Spacing between icon and label in the user menu dropdown items is now consistent. [#&#8203;18595](https://github.com/open-webui/open-webui/pull/18595) - 💬 Duplicate prompt suggestions no longer cause the webpage to freeze or throw JavaScript errors by implementing proper key management with composite keys. [#&#8203;18841](https://github.com/open-webui/open-webui/pull/18841), [#&#8203;18566](https://github.com/open-webui/open-webui/issues/18566) - 🔍 Chat preview loading in the search modal now works correctly for all search results by fixing an index boundary check that previously caused out-of-bounds errors. [#&#8203;18911](https://github.com/open-webui/open-webui/pull/18911) - ♿ Screen reader support was enhanced by wrapping messages in semantic elements with descriptive aria-labels, adding "Assistant is typing" and "Response complete" announcements for improved accessibility. [#&#8203;18735](https://github.com/open-webui/open-webui/pull/18735) - 🔒 Incorrect await call in the OAuth 2.1 flow is removed, eliminating a logged exception during authentication. [#&#8203;18236](https://github.com/open-webui/open-webui/pull/18236) - 🛡️ Duplicate crossorigin attribute in the manifest file was removed. [#&#8203;18413](https://github.com/open-webui/open-webui/pull/18413) ##### Changed - 🔄 Firecrawl integration was refactored to use the official Firecrawl SDK instead of direct HTTP requests and langchain\_community FireCrawlLoader, improving reliability and performance with batch scraping support and enhanced error handling. [#&#8203;18635](https://github.com/open-webui/open-webui/pull/18635) - 📄 MinerU content extraction engine now only supports PDF files following the upstream removal of LibreOffice document conversion in version 2.0.0; users needing to process office documents should convert them to PDF format first. [#&#8203;18448](https://github.com/open-webui/open-webui/issues/18448) > \[!TIP]\ > **Looking for an [Enterprise Plan](https://docs.openwebui.com/enterprise)?** – **[Speak with Our Sales Team Today!](mailto:sales@openwebui.com)** > > Get **enhanced capabilities**, including **custom theming and branding**, **Service Level Agreement (SLA) support**, and **more!** 👏 Massive thanks to our incredible contributors for their hard work and dedication to making this release possible: [@&#8203;joaoback](https://github.com/joaoback), [@&#8203;kaiwinut](https://github.com/kaiwinut), [@&#8203;taylorwilsdon](https://github.com/taylorwilsdon), [@&#8203;Classic298](https://github.com/Classic298), [@&#8203;duncansmart](https://github.com/duncansmart), [@&#8203;silentoplayz](https://github.com/silentoplayz), [@&#8203;sinejespersen](https://github.com/sinejespersen), [@&#8203;acomarcho](https://github.com/acomarcho), [@&#8203;Davixk](https://github.com/Davixk), [@&#8203;Ithanil](https://github.com/Ithanil), [@&#8203;zhsh-12](https://github.com/zhsh-12), [@&#8203;athoik](https://github.com/athoik), [@&#8203;acomarcho](https://github.com/acomarcho), [@&#8203;wangweixuan](https://github.com/wangweixuan), [@&#8203;ShirasawaSama](https://github.com/ShirasawaSama), [@&#8203;acwoo97](https://github.com/acwoo97), [@&#8203;IllimarR](https://github.com/IllimarR), [@&#8203;rgaricano](https://github.com/rgaricano), [@&#8203;OAburub](https://github.com/OAburub), [@&#8203;iPagar](https://github.com/iPagar), [@&#8203;mkhludnev](https://github.com/mkhludnev), [@&#8203;jmleksan](https://github.com/jmleksan), [@&#8203;attilaolah](https://github.com/attilaolah), [@&#8203;htulipe](https://github.com/htulipe), [@&#8203;ricdikulous](https://github.com/ricdikulous), [@&#8203;andrewbbaek](https://github.com/andrewbbaek), [@&#8203;Tsafaras](https://github.com/Tsafaras), [@&#8203;Classic298](https://github.com/Classic298), [@&#8203;ivanostanin](https://github.com/ivanostanin), [@&#8203;wei840222](https://github.com/wei840222) #### Sponsors 🙌 🚀 We'd like to extend a heartfelt thank you to our amazing sponsors for their generous support (Note: We've excluded private sponsors from this list. If you'd like to get featured here, feel free to reach out to us!) [@&#8203;amd](https://github.com/amd), [@&#8203;roosi-gmbh](https://github.com/roosi-gmbh), [@&#8203;rndmcnlly](https://github.com/rndmcnlly), [@&#8203;feddersen-group](https://github.com/feddersen-group), [@&#8203;SRKConsulting](https://github.com/SRKConsulting), [@&#8203;mushmax](https://github.com/mushmax), [@&#8203;icanbwell](https://github.com/icanbwell), [@&#8203;agency-agency](https://github.com/agency-agency), [@&#8203;Classic298](https://github.com/Classic298), [@&#8203;loitragg](https://github.com/loitragg), [@&#8203;haka4githu6](https://github.com/haka4githu6), [@&#8203;GenieDev101](https://github.com/GenieDev101), [@&#8203;CubicleGangster](https://github.com/CubicleGangster), [@&#8203;TOWaB](https://github.com/TOWaB), [@&#8203;comet-ml](https://github.com/comet-ml), [@&#8203;FominVO](https://github.com/FominVO), [@&#8203;catalyst-net-nz](https://github.com/catalyst-net-nz), [@&#8203;JrdnHans](https://github.com/JrdnHans), [@&#8203;hkosm](https://github.com/hkosm), [@&#8203;VeroFess](https://github.com/VeroFess), [@&#8203;joaoback](https://github.com/joaoback) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNzEuMiIsInVwZGF0ZWRJblZlciI6IjQxLjE3MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJhdXRvbWVyZ2UiLCJpbWFnZSJdfQ==-->
renovate-bot added the automergeimage labels 2025-11-06 19:02:00 +00:00
renovate-bot added 1 commit 2025-11-06 19:02:01 +00:00
Update ghcr.io/open-webui/open-webui Docker tag to v0.6.35
All checks were successful
renovate/stability-days Updates have met minimum release age requirement
Details
lint-test-helm / helm-lint (pull_request) Successful in 18s
Details
0cba979044
renovate-bot scheduled this pull request to auto merge when all checks succeed 2025-11-06 19:02:12 +00:00
renovate-bot merged commit 7abeafb952 into main 2025-11-06 19:02:14 +00:00
renovate-bot deleted branch renovate/ghcr.io-open-webui-open-webui-0.x 2025-11-06 19:02:14 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Renovate
Issue generated by Renovate.
 automerge
This PR will be automerged by Renovate.
 chart
Chart update generated by Renovate.
 image
Image update generated by Renovate.
 stale
PR or Issue that has not been updated recently.
No Label automerge image
Milestone
No items
No Milestone
Assignees
Clear assignees
gitea-bot renovate-bot alexlebens
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: alexlebens/infrastructure#1979
Delete Branch "renovate/ghcr.io-open-webui-open-webui-0.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?