alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions 4 Activity

Update ghcr.io/open-webui/open-webui Docker tag to v0.6.37 #2091

Merged
renovate-bot merged 1 commits from renovate/ghcr.io-open-webui-open-webui-0.x into main 2025-11-24 05:20:44 +00:00
Conversation 0 Commits 1 Files Changed 1 +1 -1
renovate-bot commented 2025-11-24 05:20:36 +00:00
Collaborator
Copy Link

This PR contains the following updates:

Package Update Change
ghcr.io/open-webui/open-webui patch v0.6.36 -> v0.6.37

Release Notes

open-webui/open-webui (ghcr.io/open-webui/open-webui)

v0.6.37

Compare Source

[0.6.37] - 2025-11-24

Added
  • 🔐 Granular sharing permissions are now available with two-tiered control separating group sharing from public sharing, allowing administrators to independently configure whether users can share workspace items with groups or make them publicly accessible, with separate permission toggles for models, knowledge bases, prompts, tools, and notes, configurable via "USER_PERMISSIONS_WORKSPACE_MODELS_ALLOW_SHARING", "USER_PERMISSIONS_WORKSPACE_MODELS_ALLOW_PUBLIC_SHARING", and corresponding environment variables for other workspace item types, while groups can now be configured to opt-out of sharing via the "Allow Group Sharing" setting. Commit, Commit
  • 🔐 Password policy enforcement is now available with configurable validation rules, allowing administrators to require specific password complexity requirements via "ENABLE_PASSWORD_VALIDATION" and "PASSWORD_VALIDATION_REGEX_PATTERN" environment variables, with default pattern requiring minimum 8 characters including uppercase, lowercase, digit, and special character. #​17794
  • 🔐 Granular import and export permissions are now available for workspace items, introducing six separate permission toggles for models, prompts, and tools that are disabled by default for enhanced security. #​19242
  • 👥 Default group assignment is now available for new users, allowing administrators to automatically assign newly registered users to a specified group for streamlined access control to models, prompts, and tools, particularly useful for organizations with group-based model access policies. #​19325, #​17842
  • 🔒 Password-based authentication can now be fully disabled via "ENABLE_PASSWORD_AUTH" environment variable, enforcing SSO-only authentication and preventing password login fallback when SSO is configured. #​19113
  • 🖼️ Large stream chunk handling was implemented to support models that generate images directly in their output responses, with configurable buffer size via "CHAT_STREAM_RESPONSE_CHUNK_MAX_BUFFER_SIZE" environment variable, resolving compatibility issues with models like Gemini 2.5 Flash Image. #​18884, #​17626
  • 🖼️ Streaming response middleware now handles images in delta updates with automatic base64 conversion, enabling proper display of images from models using the "choices[0].delta.images.image_url" format such as Gemini 2.5 Flash Image Preview on OpenRouter. #​19073, #​19019
  • 📈 Model list API performance was optimized by pre-fetching user group memberships and removing profile image URLs from response payloads, significantly reducing both database queries and payload size for instances with large model lists, with profile images now served dynamically via dedicated endpoints. #​19097, #​18950
  • Batch file processing performance was improved by reducing database queries by 67% while ensuring data consistency between vector and relational databases. #​18953
  • 🚀 Chat import performance was dramatically improved by replacing individual per-chat API requests with a bulk import endpoint, reducing import time by up to 95% for large chat collections and providing user feedback via toast notifications displaying the number of successfully imported chats. #​17861
  • Socket event broadcasting performance was optimized by implementing user-specific rooms, significantly reducing server overhead particularly for users with multiple concurrent sessions. #​18996
  • 🗄️ Weaviate is now supported as a vector database option, providing an additional choice for RAG document storage alongside existing ChromaDB, Milvus, Qdrant, and OpenSearch integrations. #​14747
  • 🗄️ PostgreSQL pgvector now supports HNSW index types and large dimensional embeddings exceeding 2000 dimensions through automatic halfvec type selection, with configurable index methods via "PGVECTOR_INDEX_METHOD", "PGVECTOR_HNSW_M", "PGVECTOR_HNSW_EF_CONSTRUCTION", and "PGVECTOR_IVFFLAT_LISTS" environment variables. #​19158, #​16890
  • 🔍 Azure AI Search is now supported as a web search provider, enabling integration with Azure's cognitive search services via "AZURE_AI_SEARCH_API_KEY", "AZURE_AI_SEARCH_ENDPOINT", and "AZURE_AI_SEARCH_INDEX_NAME" configuration. #​19104
  • External embedding generation now processes API requests in parallel instead of sequential batches, reducing document processing time by 10-50x when using OpenAI, Azure OpenAI, or Ollama embedding providers, with large PDFs now processing in seconds instead of minutes. #​19296
  • 💨 Base64 image conversion is now available for markdown content in chat responses, automatically uploading embedded images exceeding 1KB and replacing them with file URLs to reduce payload size and resource consumption, configurable via "REPLACE_IMAGE_URLS_IN_CHAT_RESPONSE" environment variable. #​19076
  • 🎨 OpenAI image generation now supports additional API parameters including quality settings for GPT Image 1, configurable via "IMAGES_OPENAI_API_PARAMS" environment variable or through the admin interface, enabling cost-effective image generation with low, medium, or high quality options. #​19228
  • 🖼️ Image editing can now be independently enabled or disabled via admin settings, allowing administrators to control whether sequential image prompts trigger image editing or new image generation, configurable via "ENABLE_IMAGE_EDIT" environment variable. #​19284
  • 🔐 SSRF protection was implemented with a configurable URL blocklist that prevents access to cloud metadata endpoints and private networks, with default protections for AWS, Google Cloud, Azure, and Alibaba Cloud metadata services, customizable via "WEB_FETCH_FILTER_LIST" environment variable. #​19201
  • Workspace models page now supports server-side pagination dramatically improving load times and usability for instances with large numbers of workspace models.
  • 🔍 Hybrid search now indexes file metadata including filenames, titles, headings, sources, and snippets alongside document content, enabling keyword queries to surface documents where search terms appear only in metadata, configurable via "ENABLE_RAG_HYBRID_SEARCH_ENRICHED_TEXTS" environment variable. #​19095
  • 📂 Knowledge base upload page now supports folder drag-and-drop with recursive directory handling, enabling batch uploads of entire directory structures instead of requiring individual file selection. #​19320
  • 🤖 Model cloning is now available in admin settings, allowing administrators to quickly create workspace models based on existing base models through a "Clone" option in the model dropdown menu. #​17937
  • 🎨 UI scale adjustment is now available in interface settings, allowing users to increase the size of the entire interface from 1.0x to 1.5x for improved accessibility and readability, particularly beneficial for users with visual impairments. #​19186
  • 📌 Default pinned models can now be configured by administrators for all new users, mirroring the behavior of default models where admin-configured defaults apply only to users who haven't customized their pinned models, configurable via "DEFAULT_PINNED_MODELS" environment variable. #​19273
  • 🎙️ Text-to-Speech and Speech-to-Text services now receive user information headers when "ENABLE_FORWARD_USER_INFO_HEADERS" is enabled, allowing external TTS and STT providers to implement user-specific personalization, rate limiting, and usage tracking. #​19323, #​19312
  • 🎙️ Voice mode now supports custom system prompts via "VOICE_MODE_PROMPT_TEMPLATE" configuration, allowing administrators to control response style and behavior for voice interactions. #​18607
  • 🔧 WebSocket and Redis configuration options are now available including debug logging controls, custom ping timeout and interval settings, and arbitrary Redis connection options via "WEBSOCKET_SERVER_LOGGING", "WEBSOCKET_SERVER_ENGINEIO_LOGGING", "WEBSOCKET_SERVER_PING_TIMEOUT", "WEBSOCKET_SERVER_PING_INTERVAL", and "WEBSOCKET_REDIS_OPTIONS" environment variables. #​19091
  • 🔧 MCP OAuth dynamic client registration now automatically detects and uses the appropriate token endpoint authentication method from server-supported options, enabling compatibility with OAuth servers that only support "client_secret_basic" instead of "client_secret_post". #​19193
  • 🔧 Custom headers can now be configured for remote MCP and OpenAPI tool server connections, enabling integration with services that require additional authentication headers. #​18918
  • 🔍 Perplexity Search now supports custom API endpoints via "PERPLEXITY_SEARCH_API_URL" configuration and automatically forwards user information headers to enable personalized search experiences. #​19147
  • 🔍 User information headers can now be optionally forwarded to external web search engines when "ENABLE_FORWARD_USER_INFO_HEADERS" is enabled. #​19043
  • 📊 Daily active user metric is now available for monitoring, tracking unique users active since midnight UTC via the "webui.users.active.today" Prometheus gauge. #​19236, #​19234
  • 📊 Audit log file path is now configurable via "AUDIT_LOGS_FILE_PATH" environment variable, enabling storage in separate volumes or custom locations. #​19173
  • 🎨 Sidebar collapse states for model lists and group information are now persistent across page refreshes, remembering user preferences through browser-based storage. #​19159
  • 🎨 Background image display was enhanced with semi-transparent overlays for navbar and sidebar, creating a seamless and visually cohesive design across the entire interface. #​19157
  • 📋 Tables in chat messages now include a copy button that appears on hover, enabling quick copying of table content alongside the existing CSV export functionality. #​19162
  • 📝 Notes can now be created directly via the "/notes/new" URL endpoint with optional title and content query parameters, enabling faster note creation through bookmarks and shortcuts. #​19195
  • 🏷️ Tag suggestions are now context-aware, displaying only relevant tags when creating or editing models versus chat conversations, preventing confusion between model and chat tags. #​19135
  • ✍️ Prompt autocompletion is now available independently of the rich text input setting, improving accessibility to the feature. #​19150
  • 🔄 Various improvements were implemented across the frontend and backend to enhance performance, stability, and security.
  • 🌐 Translations for Simplified Chinese, Traditional Chinese, Portuguese (Brazil), Catalan, Spanish (Spain), Finnish, Irish, Farsi, Swedish, Danish, German, Korean, and Thai were improved and expanded.
Fixed
  • 🤖 Model update functionality now works correctly, resolving a database parameter binding error that prevented saving changes to model configurations via the Save & Update button. #​19335
  • 🖼️ Multiple input images for image editing and generation are now correctly passed as an array using the "image[]" parameter syntax, enabling proper multi-image reference functionality with models like GPT Image 1. #​19339
  • 📱 PWA installations on iOS now properly refresh after server container restarts, resolving freezing issues by automatically unregistering service workers when version or deployment changes are detected. #​19316
  • 🗄️ S3 Vectors collection detection now correctly handles buckets with more than 2000 indexes by using direct index lookup instead of paginated list scanning, improving performance by approximately 8x and enabling RAG queries to work reliably at scale. #​19238, #​19233
  • 📈 Feedback retrieval performance was optimized by eliminating N+1 query patterns through database joins, adding server-side pagination and sorting, significantly reducing database load for instances with large feedback datasets. #​17976
  • 🔍 Chat search now works correctly with PostgreSQL when chat data contains null bytes, with comprehensive sanitization preventing null bytes during data writes, cleaning existing data on read, and stripping null bytes during search queries to ensure reliable search functionality. #​15616
  • 🔍 Hybrid search with reranking now correctly handles attribute validation, preventing errors when collection results lack expected structure. #​19025, #​17046
  • 🔎 Reranking functionality now works correctly after recent refactoring, resolving crashes caused by incorrect function argument handling. #​19270
  • 🤖 Azure OpenAI models now support the "reasoning_effort" parameter, enabling proper configuration of reasoning capabilities for models like GPT-5.1 which default to no reasoning without this setting. #​19290
  • 🤖 Models with very long IDs can now be deleted correctly, resolving URL length limitations that previously prevented management operations on such models. #​18230
  • 🤖 Model-level streaming settings now correctly apply to API requests, ensuring "Stream Chat Response" toggle properly controls the streaming parameter. #​19154
  • 🖼️ Image editing configuration now correctly preserves independent OpenAI API endpoints and keys, preventing them from being overwritten by image generation settings. #​19003
  • 🎨 Gemini image edit settings now display correctly in the admin panel, fixing an incorrect configuration key reference that prevented proper rendering of edit options. #​19200
  • 🖌️ Image generation settings menu now loads correctly, resolving validation errors with AUTOMATIC1111 API authentication parameters. #​19187, #​19246
  • 📅 Date formatting in chat search and admin user chat search now correctly respects the "DEFAULT_LOCALE" environment variable, displaying dates according to the configured locale instead of always using MM/DD/YYYY format. #​19305, #​19020
  • 📝 RAG template query placeholder escaping logic was corrected to prevent unintended replacements of context values when query placeholders appear in retrieved content. #​19102, #​19101
  • 📄 RAG template prompt duplication was eliminated by removing redundant user query section from the default template. #​19099, #​19098
  • 📋 MinerU local mode configuration no longer incorrectly requires an API key, allowing proper use of local content extraction without external API credentials. #​19258
  • 📊 Excel file uploads now work correctly with the addition of the missing msoffcrypto-tool dependency, resolving import errors introduced by the unstructured package upgrade. #​19153
  • 📑 Docling parameters now properly handle JSON serialization, preventing exceptions and ensuring configuration changes are saved correctly. #​19072
  • 🛠️ UserValves configuration now correctly isolates settings per tool, preventing configuration contamination when multiple tools with UserValves are used simultaneously. #​19185, #​15569
  • 🔧 Tool selection prompt now correctly handles user messages without duplication, removing redundant query prefixes and improving prompt clarity. #​19122, #​19121
  • 📝 Notes chat feature now correctly submits messages to the completions endpoint, resolving errors that prevented AI model interactions. #​19079
  • 📝 Note PDF downloads now sanitize HTML content using DOMPurify before rendering, preventing potential DOM-based XSS attacks from malicious content in notes. Commit
  • 📁 Archived chats now have their folder associations automatically removed to prevent unintended deletion when their previous folder is deleted. #​14578
  • 🔐 ElevenLabs API key is now properly obfuscated in the admin settings page, preventing plain text exposure of sensitive credentials. #​19262, #​19260
  • 🔧 MCP OAuth server metadata discovery now follows the correct specification order, ensuring proper authentication flow compliance. #​19244
  • 🔒 API key endpoint restrictions now properly enforce access controls for all endpoints including SCIM, preventing unintended access when "API_KEY_ALLOWED_ENDPOINTS" is configured. #​19168
  • 🔓 OAuth role claim parsing now supports both flat and nested claim structures, enabling compatibility with OAuth providers that deliver claims as direct properties on the user object rather than nested structures. #​19286
  • 🔑 OAuth MCP server verification now correctly extracts the access token value for authorization headers instead of sending the entire token dictionary. #​19149, #​19148
  • ⚙️ OAuth dynamic client registration now correctly converts empty strings to None for optional fields, preventing validation failures in MCP package integration. #​19144, #​19129
  • 🔐 OIDC authentication now correctly passes client credentials in access token requests, ensuring compatibility with providers that require these parameters per RFC 6749. #​19132, #​19131
  • 🔗 OAuth client creation now respects configured token endpoint authentication methods instead of defaulting to basic authentication, preventing failures with servers that don't support basic auth. #​19165
  • 📋 Text copied from chat responses in Chrome now pastes without background formatting, improving readability when pasting into word processors. #​19083
Changed
  • 🗄️ Group membership data storage was refactored from JSON arrays to a dedicated relational database table, significantly improving query performance and scalability for instances with large numbers of users and groups, while API responses now return member counts instead of full user ID arrays. #​19239
  • 📄 MinerU parameter handling was refactored to pass parameters directly to the API, improving flexibility and fixing VLM backend configuration. #​19105, #​18446
  • 🔐 API key creation is now controlled by granular user and group permissions, with the "ENABLE_API_KEY" environment variable renamed to "ENABLE_API_KEYS" and disabled by default, requiring explicit configuration at both the global and user permission levels, while related environment variables "ENABLE_API_KEY_ENDPOINT_RESTRICTIONS" and "API_KEY_ALLOWED_ENDPOINTS" were renamed to "ENABLE_API_KEYS_ENDPOINT_RESTRICTIONS" and "API_KEYS_ALLOWED_ENDPOINTS" respectively. #​18336

[!TIP]
Looking for an Enterprise Plan?Speak with Our Sales Team Today!

Get enhanced capabilities, including custom theming and branding, Service Level Agreement (SLA) support, and more!

👏 Massive thanks to our incredible contributors for their hard work and dedication to making this release possible:
@​Davixk, @​podden, @​ShirasawaSama, @​jekuaitk, @​sanglt, @​shargyle, @​aindriu80, @​krishna-medapati, @​lazariv, @​FlorentMair80, @​mikkeschiren, @​joaoback, @​Cyp9715, @​aleixdorca, @​silentoplayz, @​gerhardj-b, @​siwadon-jay, @​jmleksan, @​dannyl1u, @​rgaricano, @​Kylapaallikko, @​Classic298, @​expruc, @​tomhaynes, @​diwakar-s-maurya, @​xqqp, @​logan-hcg, @​BlakeTnr, @​siavashvj, @​Oleg52, @​sihyeonn, @​davecrab, @​matiboux, @​adam-skalicky

Sponsors 🙌

🚀 We'd like to extend a heartfelt thank you to our amazing sponsors for their generous support (Note: We've excluded private sponsors from this list. If you'd like to get featured here, feel free to reach out to us!)

@​amd, @​roosi-gmbh, @​rndmcnlly, @​feddersen-group, @​SRKConsulting, @​mushmax, @​icanbwell, @​agency-agency, @​Classic298, @​loitragg, @​haka4githu6, @​silenceroom, @​GenieDev101, @​CubicleGangster, @​TOWaB, @​comet-ml, @​FominVO, @​catalyst-net-nz, @​JrdnHans, @​hkosm, @​VeroFess, @​joaoback, @​walsermedia, @​LuxTronic

v0.6.37

Compare Source

Added
  • 🔐 Granular sharing permissions are now available with two-tiered control separating group sharing from public sharing, allowing administrators to independently configure whether users can share workspace items with groups or make them publicly accessible, with separate permission toggles for models, knowledge bases, prompts, tools, and notes, configurable via "USER_PERMISSIONS_WORKSPACE_MODELS_ALLOW_SHARING", "USER_PERMISSIONS_WORKSPACE_MODELS_ALLOW_PUBLIC_SHARING", and corresponding environment variables for other workspace item types, while groups can now be configured to opt-out of sharing via the "Allow Group Sharing" setting. Commit, Commit
  • 🔐 Password policy enforcement is now available with configurable validation rules, allowing administrators to require specific password complexity requirements via "ENABLE_PASSWORD_VALIDATION" and "PASSWORD_VALIDATION_REGEX_PATTERN" environment variables, with default pattern requiring minimum 8 characters including uppercase, lowercase, digit, and special character. #​17794
  • 🔐 Granular import and export permissions are now available for workspace items, introducing six separate permission toggles for models, prompts, and tools that are disabled by default for enhanced security. #​19242
  • 👥 Default group assignment is now available for new users, allowing administrators to automatically assign newly registered users to a specified group for streamlined access control to models, prompts, and tools, particularly useful for organizations with group-based model access policies. #​19325, #​17842
  • 🔒 Password-based authentication can now be fully disabled via "ENABLE_PASSWORD_AUTH" environment variable, enforcing SSO-only authentication and preventing password login fallback when SSO is configured. #​19113
  • 🖼️ Large stream chunk handling was implemented to support models that generate images directly in their output responses, with configurable buffer size via "CHAT_STREAM_RESPONSE_CHUNK_MAX_BUFFER_SIZE" environment variable, resolving compatibility issues with models like Gemini 2.5 Flash Image. #​18884, #​17626
  • 🖼️ Streaming response middleware now handles images in delta updates with automatic base64 conversion, enabling proper display of images from models using the "choices[0].delta.images.image_url" format such as Gemini 2.5 Flash Image Preview on OpenRouter. #​19073, #​19019
  • 📈 Model list API performance was optimized by pre-fetching user group memberships and removing profile image URLs from response payloads, significantly reducing both database queries and payload size for instances with large model lists, with profile images now served dynamically via dedicated endpoints. #​19097, #​18950
  • Batch file processing performance was improved by reducing database queries by 67% while ensuring data consistency between vector and relational databases. #​18953
  • 🚀 Chat import performance was dramatically improved by replacing individual per-chat API requests with a bulk import endpoint, reducing import time by up to 95% for large chat collections and providing user feedback via toast notifications displaying the number of successfully imported chats. #​17861
  • Socket event broadcasting performance was optimized by implementing user-specific rooms, significantly reducing server overhead particularly for users with multiple concurrent sessions. #​18996
  • 🗄️ Weaviate is now supported as a vector database option, providing an additional choice for RAG document storage alongside existing ChromaDB, Milvus, Qdrant, and OpenSearch integrations. #​14747
  • 🗄️ PostgreSQL pgvector now supports HNSW index types and large dimensional embeddings exceeding 2000 dimensions through automatic halfvec type selection, with configurable index methods via "PGVECTOR_INDEX_METHOD", "PGVECTOR_HNSW_M", "PGVECTOR_HNSW_EF_CONSTRUCTION", and "PGVECTOR_IVFFLAT_LISTS" environment variables. #​19158, #​16890
  • 🔍 Azure AI Search is now supported as a web search provider, enabling integration with Azure's cognitive search services via "AZURE_AI_SEARCH_API_KEY", "AZURE_AI_SEARCH_ENDPOINT", and "AZURE_AI_SEARCH_INDEX_NAME" configuration. #​19104
  • External embedding generation now processes API requests in parallel instead of sequential batches, reducing document processing time by 10-50x when using OpenAI, Azure OpenAI, or Ollama embedding providers, with large PDFs now processing in seconds instead of minutes. #​19296
  • 💨 Base64 image conversion is now available for markdown content in chat responses, automatically uploading embedded images exceeding 1KB and replacing them with file URLs to reduce payload size and resource consumption, configurable via "REPLACE_IMAGE_URLS_IN_CHAT_RESPONSE" environment variable. #​19076
  • 🎨 OpenAI image generation now supports additional API parameters including quality settings for GPT Image 1, configurable via "IMAGES_OPENAI_API_PARAMS" environment variable or through the admin interface, enabling cost-effective image generation with low, medium, or high quality options. #​19228
  • 🖼️ Image editing can now be independently enabled or disabled via admin settings, allowing administrators to control whether sequential image prompts trigger image editing or new image generation, configurable via "ENABLE_IMAGE_EDIT" environment variable. #​19284
  • 🔐 SSRF protection was implemented with a configurable URL blocklist that prevents access to cloud metadata endpoints and private networks, with default protections for AWS, Google Cloud, Azure, and Alibaba Cloud metadata services, customizable via "WEB_FETCH_FILTER_LIST" environment variable. #​19201
  • Workspace models page now supports server-side pagination dramatically improving load times and usability for instances with large numbers of workspace models.
  • 🔍 Hybrid search now indexes file metadata including filenames, titles, headings, sources, and snippets alongside document content, enabling keyword queries to surface documents where search terms appear only in metadata, configurable via "ENABLE_RAG_HYBRID_SEARCH_ENRICHED_TEXTS" environment variable. #​19095
  • 📂 Knowledge base upload page now supports folder drag-and-drop with recursive directory handling, enabling batch uploads of entire directory structures instead of requiring individual file selection. #​19320
  • 🤖 Model cloning is now available in admin settings, allowing administrators to quickly create workspace models based on existing base models through a "Clone" option in the model dropdown menu. #​17937
  • 🎨 UI scale adjustment is now available in interface settings, allowing users to increase the size of the entire interface from 1.0x to 1.5x for improved accessibility and readability, particularly beneficial for users with visual impairments. #​19186
  • 📌 Default pinned models can now be configured by administrators for all new users, mirroring the behavior of default models where admin-configured defaults apply only to users who haven't customized their pinned models, configurable via "DEFAULT_PINNED_MODELS" environment variable. #​19273
  • 🎙️ Text-to-Speech and Speech-to-Text services now receive user information headers when "ENABLE_FORWARD_USER_INFO_HEADERS" is enabled, allowing external TTS and STT providers to implement user-specific personalization, rate limiting, and usage tracking. #​19323, #​19312
  • 🎙️ Voice mode now supports custom system prompts via "VOICE_MODE_PROMPT_TEMPLATE" configuration, allowing administrators to control response style and behavior for voice interactions. #​18607
  • 🔧 WebSocket and Redis configuration options are now available including debug logging controls, custom ping timeout and interval settings, and arbitrary Redis connection options via "WEBSOCKET_SERVER_LOGGING", "WEBSOCKET_SERVER_ENGINEIO_LOGGING", "WEBSOCKET_SERVER_PING_TIMEOUT", "WEBSOCKET_SERVER_PING_INTERVAL", and "WEBSOCKET_REDIS_OPTIONS" environment variables. #​19091
  • 🔧 MCP OAuth dynamic client registration now automatically detects and uses the appropriate token endpoint authentication method from server-supported options, enabling compatibility with OAuth servers that only support "client_secret_basic" instead of "client_secret_post". #​19193
  • 🔧 Custom headers can now be configured for remote MCP and OpenAPI tool server connections, enabling integration with services that require additional authentication headers. #​18918
  • 🔍 Perplexity Search now supports custom API endpoints via "PERPLEXITY_SEARCH_API_URL" configuration and automatically forwards user information headers to enable personalized search experiences. #​19147
  • 🔍 User information headers can now be optionally forwarded to external web search engines when "ENABLE_FORWARD_USER_INFO_HEADERS" is enabled. #​19043
  • 📊 Daily active user metric is now available for monitoring, tracking unique users active since midnight UTC via the "webui.users.active.today" Prometheus gauge. #​19236, #​19234
  • 📊 Audit log file path is now configurable via "AUDIT_LOGS_FILE_PATH" environment variable, enabling storage in separate volumes or custom locations. #​19173
  • 🎨 Sidebar collapse states for model lists and group information are now persistent across page refreshes, remembering user preferences through browser-based storage. #​19159
  • 🎨 Background image display was enhanced with semi-transparent overlays for navbar and sidebar, creating a seamless and visually cohesive design across the entire interface. #​19157
  • 📋 Tables in chat messages now include a copy button that appears on hover, enabling quick copying of table content alongside the existing CSV export functionality. #​19162
  • 📝 Notes can now be created directly via the "/notes/new" URL endpoint with optional title and content query parameters, enabling faster note creation through bookmarks and shortcuts. #​19195
  • 🏷️ Tag suggestions are now context-aware, displaying only relevant tags when creating or editing models versus chat conversations, preventing confusion between model and chat tags. #​19135
  • ✍️ Prompt autocompletion is now available independently of the rich text input setting, improving accessibility to the feature. #​19150
  • 🔄 Various improvements were implemented across the frontend and backend to enhance performance, stability, and security.
  • 🌐 Translations for Simplified Chinese, Traditional Chinese, Portuguese (Brazil), Catalan, Spanish (Spain), Finnish, Irish, Farsi, Swedish, Danish, German, Korean, and Thai were improved and expanded.
Fixed
  • 🤖 Model update functionality now works correctly, resolving a database parameter binding error that prevented saving changes to model configurations via the Save & Update button. #​19335
  • 🖼️ Multiple input images for image editing and generation are now correctly passed as an array using the "image[]" parameter syntax, enabling proper multi-image reference functionality with models like GPT Image 1. #​19339
  • 📱 PWA installations on iOS now properly refresh after server container restarts, resolving freezing issues by automatically unregistering service workers when version or deployment changes are detected. #​19316
  • 🗄️ S3 Vectors collection detection now correctly handles buckets with more than 2000 indexes by using direct index lookup instead of paginated list scanning, improving performance by approximately 8x and enabling RAG queries to work reliably at scale. #​19238, #​19233
  • 📈 Feedback retrieval performance was optimized by eliminating N+1 query patterns through database joins, adding server-side pagination and sorting, significantly reducing database load for instances with large feedback datasets. #​17976
  • 🔍 Chat search now works correctly with PostgreSQL when chat data contains null bytes, with comprehensive sanitization preventing null bytes during data writes, cleaning existing data on read, and stripping null bytes during search queries to ensure reliable search functionality. #​15616
  • 🔍 Hybrid search with reranking now correctly handles attribute validation, preventing errors when collection results lack expected structure. #​19025, #​17046
  • 🔎 Reranking functionality now works correctly after recent refactoring, resolving crashes caused by incorrect function argument handling. #​19270
  • 🤖 Azure OpenAI models now support the "reasoning_effort" parameter, enabling proper configuration of reasoning capabilities for models like GPT-5.1 which default to no reasoning without this setting. #​19290
  • 🤖 Models with very long IDs can now be deleted correctly, resolving URL length limitations that previously prevented management operations on such models. #​18230
  • 🤖 Model-level streaming settings now correctly apply to API requests, ensuring "Stream Chat Response" toggle properly controls the streaming parameter. #​19154
  • 🖼️ Image editing configuration now correctly preserves independent OpenAI API endpoints and keys, preventing them from being overwritten by image generation settings. #​19003
  • 🎨 Gemini image edit settings now display correctly in the admin panel, fixing an incorrect configuration key reference that prevented proper rendering of edit options. #​19200
  • 🖌️ Image generation settings menu now loads correctly, resolving validation errors with AUTOMATIC1111 API authentication parameters. #​19187, #​19246
  • 📅 Date formatting in chat search and admin user chat search now correctly respects the "DEFAULT_LOCALE" environment variable, displaying dates according to the configured locale instead of always using MM/DD/YYYY format. #​19305, #​19020
  • 📝 RAG template query placeholder escaping logic was corrected to prevent unintended replacements of context values when query placeholders appear in retrieved content. #​19102, #​19101
  • 📄 RAG template prompt duplication was eliminated by removing redundant user query section from the default template. #​19099, #​19098
  • 📋 MinerU local mode configuration no longer incorrectly requires an API key, allowing proper use of local content extraction without external API credentials. #​19258
  • 📊 Excel file uploads now work correctly with the addition of the missing msoffcrypto-tool dependency, resolving import errors introduced by the unstructured package upgrade. #​19153
  • 📑 Docling parameters now properly handle JSON serialization, preventing exceptions and ensuring configuration changes are saved correctly. #​19072
  • 🛠️ UserValves configuration now correctly isolates settings per tool, preventing configuration contamination when multiple tools with UserValves are used simultaneously. #​19185, #​15569
  • 🔧 Tool selection prompt now correctly handles user messages without duplication, removing redundant query prefixes and improving prompt clarity. #​19122, #​19121
  • 📝 Notes chat feature now correctly submits messages to the completions endpoint, resolving errors that prevented AI model interactions. #​19079
  • 📝 Note PDF downloads now sanitize HTML content using DOMPurify before rendering, preventing potential DOM-based XSS attacks from malicious content in notes. Commit
  • 📁 Archived chats now have their folder associations automatically removed to prevent unintended deletion when their previous folder is deleted. #​14578
  • 🔐 ElevenLabs API key is now properly obfuscated in the admin settings page, preventing plain text exposure of sensitive credentials. #​19262, #​19260
  • 🔧 MCP OAuth server metadata discovery now follows the correct specification order, ensuring proper authentication flow compliance. #​19244
  • 🔒 API key endpoint restrictions now properly enforce access controls for all endpoints including SCIM, preventing unintended access when "API_KEY_ALLOWED_ENDPOINTS" is configured. #​19168
  • 🔓 OAuth role claim parsing now supports both flat and nested claim structures, enabling compatibility with OAuth providers that deliver claims as direct properties on the user object rather than nested structures. #​19286
  • 🔑 OAuth MCP server verification now correctly extracts the access token value for authorization headers instead of sending the entire token dictionary. #​19149, #​19148
  • ⚙️ OAuth dynamic client registration now correctly converts empty strings to None for optional fields, preventing validation failures in MCP package integration. #​19144, #​19129
  • 🔐 OIDC authentication now correctly passes client credentials in access token requests, ensuring compatibility with providers that require these parameters per RFC 6749. #​19132, #​19131
  • 🔗 OAuth client creation now respects configured token endpoint authentication methods instead of defaulting to basic authentication, preventing failures with servers that don't support basic auth. #​19165
  • 📋 Text copied from chat responses in Chrome now pastes without background formatting, improving readability when pasting into word processors. #​19083
Changed
  • 🗄️ Group membership data storage was refactored from JSON arrays to a dedicated relational database table, significantly improving query performance and scalability for instances with large numbers of users and groups, while API responses now return member counts instead of full user ID arrays. #​19239
  • 📄 MinerU parameter handling was refactored to pass parameters directly to the API, improving flexibility and fixing VLM backend configuration. #​19105, #​18446
  • 🔐 API key creation is now controlled by granular user and group permissions, with the "ENABLE_API_KEY" environment variable renamed to "ENABLE_API_KEYS" and disabled by default, requiring explicit configuration at both the global and user permission levels, while related environment variables "ENABLE_API_KEY_ENDPOINT_RESTRICTIONS" and "API_KEY_ALLOWED_ENDPOINTS" were renamed to "ENABLE_API_KEYS_ENDPOINT_RESTRICTIONS" and "API_KEYS_ALLOWED_ENDPOINTS" respectively. #​18336

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/open-webui/open-webui](https://github.com/open-webui/open-webui) | patch | `v0.6.36` -> `v0.6.37` | --- ### Release Notes <details> <summary>open-webui/open-webui (ghcr.io/open-webui/open-webui)</summary> ### [`v0.6.37`](https://github.com/open-webui/open-webui/releases/tag/v0.6.37) [Compare Source](https://github.com/open-webui/open-webui/compare/v0.6.37...v0.6.37) #### \[0.6.37] - 2025-11-24 ##### Added - 🔐 Granular sharing permissions are now available with two-tiered control separating group sharing from public sharing, allowing administrators to independently configure whether users can share workspace items with groups or make them publicly accessible, with separate permission toggles for models, knowledge bases, prompts, tools, and notes, configurable via "USER\_PERMISSIONS\_WORKSPACE\_MODELS\_ALLOW\_SHARING", "USER\_PERMISSIONS\_WORKSPACE\_MODELS\_ALLOW\_PUBLIC\_SHARING", and corresponding environment variables for other workspace item types, while groups can now be configured to opt-out of sharing via the "Allow Group Sharing" setting. [Commit](https://github.com/open-webui/open-webui/commit/7be750bcbb40da91912a0a66b7ab791effdcc3b6), [Commit](https://github.com/open-webui/open-webui/commit/f69e37a8507d6d57382d6670641b367f3127f90a) - 🔐 Password policy enforcement is now available with configurable validation rules, allowing administrators to require specific password complexity requirements via "ENABLE\_PASSWORD\_VALIDATION" and "PASSWORD\_VALIDATION\_REGEX\_PATTERN" environment variables, with default pattern requiring minimum 8 characters including uppercase, lowercase, digit, and special character. [#&#8203;17794](https://github.com/open-webui/open-webui/pull/17794) - 🔐 Granular import and export permissions are now available for workspace items, introducing six separate permission toggles for models, prompts, and tools that are disabled by default for enhanced security. [#&#8203;19242](https://github.com/open-webui/open-webui/pull/19242) - 👥 Default group assignment is now available for new users, allowing administrators to automatically assign newly registered users to a specified group for streamlined access control to models, prompts, and tools, particularly useful for organizations with group-based model access policies. [#&#8203;19325](https://github.com/open-webui/open-webui/pull/19325), [#&#8203;17842](https://github.com/open-webui/open-webui/issues/17842) - 🔒 Password-based authentication can now be fully disabled via "ENABLE\_PASSWORD\_AUTH" environment variable, enforcing SSO-only authentication and preventing password login fallback when SSO is configured. [#&#8203;19113](https://github.com/open-webui/open-webui/pull/19113) - 🖼️ Large stream chunk handling was implemented to support models that generate images directly in their output responses, with configurable buffer size via "CHAT\_STREAM\_RESPONSE\_CHUNK\_MAX\_BUFFER\_SIZE" environment variable, resolving compatibility issues with models like Gemini 2.5 Flash Image. [#&#8203;18884](https://github.com/open-webui/open-webui/pull/18884), [#&#8203;17626](https://github.com/open-webui/open-webui/issues/17626) - 🖼️ Streaming response middleware now handles images in delta updates with automatic base64 conversion, enabling proper display of images from models using the "choices\[0].delta.images.image\_url" format such as Gemini 2.5 Flash Image Preview on OpenRouter. [#&#8203;19073](https://github.com/open-webui/open-webui/pull/19073), [#&#8203;19019](https://github.com/open-webui/open-webui/issues/19019) - 📈 Model list API performance was optimized by pre-fetching user group memberships and removing profile image URLs from response payloads, significantly reducing both database queries and payload size for instances with large model lists, with profile images now served dynamically via dedicated endpoints. [#&#8203;19097](https://github.com/open-webui/open-webui/pull/19097), [#&#8203;18950](https://github.com/open-webui/open-webui/issues/18950) - ⏩ Batch file processing performance was improved by reducing database queries by 67% while ensuring data consistency between vector and relational databases. [#&#8203;18953](https://github.com/open-webui/open-webui/pull/18953) - 🚀 Chat import performance was dramatically improved by replacing individual per-chat API requests with a bulk import endpoint, reducing import time by up to 95% for large chat collections and providing user feedback via toast notifications displaying the number of successfully imported chats. [#&#8203;17861](https://github.com/open-webui/open-webui/pull/17861) - ⚡ Socket event broadcasting performance was optimized by implementing user-specific rooms, significantly reducing server overhead particularly for users with multiple concurrent sessions. [#&#8203;18996](https://github.com/open-webui/open-webui/pull/18996) - 🗄️ Weaviate is now supported as a vector database option, providing an additional choice for RAG document storage alongside existing ChromaDB, Milvus, Qdrant, and OpenSearch integrations. [#&#8203;14747](https://github.com/open-webui/open-webui/pull/14747) - 🗄️ PostgreSQL pgvector now supports HNSW index types and large dimensional embeddings exceeding 2000 dimensions through automatic halfvec type selection, with configurable index methods via "PGVECTOR\_INDEX\_METHOD", "PGVECTOR\_HNSW\_M", "PGVECTOR\_HNSW\_EF\_CONSTRUCTION", and "PGVECTOR\_IVFFLAT\_LISTS" environment variables. [#&#8203;19158](https://github.com/open-webui/open-webui/pull/19158), [#&#8203;16890](https://github.com/open-webui/open-webui/issues/16890) - 🔍 Azure AI Search is now supported as a web search provider, enabling integration with Azure's cognitive search services via "AZURE\_AI\_SEARCH\_API\_KEY", "AZURE\_AI\_SEARCH\_ENDPOINT", and "AZURE\_AI\_SEARCH\_INDEX\_NAME" configuration. [#&#8203;19104](https://github.com/open-webui/open-webui/pull/19104) - ⚡ External embedding generation now processes API requests in parallel instead of sequential batches, reducing document processing time by 10-50x when using OpenAI, Azure OpenAI, or Ollama embedding providers, with large PDFs now processing in seconds instead of minutes. [#&#8203;19296](https://github.com/open-webui/open-webui/pull/19296) - 💨 Base64 image conversion is now available for markdown content in chat responses, automatically uploading embedded images exceeding 1KB and replacing them with file URLs to reduce payload size and resource consumption, configurable via "REPLACE\_IMAGE\_URLS\_IN\_CHAT\_RESPONSE" environment variable. [#&#8203;19076](https://github.com/open-webui/open-webui/pull/19076) - 🎨 OpenAI image generation now supports additional API parameters including quality settings for GPT Image 1, configurable via "IMAGES\_OPENAI\_API\_PARAMS" environment variable or through the admin interface, enabling cost-effective image generation with low, medium, or high quality options. [#&#8203;19228](https://github.com/open-webui/open-webui/issues/19228) - 🖼️ Image editing can now be independently enabled or disabled via admin settings, allowing administrators to control whether sequential image prompts trigger image editing or new image generation, configurable via "ENABLE\_IMAGE\_EDIT" environment variable. [#&#8203;19284](https://github.com/open-webui/open-webui/issues/19284) - 🔐 SSRF protection was implemented with a configurable URL blocklist that prevents access to cloud metadata endpoints and private networks, with default protections for AWS, Google Cloud, Azure, and Alibaba Cloud metadata services, customizable via "WEB\_FETCH\_FILTER\_LIST" environment variable. [#&#8203;19201](https://github.com/open-webui/open-webui/pull/19201) - ⚡ Workspace models page now supports server-side pagination dramatically improving load times and usability for instances with large numbers of workspace models. - 🔍 Hybrid search now indexes file metadata including filenames, titles, headings, sources, and snippets alongside document content, enabling keyword queries to surface documents where search terms appear only in metadata, configurable via "ENABLE\_RAG\_HYBRID\_SEARCH\_ENRICHED\_TEXTS" environment variable. [#&#8203;19095](https://github.com/open-webui/open-webui/pull/19095) - 📂 Knowledge base upload page now supports folder drag-and-drop with recursive directory handling, enabling batch uploads of entire directory structures instead of requiring individual file selection. [#&#8203;19320](https://github.com/open-webui/open-webui/pull/19320) - 🤖 Model cloning is now available in admin settings, allowing administrators to quickly create workspace models based on existing base models through a "Clone" option in the model dropdown menu. [#&#8203;17937](https://github.com/open-webui/open-webui/pull/17937) - 🎨 UI scale adjustment is now available in interface settings, allowing users to increase the size of the entire interface from 1.0x to 1.5x for improved accessibility and readability, particularly beneficial for users with visual impairments. [#&#8203;19186](https://github.com/open-webui/open-webui/pull/19186) - 📌 Default pinned models can now be configured by administrators for all new users, mirroring the behavior of default models where admin-configured defaults apply only to users who haven't customized their pinned models, configurable via "DEFAULT\_PINNED\_MODELS" environment variable. [#&#8203;19273](https://github.com/open-webui/open-webui/pull/19273) - 🎙️ Text-to-Speech and Speech-to-Text services now receive user information headers when "ENABLE\_FORWARD\_USER\_INFO\_HEADERS" is enabled, allowing external TTS and STT providers to implement user-specific personalization, rate limiting, and usage tracking. [#&#8203;19323](https://github.com/open-webui/open-webui/pull/19323), [#&#8203;19312](https://github.com/open-webui/open-webui/issues/19312) - 🎙️ Voice mode now supports custom system prompts via "VOICE\_MODE\_PROMPT\_TEMPLATE" configuration, allowing administrators to control response style and behavior for voice interactions. [#&#8203;18607](https://github.com/open-webui/open-webui/pull/18607) - 🔧 WebSocket and Redis configuration options are now available including debug logging controls, custom ping timeout and interval settings, and arbitrary Redis connection options via "WEBSOCKET\_SERVER\_LOGGING", "WEBSOCKET\_SERVER\_ENGINEIO\_LOGGING", "WEBSOCKET\_SERVER\_PING\_TIMEOUT", "WEBSOCKET\_SERVER\_PING\_INTERVAL", and "WEBSOCKET\_REDIS\_OPTIONS" environment variables. [#&#8203;19091](https://github.com/open-webui/open-webui/pull/19091) - 🔧 MCP OAuth dynamic client registration now automatically detects and uses the appropriate token endpoint authentication method from server-supported options, enabling compatibility with OAuth servers that only support "client\_secret\_basic" instead of "client\_secret\_post". [#&#8203;19193](https://github.com/open-webui/open-webui/issues/19193) - 🔧 Custom headers can now be configured for remote MCP and OpenAPI tool server connections, enabling integration with services that require additional authentication headers. [#&#8203;18918](https://github.com/open-webui/open-webui/issues/18918) - 🔍 Perplexity Search now supports custom API endpoints via "PERPLEXITY\_SEARCH\_API\_URL" configuration and automatically forwards user information headers to enable personalized search experiences. [#&#8203;19147](https://github.com/open-webui/open-webui/pull/19147) - 🔍 User information headers can now be optionally forwarded to external web search engines when "ENABLE\_FORWARD\_USER\_INFO\_HEADERS" is enabled. [#&#8203;19043](https://github.com/open-webui/open-webui/pull/19043) - 📊 Daily active user metric is now available for monitoring, tracking unique users active since midnight UTC via the "webui.users.active.today" Prometheus gauge. [#&#8203;19236](https://github.com/open-webui/open-webui/pull/19236), [#&#8203;19234](https://github.com/open-webui/open-webui/issues/19234) - 📊 Audit log file path is now configurable via "AUDIT\_LOGS\_FILE\_PATH" environment variable, enabling storage in separate volumes or custom locations. [#&#8203;19173](https://github.com/open-webui/open-webui/pull/19173) - 🎨 Sidebar collapse states for model lists and group information are now persistent across page refreshes, remembering user preferences through browser-based storage. [#&#8203;19159](https://github.com/open-webui/open-webui/issues/19159) - 🎨 Background image display was enhanced with semi-transparent overlays for navbar and sidebar, creating a seamless and visually cohesive design across the entire interface. [#&#8203;19157](https://github.com/open-webui/open-webui/issues/19157) - 📋 Tables in chat messages now include a copy button that appears on hover, enabling quick copying of table content alongside the existing CSV export functionality. [#&#8203;19162](https://github.com/open-webui/open-webui/issues/19162) - 📝 Notes can now be created directly via the "/notes/new" URL endpoint with optional title and content query parameters, enabling faster note creation through bookmarks and shortcuts. [#&#8203;19195](https://github.com/open-webui/open-webui/issues/19195) - 🏷️ Tag suggestions are now context-aware, displaying only relevant tags when creating or editing models versus chat conversations, preventing confusion between model and chat tags. [#&#8203;19135](https://github.com/open-webui/open-webui/issues/19135) - ✍️ Prompt autocompletion is now available independently of the rich text input setting, improving accessibility to the feature. [#&#8203;19150](https://github.com/open-webui/open-webui/issues/19150) - 🔄 Various improvements were implemented across the frontend and backend to enhance performance, stability, and security. - 🌐 Translations for Simplified Chinese, Traditional Chinese, Portuguese (Brazil), Catalan, Spanish (Spain), Finnish, Irish, Farsi, Swedish, Danish, German, Korean, and Thai were improved and expanded. ##### Fixed - 🤖 Model update functionality now works correctly, resolving a database parameter binding error that prevented saving changes to model configurations via the Save & Update button. [#&#8203;19335](https://github.com/open-webui/open-webui/issues/19335) - 🖼️ Multiple input images for image editing and generation are now correctly passed as an array using the "image\[]" parameter syntax, enabling proper multi-image reference functionality with models like GPT Image 1. [#&#8203;19339](https://github.com/open-webui/open-webui/issues/19339) - 📱 PWA installations on iOS now properly refresh after server container restarts, resolving freezing issues by automatically unregistering service workers when version or deployment changes are detected. [#&#8203;19316](https://github.com/open-webui/open-webui/pull/19316) - 🗄️ S3 Vectors collection detection now correctly handles buckets with more than 2000 indexes by using direct index lookup instead of paginated list scanning, improving performance by approximately 8x and enabling RAG queries to work reliably at scale. [#&#8203;19238](https://github.com/open-webui/open-webui/pull/19238), [#&#8203;19233](https://github.com/open-webui/open-webui/issues/19233) - 📈 Feedback retrieval performance was optimized by eliminating N+1 query patterns through database joins, adding server-side pagination and sorting, significantly reducing database load for instances with large feedback datasets. [#&#8203;17976](https://github.com/open-webui/open-webui/pull/17976) - 🔍 Chat search now works correctly with PostgreSQL when chat data contains null bytes, with comprehensive sanitization preventing null bytes during data writes, cleaning existing data on read, and stripping null bytes during search queries to ensure reliable search functionality. [#&#8203;15616](https://github.com/open-webui/open-webui/issues/15616) - 🔍 Hybrid search with reranking now correctly handles attribute validation, preventing errors when collection results lack expected structure. [#&#8203;19025](https://github.com/open-webui/open-webui/pull/19025), [#&#8203;17046](https://github.com/open-webui/open-webui/issues/17046) - 🔎 Reranking functionality now works correctly after recent refactoring, resolving crashes caused by incorrect function argument handling. [#&#8203;19270](https://github.com/open-webui/open-webui/pull/19270) - 🤖 Azure OpenAI models now support the "reasoning\_effort" parameter, enabling proper configuration of reasoning capabilities for models like GPT-5.1 which default to no reasoning without this setting. [#&#8203;19290](https://github.com/open-webui/open-webui/issues/19290) - 🤖 Models with very long IDs can now be deleted correctly, resolving URL length limitations that previously prevented management operations on such models. [#&#8203;18230](https://github.com/open-webui/open-webui/pull/18230) - 🤖 Model-level streaming settings now correctly apply to API requests, ensuring "Stream Chat Response" toggle properly controls the streaming parameter. [#&#8203;19154](https://github.com/open-webui/open-webui/issues/19154) - 🖼️ Image editing configuration now correctly preserves independent OpenAI API endpoints and keys, preventing them from being overwritten by image generation settings. [#&#8203;19003](https://github.com/open-webui/open-webui/issues/19003) - 🎨 Gemini image edit settings now display correctly in the admin panel, fixing an incorrect configuration key reference that prevented proper rendering of edit options. [#&#8203;19200](https://github.com/open-webui/open-webui/pull/19200) - 🖌️ Image generation settings menu now loads correctly, resolving validation errors with AUTOMATIC1111 API authentication parameters. [#&#8203;19187](https://github.com/open-webui/open-webui/issues/19187), [#&#8203;19246](https://github.com/open-webui/open-webui/issues/19246) - 📅 Date formatting in chat search and admin user chat search now correctly respects the "DEFAULT\_LOCALE" environment variable, displaying dates according to the configured locale instead of always using MM/DD/YYYY format. [#&#8203;19305](https://github.com/open-webui/open-webui/pull/19305), [#&#8203;19020](https://github.com/open-webui/open-webui/issues/19020) - 📝 RAG template query placeholder escaping logic was corrected to prevent unintended replacements of context values when query placeholders appear in retrieved content. [#&#8203;19102](https://github.com/open-webui/open-webui/pull/19102), [#&#8203;19101](https://github.com/open-webui/open-webui/issues/19101) - 📄 RAG template prompt duplication was eliminated by removing redundant user query section from the default template. [#&#8203;19099](https://github.com/open-webui/open-webui/pull/19099), [#&#8203;19098](https://github.com/open-webui/open-webui/issues/19098) - 📋 MinerU local mode configuration no longer incorrectly requires an API key, allowing proper use of local content extraction without external API credentials. [#&#8203;19258](https://github.com/open-webui/open-webui/issues/19258) - 📊 Excel file uploads now work correctly with the addition of the missing msoffcrypto-tool dependency, resolving import errors introduced by the unstructured package upgrade. [#&#8203;19153](https://github.com/open-webui/open-webui/issues/19153) - 📑 Docling parameters now properly handle JSON serialization, preventing exceptions and ensuring configuration changes are saved correctly. [#&#8203;19072](https://github.com/open-webui/open-webui/pull/19072) - 🛠️ UserValves configuration now correctly isolates settings per tool, preventing configuration contamination when multiple tools with UserValves are used simultaneously. [#&#8203;19185](https://github.com/open-webui/open-webui/pull/19185), [#&#8203;15569](https://github.com/open-webui/open-webui/issues/15569) - 🔧 Tool selection prompt now correctly handles user messages without duplication, removing redundant query prefixes and improving prompt clarity. [#&#8203;19122](https://github.com/open-webui/open-webui/pull/19122), [#&#8203;19121](https://github.com/open-webui/open-webui/issues/19121) - 📝 Notes chat feature now correctly submits messages to the completions endpoint, resolving errors that prevented AI model interactions. [#&#8203;19079](https://github.com/open-webui/open-webui/pull/19079) - 📝 Note PDF downloads now sanitize HTML content using DOMPurify before rendering, preventing potential DOM-based XSS attacks from malicious content in notes. [Commit](https://github.com/open-webui/open-webui/commit/03cc6ce8eb5c055115406e2304fbf7e3338b8dce) - 📁 Archived chats now have their folder associations automatically removed to prevent unintended deletion when their previous folder is deleted. [#&#8203;14578](https://github.com/open-webui/open-webui/issues/14578) - 🔐 ElevenLabs API key is now properly obfuscated in the admin settings page, preventing plain text exposure of sensitive credentials. [#&#8203;19262](https://github.com/open-webui/open-webui/pull/19262), [#&#8203;19260](https://github.com/open-webui/open-webui/issues/19260) - 🔧 MCP OAuth server metadata discovery now follows the correct specification order, ensuring proper authentication flow compliance. [#&#8203;19244](https://github.com/open-webui/open-webui/pull/19244) - 🔒 API key endpoint restrictions now properly enforce access controls for all endpoints including SCIM, preventing unintended access when "API\_KEY\_ALLOWED\_ENDPOINTS" is configured. [#&#8203;19168](https://github.com/open-webui/open-webui/issues/19168) - 🔓 OAuth role claim parsing now supports both flat and nested claim structures, enabling compatibility with OAuth providers that deliver claims as direct properties on the user object rather than nested structures. [#&#8203;19286](https://github.com/open-webui/open-webui/pull/19286) - 🔑 OAuth MCP server verification now correctly extracts the access token value for authorization headers instead of sending the entire token dictionary. [#&#8203;19149](https://github.com/open-webui/open-webui/pull/19149), [#&#8203;19148](https://github.com/open-webui/open-webui/issues/19148) - ⚙️ OAuth dynamic client registration now correctly converts empty strings to None for optional fields, preventing validation failures in MCP package integration. [#&#8203;19144](https://github.com/open-webui/open-webui/pull/19144), [#&#8203;19129](https://github.com/open-webui/open-webui/issues/19129) - 🔐 OIDC authentication now correctly passes client credentials in access token requests, ensuring compatibility with providers that require these parameters per RFC 6749. [#&#8203;19132](https://github.com/open-webui/open-webui/pull/19132), [#&#8203;19131](https://github.com/open-webui/open-webui/issues/19131) - 🔗 OAuth client creation now respects configured token endpoint authentication methods instead of defaulting to basic authentication, preventing failures with servers that don't support basic auth. [#&#8203;19165](https://github.com/open-webui/open-webui/pull/19165) - 📋 Text copied from chat responses in Chrome now pastes without background formatting, improving readability when pasting into word processors. [#&#8203;19083](https://github.com/open-webui/open-webui/issues/19083) ##### Changed - 🗄️ Group membership data storage was refactored from JSON arrays to a dedicated relational database table, significantly improving query performance and scalability for instances with large numbers of users and groups, while API responses now return member counts instead of full user ID arrays. [#&#8203;19239](https://github.com/open-webui/open-webui/pull/19239) - 📄 MinerU parameter handling was refactored to pass parameters directly to the API, improving flexibility and fixing VLM backend configuration. [#&#8203;19105](https://github.com/open-webui/open-webui/pull/19105), [#&#8203;18446](https://github.com/open-webui/open-webui/discussions/18446) - 🔐 API key creation is now controlled by granular user and group permissions, with the "ENABLE\_API\_KEY" environment variable renamed to "ENABLE\_API\_KEYS" and disabled by default, requiring explicit configuration at both the global and user permission levels, while related environment variables "ENABLE\_API\_KEY\_ENDPOINT\_RESTRICTIONS" and "API\_KEY\_ALLOWED\_ENDPOINTS" were renamed to "ENABLE\_API\_KEYS\_ENDPOINT\_RESTRICTIONS" and "API\_KEYS\_ALLOWED\_ENDPOINTS" respectively. [#&#8203;18336](https://github.com/open-webui/open-webui/pull/18336) > \[!TIP]\ > **Looking for an [Enterprise Plan](https://docs.openwebui.com/enterprise)?** – **[Speak with Our Sales Team Today!](mailto:sales@openwebui.com)** > > Get **enhanced capabilities**, including **custom theming and branding**, **Service Level Agreement (SLA) support**, and **more!** 👏 Massive thanks to our incredible contributors for their hard work and dedication to making this release possible: [@&#8203;Davixk](https://github.com/Davixk), [@&#8203;podden](https://github.com/podden), [@&#8203;ShirasawaSama](https://github.com/ShirasawaSama), [@&#8203;jekuaitk](https://github.com/jekuaitk), [@&#8203;sanglt](https://github.com/sanglt), [@&#8203;shargyle](https://github.com/shargyle), [@&#8203;aindriu80](https://github.com/aindriu80), [@&#8203;krishna-medapati](https://github.com/krishna-medapati), [@&#8203;lazariv](https://github.com/lazariv), [@&#8203;FlorentMair80](https://github.com/FlorentMair80), [@&#8203;mikkeschiren](https://github.com/mikkeschiren), [@&#8203;joaoback](https://github.com/joaoback), [@&#8203;Cyp9715](https://github.com/Cyp9715), [@&#8203;aleixdorca](https://github.com/aleixdorca), [@&#8203;silentoplayz](https://github.com/silentoplayz), [@&#8203;gerhardj-b](https://github.com/gerhardj-b), [@&#8203;siwadon-jay](https://github.com/siwadon-jay), [@&#8203;jmleksan](https://github.com/jmleksan), [@&#8203;dannyl1u](https://github.com/dannyl1u), [@&#8203;rgaricano](https://github.com/rgaricano), [@&#8203;Kylapaallikko](https://github.com/Kylapaallikko), [@&#8203;Classic298](https://github.com/Classic298), [@&#8203;expruc](https://github.com/expruc), [@&#8203;tomhaynes](https://github.com/tomhaynes), [@&#8203;diwakar-s-maurya](https://github.com/diwakar-s-maurya), [@&#8203;xqqp](https://github.com/xqqp), [@&#8203;logan-hcg](https://github.com/logan-hcg), [@&#8203;BlakeTnr](https://github.com/BlakeTnr), [@&#8203;siavashvj](https://github.com/siavashvj), [@&#8203;Oleg52](https://github.com/Oleg52), [@&#8203;sihyeonn](https://github.com/sihyeonn), [@&#8203;davecrab](https://github.com/davecrab), [@&#8203;matiboux](https://github.com/matiboux), [@&#8203;adam-skalicky](https://github.com/adam-skalicky) #### Sponsors 🙌 🚀 We'd like to extend a heartfelt thank you to our amazing sponsors for their generous support (Note: We've excluded private sponsors from this list. If you'd like to get featured here, feel free to reach out to us!) [@&#8203;amd](https://github.com/amd), [@&#8203;roosi-gmbh](https://github.com/roosi-gmbh), [@&#8203;rndmcnlly](https://github.com/rndmcnlly), [@&#8203;feddersen-group](https://github.com/feddersen-group), [@&#8203;SRKConsulting](https://github.com/SRKConsulting), [@&#8203;mushmax](https://github.com/mushmax), [@&#8203;icanbwell](https://github.com/icanbwell), [@&#8203;agency-agency](https://github.com/agency-agency), [@&#8203;Classic298](https://github.com/Classic298), [@&#8203;loitragg](https://github.com/loitragg), [@&#8203;haka4githu6](https://github.com/haka4githu6), [@&#8203;silenceroom](https://github.com/silenceroom), [@&#8203;GenieDev101](https://github.com/GenieDev101), [@&#8203;CubicleGangster](https://github.com/CubicleGangster), [@&#8203;TOWaB](https://github.com/TOWaB), [@&#8203;comet-ml](https://github.com/comet-ml), [@&#8203;FominVO](https://github.com/FominVO), [@&#8203;catalyst-net-nz](https://github.com/catalyst-net-nz), [@&#8203;JrdnHans](https://github.com/JrdnHans), [@&#8203;hkosm](https://github.com/hkosm), [@&#8203;VeroFess](https://github.com/VeroFess), [@&#8203;joaoback](https://github.com/joaoback), [@&#8203;walsermedia](https://github.com/walsermedia), [@&#8203;LuxTronic](https://github.com/LuxTronic) ### [`v0.6.37`](https://github.com/open-webui/open-webui/blob/HEAD/CHANGELOG.md#0637---2025-11-24) [Compare Source](https://github.com/open-webui/open-webui/compare/v0.6.36...v0.6.37) ##### Added - 🔐 Granular sharing permissions are now available with two-tiered control separating group sharing from public sharing, allowing administrators to independently configure whether users can share workspace items with groups or make them publicly accessible, with separate permission toggles for models, knowledge bases, prompts, tools, and notes, configurable via "USER\_PERMISSIONS\_WORKSPACE\_MODELS\_ALLOW\_SHARING", "USER\_PERMISSIONS\_WORKSPACE\_MODELS\_ALLOW\_PUBLIC\_SHARING", and corresponding environment variables for other workspace item types, while groups can now be configured to opt-out of sharing via the "Allow Group Sharing" setting. [Commit](https://github.com/open-webui/open-webui/commit/7be750bcbb40da91912a0a66b7ab791effdcc3b6), [Commit](https://github.com/open-webui/open-webui/commit/f69e37a8507d6d57382d6670641b367f3127f90a) - 🔐 Password policy enforcement is now available with configurable validation rules, allowing administrators to require specific password complexity requirements via "ENABLE\_PASSWORD\_VALIDATION" and "PASSWORD\_VALIDATION\_REGEX\_PATTERN" environment variables, with default pattern requiring minimum 8 characters including uppercase, lowercase, digit, and special character. [#&#8203;17794](https://github.com/open-webui/open-webui/pull/17794) - 🔐 Granular import and export permissions are now available for workspace items, introducing six separate permission toggles for models, prompts, and tools that are disabled by default for enhanced security. [#&#8203;19242](https://github.com/open-webui/open-webui/pull/19242) - 👥 Default group assignment is now available for new users, allowing administrators to automatically assign newly registered users to a specified group for streamlined access control to models, prompts, and tools, particularly useful for organizations with group-based model access policies. [#&#8203;19325](https://github.com/open-webui/open-webui/pull/19325), [#&#8203;17842](https://github.com/open-webui/open-webui/issues/17842) - 🔒 Password-based authentication can now be fully disabled via "ENABLE\_PASSWORD\_AUTH" environment variable, enforcing SSO-only authentication and preventing password login fallback when SSO is configured. [#&#8203;19113](https://github.com/open-webui/open-webui/pull/19113) - 🖼️ Large stream chunk handling was implemented to support models that generate images directly in their output responses, with configurable buffer size via "CHAT\_STREAM\_RESPONSE\_CHUNK\_MAX\_BUFFER\_SIZE" environment variable, resolving compatibility issues with models like Gemini 2.5 Flash Image. [#&#8203;18884](https://github.com/open-webui/open-webui/pull/18884), [#&#8203;17626](https://github.com/open-webui/open-webui/issues/17626) - 🖼️ Streaming response middleware now handles images in delta updates with automatic base64 conversion, enabling proper display of images from models using the "choices\[0].delta.images.image\_url" format such as Gemini 2.5 Flash Image Preview on OpenRouter. [#&#8203;19073](https://github.com/open-webui/open-webui/pull/19073), [#&#8203;19019](https://github.com/open-webui/open-webui/issues/19019) - 📈 Model list API performance was optimized by pre-fetching user group memberships and removing profile image URLs from response payloads, significantly reducing both database queries and payload size for instances with large model lists, with profile images now served dynamically via dedicated endpoints. [#&#8203;19097](https://github.com/open-webui/open-webui/pull/19097), [#&#8203;18950](https://github.com/open-webui/open-webui/issues/18950) - ⏩ Batch file processing performance was improved by reducing database queries by 67% while ensuring data consistency between vector and relational databases. [#&#8203;18953](https://github.com/open-webui/open-webui/pull/18953) - 🚀 Chat import performance was dramatically improved by replacing individual per-chat API requests with a bulk import endpoint, reducing import time by up to 95% for large chat collections and providing user feedback via toast notifications displaying the number of successfully imported chats. [#&#8203;17861](https://github.com/open-webui/open-webui/pull/17861) - ⚡ Socket event broadcasting performance was optimized by implementing user-specific rooms, significantly reducing server overhead particularly for users with multiple concurrent sessions. [#&#8203;18996](https://github.com/open-webui/open-webui/pull/18996) - 🗄️ Weaviate is now supported as a vector database option, providing an additional choice for RAG document storage alongside existing ChromaDB, Milvus, Qdrant, and OpenSearch integrations. [#&#8203;14747](https://github.com/open-webui/open-webui/pull/14747) - 🗄️ PostgreSQL pgvector now supports HNSW index types and large dimensional embeddings exceeding 2000 dimensions through automatic halfvec type selection, with configurable index methods via "PGVECTOR\_INDEX\_METHOD", "PGVECTOR\_HNSW\_M", "PGVECTOR\_HNSW\_EF\_CONSTRUCTION", and "PGVECTOR\_IVFFLAT\_LISTS" environment variables. [#&#8203;19158](https://github.com/open-webui/open-webui/pull/19158), [#&#8203;16890](https://github.com/open-webui/open-webui/issues/16890) - 🔍 Azure AI Search is now supported as a web search provider, enabling integration with Azure's cognitive search services via "AZURE\_AI\_SEARCH\_API\_KEY", "AZURE\_AI\_SEARCH\_ENDPOINT", and "AZURE\_AI\_SEARCH\_INDEX\_NAME" configuration. [#&#8203;19104](https://github.com/open-webui/open-webui/pull/19104) - ⚡ External embedding generation now processes API requests in parallel instead of sequential batches, reducing document processing time by 10-50x when using OpenAI, Azure OpenAI, or Ollama embedding providers, with large PDFs now processing in seconds instead of minutes. [#&#8203;19296](https://github.com/open-webui/open-webui/pull/19296) - 💨 Base64 image conversion is now available for markdown content in chat responses, automatically uploading embedded images exceeding 1KB and replacing them with file URLs to reduce payload size and resource consumption, configurable via "REPLACE\_IMAGE\_URLS\_IN\_CHAT\_RESPONSE" environment variable. [#&#8203;19076](https://github.com/open-webui/open-webui/pull/19076) - 🎨 OpenAI image generation now supports additional API parameters including quality settings for GPT Image 1, configurable via "IMAGES\_OPENAI\_API\_PARAMS" environment variable or through the admin interface, enabling cost-effective image generation with low, medium, or high quality options. [#&#8203;19228](https://github.com/open-webui/open-webui/issues/19228) - 🖼️ Image editing can now be independently enabled or disabled via admin settings, allowing administrators to control whether sequential image prompts trigger image editing or new image generation, configurable via "ENABLE\_IMAGE\_EDIT" environment variable. [#&#8203;19284](https://github.com/open-webui/open-webui/issues/19284) - 🔐 SSRF protection was implemented with a configurable URL blocklist that prevents access to cloud metadata endpoints and private networks, with default protections for AWS, Google Cloud, Azure, and Alibaba Cloud metadata services, customizable via "WEB\_FETCH\_FILTER\_LIST" environment variable. [#&#8203;19201](https://github.com/open-webui/open-webui/pull/19201) - ⚡ Workspace models page now supports server-side pagination dramatically improving load times and usability for instances with large numbers of workspace models. - 🔍 Hybrid search now indexes file metadata including filenames, titles, headings, sources, and snippets alongside document content, enabling keyword queries to surface documents where search terms appear only in metadata, configurable via "ENABLE\_RAG\_HYBRID\_SEARCH\_ENRICHED\_TEXTS" environment variable. [#&#8203;19095](https://github.com/open-webui/open-webui/pull/19095) - 📂 Knowledge base upload page now supports folder drag-and-drop with recursive directory handling, enabling batch uploads of entire directory structures instead of requiring individual file selection. [#&#8203;19320](https://github.com/open-webui/open-webui/pull/19320) - 🤖 Model cloning is now available in admin settings, allowing administrators to quickly create workspace models based on existing base models through a "Clone" option in the model dropdown menu. [#&#8203;17937](https://github.com/open-webui/open-webui/pull/17937) - 🎨 UI scale adjustment is now available in interface settings, allowing users to increase the size of the entire interface from 1.0x to 1.5x for improved accessibility and readability, particularly beneficial for users with visual impairments. [#&#8203;19186](https://github.com/open-webui/open-webui/pull/19186) - 📌 Default pinned models can now be configured by administrators for all new users, mirroring the behavior of default models where admin-configured defaults apply only to users who haven't customized their pinned models, configurable via "DEFAULT\_PINNED\_MODELS" environment variable. [#&#8203;19273](https://github.com/open-webui/open-webui/pull/19273) - 🎙️ Text-to-Speech and Speech-to-Text services now receive user information headers when "ENABLE\_FORWARD\_USER\_INFO\_HEADERS" is enabled, allowing external TTS and STT providers to implement user-specific personalization, rate limiting, and usage tracking. [#&#8203;19323](https://github.com/open-webui/open-webui/pull/19323), [#&#8203;19312](https://github.com/open-webui/open-webui/issues/19312) - 🎙️ Voice mode now supports custom system prompts via "VOICE\_MODE\_PROMPT\_TEMPLATE" configuration, allowing administrators to control response style and behavior for voice interactions. [#&#8203;18607](https://github.com/open-webui/open-webui/pull/18607) - 🔧 WebSocket and Redis configuration options are now available including debug logging controls, custom ping timeout and interval settings, and arbitrary Redis connection options via "WEBSOCKET\_SERVER\_LOGGING", "WEBSOCKET\_SERVER\_ENGINEIO\_LOGGING", "WEBSOCKET\_SERVER\_PING\_TIMEOUT", "WEBSOCKET\_SERVER\_PING\_INTERVAL", and "WEBSOCKET\_REDIS\_OPTIONS" environment variables. [#&#8203;19091](https://github.com/open-webui/open-webui/pull/19091) - 🔧 MCP OAuth dynamic client registration now automatically detects and uses the appropriate token endpoint authentication method from server-supported options, enabling compatibility with OAuth servers that only support "client\_secret\_basic" instead of "client\_secret\_post". [#&#8203;19193](https://github.com/open-webui/open-webui/issues/19193) - 🔧 Custom headers can now be configured for remote MCP and OpenAPI tool server connections, enabling integration with services that require additional authentication headers. [#&#8203;18918](https://github.com/open-webui/open-webui/issues/18918) - 🔍 Perplexity Search now supports custom API endpoints via "PERPLEXITY\_SEARCH\_API\_URL" configuration and automatically forwards user information headers to enable personalized search experiences. [#&#8203;19147](https://github.com/open-webui/open-webui/pull/19147) - 🔍 User information headers can now be optionally forwarded to external web search engines when "ENABLE\_FORWARD\_USER\_INFO\_HEADERS" is enabled. [#&#8203;19043](https://github.com/open-webui/open-webui/pull/19043) - 📊 Daily active user metric is now available for monitoring, tracking unique users active since midnight UTC via the "webui.users.active.today" Prometheus gauge. [#&#8203;19236](https://github.com/open-webui/open-webui/pull/19236), [#&#8203;19234](https://github.com/open-webui/open-webui/issues/19234) - 📊 Audit log file path is now configurable via "AUDIT\_LOGS\_FILE\_PATH" environment variable, enabling storage in separate volumes or custom locations. [#&#8203;19173](https://github.com/open-webui/open-webui/pull/19173) - 🎨 Sidebar collapse states for model lists and group information are now persistent across page refreshes, remembering user preferences through browser-based storage. [#&#8203;19159](https://github.com/open-webui/open-webui/issues/19159) - 🎨 Background image display was enhanced with semi-transparent overlays for navbar and sidebar, creating a seamless and visually cohesive design across the entire interface. [#&#8203;19157](https://github.com/open-webui/open-webui/issues/19157) - 📋 Tables in chat messages now include a copy button that appears on hover, enabling quick copying of table content alongside the existing CSV export functionality. [#&#8203;19162](https://github.com/open-webui/open-webui/issues/19162) - 📝 Notes can now be created directly via the "/notes/new" URL endpoint with optional title and content query parameters, enabling faster note creation through bookmarks and shortcuts. [#&#8203;19195](https://github.com/open-webui/open-webui/issues/19195) - 🏷️ Tag suggestions are now context-aware, displaying only relevant tags when creating or editing models versus chat conversations, preventing confusion between model and chat tags. [#&#8203;19135](https://github.com/open-webui/open-webui/issues/19135) - ✍️ Prompt autocompletion is now available independently of the rich text input setting, improving accessibility to the feature. [#&#8203;19150](https://github.com/open-webui/open-webui/issues/19150) - 🔄 Various improvements were implemented across the frontend and backend to enhance performance, stability, and security. - 🌐 Translations for Simplified Chinese, Traditional Chinese, Portuguese (Brazil), Catalan, Spanish (Spain), Finnish, Irish, Farsi, Swedish, Danish, German, Korean, and Thai were improved and expanded. ##### Fixed - 🤖 Model update functionality now works correctly, resolving a database parameter binding error that prevented saving changes to model configurations via the Save & Update button. [#&#8203;19335](https://github.com/open-webui/open-webui/issues/19335) - 🖼️ Multiple input images for image editing and generation are now correctly passed as an array using the "image\[]" parameter syntax, enabling proper multi-image reference functionality with models like GPT Image 1. [#&#8203;19339](https://github.com/open-webui/open-webui/issues/19339) - 📱 PWA installations on iOS now properly refresh after server container restarts, resolving freezing issues by automatically unregistering service workers when version or deployment changes are detected. [#&#8203;19316](https://github.com/open-webui/open-webui/pull/19316) - 🗄️ S3 Vectors collection detection now correctly handles buckets with more than 2000 indexes by using direct index lookup instead of paginated list scanning, improving performance by approximately 8x and enabling RAG queries to work reliably at scale. [#&#8203;19238](https://github.com/open-webui/open-webui/pull/19238), [#&#8203;19233](https://github.com/open-webui/open-webui/issues/19233) - 📈 Feedback retrieval performance was optimized by eliminating N+1 query patterns through database joins, adding server-side pagination and sorting, significantly reducing database load for instances with large feedback datasets. [#&#8203;17976](https://github.com/open-webui/open-webui/pull/17976) - 🔍 Chat search now works correctly with PostgreSQL when chat data contains null bytes, with comprehensive sanitization preventing null bytes during data writes, cleaning existing data on read, and stripping null bytes during search queries to ensure reliable search functionality. [#&#8203;15616](https://github.com/open-webui/open-webui/issues/15616) - 🔍 Hybrid search with reranking now correctly handles attribute validation, preventing errors when collection results lack expected structure. [#&#8203;19025](https://github.com/open-webui/open-webui/pull/19025), [#&#8203;17046](https://github.com/open-webui/open-webui/issues/17046) - 🔎 Reranking functionality now works correctly after recent refactoring, resolving crashes caused by incorrect function argument handling. [#&#8203;19270](https://github.com/open-webui/open-webui/pull/19270) - 🤖 Azure OpenAI models now support the "reasoning\_effort" parameter, enabling proper configuration of reasoning capabilities for models like GPT-5.1 which default to no reasoning without this setting. [#&#8203;19290](https://github.com/open-webui/open-webui/issues/19290) - 🤖 Models with very long IDs can now be deleted correctly, resolving URL length limitations that previously prevented management operations on such models. [#&#8203;18230](https://github.com/open-webui/open-webui/pull/18230) - 🤖 Model-level streaming settings now correctly apply to API requests, ensuring "Stream Chat Response" toggle properly controls the streaming parameter. [#&#8203;19154](https://github.com/open-webui/open-webui/issues/19154) - 🖼️ Image editing configuration now correctly preserves independent OpenAI API endpoints and keys, preventing them from being overwritten by image generation settings. [#&#8203;19003](https://github.com/open-webui/open-webui/issues/19003) - 🎨 Gemini image edit settings now display correctly in the admin panel, fixing an incorrect configuration key reference that prevented proper rendering of edit options. [#&#8203;19200](https://github.com/open-webui/open-webui/pull/19200) - 🖌️ Image generation settings menu now loads correctly, resolving validation errors with AUTOMATIC1111 API authentication parameters. [#&#8203;19187](https://github.com/open-webui/open-webui/issues/19187), [#&#8203;19246](https://github.com/open-webui/open-webui/issues/19246) - 📅 Date formatting in chat search and admin user chat search now correctly respects the "DEFAULT\_LOCALE" environment variable, displaying dates according to the configured locale instead of always using MM/DD/YYYY format. [#&#8203;19305](https://github.com/open-webui/open-webui/pull/19305), [#&#8203;19020](https://github.com/open-webui/open-webui/issues/19020) - 📝 RAG template query placeholder escaping logic was corrected to prevent unintended replacements of context values when query placeholders appear in retrieved content. [#&#8203;19102](https://github.com/open-webui/open-webui/pull/19102), [#&#8203;19101](https://github.com/open-webui/open-webui/issues/19101) - 📄 RAG template prompt duplication was eliminated by removing redundant user query section from the default template. [#&#8203;19099](https://github.com/open-webui/open-webui/pull/19099), [#&#8203;19098](https://github.com/open-webui/open-webui/issues/19098) - 📋 MinerU local mode configuration no longer incorrectly requires an API key, allowing proper use of local content extraction without external API credentials. [#&#8203;19258](https://github.com/open-webui/open-webui/issues/19258) - 📊 Excel file uploads now work correctly with the addition of the missing msoffcrypto-tool dependency, resolving import errors introduced by the unstructured package upgrade. [#&#8203;19153](https://github.com/open-webui/open-webui/issues/19153) - 📑 Docling parameters now properly handle JSON serialization, preventing exceptions and ensuring configuration changes are saved correctly. [#&#8203;19072](https://github.com/open-webui/open-webui/pull/19072) - 🛠️ UserValves configuration now correctly isolates settings per tool, preventing configuration contamination when multiple tools with UserValves are used simultaneously. [#&#8203;19185](https://github.com/open-webui/open-webui/pull/19185), [#&#8203;15569](https://github.com/open-webui/open-webui/issues/15569) - 🔧 Tool selection prompt now correctly handles user messages without duplication, removing redundant query prefixes and improving prompt clarity. [#&#8203;19122](https://github.com/open-webui/open-webui/pull/19122), [#&#8203;19121](https://github.com/open-webui/open-webui/issues/19121) - 📝 Notes chat feature now correctly submits messages to the completions endpoint, resolving errors that prevented AI model interactions. [#&#8203;19079](https://github.com/open-webui/open-webui/pull/19079) - 📝 Note PDF downloads now sanitize HTML content using DOMPurify before rendering, preventing potential DOM-based XSS attacks from malicious content in notes. [Commit](https://github.com/open-webui/open-webui/commit/03cc6ce8eb5c055115406e2304fbf7e3338b8dce) - 📁 Archived chats now have their folder associations automatically removed to prevent unintended deletion when their previous folder is deleted. [#&#8203;14578](https://github.com/open-webui/open-webui/issues/14578) - 🔐 ElevenLabs API key is now properly obfuscated in the admin settings page, preventing plain text exposure of sensitive credentials. [#&#8203;19262](https://github.com/open-webui/open-webui/pull/19262), [#&#8203;19260](https://github.com/open-webui/open-webui/issues/19260) - 🔧 MCP OAuth server metadata discovery now follows the correct specification order, ensuring proper authentication flow compliance. [#&#8203;19244](https://github.com/open-webui/open-webui/pull/19244) - 🔒 API key endpoint restrictions now properly enforce access controls for all endpoints including SCIM, preventing unintended access when "API\_KEY\_ALLOWED\_ENDPOINTS" is configured. [#&#8203;19168](https://github.com/open-webui/open-webui/issues/19168) - 🔓 OAuth role claim parsing now supports both flat and nested claim structures, enabling compatibility with OAuth providers that deliver claims as direct properties on the user object rather than nested structures. [#&#8203;19286](https://github.com/open-webui/open-webui/pull/19286) - 🔑 OAuth MCP server verification now correctly extracts the access token value for authorization headers instead of sending the entire token dictionary. [#&#8203;19149](https://github.com/open-webui/open-webui/pull/19149), [#&#8203;19148](https://github.com/open-webui/open-webui/issues/19148) - ⚙️ OAuth dynamic client registration now correctly converts empty strings to None for optional fields, preventing validation failures in MCP package integration. [#&#8203;19144](https://github.com/open-webui/open-webui/pull/19144), [#&#8203;19129](https://github.com/open-webui/open-webui/issues/19129) - 🔐 OIDC authentication now correctly passes client credentials in access token requests, ensuring compatibility with providers that require these parameters per RFC 6749. [#&#8203;19132](https://github.com/open-webui/open-webui/pull/19132), [#&#8203;19131](https://github.com/open-webui/open-webui/issues/19131) - 🔗 OAuth client creation now respects configured token endpoint authentication methods instead of defaulting to basic authentication, preventing failures with servers that don't support basic auth. [#&#8203;19165](https://github.com/open-webui/open-webui/pull/19165) - 📋 Text copied from chat responses in Chrome now pastes without background formatting, improving readability when pasting into word processors. [#&#8203;19083](https://github.com/open-webui/open-webui/issues/19083) ##### Changed - 🗄️ Group membership data storage was refactored from JSON arrays to a dedicated relational database table, significantly improving query performance and scalability for instances with large numbers of users and groups, while API responses now return member counts instead of full user ID arrays. [#&#8203;19239](https://github.com/open-webui/open-webui/pull/19239) - 📄 MinerU parameter handling was refactored to pass parameters directly to the API, improving flexibility and fixing VLM backend configuration. [#&#8203;19105](https://github.com/open-webui/open-webui/pull/19105), [#&#8203;18446](https://github.com/open-webui/open-webui/discussions/18446) - 🔐 API key creation is now controlled by granular user and group permissions, with the "ENABLE\_API\_KEY" environment variable renamed to "ENABLE\_API\_KEYS" and disabled by default, requiring explicit configuration at both the global and user permission levels, while related environment variables "ENABLE\_API\_KEY\_ENDPOINT\_RESTRICTIONS" and "API\_KEY\_ALLOWED\_ENDPOINTS" were renamed to "ENABLE\_API\_KEYS\_ENDPOINT\_RESTRICTIONS" and "API\_KEYS\_ALLOWED\_ENDPOINTS" respectively. [#&#8203;18336](https://github.com/open-webui/open-webui/pull/18336) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41LjAiLCJ1cGRhdGVkSW5WZXIiOiI0Mi41LjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImF1dG9tZXJnZSIsImltYWdlIl19-->
renovate-bot added the automergeimage labels 2025-11-24 05:20:36 +00:00
renovate-bot added 1 commit 2025-11-24 05:20:37 +00:00
Update ghcr.io/open-webui/open-webui Docker tag to v0.6.37
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / helm-lint (pull_request) Successful in 17s
Details
c0031798d4
renovate-bot scheduled this pull request to auto merge when all checks succeed 2025-11-24 05:20:39 +00:00
renovate-bot merged commit 08eb720537 into main 2025-11-24 05:20:44 +00:00
renovate-bot deleted branch renovate/ghcr.io-open-webui-open-webui-0.x 2025-11-24 05:20:46 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Renovate
Issue generated by Renovate.
 automerge
This PR will be automerged by Renovate.
 chart
Chart update generated by Renovate.
 image
Image update generated by Renovate.
 stale
PR or Issue that has not been updated recently.
No Label automerge image
Milestone
No items
No Milestone
Assignees
Clear assignees
gitea-bot renovate-bot alexlebens
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: alexlebens/infrastructure#2091
Delete Branch "renovate/ghcr.io-open-webui-open-webui-0.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?