alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions Activity

chore(deps): update ghcr.io/open-webui/open-webui docker tag to v0.8.12 #5212

Merged
renovate-bot merged 1 commits from renovate/unified-open-webuiopen-webui into main 2026-03-28 01:41:09 +00:00
Conversation 0 Commits 1 Files Changed 1 +1 -1
renovate-bot commented 2026-03-28 01:40:59 +00:00
Collaborator
Copy Link

This PR contains the following updates:

Package Update Change
ghcr.io/open-webui/open-webui patch v0.8.10v0.8.12

Release Notes

open-webui/open-webui (ghcr.io/open-webui/open-webui)

v0.8.12

Compare Source

Added
  • 🌐 Translation updates. Translations for Simplified Chinese, Catalan, Portuguese (Brazil), Finnish, and Lithuanian were enhanced and expanded.
Fixed
  • 🔒 Terminal server connection security. Terminal server verification and policy saving now proxy through the backend, preventing API key exposure and CORS errors when connecting to in-cluster services. Commit, Commit
  • 🛠️ Terminal tools exception handling. Exceptions in middleware.py due to invalid return values from get_terminal_tools() have been resolved. Commit
  • 📦 Missing beautifulsoup4 dependency. Users can now start Open WebUI using uvx without encountering the "bs4 module missing" error. Commit
  • 🔌 API files list error. The /api/v1/files/ endpoint no longer returns a 500 error, fixing a regression that prevented file listing via the API. Commit
  • 📜 License data loading. License data now loads correctly, displaying the expected color and logo in the interface. Commit
  • 👑 Admin model visibility. Administrators can now see models even when no access control is configured yet, allowing them to manage all available models. Commit
  • 📊 Tool call embed visibility. Rich UI embeds from tool calls (like visualizations) are now rendered outside collapsed groups and remain visible without requiring manual expansion. Commit, Commit

v0.8.12

Compare Source

Added
  • 🌐 Translation updates. Translations for Simplified Chinese, Catalan, Portuguese (Brazil), Finnish, and Lithuanian were enhanced and expanded.
Fixed
  • 🔒 Terminal server connection security. Terminal server verification and policy saving now proxy through the backend, preventing API key exposure and CORS errors when connecting to in-cluster services. Commit, Commit
  • 🛠️ Terminal tools exception handling. Exceptions in middleware.py due to invalid return values from get_terminal_tools() have been resolved. Commit
  • 📦 Missing beautifulsoup4 dependency. Users can now start Open WebUI using uvx without encountering the "bs4 module missing" error. Commit
  • 🔌 API files list error. The /api/v1/files/ endpoint no longer returns a 500 error, fixing a regression that prevented file listing via the API. Commit
  • 📜 License data loading. License data now loads correctly, displaying the expected color and logo in the interface. Commit
  • 👑 Admin model visibility. Administrators can now see models even when no access control is configured yet, allowing them to manage all available models. Commit
  • 📊 Tool call embed visibility. Rich UI embeds from tool calls (like visualizations) are now rendered outside collapsed groups and remain visible without requiring manual expansion. Commit, Commit

v0.8.11

Compare Source

Added
  • 🔀 Responses API streaming improvements. The OpenAI proxy now properly handles tool call streaming and re-invocations in the Responses API, preventing duplicate tool calls and preserving output during model re-invocations. Commit, Commit, Commit, Commit
  • 🔀 Responses API stateful sessions. Administrators can now enable experimental stateful session support via the ENABLE_RESPONSES_API_STATEFUL environment variable, allowing compatible backends to store responses server-side with previous_response_id anchoring for improved multi-turn conversations. Commit
  • 📄 File viewing pagination. The view_file and view_knowledge_file tools now support pagination with offset and max_chars parameters, allowing models to read large files in chunks. Commit
  • 🗺️ Knowledge search scoping. The search_knowledge_files tool now respects model-attached knowledge, searching only within attached knowledge bases and files when available. Commit
  • 🛠️ Tool HTML embed context. Tools can now return custom context alongside HTML embeds by using a tuple format, providing the LLM with actionable information instead of a generic message. #​22691
  • 🔒 Trusted role header configuration. Administrators can now configure the WEBUI_AUTH_TRUSTED_ROLE_HEADER environment variable to set user roles (admin, user, or pending) via a trusted header from their identity provider or reverse proxy. #​22523
  • 🔑 OIDC authorization parameter injection. Administrators can now inject extra parameters into the OIDC authorization redirect URL via the OAUTH_AUTHORIZE_PARAMS environment variable, enabling IdP pre-selection for brokers like CILogon and Keycloak. #​22863, Commit
  • 🔑 Google OAuth session persistence. Administrators can now configure Google OAuth to issue refresh tokens via the GOOGLE_OAUTH_AUTHORIZE_PARAMS environment variable, preventing OAuth sessions from expiring after one hour and ensuring tools and integrations that rely on OAuth tokens remain functional. #​22652
  • 🔌 Embed prompt confirmation. Interactive tool embeds can now submit prompts to the chat without requiring same-origin access, showing a confirmation dialog for cross-origin requests to prevent abuse. #​22908
  • 🏮 Tool binary response handling. Tool servers can now return binary data such as images, which are properly processed and displayed in chat for both multimodal and non-multimodal models. Commit, Commit
  • Svelte upgrade performance. Page and markdown rendering are now approximately 25% faster across the board, with significantly less memory usage for smoother UI interactions. #​22611
  • 🧩 Model and filter lookup optimization. Model and filter membership lookups are now faster thanks to optimized data structure operations during model list loading. Commit
  • 💨 Chat render throttling. Chat message rendering now uses requestAnimationFrame batching to stay smooth during rapid model responses, preventing dropped frames when fast models send many events per second. #​22947
  • 🚀 Function list API optimization. The functions list API now returns only essential metadata without function source code, reducing payload sizes by over 99% and making the Functions admin page load significantly faster. #​22788
  • Smoother loading animation. The loading shimmer animation now looks smoother and more natural, with softer highlight colors. #​22516
  • 🧪 Terminal connection verification. Users can now verify their terminal server connection is working before saving the configuration, making setup more reliable. #​22567
  • 📁 Chat folder emoji reset. Users can now reset chat folder emojis back to the default icon using a "Reset to Default" button in the emoji picker, making it easier to revert custom icons. #​22554
  • 📊 Metrics export interval configuration. Administrators can now control OpenTelemetry metrics export frequency via the OTEL_METRICS_EXPORT_INTERVAL_MILLIS environment variable, enabling cost optimization for metrics services like Grafana Cloud. #​22529
  • 🏥 Readiness probe endpoint. A new /ready endpoint is now available for Kubernetes deployments, returning 200 only after startup completes and database/Redis are reachable, enabling more reliable container orchestration. #​22507
  • 🔩 Tool server timeout configuration. Administrators can now configure a separate HTTP timeout for tool server requests via the AIOHTTP_CLIENT_TIMEOUT_TOOL_SERVER environment variable, enabling fine-tuned control over how long tool calls are allowed to take. Commit
  • 📌 Knowledge file previews. Knowledge base files can now be opened in a new tab directly from the file list, making it easier to view content without downloading. #​22629
  • 🎯 Knowledge tool hybrid search support. The built-in query_knowledge_files tool now respects hybrid search and reranking settings, matching the behavior of the middleware RAG pipeline. Commit
  • 🗣️ Temporary chat folder support. Temporary chats can now use folder-level system prompts and knowledge files, making them more powerful for quick explorations. Commit
  • 📡 Terminal port previews. Detected ports in the File Navigator can now be previewed inline with a browser-style view, navigation controls, and an address bar, instead of only opening in a new tab. Commit, Commit
  • ✏️ File renaming. Files and folders in the File Navigator can now be renamed by double-clicking or using the context menu, with Enter to confirm and Escape to cancel. Commit
  • 🧭 File Navigator navigation history. The File Navigator toolbar now includes Back and Forward buttons for navigating through folder and file history, similar to a web browser. Commit
  • 🗑️ Delete connection confirmations. Users are now prompted with a confirmation dialog before deleting connections, preventing accidental deletions. Commit
  • 📦 Document loader fallbacks. Excel and PowerPoint files can now be processed even when the unstructured package is not installed, using pandas and python-pptx as fallback loaders. Commit
  • 🧠 Memory management search and sort. Users can now search and sort their personal memories in the Memory management modal, making it easier to find specific memories. Commit
  • 📦 SBOM generation script. A new script for generating CycloneDX Software Bill of Materials is now available in the scripts directory. Commit
  • ⚙️ Ruff linter and formatter. Added Ruff as the Python linter and formatter, replacing the black-based workflow for better code quality with near-instant execution. #​22576, #​22462
  • 🖥️ Offline code formatting support. The black formatter for Python code editing is now bundled locally in the Docker image, enabling code formatting to work in air-gapped deployments where client browsers cannot reach PyPI. Formatting failures no longer block saves, allowing code to be preserved even when offline. #​22509, Commit
  • ✏️ Markdown file editing. Users can now edit and save Markdown files directly in the file navigator, with empty files automatically switching to editor mode for immediate editing. Commit
  • 🍔 Model bulk actions menu. Users can now quickly enable, disable, show, or hide multiple models at once using a new hamburger menu on the workspace Models page filter bar, with actions respecting the current search and filter settings. #​22484
  • 📂 Files list pagination. The files list API now supports pagination, returning paginated results with a total count for easier navigation through large file collections. Commit
  • 🖇 Web fetch content length config. Administrators can now configure the maximum characters to return from fetched URLs via WEB_FETCH_MAX_CONTENT_LENGTH environment variable or the admin settings page, instead of the previous hardcoded 50K limit. Commit, #​22774
  • 🤖 Ollama Anthropic endpoint support. The Ollama proxy now supports the Anthropic-compatible /v1/messages endpoint, allowing clients using the Anthropic API format to work through Open WebUI with proper authentication and model access controls. Commit, #​22861
  • 📝 Writing block rendering. Responses from OpenAI models that include :::writing blocks are now rendered as formatted content in a styled container with a copy button, instead of displaying raw marker text. #​22672, Commit
  • 💡 Memory deletion confirmation. Users are now asked to confirm before deleting individual memory entries, with the memory content displayed for review. #​22888
  • 📓 Multi-artifact HTML rendering. Code blocks with multiple HTML sections now render as separate artifacts instead of merging into one, allowing models to display distinct interactive components. Commit
  • 🚩 Drag chats as references. Users can now drag chats from the sidebar and drop them into the message input to add them as Reference Chats. Commit
  • ⌨️ Terminal system prompts. Terminal servers can now provide custom system prompts that are automatically included when their tools are used. Commit
  • 💾 Terminal state persistence. The selected terminal server and its enabled state now persist across page loads, making terminal usage more seamless. Commit
  • 💾 Terminal folder downloads. Users can now download folders as ZIP archives and bulk-download multiple selected files as a single ZIP directly from the File Navigator toolbar, making file exports faster and more convenient. Commit, Commit
  • 🔐 MCP OAuth 2.1 static credentials. MCP servers that require static client_id and client_secret can now be connected using a new OAuth 2.1 Static auth type, enabling integration with MCP servers that don't support dynamic client registration. #​22266, Commit
  • 🎪 Collapsible tool and thinking groups. Consecutive tool calls and reasoning blocks are now grouped into a single collapsible summary (e.g., "Explored tool1, tool2"), keeping chat responses clean and readable while preserving full detail on expand. #​21604, Commit
  • 🔄 General improvements. Various improvements were implemented across the application to enhance performance, stability, and security.
  • 🌐 Translations for Finnish, Portuguese (Portugal), Catalan, Turkish, Japanese, Simplified Chinese, Traditional Chinese, Estonian, Spanish, Azerbaijani, and German were enhanced and expanded.
Fixed
  • 🔒 Model access control bypass. Fixed a security vulnerability where external clients could bypass model access controls by setting a URL parameter, preventing unauthorized access to restricted models. Commit
  • 🛡️ Terminal proxy path sanitization. The terminal server proxy now properly sanitizes paths to prevent directory traversal and SSRF attacks, protecting against security vulnerabilities. Commit
  • 🛡️ Tool configuration access control. Tool configuration endpoints now properly verify user permissions, preventing unauthorized access to tool settings. Commit
  • 🗝️ Tool valves access control. The tool user valves endpoints now properly verify ownership and access grants before returning or updating configuration, with appropriate 404 responses for missing tools and 401 for unauthorized access. Commit
  • 🔐 Collaborative document authorization. Fixed a security vulnerability in collaborative documents where authorization could be bypassed using alternative document ID formats, preventing unauthorized access to notes. Commit
  • 🔏 OAuth session persistence. Users logging in via OAuth or OIDC providers now stay logged in for the configured JWT expiry duration instead of being logged out when closing the browser. #​22809
  • 🚪 OAuth sub claim configuration crash. Using the OAUTH_SUB_CLAIM environment variable no longer causes crashes during token exchange requests, fixing a missing configuration registration. #​22865
  • 🔍 OAuth discovery header parsing. The OAuth protected resource discovery now correctly handles both quoted and unquoted values in the WWW-Authenticate header, fixing compatibility with MCP servers that return unquoted metadata. #​22646, Commit
  • 👤 Admin OAuth group sync. Admin user group memberships from OAuth and LDAP providers are now properly synced to Open WebUI, fixing a limitation where admin role excluded users from group updates. #​22537, Commit
  • 🎫 Password change complexity validation. Password complexity rules are now properly enforced when users change their password, closing a security gap where new passwords could bypass configured complexity requirements. Commit
  • 🔏 OAuth role enforcement. OAuth role management now properly denies access when a user's roles don't match any configured OAUTH_ALLOWED_ROLES or OAUTH_ADMIN_ROLES, instead of silently bypassing the restriction. #​13676, #​15551, Commit
  • 🔑 Microsoft Entra ID role claim preservation. Role claims from Microsoft Entra ID tokens are now preserved during OAuth login, fixing ENABLE_OAUTH_ROLE_MANAGEMENT for Microsoft OAuth which was previously ignored because the userinfo endpoint stripped the roles claim. #​20518, Commit
  • 🔍 SCIM group filtering. The SCIM endpoint now properly handles displayName and externalId filters when provisioning groups from identity providers like Microsoft Entra ID, preventing all groups from being returned instead of the filtered subset. #​21543
  • 🔐 Forwarded allow IPs configuration. The FORWARDED_ALLOW_IPS environment variable is now properly respected by the startup scripts instead of being hardcoded to '*', allowing administrators to restrict which proxies are trusted for request forwarding. #​22539, Commit
  • 🍪 Model list auth cookie forwarding. Model list requests to backends that require cookie-based authentication now properly forward auth headers and cookies, preventing "Unauthorized" errors when loading models. Commit
  • 🔱 Model lookup race condition. Fixed a race condition in Redis model storage that caused intermittent "model not found" errors in multi-replica deployments under heavy load, by eliminating the window between hash deletion and updates. Commit
  • 🎚️ Bulk model action reliability. Bulk enable, disable, show, and hide operations in the admin Models settings now properly refresh the model list after completion, ensuring changes are reflected immediately and correct toast notifications are shown. #​22962, Commit, Commit
  • 🔄 Paginated list duplicates. Fixed duplicate items appearing in paginated lists when loading more items in chats, knowledge, notes, and search across the UI. Commit
  • 🧽 Duplicate chat list refresh. Sending messages no longer triggers duplicate sidebar chat list refreshes, eliminating an unnecessary database query that was already handled by the save and completion handlers. #​22982
  • 🧹 Chat history save optimization. The chat list is no longer refreshed on every chat history save, branch navigation, or edit — only on meaningful state changes like new chat creation, title generation, and response completion. #​22983
  • 💬 Message queue responsiveness. The message queue no longer waits for background tasks like title generation and follow-up suggestions to complete, allowing users to send new messages immediately after a response finishes without unnecessary delays. Commit, #​22565
  • 🗄️ Migration reliability. Database migrations no longer fail when chat data has unexpected format, making upgrades more reliable. #​22588, #​22568
  • 🫧 Memory modal event bubbling. Fixed an issue where clicking the Delete button in the Memory management modal would also open the Edit Memory modal due to event bubbling. #​22783
  • 🧩 Memory tool registration. Models with capabilities.memory: true now correctly have memory tools available for execution, fixing a retry loop where add_memory appeared in the tool schema but was not registered for backend execution. #​22666, #​22675, Commit
  • 📝 Input variables modal crash. Fixed a crash that occurred when selecting custom prompts with prompt variables, causing the Input Variables modal to display an infinite loading spinner instead of the variable input fields. #​22748, Commit
  • 🪛 Function list API crash fix. Fixed a 500 error on the functions list API endpoint that was introduced by the recent optimization, by adding proper model configuration for SQLAlchemy ORM objects. #​22924
  • 🗂️ Sidebar chat menu closure. Sidebar chat dropdown menus now close properly after clicking "Clone", "Share", "Download", "Rename", "Pin", "Move", "Archive", or "Delete", instead of remaining visible. #​22884, #​22784
  • 🧭 Chat deletion and archive redirection. Users are now redirected to the chat list when deleting or archiving the currently active chat, instead of being left on a stale chat page. #​22755
  • 🚩 User menu navigation fix. Clicking Playground or Admin Panel from the user menu now uses client-side routing instead of causing full page reloads, restoring smooth SPA navigation. Commit
  • 🔧 Tool server connection persistence. Fixed a bug where tool server connection updates were not being saved to persistent storage, ensuring OAuth client information is now properly preserved. Commit
  • 🔩 Tool server index bounds checking. Tool servers with invalid indices no longer crash the application with IndexError after upgrades, preventing tool server configuration loss. #​22490, Commit
  • 🔌 Tool server frontend timeout. Fetch requests to external tool servers now time out after 10 seconds, preventing the UI from hanging indefinitely when a configured tool server is unreachable. #​22543, Commit
  • 🔌 MCP OAuth tool auto-selection. MCP tools requiring OAuth authentication are now automatically re-selected after completing the auth flow, instead of leaving users to manually re-enable the tool on return to the chat. #​22994, #​22995, Commit
  • 🏷️ Channel @​mentions. Direct connection models no longer appear in channel @​mention suggestions, preventing confusion since they don't work in channels. #​22553, Commit
  • 📎 Channel message attachments. Users can now press Enter to send messages with only file or image attachments in channels, direct messages, and threads, aligning with the behavior of the Send button. #​22752
  • 🗣️ Image-only message handling. Models like Gemini and Claude no longer fail when receiving messages with only file or image attachments and no text, by stripping empty text content blocks before sending to the API. Commit, #​22880
  • 🧹 Channel thread sidebar cleanup. The thread sidebar in channels and direct messages now automatically closes when the parent message is deleted, preventing orphaned threads. #​22890
  • 💡 Chat input suggestion modal. The suggestion modal for tags, mentions, and commands now correctly reappears when backspacing into a trigger character after it was dismissed. #​22899
  • ⏱️ Chat action button timing. Action buttons under assistant messages no longer appear prematurely when switching chats while a response is still streaming. Commit, #​22891
  • 💬 Skill and model mention persistence. Skills selected via $ and models selected via @​ in the chat input are now properly restored after a page refresh, instead of reverting to plain text while losing their interactive state. #​22913, Commit
  • 🧹 Webhook profile image errors. Fixed 404 errors appearing in the browser console when scrolling through channel messages sent by webhooks, by skipping the user profile preview for webhook senders. #​22893
  • 🧮 Logit bias parameter handling. Using logit_bias parameters no longer causes errors when the input is already in dictionary format. #​22597, Commit
  • 🪛 Temp chat tool calling. Temporary chats now properly preserve tool call information, fixing native tool calling with JSON schema that was previously broken. #​22475, Commit
  • 🔗 Multi-system message merging. Models with strict chat templates like Qwen no longer fail when multiple pipeline stages inject separate system messages, as all system messages are now merged into one at the start. #​22505, Commit
  • 📜 Public note access. Opening public notes via direct share link no longer returns a 500 error caused by a missing function import. #​22680, Commit
  • 👤 Terminal access user visibility. The terminal connection access dialog now shows the currently logged-in user when searching for users to grant access, fixing an issue where users with identical display names were filtered incorrectly. #​22491, Commit
  • 👥 User groups display. User groups in the admin panel profile preview now wrap properly instead of overflowing horizontally, with a scrollbar when the list is long. #​22547
  • 🔧 Model list drag-and-drop. Fixed drag-and-drop reordering of models in admin settings, preventing UI glitches and state synchronization issues. Commit
  • 🖼️ Model profile image fallbacks. Model profile images now display a fallback icon when they fail to load, and model icons no longer disappear on paginated Models pages in admin and workspace settings. #​22485
  • 🖼️ Profile image fallbacks. Added fallback handlers for model and user profile images throughout the chat interface, preventing broken image icons when avatars fail to load. #​22486
  • 🧲 RAG thinking model support. Knowledge base queries now correctly parse JSON responses from thinking models like GLM-5 and DeepSeek-R1 by stripping their reasoning blocks before JSON extraction. #​22400
  • 🔍 RAG query generation robustness. The RAG query generation, web search, and image generation handlers now correctly extract JSON from model responses containing thinking tags by finding the last JSON block instead of the first, preventing "No sources found" errors with thinking models. #​21888, Commit
  • 🔍 Ollama embedding robustness. Ollama embedding requests now include the truncate parameter to handle inputs exceeding the context window, preventing 500 errors when processing long documents. Error messages from failed embedding requests are also now properly surfaced instead of being silently swallowed. #​22671, Commit
  • 🔄 Ollama embedding retry logic. Embedding requests to Ollama now retry with exponential backoff when encountering 503 errors (such as when the model reloads mid-processing), preventing files from being silently dropped from knowledge bases. #​22571, Commit
  • 🗄️ Oracle 23AI hybrid search. Fixed an UnboundLocalError that occurred when using hybrid search with Oracle 23AI as the vector store, preventing knowledge base queries from failing. Commit, #​22616
  • 🧩 MCP integration visibility. MCP (Streamable HTTP) integrations are now hidden from user-level settings, matching the intended behavior where only administrators can configure MCP connections through the admin panel. User-level connections now show the connection type as read-only. #​22615, Commit
  • 🌐 Dynamic HTML language attribute. The HTML lang attribute now dynamically updates when users change their interface language, preventing browsers from triggering unwanted translation popups. Commit
  • 📐 File upload deduplication. Attaching files that are already in the chat no longer triggers duplicate uploads. Commit
  • 🕵️ Serper.dev search results. Fixed web search results not displaying properly when using the Serper.dev provider by using the correct API response field. #​22869
  • 🔲 Markdown task list checkbox styling. Fixed task list checkboxes in markdown rendering to display consistently without shrinking in narrow layouts. #​22886
  • 🎨 Artifacts sidebar tab background fix. The Artifacts sidebar now correctly updates and displays when switching back to a browser tab that was in the background, ensuring artifacts are visible without requiring a manual refresh. #​22889
  • 🔃 Chat input URL indexing fix. Fixed an issue where URLs could be indexed twice when using multiple triggers followed by backspace and re-entering a URL. #​22749
  • 🔎 Search modal chat preview avatars. Fixed assistant profile images not displaying in the chat preview pane of the Search Modal. #​22782
  • 📋 Prompts search pagination fix. Fixed a bug where searching prompts from a paginated page would incorrectly use the current page number, resulting in "No prompts found" even when matching results existed. #​22912
  • 🗂️ Reasoning block copy cleanup. Copied chat responses no longer include reasoning block content or excess whitespace, ensuring only the intended message text is captured. #​22786, Commit
  • 🔤 Emoji removal for text normalization. Fixed the emoji removal function used in search and title generation to correctly handle all emoji types, including those with variation selectors (❤️, ☀️, ), keycap sequences (1️⃣), and ZWJ family sequences (👨‍👩‍👧‍👦). #​22915
  • ⏹️ Task cancellation status tracking. Cancelled tasks now correctly mark only the affected messages as done instead of clearing all task statuses for the chat, ensuring proper status tracking when multiple messages have pending tasks. #​22743
  • 🎨 Filter icon display fix. Fixed filter icons showing the wrong icon after removing one of multiple active filters below the chat input. #​22862
  • 📊 Channel message data loading. Fixed redundant 404 API calls that occurred when rendering channel messages, preventing unnecessary requests and console errors. #​22894
  • 👻 Response message skeleton display. Fixed an issue where the skeleton loader would incorrectly show or hide based on complex status history conditions, by extracting the visibility logic into a cleaner reactive variable. Commit
  • 🐛 Shared chat viewing crash. Shared chats can now be viewed by unauthenticated users without crashing, with proper fallback handling for missing user profile information. #​22751, #​22742
  • 🛠️ Plugin ID sanitization. Creating Functions or Tools with emojis or special characters in their names now generates valid IDs that pass backend validation, instead of failing with an error. #​22695
  • 📋 Chat title preservation. Regenerating responses or using branches no longer overwrites user-specified chat titles when auto-naming is disabled, by checking the full chat message count instead of just the current branch. #​22754
  • 🎧 Read Aloud in chat preview. The Read Aloud button in the Search Chats modal preview no longer causes crashes, and TTS functionality is now properly hidden in read-only chat contexts. Commit
  • 📡 Heartbeat event loop blocking. The WebSocket heartbeat handler no longer blocks the event loop when updating user activity, improving responsiveness under heavy load with many concurrent connections. #​22980
  • 🗝️ Message upsert API reliability. The message upsert API endpoint no longer crashes when called, fixing an error where a database session was incorrectly passed to a function that doesn't accept it. #​22959, Commit
  • 🔓 Forward auth proxy compatibility. Fixed error pages that could appear when using authenticating reverse-proxies by properly handling 401 responses from background API requests, allowing the browser to re-authenticate with the identity provider. #​22942
  • 🔃 Tool call streaming display. Sequential tool calls are now properly accumulated during streaming, fixing an issue where completed tool calls could disappear from the display before the next tool call finished streaming. Commit
  • 🧠 Reasoning spinner content preservation. Prior assistant content and tool call blocks no longer disappear during the reasoning spinner when responding after tool execution. #​23001
  • 🖥️ Pyodide file list refresh. Files created or modified during manual code execution now appear immediately in the pyodide files list without requiring a browser tab refresh. Commit
  • 🖱️ Dropdown submenu hover stability. Secondary hover menus like Download and Move now remain open while navigating into them, fixing an issue where an 8px gap between the trigger and submenu would cause the menu to disappear before a selection could be made. #​22744, Commit
  • 📊 Model tag normalization. Model tags from backends that return them as string arrays are now properly normalized to object format, preventing crashes when filtering models by tag in the admin and workspace models pages. #​20819, Commit
  • 🎯 Arena model sub-model settings. Arena models now properly use the selected sub-model's settings — including RAG knowledge bases, web access, code interpreter, and tool capabilities — instead of the arena wrapper's empty defaults. #​16950, Commit
  • 🧩 Model editor default metadata. The Model Editor now loads admin-configured default model metadata instead of hardcoded values, preventing admin defaults from being silently overwritten when users save models without realizing they were overriding system-wide settings. #​22996, Commit
  • ✏️ Rich text paste sanitization. Copying and pasting text with HTML characters (like < or >) no longer corrupts the editor content, as the paste handler now properly escapes HTML entities before processing mentions and special syntax. Commit
Changed
  • 🪝 User webhooks disabled by default. User webhook notifications are now disabled by default and properly gated by the ENABLE_USER_WEBHOOKS configuration, ensuring webhooks only fire when explicitly enabled. Commit
  • 🧲 Web search result limit. The configured web search result count now acts as a maximum limit, preventing models from requesting more results than administrators allow. #​22577

v0.8.11

Compare Source

Added
  • 🔀 Responses API streaming improvements. The OpenAI proxy now properly handles tool call streaming and re-invocations in the Responses API, preventing duplicate tool calls and preserving output during model re-invocations. Commit, Commit, Commit, Commit
  • 🔀 Responses API stateful sessions. Administrators can now enable experimental stateful session support via the ENABLE_RESPONSES_API_STATEFUL environment variable, allowing compatible backends to store responses server-side with previous_response_id anchoring for improved multi-turn conversations. Commit
  • 📄 File viewing pagination. The view_file and view_knowledge_file tools now support pagination with offset and max_chars parameters, allowing models to read large files in chunks. Commit
  • 🗺️ Knowledge search scoping. The search_knowledge_files tool now respects model-attached knowledge, searching only within attached knowledge bases and files when available. Commit
  • 🛠️ Tool HTML embed context. Tools can now return custom context alongside HTML embeds by using a tuple format, providing the LLM with actionable information instead of a generic message. #​22691
  • 🔒 Trusted role header configuration. Administrators can now configure the WEBUI_AUTH_TRUSTED_ROLE_HEADER environment variable to set user roles (admin, user, or pending) via a trusted header from their identity provider or reverse proxy. #​22523
  • 🔑 OIDC authorization parameter injection. Administrators can now inject extra parameters into the OIDC authorization redirect URL via the OAUTH_AUTHORIZE_PARAMS environment variable, enabling IdP pre-selection for brokers like CILogon and Keycloak. #​22863, Commit
  • 🔑 Google OAuth session persistence. Administrators can now configure Google OAuth to issue refresh tokens via the GOOGLE_OAUTH_AUTHORIZE_PARAMS environment variable, preventing OAuth sessions from expiring after one hour and ensuring tools and integrations that rely on OAuth tokens remain functional. #​22652
  • 🔌 Embed prompt confirmation. Interactive tool embeds can now submit prompts to the chat without requiring same-origin access, showing a confirmation dialog for cross-origin requests to prevent abuse. #​22908
  • 🏮 Tool binary response handling. Tool servers can now return binary data such as images, which are properly processed and displayed in chat for both multimodal and non-multimodal models. Commit, Commit
  • Svelte upgrade performance. Page and markdown rendering are now approximately 25% faster across the board, with significantly less memory usage for smoother UI interactions. #​22611
  • 🧩 Model and filter lookup optimization. Model and filter membership lookups are now faster thanks to optimized data structure operations during model list loading. Commit
  • 💨 Chat render throttling. Chat message rendering now uses requestAnimationFrame batching to stay smooth during rapid model responses, preventing dropped frames when fast models send many events per second. #​22947
  • 🚀 Function list API optimization. The functions list API now returns only essential metadata without function source code, reducing payload sizes by over 99% and making the Functions admin page load significantly faster. #​22788
  • Smoother loading animation. The loading shimmer animation now looks smoother and more natural, with softer highlight colors. #​22516
  • 🧪 Terminal connection verification. Users can now verify their terminal server connection is working before saving the configuration, making setup more reliable. #​22567
  • 📁 Chat folder emoji reset. Users can now reset chat folder emojis back to the default icon using a "Reset to Default" button in the emoji picker, making it easier to revert custom icons. #​22554
  • 📊 Metrics export interval configuration. Administrators can now control OpenTelemetry metrics export frequency via the OTEL_METRICS_EXPORT_INTERVAL_MILLIS environment variable, enabling cost optimization for metrics services like Grafana Cloud. #​22529
  • 🏥 Readiness probe endpoint. A new /ready endpoint is now available for Kubernetes deployments, returning 200 only after startup completes and database/Redis are reachable, enabling more reliable container orchestration. #​22507
  • 🔩 Tool server timeout configuration. Administrators can now configure a separate HTTP timeout for tool server requests via the AIOHTTP_CLIENT_TIMEOUT_TOOL_SERVER environment variable, enabling fine-tuned control over how long tool calls are allowed to take. Commit
  • 📌 Knowledge file previews. Knowledge base files can now be opened in a new tab directly from the file list, making it easier to view content without downloading. #​22629
  • 🎯 Knowledge tool hybrid search support. The built-in query_knowledge_files tool now respects hybrid search and reranking settings, matching the behavior of the middleware RAG pipeline. Commit
  • 🗣️ Temporary chat folder support. Temporary chats can now use folder-level system prompts and knowledge files, making them more powerful for quick explorations. Commit
  • 📡 Terminal port previews. Detected ports in the File Navigator can now be previewed inline with a browser-style view, navigation controls, and an address bar, instead of only opening in a new tab. Commit, Commit
  • ✏️ File renaming. Files and folders in the File Navigator can now be renamed by double-clicking or using the context menu, with Enter to confirm and Escape to cancel. Commit
  • 🧭 File Navigator navigation history. The File Navigator toolbar now includes Back and Forward buttons for navigating through folder and file history, similar to a web browser. Commit
  • 🗑️ Delete connection confirmations. Users are now prompted with a confirmation dialog before deleting connections, preventing accidental deletions. Commit
  • 📦 Document loader fallbacks. Excel and PowerPoint files can now be processed even when the unstructured package is not installed, using pandas and python-pptx as fallback loaders. Commit
  • 🧠 Memory management search and sort. Users can now search and sort their personal memories in the Memory management modal, making it easier to find specific memories. Commit
  • 📦 SBOM generation script. A new script for generating CycloneDX Software Bill of Materials is now available in the scripts directory. Commit
  • ⚙️ Ruff linter and formatter. Added Ruff as the Python linter and formatter, replacing the black-based workflow for better code quality with near-instant execution. #​22576, #​22462
  • 🖥️ Offline code formatting support. The black formatter for Python code editing is now bundled locally in the Docker image, enabling code formatting to work in air-gapped deployments where client browsers cannot reach PyPI. Formatting failures no longer block saves, allowing code to be preserved even when offline. #​22509, Commit
  • ✏️ Markdown file editing. Users can now edit and save Markdown files directly in the file navigator, with empty files automatically switching to editor mode for immediate editing. Commit
  • 🍔 Model bulk actions menu. Users can now quickly enable, disable, show, or hide multiple models at once using a new hamburger menu on the workspace Models page filter bar, with actions respecting the current search and filter settings. #​22484
  • 📂 Files list pagination. The files list API now supports pagination, returning paginated results with a total count for easier navigation through large file collections. Commit
  • 🖇 Web fetch content length config. Administrators can now configure the maximum characters to return from fetched URLs via WEB_FETCH_MAX_CONTENT_LENGTH environment variable or the admin settings page, instead of the previous hardcoded 50K limit. Commit, #​22774
  • 🤖 Ollama Anthropic endpoint support. The Ollama proxy now supports the Anthropic-compatible /v1/messages endpoint, allowing clients using the Anthropic API format to work through Open WebUI with proper authentication and model access controls. Commit, #​22861
  • 📝 Writing block rendering. Responses from OpenAI models that include :::writing blocks are now rendered as formatted content in a styled container with a copy button, instead of displaying raw marker text. #​22672, Commit
  • 💡 Memory deletion confirmation. Users are now asked to confirm before deleting individual memory entries, with the memory content displayed for review. #​22888
  • 📓 Multi-artifact HTML rendering. Code blocks with multiple HTML sections now render as separate artifacts instead of merging into one, allowing models to display distinct interactive components. Commit
  • 🚩 Drag chats as references. Users can now drag chats from the sidebar and drop them into the message input to add them as Reference Chats. Commit
  • ⌨️ Terminal system prompts. Terminal servers can now provide custom system prompts that are automatically included when their tools are used. Commit
  • 💾 Terminal state persistence. The selected terminal server and its enabled state now persist across page loads, making terminal usage more seamless. Commit
  • 💾 Terminal folder downloads. Users can now download folders as ZIP archives and bulk-download multiple selected files as a single ZIP directly from the File Navigator toolbar, making file exports faster and more convenient. Commit, Commit
  • 🔐 MCP OAuth 2.1 static credentials. MCP servers that require static client_id and client_secret can now be connected using a new OAuth 2.1 Static auth type, enabling integration with MCP servers that don't support dynamic client registration. #​22266, Commit
  • 🎪 Collapsible tool and thinking groups. Consecutive tool calls and reasoning blocks are now grouped into a single collapsible summary (e.g., "Explored tool1, tool2"), keeping chat responses clean and readable while preserving full detail on expand. #​21604, Commit
  • 🔄 General improvements. Various improvements were implemented across the application to enhance performance, stability, and security.
  • 🌐 Translations for Finnish, Portuguese (Portugal), Catalan, Turkish, Japanese, Simplified Chinese, Traditional Chinese, Estonian, Spanish, Azerbaijani, and German were enhanced and expanded.
Fixed
  • 🔒 Model access control bypass. Fixed a security vulnerability where external clients could bypass model access controls by setting a URL parameter, preventing unauthorized access to restricted models. Commit
  • 🛡️ Terminal proxy path sanitization. The terminal server proxy now properly sanitizes paths to prevent directory traversal and SSRF attacks, protecting against security vulnerabilities. Commit
  • 🛡️ Tool configuration access control. Tool configuration endpoints now properly verify user permissions, preventing unauthorized access to tool settings. Commit
  • 🗝️ Tool valves access control. The tool user valves endpoints now properly verify ownership and access grants before returning or updating configuration, with appropriate 404 responses for missing tools and 401 for unauthorized access. Commit
  • 🔐 Collaborative document authorization. Fixed a security vulnerability in collaborative documents where authorization could be bypassed using alternative document ID formats, preventing unauthorized access to notes. Commit
  • 🔏 OAuth session persistence. Users logging in via OAuth or OIDC providers now stay logged in for the configured JWT expiry duration instead of being logged out when closing the browser. #​22809
  • 🚪 OAuth sub claim configuration crash. Using the OAUTH_SUB_CLAIM environment variable no longer causes crashes during token exchange requests, fixing a missing configuration registration. #​22865
  • 🔍 OAuth discovery header parsing. The OAuth protected resource discovery now correctly handles both quoted and unquoted values in the WWW-Authenticate header, fixing compatibility with MCP servers that return unquoted metadata. #​22646, Commit
  • 👤 Admin OAuth group sync. Admin user group memberships from OAuth and LDAP providers are now properly synced to Open WebUI, fixing a limitation where admin role excluded users from group updates. #​22537, Commit
  • 🎫 Password change complexity validation. Password complexity rules are now properly enforced when users change their password, closing a security gap where new passwords could bypass configured complexity requirements. Commit
  • 🔏 OAuth role enforcement. OAuth role management now properly denies access when a user's roles don't match any configured OAUTH_ALLOWED_ROLES or OAUTH_ADMIN_ROLES, instead of silently bypassing the restriction. #​13676, #​15551, Commit
  • 🔑 Microsoft Entra ID role claim preservation. Role claims from Microsoft Entra ID tokens are now preserved during OAuth login, fixing ENABLE_OAUTH_ROLE_MANAGEMENT for Microsoft OAuth which was previously ignored because the userinfo endpoint stripped the roles claim. #​20518, Commit
  • 🔍 SCIM group filtering. The SCIM endpoint now properly handles displayName and externalId filters when provisioning groups from identity providers like Microsoft Entra ID, preventing all groups from being returned instead of the filtered subset. #​21543
  • 🔐 Forwarded allow IPs configuration. The FORWARDED_ALLOW_IPS environment variable is now properly respected by the startup scripts instead of being hardcoded to '*', allowing administrators to restrict which proxies are trusted for request forwarding. #​22539, Commit
  • 🍪 Model list auth cookie forwarding. Model list requests to backends that require cookie-based authentication now properly forward auth headers and cookies, preventing "Unauthorized" errors when loading models. Commit
  • 🔱 Model lookup race condition. Fixed a race condition in Redis model storage that caused intermittent "model not found" errors in multi-replica deployments under heavy load, by eliminating the window between hash deletion and updates. Commit
  • 🎚️ Bulk model action reliability. Bulk enable, disable, show, and hide operations in the admin Models settings now properly refresh the model list after completion, ensuring changes are reflected immediately and correct toast notifications are shown. #​22962, Commit, Commit
  • 🔄 Paginated list duplicates. Fixed duplicate items appearing in paginated lists when loading more items in chats, knowledge, notes, and search across the UI. Commit
  • 🧽 Duplicate chat list refresh. Sending messages no longer triggers duplicate sidebar chat list refreshes, eliminating an unnecessary database query that was already handled by the save and completion handlers. #​22982
  • 🧹 Chat history save optimization. The chat list is no longer refreshed on every chat history save, branch navigation, or edit — only on meaningful state changes like new chat creation, title generation, and response completion. #​22983
  • 💬 Message queue responsiveness. The message queue no longer waits for background tasks like title generation and follow-up suggestions to complete, allowing users to send new messages immediately after a response finishes without unnecessary delays. Commit, #​22565
  • 🗄️ Migration reliability. Database migrations no longer fail when chat data has unexpected format, making upgrades more reliable. #​22588, #​22568
  • 🫧 Memory modal event bubbling. Fixed an issue where clicking the Delete button in the Memory management modal would also open the Edit Memory modal due to event bubbling. #​22783
  • 🧩 Memory tool registration. Models with capabilities.memory: true now correctly have memory tools available for execution, fixing a retry loop where add_memory appeared in the tool schema but was not registered for backend execution. #​22666, #​22675, Commit
  • 📝 Input variables modal crash. Fixed a crash that occurred when selecting custom prompts with prompt variables, causing the Input Variables modal to display an infinite loading spinner instead of the variable input fields. #​22748, Commit
  • 🪛 Function list API crash fix. Fixed a 500 error on the functions list API endpoint that was introduced by the recent optimization, by adding proper model configuration for SQLAlchemy ORM objects. #​22924
  • 🗂️ Sidebar chat menu closure. Sidebar chat dropdown menus now close properly after clicking "Clone", "Share", "Download", "Rename", "Pin", "Move", "Archive", or "Delete", instead of remaining visible. #​22884, #​22784
  • 🧭 Chat deletion and archive redirection. Users are now redirected to the chat list when deleting or archiving the currently active chat, instead of being left on a stale chat page. #​22755
  • 🚩 User menu navigation fix. Clicking Playground or Admin Panel from the user menu now uses client-side routing instead of causing full page reloads, restoring smooth SPA navigation. Commit
  • 🔧 Tool server connection persistence. Fixed a bug where tool server connection updates were not being saved to persistent storage, ensuring OAuth client information is now properly preserved. Commit
  • 🔩 Tool server index bounds checking. Tool servers with invalid indices no longer crash the application with IndexError after upgrades, preventing tool server configuration loss. #​22490, Commit
  • 🔌 Tool server frontend timeout. Fetch requests to external tool servers now time out after 10 seconds, preventing the UI from hanging indefinitely when a configured tool server is unreachable. #​22543, Commit
  • 🔌 MCP OAuth tool auto-selection. MCP tools requiring OAuth authentication are now automatically re-selected after completing the auth flow, instead of leaving users to manually re-enable the tool on return to the chat. #​22994, #​22995, Commit
  • 🏷️ Channel @​mentions. Direct connection models no longer appear in channel @​mention suggestions, preventing confusion since they don't work in channels. #​22553, Commit
  • 📎 Channel message attachments. Users can now press Enter to send messages with only file or image attachments in channels, direct messages, and threads, aligning with the behavior of the Send button. #​22752
  • 🗣️ Image-only message handling. Models like Gemini and Claude no longer fail when receiving messages with only file or image attachments and no text, by stripping empty text content blocks before sending to the API. Commit, #​22880
  • 🧹 Channel thread sidebar cleanup. The thread sidebar in channels and direct messages now automatically closes when the parent message is deleted, preventing orphaned threads. #​22890
  • 💡 Chat input suggestion modal. The suggestion modal for tags, mentions, and commands now correctly reappears when backspacing into a trigger character after it was dismissed. #​22899
  • ⏱️ Chat action button timing. Action buttons under assistant messages no longer appear prematurely when switching chats while a response is still streaming. Commit, #​22891
  • 💬 Skill and model mention persistence. Skills selected via $ and models selected via @​ in the chat input are now properly restored after a page refresh, instead of reverting to plain text while losing their interactive state. #​22913, Commit
  • 🧹 Webhook profile image errors. Fixed 404 errors appearing in the browser console when scrolling through channel messages sent by webhooks, by skipping the user profile preview for webhook senders. #​22893
  • 🧮 Logit bias parameter handling. Using logit_bias parameters no longer causes errors when the input is already in dictionary format. #​22597, Commit
  • 🪛 Temp chat tool calling. Temporary chats now properly preserve tool call information, fixing native tool calling with JSON schema that was previously broken. #​22475, Commit
  • 🔗 Multi-system message merging. Models with strict chat templates like Qwen no longer fail when multiple pipeline stages inject separate system messages, as all system messages are now merged into one at the start. #​22505, Commit
  • 📜 Public note access. Opening public notes via direct share link no longer returns a 500 error caused by a missing function import. #​22680, Commit
  • 👤 Terminal access user visibility. The terminal connection access dialog now shows the currently logged-in user when searching for users to grant access, fixing an issue where users with identical display names were filtered incorrectly. #​22491, Commit
  • 👥 User groups display. User groups in the admin panel profile preview now wrap properly instead of overflowing horizontally, with a scrollbar when the list is long. #​22547
  • 🔧 Model list drag-and-drop. Fixed drag-and-drop reordering of models in admin settings, preventing UI glitches and state synchronization issues. Commit
  • 🖼️ Model profile image fallbacks. Model profile images now display a fallback icon when they fail to load, and model icons no longer disappear on paginated Models pages in admin and workspace settings. #​22485
  • 🖼️ Profile image fallbacks. Added fallback handlers for model and user profile images throughout the chat interface, preventing broken image icons when avatars fail to load. #​22486
  • 🧲 RAG thinking model support. Knowledge base queries now correctly parse JSON responses from thinking models like GLM-5 and DeepSeek-R1 by stripping their reasoning blocks before JSON extraction. #​22400
  • 🔍 RAG query generation robustness. The RAG query generation, web search, and image generation handlers now correctly extract JSON from model responses containing thinking tags by finding the last JSON block instead of the first, preventing "No sources found" errors with thinking models. #​21888, Commit
  • 🔍 Ollama embedding robustness. Ollama embedding requests now include the truncate parameter to handle inputs exceeding the context window, preventing 500 errors when processing long documents. Error messages from failed embedding requests are also now properly surfaced instead of being silently swallowed. #​22671, Commit
  • 🔄 Ollama embedding retry logic. Embedding requests to Ollama now retry with exponential backoff when encountering 503 errors (such as when the model reloads mid-processing), preventing files from being silently dropped from knowledge bases. #​22571, Commit
  • 🗄️ Oracle 23AI hybrid search. Fixed an UnboundLocalError that occurred when using hybrid search with Oracle 23AI as the vector store, preventing knowledge base queries from failing. Commit, #​22616
  • 🌐 Dynamic HTML language attribute. The HTML lang attribute now dynamically updates when users change their interface language, preventing browsers from triggering unwanted translation popups. Commit
  • 📐 File upload deduplication. Attaching files that are already in the chat no longer triggers duplicate uploads. Commit
  • 🕵️ Serper.dev search results. Fixed web search results not displaying properly when using the Serper.dev provider by using the correct API response field. #​22869
  • 🔲 Markdown task list checkbox styling. Fixed task list checkboxes in markdown rendering to display consistently without shrinking in narrow layouts. #​22886
  • 🎨 Artifacts sidebar tab background fix. The Artifacts sidebar now correctly updates and displays when switching back to a browser tab that was in the background, ensuring artifacts are visible without requiring a manual refresh. #​22889
  • 🔃 Chat input URL indexing fix. Fixed an issue where URLs could be indexed twice when using multiple triggers followed by backspace and re-entering a URL. #​22749
  • 🔎 Search modal chat preview avatars. Fixed assistant profile images not displaying in the chat preview pane of the Search Modal. #​22782
  • 📋 Prompts search pagination fix. Fixed a bug where searching prompts from a paginated page would incorrectly use the current page number, resulting in "No prompts found" even when matching results existed. #​22912
  • 🗂️ Reasoning block copy cleanup. Copied chat responses no longer include reasoning block content or excess whitespace, ensuring only the intended message text is captured. #​22786, Commit
  • 🔤 Emoji removal for text normalization. Fixed the emoji removal function used in search and title generation to correctly handle all emoji types, including those with variation selectors (❤️, ☀️, ), keycap sequences (1️⃣), and ZWJ family sequences (👨‍👩‍👧‍👦). #​22915
  • ⏹️ Task cancellation status tracking. Cancelled tasks now correctly mark only the affected messages as done instead of clearing all task statuses for the chat, ensuring proper status tracking when multiple messages have pending tasks. #​22743
  • 🎨 Filter icon display fix. Fixed filter icons showing the wrong icon after removing one of multiple active filters below the chat input. #​22862
  • 📊 Channel message data loading. Fixed redundant 404 API calls that occurred when rendering channel messages, preventing unnecessary requests and console errors. #​22894
  • 👻 Response message skeleton display. Fixed an issue where the skeleton loader would incorrectly show or hide based on complex status history conditions, by extracting the visibility logic into a cleaner reactive variable. Commit
  • 🐛 Shared chat viewing crash. Shared chats can now be viewed by unauthenticated users without crashing, with proper fallback handling for missing user profile information. #​22751, #​22742
  • 🛠️ Plugin ID sanitization. Creating Functions or Tools with emojis or special characters in their names now generates valid IDs that pass backend validation, instead of failing with an error. #​22695
  • 📋 Chat title preservation. Regenerating responses or using branches no longer overwrites user-specified chat titles when auto-naming is disabled, by checking the full chat message count instead of just the current branch. #​22754
  • 🎧 Read Aloud in chat preview. The Read Aloud button in the Search Chats modal preview no longer causes crashes, and TTS functionality is now properly hidden in read-only chat contexts. Commit
  • 📡 Heartbeat event loop blocking. The WebSocket heartbeat handler no longer blocks the event loop when updating user activity, improving responsiveness under heavy load with many concurrent connections. #​22980
  • 🗝️ Message upsert API reliability. The message upsert API endpoint no longer crashes when called, fixing an error where a database session was incorrectly passed to a function that doesn't accept it. #​22959, Commit
  • 🔓 Forward auth proxy compatibility. Fixed error pages that could appear when using authenticating reverse-proxies by properly handling 401 responses from background API requests, allowing the browser to re-authenticate with the identity provider. #​22942
  • 🔃 Tool call streaming display. Sequential tool calls are now properly accumulated during streaming, fixing an issue where completed tool calls could disappear from the display before the next tool call finished streaming. Commit
  • 🧠 Reasoning spinner content preservation. Prior assistant content and tool call blocks no longer disappear during the reasoning spinner when responding after tool execution. #​23001
  • 🖥️ Pyodide file list refresh. Files created or modified during manual code execution now appear immediately in the pyodide files list without requiring a browser tab refresh. Commit
  • 🖱️ Dropdown submenu hover stability. Secondary hover menus like Download and Move now remain open while navigating into them, fixing an issue where an 8px gap between the trigger and submenu would cause the menu to disappear before a selection could be made. #​22744, Commit
  • 📊 Model tag normalization. Model tags from backends that return them as string arrays are now properly normalized to object format, preventing crashes when filtering models by tag in the admin and workspace models pages. #​20819, Commit
  • 🎯 Arena model sub-model settings. Arena models now properly use the selected sub-model's settings — including RAG knowledge bases, web access, code interpreter, and tool capabilities — instead of the arena wrapper's empty defaults. #​16950, Commit
  • 🧩 Model editor default metadata. The Model Editor now loads admin-configured default model metadata instead of hardcoded values, preventing admin defaults from being silently overwritten when users save models without realizing they were overriding system-wide settings. #​22996, Commit
  • ✏️ Rich text paste sanitization. Copying and pasting text with HTML characters (like < or >) no longer corrupts the editor content, as the paste handler now properly escapes HTML entities before processing mentions and special syntax. Commit
Changed
  • 🪝 User webhooks disabled by default. User webhook notifications are now disabled by default and properly gated by the ENABLE_USER_WEBHOOKS configuration, ensuring webhooks only fire when explicitly enabled. Commit
  • 🧩 MCP integration visibility. MCP (Streamable HTTP) integrations are now hidden from user-level settings, matching the intended behavior where only administrators can configure MCP connections through the admin panel. User-level connections now show the connection type as read-only. #​22615, Commit
  • 🧲 Web search result limit. The configured web search result count now acts as a maximum limit, preventing models from requesting more results than administrators allow. #​22577

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/open-webui/open-webui](https://github.com/open-webui/open-webui) | patch | `v0.8.10` → `v0.8.12` | --- ### Release Notes <details> <summary>open-webui/open-webui (ghcr.io/open-webui/open-webui)</summary> ### [`v0.8.12`](https://github.com/open-webui/open-webui/releases/tag/v0.8.12) [Compare Source](https://github.com/open-webui/open-webui/compare/v0.8.12...v0.8.12) ##### Added - 🌐 **Translation updates.** Translations for Simplified Chinese, Catalan, Portuguese (Brazil), Finnish, and Lithuanian were enhanced and expanded. ##### Fixed - 🔒 **Terminal server connection security.** Terminal server verification and policy saving now proxy through the backend, preventing API key exposure and CORS errors when connecting to in-cluster services. [Commit](https://github.com/open-webui/open-webui/commit/a6413257079a52fa4487eda36543f3955d0fbd53), [Commit](https://github.com/open-webui/open-webui/commit/4567cdc0d9cb7b42b6eba7b676c0ced3f4850d31) - 🛠️ **Terminal tools exception handling.** Exceptions in middleware.py due to invalid return values from get\_terminal\_tools() have been resolved. [Commit](https://github.com/open-webui/open-webui/commit/52a06bd48aff34fb2211aac2879f0cd028129267) - 📦 **Missing beautifulsoup4 dependency.** Users can now start Open WebUI using uvx without encountering the "bs4 module missing" error. [Commit](https://github.com/open-webui/open-webui/commit/1994d65306bbcc7406584e1bfef82f5d353fc91c) - 🔌 **API files list error.** The /api/v1/files/ endpoint no longer returns a 500 error, fixing a regression that prevented file listing via the API. [Commit](https://github.com/open-webui/open-webui/commit/11f52921dc21c2dc61c03f12bcdf6f19140a350c) - 📜 **License data loading.** License data now loads correctly, displaying the expected color and logo in the interface. [Commit](https://github.com/open-webui/open-webui/commit/16335f866ea4cedf00c4971963622fcc1fe02d82) - 👑 **Admin model visibility.** Administrators can now see models even when no access control is configured yet, allowing them to manage all available models. [Commit](https://github.com/open-webui/open-webui/commit/f3f8f9874f55282603c2650b91801640cb3f69cb) - 📊 **Tool call embed visibility.** Rich UI embeds from tool calls (like visualizations) are now rendered outside collapsed groups and remain visible without requiring manual expansion. [Commit](https://github.com/open-webui/open-webui/commit/4c872a8d128757d4a6f311fb86bc382af2ba5d0d), [Commit](https://github.com/open-webui/open-webui/commit/308fa924a5b2b7e08cd1e8f15b9c8c96e1de8f02) ### [`v0.8.12`](https://github.com/open-webui/open-webui/blob/HEAD/CHANGELOG.md#0812---2026-03-26) [Compare Source](https://github.com/open-webui/open-webui/compare/v0.8.11...v0.8.12) ##### Added - 🌐 **Translation updates.** Translations for Simplified Chinese, Catalan, Portuguese (Brazil), Finnish, and Lithuanian were enhanced and expanded. ##### Fixed - 🔒 **Terminal server connection security.** Terminal server verification and policy saving now proxy through the backend, preventing API key exposure and CORS errors when connecting to in-cluster services. [Commit](https://github.com/open-webui/open-webui/commit/a6413257079a52fa4487eda36543f3955d0fbd53), [Commit](https://github.com/open-webui/open-webui/commit/4567cdc0d9cb7b42b6eba7b676c0ced3f4850d31) - 🛠️ **Terminal tools exception handling.** Exceptions in middleware.py due to invalid return values from get\_terminal\_tools() have been resolved. [Commit](https://github.com/open-webui/open-webui/commit/52a06bd48aff34fb2211aac2879f0cd028129267) - 📦 **Missing beautifulsoup4 dependency.** Users can now start Open WebUI using uvx without encountering the "bs4 module missing" error. [Commit](https://github.com/open-webui/open-webui/commit/1994d65306bbcc7406584e1bfef82f5d353fc91c) - 🔌 **API files list error.** The /api/v1/files/ endpoint no longer returns a 500 error, fixing a regression that prevented file listing via the API. [Commit](https://github.com/open-webui/open-webui/commit/11f52921dc21c2dc61c03f12bcdf6f19140a350c) - 📜 **License data loading.** License data now loads correctly, displaying the expected color and logo in the interface. [Commit](https://github.com/open-webui/open-webui/commit/16335f866ea4cedf00c4971963622fcc1fe02d82) - 👑 **Admin model visibility.** Administrators can now see models even when no access control is configured yet, allowing them to manage all available models. [Commit](https://github.com/open-webui/open-webui/commit/f3f8f9874f55282603c2650b91801640cb3f69cb) - 📊 **Tool call embed visibility.** Rich UI embeds from tool calls (like visualizations) are now rendered outside collapsed groups and remain visible without requiring manual expansion. [Commit](https://github.com/open-webui/open-webui/commit/4c872a8d128757d4a6f311fb86bc382af2ba5d0d), [Commit](https://github.com/open-webui/open-webui/commit/308fa924a5b2b7e08cd1e8f15b9c8c96e1de8f02) ### [`v0.8.11`](https://github.com/open-webui/open-webui/releases/tag/v0.8.11) [Compare Source](https://github.com/open-webui/open-webui/compare/v0.8.11...v0.8.11) ##### Added - 🔀 **Responses API streaming improvements.** The OpenAI proxy now properly handles tool call streaming and re-invocations in the Responses API, preventing duplicate tool calls and preserving output during model re-invocations. [Commit](https://github.com/open-webui/open-webui/commit/93415a48e8893139db13d02d0a6d24e8604a2ac5), [Commit](https://github.com/open-webui/open-webui/commit/f8b3a32caf00dad76687fd8fe698b86f304f3997), [Commit](https://github.com/open-webui/open-webui/commit/2ae47cf20057e92a83fd618b938f3ee9bb124e5b), [Commit](https://github.com/open-webui/open-webui/commit/adcbba34f8bbfbab3e4041269a084f2b71c076d9) - 🔀 **Responses API stateful sessions.** Administrators can now enable experimental stateful session support via the ENABLE\_RESPONSES\_API\_STATEFUL environment variable, allowing compatible backends to store responses server-side with previous\_response\_id anchoring for improved multi-turn conversations. [Commit](https://github.com/open-webui/open-webui/commit/dfc2dc2c0bd298cb4bfcf212ef11223586aa54f1) - 📄 **File viewing pagination.** The view\_file and view\_knowledge\_file tools now support pagination with offset and max\_chars parameters, allowing models to read large files in chunks. [Commit](https://github.com/open-webui/open-webui/commit/5d7766e1b6f7ca7749c5a5a780d7b1bb2da28a2f) - 🗺️ **Knowledge search scoping.** The search\_knowledge\_files tool now respects model-attached knowledge, searching only within attached knowledge bases and files when available. [Commit](https://github.com/open-webui/open-webui/commit/0f0ba7dadd043460d205477fd3b57556aa970847) - 🛠️ **Tool HTML embed context.** Tools can now return custom context alongside HTML embeds by using a tuple format, providing the LLM with actionable information instead of a generic message. [#&#8203;22691](https://github.com/open-webui/open-webui/pull/22691) - 🔒 **Trusted role header configuration.** Administrators can now configure the WEBUI\_AUTH\_TRUSTED\_ROLE\_HEADER environment variable to set user roles (admin, user, or pending) via a trusted header from their identity provider or reverse proxy. [#&#8203;22523](https://github.com/open-webui/open-webui/pull/22523) - 🔑 **OIDC authorization parameter injection.** Administrators can now inject extra parameters into the OIDC authorization redirect URL via the OAUTH\_AUTHORIZE\_PARAMS environment variable, enabling IdP pre-selection for brokers like CILogon and Keycloak. [#&#8203;22863](https://github.com/open-webui/open-webui/issues/22863), [Commit](https://github.com/open-webui/open-webui/commit/69171a4c8bb7f995461b4a2feef194f112b32004) - 🔑 **Google OAuth session persistence.** Administrators can now configure Google OAuth to issue refresh tokens via the GOOGLE\_OAUTH\_AUTHORIZE\_PARAMS environment variable, preventing OAuth sessions from expiring after one hour and ensuring tools and integrations that rely on OAuth tokens remain functional. [#&#8203;22652](https://github.com/open-webui/open-webui/pull/22652) - 🔌 **Embed prompt confirmation.** Interactive tool embeds can now submit prompts to the chat without requiring same-origin access, showing a confirmation dialog for cross-origin requests to prevent abuse. [#&#8203;22908](https://github.com/open-webui/open-webui/pull/22908) - 🏮 **Tool binary response handling.** Tool servers can now return binary data such as images, which are properly processed and displayed in chat for both multimodal and non-multimodal models. [Commit](https://github.com/open-webui/open-webui/commit/1c25b06dca83ad491b4dc3d373b1c215a7a8fd3e), [Commit](https://github.com/open-webui/open-webui/commit/108a019cb8e63a533250abe84f2b6f2b7c2131c4) - ⚡ **Svelte upgrade performance.** Page and markdown rendering are now approximately 25% faster across the board, with significantly less memory usage for smoother UI interactions. [#&#8203;22611](https://github.com/open-webui/open-webui/issues/22611) - 🧩 **Model and filter lookup optimization.** Model and filter membership lookups are now faster thanks to optimized data structure operations during model list loading. [Commit](https://github.com/open-webui/open-webui/commit/7eae377c01f8d2de94a694b72279f769c82658cd) - 💨 **Chat render throttling.** Chat message rendering now uses requestAnimationFrame batching to stay smooth during rapid model responses, preventing dropped frames when fast models send many events per second. [#&#8203;22947](https://github.com/open-webui/open-webui/pull/22947) - 🚀 **Function list API optimization.** The functions list API now returns only essential metadata without function source code, reducing payload sizes by over 99% and making the Functions admin page load significantly faster. [#&#8203;22788](https://github.com/open-webui/open-webui/pull/22788) - ✨ **Smoother loading animation.** The loading shimmer animation now looks smoother and more natural, with softer highlight colors. [#&#8203;22516](https://github.com/open-webui/open-webui/pull/22516) - 🧪 **Terminal connection verification.** Users can now verify their terminal server connection is working before saving the configuration, making setup more reliable. [#&#8203;22567](https://github.com/open-webui/open-webui/pull/22567) - 📁 **Chat folder emoji reset.** Users can now reset chat folder emojis back to the default icon using a "Reset to Default" button in the emoji picker, making it easier to revert custom icons. [#&#8203;22554](https://github.com/open-webui/open-webui/pull/22554) - 📊 **Metrics export interval configuration.** Administrators can now control OpenTelemetry metrics export frequency via the OTEL\_METRICS\_EXPORT\_INTERVAL\_MILLIS environment variable, enabling cost optimization for metrics services like Grafana Cloud. [#&#8203;22529](https://github.com/open-webui/open-webui/pull/22529) - 🏥 **Readiness probe endpoint.** A new /ready endpoint is now available for Kubernetes deployments, returning 200 only after startup completes and database/Redis are reachable, enabling more reliable container orchestration. [#&#8203;22507](https://github.com/open-webui/open-webui/pull/22507) - 🔩 **Tool server timeout configuration.** Administrators can now configure a separate HTTP timeout for tool server requests via the AIOHTTP\_CLIENT\_TIMEOUT\_TOOL\_SERVER environment variable, enabling fine-tuned control over how long tool calls are allowed to take. [Commit](https://github.com/open-webui/open-webui/commit/a3238aa79f344765f5b62cb64eba71ffd001abaf) - 📌 **Knowledge file previews.** Knowledge base files can now be opened in a new tab directly from the file list, making it easier to view content without downloading. [#&#8203;22629](https://github.com/open-webui/open-webui/pull/22629) - 🎯 **Knowledge tool hybrid search support.** The built-in query\_knowledge\_files tool now respects hybrid search and reranking settings, matching the behavior of the middleware RAG pipeline. [Commit](https://github.com/open-webui/open-webui/commit/9a2c60d5954ecbc172d09e9955d52a07d135dcbc) - 🗣️ **Temporary chat folder support.** Temporary chats can now use folder-level system prompts and knowledge files, making them more powerful for quick explorations. [Commit](https://github.com/open-webui/open-webui/commit/adcc50d3370301afd5561e0f58ff6f3ab3750818) - 📡 **Terminal port previews.** Detected ports in the File Navigator can now be previewed inline with a browser-style view, navigation controls, and an address bar, instead of only opening in a new tab. [Commit](https://github.com/open-webui/open-webui/commit/689061822173e561a153290b2bb816f4cb6f4959), [Commit](https://github.com/open-webui/open-webui/commit/1dc647f43b1929f5c4d1af393a90a47f56cb745e) - ✏️ **File renaming.** Files and folders in the File Navigator can now be renamed by double-clicking or using the context menu, with Enter to confirm and Escape to cancel. [Commit](https://github.com/open-webui/open-webui/commit/637cd136c2271baf4787815bc8bc25241626a943) - 🧭 **File Navigator navigation history.** The File Navigator toolbar now includes Back and Forward buttons for navigating through folder and file history, similar to a web browser. [Commit](https://github.com/open-webui/open-webui/commit/3a4b862e818c69fff6f3a3c67b50c51aa00c03e9) - 🗑️ **Delete connection confirmations.** Users are now prompted with a confirmation dialog before deleting connections, preventing accidental deletions. [Commit](https://github.com/open-webui/open-webui/commit/157ff57c40bc40c53bc608828dac3779e95c2ffa) - 📦 **Document loader fallbacks.** Excel and PowerPoint files can now be processed even when the unstructured package is not installed, using pandas and python-pptx as fallback loaders. [Commit](https://github.com/open-webui/open-webui/commit/6862d618ee17f95d3cae78819ed993e7fbc7e632) - 🧠 **Memory management search and sort.** Users can now search and sort their personal memories in the Memory management modal, making it easier to find specific memories. [Commit](https://github.com/open-webui/open-webui/commit/47ab4c71d50fd631b04c95f2febb085dd0a13083) - 📦 **SBOM generation script.** A new script for generating CycloneDX Software Bill of Materials is now available in the scripts directory. [Commit](https://github.com/open-webui/open-webui/commit/39100eca4915e4fe86a6912aa97dde86ed72e015) - ⚙️ **Ruff linter and formatter.** Added Ruff as the Python linter and formatter, replacing the black-based workflow for better code quality with near-instant execution. [#&#8203;22576](https://github.com/open-webui/open-webui/pull/22576), [#&#8203;22462](https://github.com/open-webui/open-webui/discussions/22462) - 🖥️ **Offline code formatting support.** The black formatter for Python code editing is now bundled locally in the Docker image, enabling code formatting to work in air-gapped deployments where client browsers cannot reach PyPI. Formatting failures no longer block saves, allowing code to be preserved even when offline. [#&#8203;22509](https://github.com/open-webui/open-webui/issues/22509), [Commit](https://github.com/open-webui/open-webui/commit/8507e5eb0d18896f1bbf990a00a4361aec171a30) - ✏️ **Markdown file editing.** Users can now edit and save Markdown files directly in the file navigator, with empty files automatically switching to editor mode for immediate editing. [Commit](https://github.com/open-webui/open-webui/commit/47e47e42af682e7f75c8359999f7cdf969bf903e) - 🍔 **Model bulk actions menu.** Users can now quickly enable, disable, show, or hide multiple models at once using a new hamburger menu on the workspace Models page filter bar, with actions respecting the current search and filter settings. [#&#8203;22484](https://github.com/open-webui/open-webui/pull/22484) - 📂 **Files list pagination.** The files list API now supports pagination, returning paginated results with a total count for easier navigation through large file collections. [Commit](https://github.com/open-webui/open-webui/commit/f9756de693a93e918c037d757afddb7defc847e4) - 🖇 **Web fetch content length config.** Administrators can now configure the maximum characters to return from fetched URLs via WEB\_FETCH\_MAX\_CONTENT\_LENGTH environment variable or the admin settings page, instead of the previous hardcoded 50K limit. [Commit](https://github.com/open-webui/open-webui/commit/b171b0216b916745420c7caf513093a315ed9560), [#&#8203;22774](https://github.com/open-webui/open-webui/issues/22774) - 🤖 **Ollama Anthropic endpoint support.** The Ollama proxy now supports the Anthropic-compatible /v1/messages endpoint, allowing clients using the Anthropic API format to work through Open WebUI with proper authentication and model access controls. [Commit](https://github.com/open-webui/open-webui/commit/f23296b22d3304e5bfcd19151e5802eec55bd98f), [#&#8203;22861](https://github.com/open-webui/open-webui/issues/22861) - 📝 **Writing block rendering.** Responses from OpenAI models that include :::writing blocks are now rendered as formatted content in a styled container with a copy button, instead of displaying raw marker text. [#&#8203;22672](https://github.com/open-webui/open-webui/issues/22672), [Commit](https://github.com/open-webui/open-webui/commit/53b8a1f71bd0cb0a0122175ad5210da492018728) - 💡 **Memory deletion confirmation.** Users are now asked to confirm before deleting individual memory entries, with the memory content displayed for review. [#&#8203;22888](https://github.com/open-webui/open-webui/pull/22888) - 📓 **Multi-artifact HTML rendering.** Code blocks with multiple HTML sections now render as separate artifacts instead of merging into one, allowing models to display distinct interactive components. [Commit](https://github.com/open-webui/open-webui/commit/9a6bf78e14a13864e72db87426da4f5996abe716) - 🚩 **Drag chats as references.** Users can now drag chats from the sidebar and drop them into the message input to add them as Reference Chats. [Commit](https://github.com/open-webui/open-webui/commit/ebb7ce2092efc8d78da4974623647dbd18b6e372) - ⌨️ **Terminal system prompts.** Terminal servers can now provide custom system prompts that are automatically included when their tools are used. [Commit](https://github.com/open-webui/open-webui/commit/6a9d67b5bb4c93fd343b334bee3e37703dff59f6) - 💾 **Terminal state persistence.** The selected terminal server and its enabled state now persist across page loads, making terminal usage more seamless. [Commit](https://github.com/open-webui/open-webui/commit/d577ff1e4af750dda09e558dac7edb8dd2470850) - 💾 **Terminal folder downloads.** Users can now download folders as ZIP archives and bulk-download multiple selected files as a single ZIP directly from the File Navigator toolbar, making file exports faster and more convenient. [Commit](https://github.com/open-webui/open-webui/commit/3841e85abb3ea3e8d8b364dff0102f0124844d22), [Commit](https://github.com/open-webui/open-webui/commit/cf60b1882f1929200649b59f867289dea54e4210) - 🔐 **MCP OAuth 2.1 static credentials.** MCP servers that require static client\_id and client\_secret can now be connected using a new OAuth 2.1 Static auth type, enabling integration with MCP servers that don't support dynamic client registration. [#&#8203;22266](https://github.com/open-webui/open-webui/pull/22266), [Commit](https://github.com/open-webui/open-webui/commit/601bb783587a3e965cf88c148e4856b988655b13) - 🎪 **Collapsible tool and thinking groups.** Consecutive tool calls and reasoning blocks are now grouped into a single collapsible summary (e.g., "Explored tool1, tool2"), keeping chat responses clean and readable while preserving full detail on expand. [#&#8203;21604](https://github.com/open-webui/open-webui/issues/21604), [Commit](https://github.com/open-webui/open-webui/commit/261aec8c864646eb7215be0d5c14a79cad3cb93f) - 🔄 **General improvements.** Various improvements were implemented across the application to enhance performance, stability, and security. - 🌐 Translations for Finnish, Portuguese (Portugal), Catalan, Turkish, Japanese, Simplified Chinese, Traditional Chinese, Estonian, Spanish, Azerbaijani, and German were enhanced and expanded. ##### Fixed - 🔒 **Model access control bypass.** Fixed a security vulnerability where external clients could bypass model access controls by setting a URL parameter, preventing unauthorized access to restricted models. [Commit](https://github.com/open-webui/open-webui/commit/c0385f60ba049da48d2d5452068586d375303c37) - 🛡️ **Terminal proxy path sanitization.** The terminal server proxy now properly sanitizes paths to prevent directory traversal and SSRF attacks, protecting against security vulnerabilities. [Commit](https://github.com/open-webui/open-webui/commit/f9d38a073fae32032ed44073cf2817cba20210bb) - 🛡️ **Tool configuration access control.** Tool configuration endpoints now properly verify user permissions, preventing unauthorized access to tool settings. [Commit](https://github.com/open-webui/open-webui/commit/bc5b3ec6b8ec0fef894eb8046c636ee33688b8c4) - 🗝️ **Tool valves access control.** The tool user valves endpoints now properly verify ownership and access grants before returning or updating configuration, with appropriate 404 responses for missing tools and 401 for unauthorized access. [Commit](https://github.com/open-webui/open-webui/commit/f949d17db1e62e0b79aecbbcbcabe3d57d8d4af6) - 🔐 **Collaborative document authorization.** Fixed a security vulnerability in collaborative documents where authorization could be bypassed using alternative document ID formats, preventing unauthorized access to notes. [Commit](https://github.com/open-webui/open-webui/commit/3107a5363d13c899a995c930cbb1121a80f754f9) - 🔏 **OAuth session persistence.** Users logging in via OAuth or OIDC providers now stay logged in for the configured JWT expiry duration instead of being logged out when closing the browser. [#&#8203;22809](https://github.com/open-webui/open-webui/pull/22809) - 🚪 **OAuth sub claim configuration crash.** Using the OAUTH\_SUB\_CLAIM environment variable no longer causes crashes during token exchange requests, fixing a missing configuration registration. [#&#8203;22865](https://github.com/open-webui/open-webui/pull/22865) - 🔍 **OAuth discovery header parsing.** The OAuth protected resource discovery now correctly handles both quoted and unquoted values in the WWW-Authenticate header, fixing compatibility with MCP servers that return unquoted metadata. [#&#8203;22646](https://github.com/open-webui/open-webui/discussions/22646), [Commit](https://github.com/open-webui/open-webui/commit/fe7e002fea7283abcf901e22de5c8a7d86e336ea) - 👤 **Admin OAuth group sync.** Admin user group memberships from OAuth and LDAP providers are now properly synced to Open WebUI, fixing a limitation where admin role excluded users from group updates. [#&#8203;22537](https://github.com/open-webui/open-webui/pull/22537), [Commit](https://github.com/open-webui/open-webui/commit/a1aceb5f879abd130ef83085d98a0d51316a8fc3) - 🎫 **Password change complexity validation.** Password complexity rules are now properly enforced when users change their password, closing a security gap where new passwords could bypass configured complexity requirements. [Commit](https://github.com/open-webui/open-webui/commit/bd8aa3b6a0b6a2320f41b20a51b9842f39aadb7f) - 🔏 **OAuth role enforcement.** OAuth role management now properly denies access when a user's roles don't match any configured OAUTH\_ALLOWED\_ROLES or OAUTH\_ADMIN\_ROLES, instead of silently bypassing the restriction. [#&#8203;13676](https://github.com/open-webui/open-webui/issues/13676), [#&#8203;15551](https://github.com/open-webui/open-webui/issues/15551), [Commit](https://github.com/open-webui/open-webui/commit/6d7744c21903ec5a9ad951770dea76e9ba19cbcc) - 🔑 **Microsoft Entra ID role claim preservation.** Role claims from Microsoft Entra ID tokens are now preserved during OAuth login, fixing ENABLE\_OAUTH\_ROLE\_MANAGEMENT for Microsoft OAuth which was previously ignored because the userinfo endpoint stripped the roles claim. [#&#8203;20518](https://github.com/open-webui/open-webui/issues/20518), [Commit](https://github.com/open-webui/open-webui/commit/aa2f7fbe5229c3985ce427602069cdeababda481) - 🔍 **SCIM group filtering.** The SCIM endpoint now properly handles displayName and externalId filters when provisioning groups from identity providers like Microsoft Entra ID, preventing all groups from being returned instead of the filtered subset. [#&#8203;21543](https://github.com/open-webui/open-webui/pull/21543) - 🔐 **Forwarded allow IPs configuration.** The FORWARDED\_ALLOW\_IPS environment variable is now properly respected by the startup scripts instead of being hardcoded to '\*', allowing administrators to restrict which proxies are trusted for request forwarding. [#&#8203;22539](https://github.com/open-webui/open-webui/issues/22539), [Commit](https://github.com/open-webui/open-webui/commit/0aebdd5f83cd1d811009edcbb2bec432a34e7c81) - 🍪 **Model list auth cookie forwarding.** Model list requests to backends that require cookie-based authentication now properly forward auth headers and cookies, preventing "Unauthorized" errors when loading models. [Commit](https://github.com/open-webui/open-webui/commit/76ece4049e96bd6890593f17a946a9af6b082fab) - 🔱 **Model lookup race condition.** Fixed a race condition in Redis model storage that caused intermittent "model not found" errors in multi-replica deployments under heavy load, by eliminating the window between hash deletion and updates. [Commit](https://github.com/open-webui/open-webui/commit/ee901fcd2ca82d7a7dad48170c64df782d3e040a) - 🎚️ **Bulk model action reliability.** Bulk enable, disable, show, and hide operations in the admin Models settings now properly refresh the model list after completion, ensuring changes are reflected immediately and correct toast notifications are shown. [#&#8203;22962](https://github.com/open-webui/open-webui/pull/22962), [Commit](https://github.com/open-webui/open-webui/commit/75932be880f3b86f78f00b4352b9f1350b8f53fa), [Commit](https://github.com/open-webui/open-webui/commit/15ae3f588b1aa4ddb686ae68afebd6064036a201) - 🔄 **Paginated list duplicates.** Fixed duplicate items appearing in paginated lists when loading more items in chats, knowledge, notes, and search across the UI. [Commit](https://github.com/open-webui/open-webui/commit/58e78e8946fb3644107489fe8e01b17709302b2f) - 🧽 **Duplicate chat list refresh.** Sending messages no longer triggers duplicate sidebar chat list refreshes, eliminating an unnecessary database query that was already handled by the save and completion handlers. [#&#8203;22982](https://github.com/open-webui/open-webui/pull/22982) - 🧹 **Chat history save optimization.** The chat list is no longer refreshed on every chat history save, branch navigation, or edit — only on meaningful state changes like new chat creation, title generation, and response completion. [#&#8203;22983](https://github.com/open-webui/open-webui/pull/22983) - 💬 **Message queue responsiveness.** The message queue no longer waits for background tasks like title generation and follow-up suggestions to complete, allowing users to send new messages immediately after a response finishes without unnecessary delays. [Commit](https://github.com/open-webui/open-webui/commit/486c004cbb43f15d5c3e31561f51f22effff1f6c), [#&#8203;22565](https://github.com/open-webui/open-webui/issues/22565) - 🗄️ **Migration reliability.** Database migrations no longer fail when chat data has unexpected format, making upgrades more reliable. [#&#8203;22588](https://github.com/open-webui/open-webui/pull/22588), [#&#8203;22568](https://github.com/open-webui/open-webui/issues/22568) - 🫧 **Memory modal event bubbling.** Fixed an issue where clicking the Delete button in the Memory management modal would also open the Edit Memory modal due to event bubbling. [#&#8203;22783](https://github.com/open-webui/open-webui/issues/22783) - 🧩 **Memory tool registration.** Models with capabilities.memory: true now correctly have memory tools available for execution, fixing a retry loop where add\_memory appeared in the tool schema but was not registered for backend execution. [#&#8203;22666](https://github.com/open-webui/open-webui/issues/22666), [#&#8203;22675](https://github.com/open-webui/open-webui/pull/22675), [Commit](https://github.com/open-webui/open-webui/commit/d9339919046c3e977f313f603782d220aab4257f) - 📝 **Input variables modal crash.** Fixed a crash that occurred when selecting custom prompts with prompt variables, causing the Input Variables modal to display an infinite loading spinner instead of the variable input fields. [#&#8203;22748](https://github.com/open-webui/open-webui/issues/22748), [Commit](https://github.com/open-webui/open-webui/commit/0dcd6ac983bede06b8477179192154467f5b24a2) - 🪛 **Function list API crash fix.** Fixed a 500 error on the functions list API endpoint that was introduced by the recent optimization, by adding proper model configuration for SQLAlchemy ORM objects. [#&#8203;22924](https://github.com/open-webui/open-webui/pull/22924) - 🗂️ **Sidebar chat menu closure.** Sidebar chat dropdown menus now close properly after clicking "Clone", "Share", "Download", "Rename", "Pin", "Move", "Archive", or "Delete", instead of remaining visible. [#&#8203;22884](https://github.com/open-webui/open-webui/pull/22884), [#&#8203;22784](https://github.com/open-webui/open-webui/issues/22784) - 🧭 **Chat deletion and archive redirection.** Users are now redirected to the chat list when deleting or archiving the currently active chat, instead of being left on a stale chat page. [#&#8203;22755](https://github.com/open-webui/open-webui/pull/22755) - 🚩 **User menu navigation fix.** Clicking Playground or Admin Panel from the user menu now uses client-side routing instead of causing full page reloads, restoring smooth SPA navigation. [Commit](https://github.com/open-webui/open-webui/commit/7ffcd3908ee90f88a4c4684d6cd6e75efd117461) - 🔧 **Tool server connection persistence.** Fixed a bug where tool server connection updates were not being saved to persistent storage, ensuring OAuth client information is now properly preserved. [Commit](https://github.com/open-webui/open-webui/commit/b8ea267f8ec3931de55db7801156b9c07d3ad5f6) - 🔩 **Tool server index bounds checking.** Tool servers with invalid indices no longer crash the application with IndexError after upgrades, preventing tool server configuration loss. [#&#8203;22490](https://github.com/open-webui/open-webui/issues/22490), [Commit](https://github.com/open-webui/open-webui/commit/8da29566a1f81c38e80009bdea3ce4d9be860605) - 🔌 **Tool server frontend timeout.** Fetch requests to external tool servers now time out after 10 seconds, preventing the UI from hanging indefinitely when a configured tool server is unreachable. [#&#8203;22543](https://github.com/open-webui/open-webui/issues/22543), [Commit](https://github.com/open-webui/open-webui/commit/adf7af34ff934319a35470c572237d2d08f1de0b) - 🔌 **MCP OAuth tool auto-selection.** MCP tools requiring OAuth authentication are now automatically re-selected after completing the auth flow, instead of leaving users to manually re-enable the tool on return to the chat. [#&#8203;22994](https://github.com/open-webui/open-webui/issues/22994), [#&#8203;22995](https://github.com/open-webui/open-webui/pull/22995), [Commit](https://github.com/open-webui/open-webui/commit/4d50001c4192c609b1010626ebb6496692823873) - 🏷️ **Channel @&#8203;mentions.** Direct connection models no longer appear in channel @&#8203;mention suggestions, preventing confusion since they don't work in channels. [#&#8203;22553](https://github.com/open-webui/open-webui/issues/22553), [Commit](https://github.com/open-webui/open-webui/commit/0a87c1ecd078320a08c4cc62d41fe8727fb3b5f7) - 📎 **Channel message attachments.** Users can now press Enter to send messages with only file or image attachments in channels, direct messages, and threads, aligning with the behavior of the Send button. [#&#8203;22752](https://github.com/open-webui/open-webui/pull/22752) - 🗣️ **Image-only message handling.** Models like Gemini and Claude no longer fail when receiving messages with only file or image attachments and no text, by stripping empty text content blocks before sending to the API. [Commit](https://github.com/open-webui/open-webui/commit/ea515fa26e11faac146c48a5e3a2a284e1792bb3), [#&#8203;22880](https://github.com/open-webui/open-webui/issues/22880) - 🧹 **Channel thread sidebar cleanup.** The thread sidebar in channels and direct messages now automatically closes when the parent message is deleted, preventing orphaned threads. [#&#8203;22890](https://github.com/open-webui/open-webui/pull/22890) - 💡 **Chat input suggestion modal.** The suggestion modal for tags, mentions, and commands now correctly reappears when backspacing into a trigger character after it was dismissed. [#&#8203;22899](https://github.com/open-webui/open-webui/pull/22899) - ⏱️ **Chat action button timing.** Action buttons under assistant messages no longer appear prematurely when switching chats while a response is still streaming. [Commit](https://github.com/open-webui/open-webui/commit/ecba37070d6eb3cb033195a070b6c4ab5f396415), [#&#8203;22891](https://github.com/open-webui/open-webui/issues/22891) - 💬 **Skill and model mention persistence.** Skills selected via $ and models selected via @&#8203; in the chat input are now properly restored after a page refresh, instead of reverting to plain text while losing their interactive state. [#&#8203;22913](https://github.com/open-webui/open-webui/issues/22913), [Commit](https://github.com/open-webui/open-webui/commit/be21db706993c0db95ac09509dfdb023de64daff) - 🧹 **Webhook profile image errors.** Fixed 404 errors appearing in the browser console when scrolling through channel messages sent by webhooks, by skipping the user profile preview for webhook senders. [#&#8203;22893](https://github.com/open-webui/open-webui/pull/22893) - 🧮 **Logit bias parameter handling.** Using logit\_bias parameters no longer causes errors when the input is already in dictionary format. [#&#8203;22597](https://github.com/open-webui/open-webui/issues/22597), [Commit](https://github.com/open-webui/open-webui/commit/e34ed72e1e958505e940b74bf1c6a4808640bd17) - 🪛 **Temp chat tool calling.** Temporary chats now properly preserve tool call information, fixing native tool calling with JSON schema that was previously broken. [#&#8203;22475](https://github.com/open-webui/open-webui/pull/22475), [Commit](https://github.com/open-webui/open-webui/commit/bcd313c363ca50d71aa80bcb2f29c81fad3dff37) - 🔗 **Multi-system message merging.** Models with strict chat templates like Qwen no longer fail when multiple pipeline stages inject separate system messages, as all system messages are now merged into one at the start. [#&#8203;22505](https://github.com/open-webui/open-webui/issues/22505), [Commit](https://github.com/open-webui/open-webui/commit/631bd20c3537ce85bbaec02f9e0049c88fa8fdd4) - 📜 **Public note access.** Opening public notes via direct share link no longer returns a 500 error caused by a missing function import. [#&#8203;22680](https://github.com/open-webui/open-webui/issues/22680), [Commit](https://github.com/open-webui/open-webui/commit/566e25569e5e7d9c1e42db840ba4ba578887d208) - 👤 **Terminal access user visibility.** The terminal connection access dialog now shows the currently logged-in user when searching for users to grant access, fixing an issue where users with identical display names were filtered incorrectly. [#&#8203;22491](https://github.com/open-webui/open-webui/issues/22491), [Commit](https://github.com/open-webui/open-webui/commit/4a8f995c3fd4602ec2aaccc07efc4e8504dda84d) - 👥 **User groups display.** User groups in the admin panel profile preview now wrap properly instead of overflowing horizontally, with a scrollbar when the list is long. [#&#8203;22547](https://github.com/open-webui/open-webui/pull/22547) - 🔧 **Model list drag-and-drop.** Fixed drag-and-drop reordering of models in admin settings, preventing UI glitches and state synchronization issues. [Commit](https://github.com/open-webui/open-webui/commit/753589e51ccbbe5c4f78a7d13e19c67e6c0000d7) - 🖼️ **Model profile image fallbacks.** Model profile images now display a fallback icon when they fail to load, and model icons no longer disappear on paginated Models pages in admin and workspace settings. [#&#8203;22485](https://github.com/open-webui/open-webui/pull/22485) - 🖼️ **Profile image fallbacks.** Added fallback handlers for model and user profile images throughout the chat interface, preventing broken image icons when avatars fail to load. [#&#8203;22486](https://github.com/open-webui/open-webui/pull/22486) - 🧲 **RAG thinking model support.** Knowledge base queries now correctly parse JSON responses from thinking models like GLM-5 and DeepSeek-R1 by stripping their reasoning blocks before JSON extraction. [#&#8203;22400](https://github.com/open-webui/open-webui/pull/22400) - 🔍 **RAG query generation robustness.** The RAG query generation, web search, and image generation handlers now correctly extract JSON from model responses containing thinking tags by finding the last JSON block instead of the first, preventing "No sources found" errors with thinking models. [#&#8203;21888](https://github.com/open-webui/open-webui/issues/21888), [Commit](https://github.com/open-webui/open-webui/commit/c0fcbc5b4cb29012e2913983c632edc5d24b9aea) - 🔍 **Ollama embedding robustness.** Ollama embedding requests now include the truncate parameter to handle inputs exceeding the context window, preventing 500 errors when processing long documents. Error messages from failed embedding requests are also now properly surfaced instead of being silently swallowed. [#&#8203;22671](https://github.com/open-webui/open-webui/issues/22671), [Commit](https://github.com/open-webui/open-webui/commit/d738044f47c70c755bec9bf244aa11878fe98d9c) - 🔄 **Ollama embedding retry logic.** Embedding requests to Ollama now retry with exponential backoff when encountering 503 errors (such as when the model reloads mid-processing), preventing files from being silently dropped from knowledge bases. [#&#8203;22571](https://github.com/open-webui/open-webui/issues/22571), [Commit](https://github.com/open-webui/open-webui/commit/8b6fa1f4ab6099a305de08706621075c205f65c4) - 🗄️ **Oracle 23AI hybrid search.** Fixed an UnboundLocalError that occurred when using hybrid search with Oracle 23AI as the vector store, preventing knowledge base queries from failing. [Commit](https://github.com/open-webui/open-webui/commit/fcf720835285a4cea10fc1ebed0b454971463b20), [#&#8203;22616](https://github.com/open-webui/open-webui/issues/22616) - 🧩 **MCP integration visibility.** MCP (Streamable HTTP) integrations are now hidden from user-level settings, matching the intended behavior where only administrators can configure MCP connections through the admin panel. User-level connections now show the connection type as read-only. [#&#8203;22615](https://github.com/open-webui/open-webui/issues/22615), [Commit](https://github.com/open-webui/open-webui/commit/1eef5b4f6a718c0fcf3605f1ed62669aca07b454) - 🌐 **Dynamic HTML language attribute.** The HTML lang attribute now dynamically updates when users change their interface language, preventing browsers from triggering unwanted translation popups. [Commit](https://github.com/open-webui/open-webui/commit/de5e0fbc00e7abcd84e1272c301b0707f8ea5ac6) - 📐 **File upload deduplication.** Attaching files that are already in the chat no longer triggers duplicate uploads. [Commit](https://github.com/open-webui/open-webui/commit/10f06a64fed474e9958b96295a953e0eebf9e4be) - 🕵️ **Serper.dev search results.** Fixed web search results not displaying properly when using the Serper.dev provider by using the correct API response field. [#&#8203;22869](https://github.com/open-webui/open-webui/pull/22869) - 🔲 **Markdown task list checkbox styling.** Fixed task list checkboxes in markdown rendering to display consistently without shrinking in narrow layouts. [#&#8203;22886](https://github.com/open-webui/open-webui/pull/22886) - 🎨 **Artifacts sidebar tab background fix.** The Artifacts sidebar now correctly updates and displays when switching back to a browser tab that was in the background, ensuring artifacts are visible without requiring a manual refresh. [#&#8203;22889](https://github.com/open-webui/open-webui/issues/22889) - 🔃 **Chat input URL indexing fix.** Fixed an issue where URLs could be indexed twice when using multiple triggers followed by backspace and re-entering a URL. [#&#8203;22749](https://github.com/open-webui/open-webui/issues/22749) - 🔎 **Search modal chat preview avatars.** Fixed assistant profile images not displaying in the chat preview pane of the Search Modal. [#&#8203;22782](https://github.com/open-webui/open-webui/pull/22782) - 📋 **Prompts search pagination fix.** Fixed a bug where searching prompts from a paginated page would incorrectly use the current page number, resulting in "No prompts found" even when matching results existed. [#&#8203;22912](https://github.com/open-webui/open-webui/pull/22912) - 🗂️ **Reasoning block copy cleanup.** Copied chat responses no longer include reasoning block content or excess whitespace, ensuring only the intended message text is captured. [#&#8203;22786](https://github.com/open-webui/open-webui/issues/22786), [Commit](https://github.com/open-webui/open-webui/commit/4f0e57420154800946394bc986b2c691462b2782) - 🔤 **Emoji removal for text normalization.** Fixed the emoji removal function used in search and title generation to correctly handle all emoji types, including those with variation selectors (❤️, ☀️, ✅), keycap sequences (1️⃣), and ZWJ family sequences (👨‍👩‍👧‍👦). [#&#8203;22915](https://github.com/open-webui/open-webui/pull/22915) - ⏹️ **Task cancellation status tracking.** Cancelled tasks now correctly mark only the affected messages as done instead of clearing all task statuses for the chat, ensuring proper status tracking when multiple messages have pending tasks. [#&#8203;22743](https://github.com/open-webui/open-webui/pull/22743) - 🎨 **Filter icon display fix.** Fixed filter icons showing the wrong icon after removing one of multiple active filters below the chat input. [#&#8203;22862](https://github.com/open-webui/open-webui/pull/22862) - 📊 **Channel message data loading.** Fixed redundant 404 API calls that occurred when rendering channel messages, preventing unnecessary requests and console errors. [#&#8203;22894](https://github.com/open-webui/open-webui/pull/22894) - 👻 **Response message skeleton display.** Fixed an issue where the skeleton loader would incorrectly show or hide based on complex status history conditions, by extracting the visibility logic into a cleaner reactive variable. [Commit](https://github.com/open-webui/open-webui/commit/5df4277216fbb9de603fdf4289f8366292568234) - 🐛 **Shared chat viewing crash.** Shared chats can now be viewed by unauthenticated users without crashing, with proper fallback handling for missing user profile information. [#&#8203;22751](https://github.com/open-webui/open-webui/pull/22751), [#&#8203;22742](https://github.com/open-webui/open-webui/issues/22742) - 🛠️ **Plugin ID sanitization.** Creating Functions or Tools with emojis or special characters in their names now generates valid IDs that pass backend validation, instead of failing with an error. [#&#8203;22695](https://github.com/open-webui/open-webui/pull/22695) - 📋 **Chat title preservation.** Regenerating responses or using branches no longer overwrites user-specified chat titles when auto-naming is disabled, by checking the full chat message count instead of just the current branch. [#&#8203;22754](https://github.com/open-webui/open-webui/pull/22754) - 🎧 **Read Aloud in chat preview.** The Read Aloud button in the Search Chats modal preview no longer causes crashes, and TTS functionality is now properly hidden in read-only chat contexts. [Commit](https://github.com/open-webui/open-webui/commit/d8fa0f426a88f5c27b3216b7db35e1db47bbba28) - 📡 **Heartbeat event loop blocking.** The WebSocket heartbeat handler no longer blocks the event loop when updating user activity, improving responsiveness under heavy load with many concurrent connections. [#&#8203;22980](https://github.com/open-webui/open-webui/pull/22980) - 🗝️ **Message upsert API reliability.** The message upsert API endpoint no longer crashes when called, fixing an error where a database session was incorrectly passed to a function that doesn't accept it. [#&#8203;22959](https://github.com/open-webui/open-webui/issues/22959), [Commit](https://github.com/open-webui/open-webui/commit/70285fb6cad26b50d783583b68be5227ace16055) - 🔓 **Forward auth proxy compatibility.** Fixed error pages that could appear when using authenticating reverse-proxies by properly handling 401 responses from background API requests, allowing the browser to re-authenticate with the identity provider. [#&#8203;22942](https://github.com/open-webui/open-webui/pull/22942) - 🔃 **Tool call streaming display.** Sequential tool calls are now properly accumulated during streaming, fixing an issue where completed tool calls could disappear from the display before the next tool call finished streaming. [Commit](https://github.com/open-webui/open-webui/commit/a9c5c787b9f6b10491924d38645042064b3c941e) - 🧠 **Reasoning spinner content preservation.** Prior assistant content and tool call blocks no longer disappear during the reasoning spinner when responding after tool execution. [#&#8203;23001](https://github.com/open-webui/open-webui/pull/23001) - 🖥️ **Pyodide file list refresh.** Files created or modified during manual code execution now appear immediately in the pyodide files list without requiring a browser tab refresh. [Commit](https://github.com/open-webui/open-webui/commit/5c4062c64841974bf193ff321d92d10f28a09746) - 🖱️ **Dropdown submenu hover stability.** Secondary hover menus like Download and Move now remain open while navigating into them, fixing an issue where an 8px gap between the trigger and submenu would cause the menu to disappear before a selection could be made. [#&#8203;22744](https://github.com/open-webui/open-webui/issues/22744), [Commit](https://github.com/open-webui/open-webui/commit/cffbc3558e911abd6c4780cd028794b2f7282cd7) - 📊 **Model tag normalization.** Model tags from backends that return them as string arrays are now properly normalized to object format, preventing crashes when filtering models by tag in the admin and workspace models pages. [#&#8203;20819](https://github.com/open-webui/open-webui/issues/20819), [Commit](https://github.com/open-webui/open-webui/commit/90ca2e9b0f15cc9be7cf298fbefacaa45074cae9) - 🎯 **Arena model sub-model settings.** Arena models now properly use the selected sub-model's settings — including RAG knowledge bases, web access, code interpreter, and tool capabilities — instead of the arena wrapper's empty defaults. [#&#8203;16950](https://github.com/open-webui/open-webui/issues/16950), [Commit](https://github.com/open-webui/open-webui/commit/857d7e6f373d26a7a8989417c3a7fe99cdc03f20) - 🧩 **Model editor default metadata.** The Model Editor now loads admin-configured default model metadata instead of hardcoded values, preventing admin defaults from being silently overwritten when users save models without realizing they were overriding system-wide settings. [#&#8203;22996](https://github.com/open-webui/open-webui/issues/22996), [Commit](https://github.com/open-webui/open-webui/commit/cdc2b3bf850044051aafcd46f22fb25a1899788c) - ✏️ **Rich text paste sanitization.** Copying and pasting text with HTML characters (like `<` or `>`) no longer corrupts the editor content, as the paste handler now properly escapes HTML entities before processing mentions and special syntax. [Commit](https://github.com/open-webui/open-webui/commit/94f877ff328d410339308ad2c566c9afcdf43014) ##### Changed - 🪝 **User webhooks disabled by default.** User webhook notifications are now disabled by default and properly gated by the ENABLE\_USER\_WEBHOOKS configuration, ensuring webhooks only fire when explicitly enabled. [Commit](https://github.com/open-webui/open-webui/commit/c24a4da17dbaddf47e2e0f865c1d602d0ff36ee6) - 🧲 **Web search result limit.** The configured web search result count now acts as a maximum limit, preventing models from requesting more results than administrators allow. [#&#8203;22577](https://github.com/open-webui/open-webui/pull/22577) ### [`v0.8.11`](https://github.com/open-webui/open-webui/blob/HEAD/CHANGELOG.md#0811---2026-03-25) [Compare Source](https://github.com/open-webui/open-webui/compare/v0.8.10...v0.8.11) ##### Added - 🔀 **Responses API streaming improvements.** The OpenAI proxy now properly handles tool call streaming and re-invocations in the Responses API, preventing duplicate tool calls and preserving output during model re-invocations. [Commit](https://github.com/open-webui/open-webui/commit/93415a48e8893139db13d02d0a6d24e8604a2ac5), [Commit](https://github.com/open-webui/open-webui/commit/f8b3a32caf00dad76687fd8fe698b86f304f3997), [Commit](https://github.com/open-webui/open-webui/commit/2ae47cf20057e92a83fd618b938f3ee9bb124e5b), [Commit](https://github.com/open-webui/open-webui/commit/adcbba34f8bbfbab3e4041269a084f2b71c076d9) - 🔀 **Responses API stateful sessions.** Administrators can now enable experimental stateful session support via the ENABLE\_RESPONSES\_API\_STATEFUL environment variable, allowing compatible backends to store responses server-side with previous\_response\_id anchoring for improved multi-turn conversations. [Commit](https://github.com/open-webui/open-webui/commit/dfc2dc2c0bd298cb4bfcf212ef11223586aa54f1) - 📄 **File viewing pagination.** The view\_file and view\_knowledge\_file tools now support pagination with offset and max\_chars parameters, allowing models to read large files in chunks. [Commit](https://github.com/open-webui/open-webui/commit/5d7766e1b6f7ca7749c5a5a780d7b1bb2da28a2f) - 🗺️ **Knowledge search scoping.** The search\_knowledge\_files tool now respects model-attached knowledge, searching only within attached knowledge bases and files when available. [Commit](https://github.com/open-webui/open-webui/commit/0f0ba7dadd043460d205477fd3b57556aa970847) - 🛠️ **Tool HTML embed context.** Tools can now return custom context alongside HTML embeds by using a tuple format, providing the LLM with actionable information instead of a generic message. [#&#8203;22691](https://github.com/open-webui/open-webui/pull/22691) - 🔒 **Trusted role header configuration.** Administrators can now configure the WEBUI\_AUTH\_TRUSTED\_ROLE\_HEADER environment variable to set user roles (admin, user, or pending) via a trusted header from their identity provider or reverse proxy. [#&#8203;22523](https://github.com/open-webui/open-webui/pull/22523) - 🔑 **OIDC authorization parameter injection.** Administrators can now inject extra parameters into the OIDC authorization redirect URL via the OAUTH\_AUTHORIZE\_PARAMS environment variable, enabling IdP pre-selection for brokers like CILogon and Keycloak. [#&#8203;22863](https://github.com/open-webui/open-webui/issues/22863), [Commit](https://github.com/open-webui/open-webui/commit/69171a4c8bb7f995461b4a2feef194f112b32004) - 🔑 **Google OAuth session persistence.** Administrators can now configure Google OAuth to issue refresh tokens via the GOOGLE\_OAUTH\_AUTHORIZE\_PARAMS environment variable, preventing OAuth sessions from expiring after one hour and ensuring tools and integrations that rely on OAuth tokens remain functional. [#&#8203;22652](https://github.com/open-webui/open-webui/pull/22652) - 🔌 **Embed prompt confirmation.** Interactive tool embeds can now submit prompts to the chat without requiring same-origin access, showing a confirmation dialog for cross-origin requests to prevent abuse. [#&#8203;22908](https://github.com/open-webui/open-webui/pull/22908) - 🏮 **Tool binary response handling.** Tool servers can now return binary data such as images, which are properly processed and displayed in chat for both multimodal and non-multimodal models. [Commit](https://github.com/open-webui/open-webui/commit/1c25b06dca83ad491b4dc3d373b1c215a7a8fd3e), [Commit](https://github.com/open-webui/open-webui/commit/108a019cb8e63a533250abe84f2b6f2b7c2131c4) - ⚡ **Svelte upgrade performance.** Page and markdown rendering are now approximately 25% faster across the board, with significantly less memory usage for smoother UI interactions. [#&#8203;22611](https://github.com/open-webui/open-webui/issues/22611) - 🧩 **Model and filter lookup optimization.** Model and filter membership lookups are now faster thanks to optimized data structure operations during model list loading. [Commit](https://github.com/open-webui/open-webui/commit/7eae377c01f8d2de94a694b72279f769c82658cd) - 💨 **Chat render throttling.** Chat message rendering now uses requestAnimationFrame batching to stay smooth during rapid model responses, preventing dropped frames when fast models send many events per second. [#&#8203;22947](https://github.com/open-webui/open-webui/pull/22947) - 🚀 **Function list API optimization.** The functions list API now returns only essential metadata without function source code, reducing payload sizes by over 99% and making the Functions admin page load significantly faster. [#&#8203;22788](https://github.com/open-webui/open-webui/pull/22788) - ✨ **Smoother loading animation.** The loading shimmer animation now looks smoother and more natural, with softer highlight colors. [#&#8203;22516](https://github.com/open-webui/open-webui/pull/22516) - 🧪 **Terminal connection verification.** Users can now verify their terminal server connection is working before saving the configuration, making setup more reliable. [#&#8203;22567](https://github.com/open-webui/open-webui/pull/22567) - 📁 **Chat folder emoji reset.** Users can now reset chat folder emojis back to the default icon using a "Reset to Default" button in the emoji picker, making it easier to revert custom icons. [#&#8203;22554](https://github.com/open-webui/open-webui/pull/22554) - 📊 **Metrics export interval configuration.** Administrators can now control OpenTelemetry metrics export frequency via the OTEL\_METRICS\_EXPORT\_INTERVAL\_MILLIS environment variable, enabling cost optimization for metrics services like Grafana Cloud. [#&#8203;22529](https://github.com/open-webui/open-webui/pull/22529) - 🏥 **Readiness probe endpoint.** A new /ready endpoint is now available for Kubernetes deployments, returning 200 only after startup completes and database/Redis are reachable, enabling more reliable container orchestration. [#&#8203;22507](https://github.com/open-webui/open-webui/pull/22507) - 🔩 **Tool server timeout configuration.** Administrators can now configure a separate HTTP timeout for tool server requests via the AIOHTTP\_CLIENT\_TIMEOUT\_TOOL\_SERVER environment variable, enabling fine-tuned control over how long tool calls are allowed to take. [Commit](https://github.com/open-webui/open-webui/commit/a3238aa79f344765f5b62cb64eba71ffd001abaf) - 📌 **Knowledge file previews.** Knowledge base files can now be opened in a new tab directly from the file list, making it easier to view content without downloading. [#&#8203;22629](https://github.com/open-webui/open-webui/pull/22629) - 🎯 **Knowledge tool hybrid search support.** The built-in query\_knowledge\_files tool now respects hybrid search and reranking settings, matching the behavior of the middleware RAG pipeline. [Commit](https://github.com/open-webui/open-webui/commit/9a2c60d5954ecbc172d09e9955d52a07d135dcbc) - 🗣️ **Temporary chat folder support.** Temporary chats can now use folder-level system prompts and knowledge files, making them more powerful for quick explorations. [Commit](https://github.com/open-webui/open-webui/commit/adcc50d3370301afd5561e0f58ff6f3ab3750818) - 📡 **Terminal port previews.** Detected ports in the File Navigator can now be previewed inline with a browser-style view, navigation controls, and an address bar, instead of only opening in a new tab. [Commit](https://github.com/open-webui/open-webui/commit/689061822173e561a153290b2bb816f4cb6f4959), [Commit](https://github.com/open-webui/open-webui/commit/1dc647f43b1929f5c4d1af393a90a47f56cb745e) - ✏️ **File renaming.** Files and folders in the File Navigator can now be renamed by double-clicking or using the context menu, with Enter to confirm and Escape to cancel. [Commit](https://github.com/open-webui/open-webui/commit/637cd136c2271baf4787815bc8bc25241626a943) - 🧭 **File Navigator navigation history.** The File Navigator toolbar now includes Back and Forward buttons for navigating through folder and file history, similar to a web browser. [Commit](https://github.com/open-webui/open-webui/commit/3a4b862e818c69fff6f3a3c67b50c51aa00c03e9) - 🗑️ **Delete connection confirmations.** Users are now prompted with a confirmation dialog before deleting connections, preventing accidental deletions. [Commit](https://github.com/open-webui/open-webui/commit/157ff57c40bc40c53bc608828dac3779e95c2ffa) - 📦 **Document loader fallbacks.** Excel and PowerPoint files can now be processed even when the unstructured package is not installed, using pandas and python-pptx as fallback loaders. [Commit](https://github.com/open-webui/open-webui/commit/6862d618ee17f95d3cae78819ed993e7fbc7e632) - 🧠 **Memory management search and sort.** Users can now search and sort their personal memories in the Memory management modal, making it easier to find specific memories. [Commit](https://github.com/open-webui/open-webui/commit/47ab4c71d50fd631b04c95f2febb085dd0a13083) - 📦 **SBOM generation script.** A new script for generating CycloneDX Software Bill of Materials is now available in the scripts directory. [Commit](https://github.com/open-webui/open-webui/commit/39100eca4915e4fe86a6912aa97dde86ed72e015) - ⚙️ **Ruff linter and formatter.** Added Ruff as the Python linter and formatter, replacing the black-based workflow for better code quality with near-instant execution. [#&#8203;22576](https://github.com/open-webui/open-webui/pull/22576), [#&#8203;22462](https://github.com/open-webui/open-webui/discussions/22462) - 🖥️ **Offline code formatting support.** The black formatter for Python code editing is now bundled locally in the Docker image, enabling code formatting to work in air-gapped deployments where client browsers cannot reach PyPI. Formatting failures no longer block saves, allowing code to be preserved even when offline. [#&#8203;22509](https://github.com/open-webui/open-webui/issues/22509), [Commit](https://github.com/open-webui/open-webui/commit/8507e5eb0d18896f1bbf990a00a4361aec171a30) - ✏️ **Markdown file editing.** Users can now edit and save Markdown files directly in the file navigator, with empty files automatically switching to editor mode for immediate editing. [Commit](https://github.com/open-webui/open-webui/commit/47e47e42af682e7f75c8359999f7cdf969bf903e) - 🍔 **Model bulk actions menu.** Users can now quickly enable, disable, show, or hide multiple models at once using a new hamburger menu on the workspace Models page filter bar, with actions respecting the current search and filter settings. [#&#8203;22484](https://github.com/open-webui/open-webui/pull/22484) - 📂 **Files list pagination.** The files list API now supports pagination, returning paginated results with a total count for easier navigation through large file collections. [Commit](https://github.com/open-webui/open-webui/commit/f9756de693a93e918c037d757afddb7defc847e4) - 🖇 **Web fetch content length config.** Administrators can now configure the maximum characters to return from fetched URLs via WEB\_FETCH\_MAX\_CONTENT\_LENGTH environment variable or the admin settings page, instead of the previous hardcoded 50K limit. [Commit](https://github.com/open-webui/open-webui/commit/b171b0216b916745420c7caf513093a315ed9560), [#&#8203;22774](https://github.com/open-webui/open-webui/issues/22774) - 🤖 **Ollama Anthropic endpoint support.** The Ollama proxy now supports the Anthropic-compatible /v1/messages endpoint, allowing clients using the Anthropic API format to work through Open WebUI with proper authentication and model access controls. [Commit](https://github.com/open-webui/open-webui/commit/f23296b22d3304e5bfcd19151e5802eec55bd98f), [#&#8203;22861](https://github.com/open-webui/open-webui/issues/22861) - 📝 **Writing block rendering.** Responses from OpenAI models that include :::writing blocks are now rendered as formatted content in a styled container with a copy button, instead of displaying raw marker text. [#&#8203;22672](https://github.com/open-webui/open-webui/issues/22672), [Commit](https://github.com/open-webui/open-webui/commit/53b8a1f71bd0cb0a0122175ad5210da492018728) - 💡 **Memory deletion confirmation.** Users are now asked to confirm before deleting individual memory entries, with the memory content displayed for review. [#&#8203;22888](https://github.com/open-webui/open-webui/pull/22888) - 📓 **Multi-artifact HTML rendering.** Code blocks with multiple HTML sections now render as separate artifacts instead of merging into one, allowing models to display distinct interactive components. [Commit](https://github.com/open-webui/open-webui/commit/9a6bf78e14a13864e72db87426da4f5996abe716) - 🚩 **Drag chats as references.** Users can now drag chats from the sidebar and drop them into the message input to add them as Reference Chats. [Commit](https://github.com/open-webui/open-webui/commit/ebb7ce2092efc8d78da4974623647dbd18b6e372) - ⌨️ **Terminal system prompts.** Terminal servers can now provide custom system prompts that are automatically included when their tools are used. [Commit](https://github.com/open-webui/open-webui/commit/6a9d67b5bb4c93fd343b334bee3e37703dff59f6) - 💾 **Terminal state persistence.** The selected terminal server and its enabled state now persist across page loads, making terminal usage more seamless. [Commit](https://github.com/open-webui/open-webui/commit/d577ff1e4af750dda09e558dac7edb8dd2470850) - 💾 **Terminal folder downloads.** Users can now download folders as ZIP archives and bulk-download multiple selected files as a single ZIP directly from the File Navigator toolbar, making file exports faster and more convenient. [Commit](https://github.com/open-webui/open-webui/commit/3841e85abb3ea3e8d8b364dff0102f0124844d22), [Commit](https://github.com/open-webui/open-webui/commit/cf60b1882f1929200649b59f867289dea54e4210) - 🔐 **MCP OAuth 2.1 static credentials.** MCP servers that require static client\_id and client\_secret can now be connected using a new OAuth 2.1 Static auth type, enabling integration with MCP servers that don't support dynamic client registration. [#&#8203;22266](https://github.com/open-webui/open-webui/pull/22266), [Commit](https://github.com/open-webui/open-webui/commit/601bb783587a3e965cf88c148e4856b988655b13) - 🎪 **Collapsible tool and thinking groups.** Consecutive tool calls and reasoning blocks are now grouped into a single collapsible summary (e.g., "Explored tool1, tool2"), keeping chat responses clean and readable while preserving full detail on expand. [#&#8203;21604](https://github.com/open-webui/open-webui/issues/21604), [Commit](https://github.com/open-webui/open-webui/commit/261aec8c864646eb7215be0d5c14a79cad3cb93f) - 🔄 **General improvements.** Various improvements were implemented across the application to enhance performance, stability, and security. - 🌐 Translations for Finnish, Portuguese (Portugal), Catalan, Turkish, Japanese, Simplified Chinese, Traditional Chinese, Estonian, Spanish, Azerbaijani, and German were enhanced and expanded. ##### Fixed - 🔒 **Model access control bypass.** Fixed a security vulnerability where external clients could bypass model access controls by setting a URL parameter, preventing unauthorized access to restricted models. [Commit](https://github.com/open-webui/open-webui/commit/c0385f60ba049da48d2d5452068586d375303c37) - 🛡️ **Terminal proxy path sanitization.** The terminal server proxy now properly sanitizes paths to prevent directory traversal and SSRF attacks, protecting against security vulnerabilities. [Commit](https://github.com/open-webui/open-webui/commit/f9d38a073fae32032ed44073cf2817cba20210bb) - 🛡️ **Tool configuration access control.** Tool configuration endpoints now properly verify user permissions, preventing unauthorized access to tool settings. [Commit](https://github.com/open-webui/open-webui/commit/bc5b3ec6b8ec0fef894eb8046c636ee33688b8c4) - 🗝️ **Tool valves access control.** The tool user valves endpoints now properly verify ownership and access grants before returning or updating configuration, with appropriate 404 responses for missing tools and 401 for unauthorized access. [Commit](https://github.com/open-webui/open-webui/commit/f949d17db1e62e0b79aecbbcbcabe3d57d8d4af6) - 🔐 **Collaborative document authorization.** Fixed a security vulnerability in collaborative documents where authorization could be bypassed using alternative document ID formats, preventing unauthorized access to notes. [Commit](https://github.com/open-webui/open-webui/commit/3107a5363d13c899a995c930cbb1121a80f754f9) - 🔏 **OAuth session persistence.** Users logging in via OAuth or OIDC providers now stay logged in for the configured JWT expiry duration instead of being logged out when closing the browser. [#&#8203;22809](https://github.com/open-webui/open-webui/pull/22809) - 🚪 **OAuth sub claim configuration crash.** Using the OAUTH\_SUB\_CLAIM environment variable no longer causes crashes during token exchange requests, fixing a missing configuration registration. [#&#8203;22865](https://github.com/open-webui/open-webui/pull/22865) - 🔍 **OAuth discovery header parsing.** The OAuth protected resource discovery now correctly handles both quoted and unquoted values in the WWW-Authenticate header, fixing compatibility with MCP servers that return unquoted metadata. [#&#8203;22646](https://github.com/open-webui/open-webui/discussions/22646), [Commit](https://github.com/open-webui/open-webui/commit/fe7e002fea7283abcf901e22de5c8a7d86e336ea) - 👤 **Admin OAuth group sync.** Admin user group memberships from OAuth and LDAP providers are now properly synced to Open WebUI, fixing a limitation where admin role excluded users from group updates. [#&#8203;22537](https://github.com/open-webui/open-webui/pull/22537), [Commit](https://github.com/open-webui/open-webui/commit/a1aceb5f879abd130ef83085d98a0d51316a8fc3) - 🎫 **Password change complexity validation.** Password complexity rules are now properly enforced when users change their password, closing a security gap where new passwords could bypass configured complexity requirements. [Commit](https://github.com/open-webui/open-webui/commit/bd8aa3b6a0b6a2320f41b20a51b9842f39aadb7f) - 🔏 **OAuth role enforcement.** OAuth role management now properly denies access when a user's roles don't match any configured OAUTH\_ALLOWED\_ROLES or OAUTH\_ADMIN\_ROLES, instead of silently bypassing the restriction. [#&#8203;13676](https://github.com/open-webui/open-webui/issues/13676), [#&#8203;15551](https://github.com/open-webui/open-webui/issues/15551), [Commit](https://github.com/open-webui/open-webui/commit/6d7744c21903ec5a9ad951770dea76e9ba19cbcc) - 🔑 **Microsoft Entra ID role claim preservation.** Role claims from Microsoft Entra ID tokens are now preserved during OAuth login, fixing ENABLE\_OAUTH\_ROLE\_MANAGEMENT for Microsoft OAuth which was previously ignored because the userinfo endpoint stripped the roles claim. [#&#8203;20518](https://github.com/open-webui/open-webui/issues/20518), [Commit](https://github.com/open-webui/open-webui/commit/aa2f7fbe5229c3985ce427602069cdeababda481) - 🔍 **SCIM group filtering.** The SCIM endpoint now properly handles displayName and externalId filters when provisioning groups from identity providers like Microsoft Entra ID, preventing all groups from being returned instead of the filtered subset. [#&#8203;21543](https://github.com/open-webui/open-webui/pull/21543) - 🔐 **Forwarded allow IPs configuration.** The FORWARDED\_ALLOW\_IPS environment variable is now properly respected by the startup scripts instead of being hardcoded to '\*', allowing administrators to restrict which proxies are trusted for request forwarding. [#&#8203;22539](https://github.com/open-webui/open-webui/issues/22539), [Commit](https://github.com/open-webui/open-webui/commit/0aebdd5f83cd1d811009edcbb2bec432a34e7c81) - 🍪 **Model list auth cookie forwarding.** Model list requests to backends that require cookie-based authentication now properly forward auth headers and cookies, preventing "Unauthorized" errors when loading models. [Commit](https://github.com/open-webui/open-webui/commit/76ece4049e96bd6890593f17a946a9af6b082fab) - 🔱 **Model lookup race condition.** Fixed a race condition in Redis model storage that caused intermittent "model not found" errors in multi-replica deployments under heavy load, by eliminating the window between hash deletion and updates. [Commit](https://github.com/open-webui/open-webui/commit/ee901fcd2ca82d7a7dad48170c64df782d3e040a) - 🎚️ **Bulk model action reliability.** Bulk enable, disable, show, and hide operations in the admin Models settings now properly refresh the model list after completion, ensuring changes are reflected immediately and correct toast notifications are shown. [#&#8203;22962](https://github.com/open-webui/open-webui/pull/22962), [Commit](https://github.com/open-webui/open-webui/commit/75932be880f3b86f78f00b4352b9f1350b8f53fa), [Commit](https://github.com/open-webui/open-webui/commit/15ae3f588b1aa4ddb686ae68afebd6064036a201) - 🔄 **Paginated list duplicates.** Fixed duplicate items appearing in paginated lists when loading more items in chats, knowledge, notes, and search across the UI. [Commit](https://github.com/open-webui/open-webui/commit/58e78e8946fb3644107489fe8e01b17709302b2f) - 🧽 **Duplicate chat list refresh.** Sending messages no longer triggers duplicate sidebar chat list refreshes, eliminating an unnecessary database query that was already handled by the save and completion handlers. [#&#8203;22982](https://github.com/open-webui/open-webui/pull/22982) - 🧹 **Chat history save optimization.** The chat list is no longer refreshed on every chat history save, branch navigation, or edit — only on meaningful state changes like new chat creation, title generation, and response completion. [#&#8203;22983](https://github.com/open-webui/open-webui/pull/22983) - 💬 **Message queue responsiveness.** The message queue no longer waits for background tasks like title generation and follow-up suggestions to complete, allowing users to send new messages immediately after a response finishes without unnecessary delays. [Commit](https://github.com/open-webui/open-webui/commit/486c004cbb43f15d5c3e31561f51f22effff1f6c), [#&#8203;22565](https://github.com/open-webui/open-webui/issues/22565) - 🗄️ **Migration reliability.** Database migrations no longer fail when chat data has unexpected format, making upgrades more reliable. [#&#8203;22588](https://github.com/open-webui/open-webui/pull/22588), [#&#8203;22568](https://github.com/open-webui/open-webui/issues/22568) - 🫧 **Memory modal event bubbling.** Fixed an issue where clicking the Delete button in the Memory management modal would also open the Edit Memory modal due to event bubbling. [#&#8203;22783](https://github.com/open-webui/open-webui/issues/22783) - 🧩 **Memory tool registration.** Models with capabilities.memory: true now correctly have memory tools available for execution, fixing a retry loop where add\_memory appeared in the tool schema but was not registered for backend execution. [#&#8203;22666](https://github.com/open-webui/open-webui/issues/22666), [#&#8203;22675](https://github.com/open-webui/open-webui/pull/22675), [Commit](https://github.com/open-webui/open-webui/commit/d9339919046c3e977f313f603782d220aab4257f) - 📝 **Input variables modal crash.** Fixed a crash that occurred when selecting custom prompts with prompt variables, causing the Input Variables modal to display an infinite loading spinner instead of the variable input fields. [#&#8203;22748](https://github.com/open-webui/open-webui/issues/22748), [Commit](https://github.com/open-webui/open-webui/commit/0dcd6ac983bede06b8477179192154467f5b24a2) - 🪛 **Function list API crash fix.** Fixed a 500 error on the functions list API endpoint that was introduced by the recent optimization, by adding proper model configuration for SQLAlchemy ORM objects. [#&#8203;22924](https://github.com/open-webui/open-webui/pull/22924) - 🗂️ **Sidebar chat menu closure.** Sidebar chat dropdown menus now close properly after clicking "Clone", "Share", "Download", "Rename", "Pin", "Move", "Archive", or "Delete", instead of remaining visible. [#&#8203;22884](https://github.com/open-webui/open-webui/pull/22884), [#&#8203;22784](https://github.com/open-webui/open-webui/issues/22784) - 🧭 **Chat deletion and archive redirection.** Users are now redirected to the chat list when deleting or archiving the currently active chat, instead of being left on a stale chat page. [#&#8203;22755](https://github.com/open-webui/open-webui/pull/22755) - 🚩 **User menu navigation fix.** Clicking Playground or Admin Panel from the user menu now uses client-side routing instead of causing full page reloads, restoring smooth SPA navigation. [Commit](https://github.com/open-webui/open-webui/commit/7ffcd3908ee90f88a4c4684d6cd6e75efd117461) - 🔧 **Tool server connection persistence.** Fixed a bug where tool server connection updates were not being saved to persistent storage, ensuring OAuth client information is now properly preserved. [Commit](https://github.com/open-webui/open-webui/commit/b8ea267f8ec3931de55db7801156b9c07d3ad5f6) - 🔩 **Tool server index bounds checking.** Tool servers with invalid indices no longer crash the application with IndexError after upgrades, preventing tool server configuration loss. [#&#8203;22490](https://github.com/open-webui/open-webui/issues/22490), [Commit](https://github.com/open-webui/open-webui/commit/8da29566a1f81c38e80009bdea3ce4d9be860605) - 🔌 **Tool server frontend timeout.** Fetch requests to external tool servers now time out after 10 seconds, preventing the UI from hanging indefinitely when a configured tool server is unreachable. [#&#8203;22543](https://github.com/open-webui/open-webui/issues/22543), [Commit](https://github.com/open-webui/open-webui/commit/adf7af34ff934319a35470c572237d2d08f1de0b) - 🔌 **MCP OAuth tool auto-selection.** MCP tools requiring OAuth authentication are now automatically re-selected after completing the auth flow, instead of leaving users to manually re-enable the tool on return to the chat. [#&#8203;22994](https://github.com/open-webui/open-webui/issues/22994), [#&#8203;22995](https://github.com/open-webui/open-webui/pull/22995), [Commit](https://github.com/open-webui/open-webui/commit/4d50001c4192c609b1010626ebb6496692823873) - 🏷️ **Channel @&#8203;mentions.** Direct connection models no longer appear in channel @&#8203;mention suggestions, preventing confusion since they don't work in channels. [#&#8203;22553](https://github.com/open-webui/open-webui/issues/22553), [Commit](https://github.com/open-webui/open-webui/commit/0a87c1ecd078320a08c4cc62d41fe8727fb3b5f7) - 📎 **Channel message attachments.** Users can now press Enter to send messages with only file or image attachments in channels, direct messages, and threads, aligning with the behavior of the Send button. [#&#8203;22752](https://github.com/open-webui/open-webui/pull/22752) - 🗣️ **Image-only message handling.** Models like Gemini and Claude no longer fail when receiving messages with only file or image attachments and no text, by stripping empty text content blocks before sending to the API. [Commit](https://github.com/open-webui/open-webui/commit/ea515fa26e11faac146c48a5e3a2a284e1792bb3), [#&#8203;22880](https://github.com/open-webui/open-webui/issues/22880) - 🧹 **Channel thread sidebar cleanup.** The thread sidebar in channels and direct messages now automatically closes when the parent message is deleted, preventing orphaned threads. [#&#8203;22890](https://github.com/open-webui/open-webui/pull/22890) - 💡 **Chat input suggestion modal.** The suggestion modal for tags, mentions, and commands now correctly reappears when backspacing into a trigger character after it was dismissed. [#&#8203;22899](https://github.com/open-webui/open-webui/pull/22899) - ⏱️ **Chat action button timing.** Action buttons under assistant messages no longer appear prematurely when switching chats while a response is still streaming. [Commit](https://github.com/open-webui/open-webui/commit/ecba37070d6eb3cb033195a070b6c4ab5f396415), [#&#8203;22891](https://github.com/open-webui/open-webui/issues/22891) - 💬 **Skill and model mention persistence.** Skills selected via $ and models selected via @&#8203; in the chat input are now properly restored after a page refresh, instead of reverting to plain text while losing their interactive state. [#&#8203;22913](https://github.com/open-webui/open-webui/issues/22913), [Commit](https://github.com/open-webui/open-webui/commit/be21db706993c0db95ac09509dfdb023de64daff) - 🧹 **Webhook profile image errors.** Fixed 404 errors appearing in the browser console when scrolling through channel messages sent by webhooks, by skipping the user profile preview for webhook senders. [#&#8203;22893](https://github.com/open-webui/open-webui/pull/22893) - 🧮 **Logit bias parameter handling.** Using logit\_bias parameters no longer causes errors when the input is already in dictionary format. [#&#8203;22597](https://github.com/open-webui/open-webui/issues/22597), [Commit](https://github.com/open-webui/open-webui/commit/e34ed72e1e958505e940b74bf1c6a4808640bd17) - 🪛 **Temp chat tool calling.** Temporary chats now properly preserve tool call information, fixing native tool calling with JSON schema that was previously broken. [#&#8203;22475](https://github.com/open-webui/open-webui/pull/22475), [Commit](https://github.com/open-webui/open-webui/commit/bcd313c363ca50d71aa80bcb2f29c81fad3dff37) - 🔗 **Multi-system message merging.** Models with strict chat templates like Qwen no longer fail when multiple pipeline stages inject separate system messages, as all system messages are now merged into one at the start. [#&#8203;22505](https://github.com/open-webui/open-webui/issues/22505), [Commit](https://github.com/open-webui/open-webui/commit/631bd20c3537ce85bbaec02f9e0049c88fa8fdd4) - 📜 **Public note access.** Opening public notes via direct share link no longer returns a 500 error caused by a missing function import. [#&#8203;22680](https://github.com/open-webui/open-webui/issues/22680), [Commit](https://github.com/open-webui/open-webui/commit/566e25569e5e7d9c1e42db840ba4ba578887d208) - 👤 **Terminal access user visibility.** The terminal connection access dialog now shows the currently logged-in user when searching for users to grant access, fixing an issue where users with identical display names were filtered incorrectly. [#&#8203;22491](https://github.com/open-webui/open-webui/issues/22491), [Commit](https://github.com/open-webui/open-webui/commit/4a8f995c3fd4602ec2aaccc07efc4e8504dda84d) - 👥 **User groups display.** User groups in the admin panel profile preview now wrap properly instead of overflowing horizontally, with a scrollbar when the list is long. [#&#8203;22547](https://github.com/open-webui/open-webui/pull/22547) - 🔧 **Model list drag-and-drop.** Fixed drag-and-drop reordering of models in admin settings, preventing UI glitches and state synchronization issues. [Commit](https://github.com/open-webui/open-webui/commit/753589e51ccbbe5c4f78a7d13e19c67e6c0000d7) - 🖼️ **Model profile image fallbacks.** Model profile images now display a fallback icon when they fail to load, and model icons no longer disappear on paginated Models pages in admin and workspace settings. [#&#8203;22485](https://github.com/open-webui/open-webui/pull/22485) - 🖼️ **Profile image fallbacks.** Added fallback handlers for model and user profile images throughout the chat interface, preventing broken image icons when avatars fail to load. [#&#8203;22486](https://github.com/open-webui/open-webui/pull/22486) - 🧲 **RAG thinking model support.** Knowledge base queries now correctly parse JSON responses from thinking models like GLM-5 and DeepSeek-R1 by stripping their reasoning blocks before JSON extraction. [#&#8203;22400](https://github.com/open-webui/open-webui/pull/22400) - 🔍 **RAG query generation robustness.** The RAG query generation, web search, and image generation handlers now correctly extract JSON from model responses containing thinking tags by finding the last JSON block instead of the first, preventing "No sources found" errors with thinking models. [#&#8203;21888](https://github.com/open-webui/open-webui/issues/21888), [Commit](https://github.com/open-webui/open-webui/commit/c0fcbc5b4cb29012e2913983c632edc5d24b9aea) - 🔍 **Ollama embedding robustness.** Ollama embedding requests now include the truncate parameter to handle inputs exceeding the context window, preventing 500 errors when processing long documents. Error messages from failed embedding requests are also now properly surfaced instead of being silently swallowed. [#&#8203;22671](https://github.com/open-webui/open-webui/issues/22671), [Commit](https://github.com/open-webui/open-webui/commit/d738044f47c70c755bec9bf244aa11878fe98d9c) - 🔄 **Ollama embedding retry logic.** Embedding requests to Ollama now retry with exponential backoff when encountering 503 errors (such as when the model reloads mid-processing), preventing files from being silently dropped from knowledge bases. [#&#8203;22571](https://github.com/open-webui/open-webui/issues/22571), [Commit](https://github.com/open-webui/open-webui/commit/8b6fa1f4ab6099a305de08706621075c205f65c4) - 🗄️ **Oracle 23AI hybrid search.** Fixed an UnboundLocalError that occurred when using hybrid search with Oracle 23AI as the vector store, preventing knowledge base queries from failing. [Commit](https://github.com/open-webui/open-webui/commit/fcf720835285a4cea10fc1ebed0b454971463b20), [#&#8203;22616](https://github.com/open-webui/open-webui/issues/22616) - 🌐 **Dynamic HTML language attribute.** The HTML lang attribute now dynamically updates when users change their interface language, preventing browsers from triggering unwanted translation popups. [Commit](https://github.com/open-webui/open-webui/commit/de5e0fbc00e7abcd84e1272c301b0707f8ea5ac6) - 📐 **File upload deduplication.** Attaching files that are already in the chat no longer triggers duplicate uploads. [Commit](https://github.com/open-webui/open-webui/commit/10f06a64fed474e9958b96295a953e0eebf9e4be) - 🕵️ **Serper.dev search results.** Fixed web search results not displaying properly when using the Serper.dev provider by using the correct API response field. [#&#8203;22869](https://github.com/open-webui/open-webui/pull/22869) - 🔲 **Markdown task list checkbox styling.** Fixed task list checkboxes in markdown rendering to display consistently without shrinking in narrow layouts. [#&#8203;22886](https://github.com/open-webui/open-webui/pull/22886) - 🎨 **Artifacts sidebar tab background fix.** The Artifacts sidebar now correctly updates and displays when switching back to a browser tab that was in the background, ensuring artifacts are visible without requiring a manual refresh. [#&#8203;22889](https://github.com/open-webui/open-webui/issues/22889) - 🔃 **Chat input URL indexing fix.** Fixed an issue where URLs could be indexed twice when using multiple triggers followed by backspace and re-entering a URL. [#&#8203;22749](https://github.com/open-webui/open-webui/issues/22749) - 🔎 **Search modal chat preview avatars.** Fixed assistant profile images not displaying in the chat preview pane of the Search Modal. [#&#8203;22782](https://github.com/open-webui/open-webui/pull/22782) - 📋 **Prompts search pagination fix.** Fixed a bug where searching prompts from a paginated page would incorrectly use the current page number, resulting in "No prompts found" even when matching results existed. [#&#8203;22912](https://github.com/open-webui/open-webui/pull/22912) - 🗂️ **Reasoning block copy cleanup.** Copied chat responses no longer include reasoning block content or excess whitespace, ensuring only the intended message text is captured. [#&#8203;22786](https://github.com/open-webui/open-webui/issues/22786), [Commit](https://github.com/open-webui/open-webui/commit/4f0e57420154800946394bc986b2c691462b2782) - 🔤 **Emoji removal for text normalization.** Fixed the emoji removal function used in search and title generation to correctly handle all emoji types, including those with variation selectors (❤️, ☀️, ✅), keycap sequences (1️⃣), and ZWJ family sequences (👨‍👩‍👧‍👦). [#&#8203;22915](https://github.com/open-webui/open-webui/pull/22915) - ⏹️ **Task cancellation status tracking.** Cancelled tasks now correctly mark only the affected messages as done instead of clearing all task statuses for the chat, ensuring proper status tracking when multiple messages have pending tasks. [#&#8203;22743](https://github.com/open-webui/open-webui/pull/22743) - 🎨 **Filter icon display fix.** Fixed filter icons showing the wrong icon after removing one of multiple active filters below the chat input. [#&#8203;22862](https://github.com/open-webui/open-webui/pull/22862) - 📊 **Channel message data loading.** Fixed redundant 404 API calls that occurred when rendering channel messages, preventing unnecessary requests and console errors. [#&#8203;22894](https://github.com/open-webui/open-webui/pull/22894) - 👻 **Response message skeleton display.** Fixed an issue where the skeleton loader would incorrectly show or hide based on complex status history conditions, by extracting the visibility logic into a cleaner reactive variable. [Commit](https://github.com/open-webui/open-webui/commit/5df4277216fbb9de603fdf4289f8366292568234) - 🐛 **Shared chat viewing crash.** Shared chats can now be viewed by unauthenticated users without crashing, with proper fallback handling for missing user profile information. [#&#8203;22751](https://github.com/open-webui/open-webui/pull/22751), [#&#8203;22742](https://github.com/open-webui/open-webui/issues/22742) - 🛠️ **Plugin ID sanitization.** Creating Functions or Tools with emojis or special characters in their names now generates valid IDs that pass backend validation, instead of failing with an error. [#&#8203;22695](https://github.com/open-webui/open-webui/pull/22695) - 📋 **Chat title preservation.** Regenerating responses or using branches no longer overwrites user-specified chat titles when auto-naming is disabled, by checking the full chat message count instead of just the current branch. [#&#8203;22754](https://github.com/open-webui/open-webui/pull/22754) - 🎧 **Read Aloud in chat preview.** The Read Aloud button in the Search Chats modal preview no longer causes crashes, and TTS functionality is now properly hidden in read-only chat contexts. [Commit](https://github.com/open-webui/open-webui/commit/d8fa0f426a88f5c27b3216b7db35e1db47bbba28) - 📡 **Heartbeat event loop blocking.** The WebSocket heartbeat handler no longer blocks the event loop when updating user activity, improving responsiveness under heavy load with many concurrent connections. [#&#8203;22980](https://github.com/open-webui/open-webui/pull/22980) - 🗝️ **Message upsert API reliability.** The message upsert API endpoint no longer crashes when called, fixing an error where a database session was incorrectly passed to a function that doesn't accept it. [#&#8203;22959](https://github.com/open-webui/open-webui/issues/22959), [Commit](https://github.com/open-webui/open-webui/commit/70285fb6cad26b50d783583b68be5227ace16055) - 🔓 **Forward auth proxy compatibility.** Fixed error pages that could appear when using authenticating reverse-proxies by properly handling 401 responses from background API requests, allowing the browser to re-authenticate with the identity provider. [#&#8203;22942](https://github.com/open-webui/open-webui/pull/22942) - 🔃 **Tool call streaming display.** Sequential tool calls are now properly accumulated during streaming, fixing an issue where completed tool calls could disappear from the display before the next tool call finished streaming. [Commit](https://github.com/open-webui/open-webui/commit/a9c5c787b9f6b10491924d38645042064b3c941e) - 🧠 **Reasoning spinner content preservation.** Prior assistant content and tool call blocks no longer disappear during the reasoning spinner when responding after tool execution. [#&#8203;23001](https://github.com/open-webui/open-webui/pull/23001) - 🖥️ **Pyodide file list refresh.** Files created or modified during manual code execution now appear immediately in the pyodide files list without requiring a browser tab refresh. [Commit](https://github.com/open-webui/open-webui/commit/5c4062c64841974bf193ff321d92d10f28a09746) - 🖱️ **Dropdown submenu hover stability.** Secondary hover menus like Download and Move now remain open while navigating into them, fixing an issue where an 8px gap between the trigger and submenu would cause the menu to disappear before a selection could be made. [#&#8203;22744](https://github.com/open-webui/open-webui/issues/22744), [Commit](https://github.com/open-webui/open-webui/commit/cffbc3558e911abd6c4780cd028794b2f7282cd7) - 📊 **Model tag normalization.** Model tags from backends that return them as string arrays are now properly normalized to object format, preventing crashes when filtering models by tag in the admin and workspace models pages. [#&#8203;20819](https://github.com/open-webui/open-webui/issues/20819), [Commit](https://github.com/open-webui/open-webui/commit/90ca2e9b0f15cc9be7cf298fbefacaa45074cae9) - 🎯 **Arena model sub-model settings.** Arena models now properly use the selected sub-model's settings — including RAG knowledge bases, web access, code interpreter, and tool capabilities — instead of the arena wrapper's empty defaults. [#&#8203;16950](https://github.com/open-webui/open-webui/issues/16950), [Commit](https://github.com/open-webui/open-webui/commit/857d7e6f373d26a7a8989417c3a7fe99cdc03f20) - 🧩 **Model editor default metadata.** The Model Editor now loads admin-configured default model metadata instead of hardcoded values, preventing admin defaults from being silently overwritten when users save models without realizing they were overriding system-wide settings. [#&#8203;22996](https://github.com/open-webui/open-webui/issues/22996), [Commit](https://github.com/open-webui/open-webui/commit/cdc2b3bf850044051aafcd46f22fb25a1899788c) - ✏️ **Rich text paste sanitization.** Copying and pasting text with HTML characters (like `<` or `>`) no longer corrupts the editor content, as the paste handler now properly escapes HTML entities before processing mentions and special syntax. [Commit](https://github.com/open-webui/open-webui/commit/94f877ff328d410339308ad2c566c9afcdf43014) ##### Changed - 🪝 **User webhooks disabled by default.** User webhook notifications are now disabled by default and properly gated by the ENABLE\_USER\_WEBHOOKS configuration, ensuring webhooks only fire when explicitly enabled. [Commit](https://github.com/open-webui/open-webui/commit/c24a4da17dbaddf47e2e0f865c1d602d0ff36ee6) - 🧩 **MCP integration visibility.** MCP (Streamable HTTP) integrations are now hidden from user-level settings, matching the intended behavior where only administrators can configure MCP connections through the admin panel. User-level connections now show the connection type as read-only. [#&#8203;22615](https://github.com/open-webui/open-webui/issues/22615), [Commit](https://github.com/open-webui/open-webui/commit/1eef5b4f6a718c0fcf3605f1ed62669aca07b454) - 🧲 **Web search result limit.** The configured web search result count now acts as a maximum limit, preventing models from requesting more results than administrators allow. [#&#8203;22577](https://github.com/open-webui/open-webui/pull/22577) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45Ni4wIiwidXBkYXRlZEluVmVyIjoiNDMuOTYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYXV0b21lcmdlIiwiZG9ja2VyIl19-->
renovate-bot added the dockerautomerge labels 2026-03-28 01:40:59 +00:00
renovate-bot added 1 commit 2026-03-28 01:41:00 +00:00
chore(deps): update ghcr.io/open-webui/open-webui docker tag to v0.8.12
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 21s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
render-manifests / render-manifests (pull_request) Successful in 45s
Details
52ad71767b
renovate-bot scheduled this pull request to auto merge when all checks succeed 2026-03-28 01:41:02 +00:00
renovate-bot merged commit 01dcf530f4 into main 2026-03-28 01:41:09 +00:00
renovate-bot deleted branch renovate/unified-open-webuiopen-webui 2026-03-28 01:41:16 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Renovate
Issue generated by Renovate.
 automerge
This PR will be automerged by Renovate.
 chart
Chart update generated by Renovate.
 docker
Docker update generated by Renovate.
github-actions
Github Action update generated by Renovate.
helm
Helm update generated by Renovate.
image
Image update generated by Renovate.
 stale
PR or Issue that has not been updated recently.
No Label automerge docker
Milestone
No items
No Milestone
Assignees
Clear assignees
gitea-bot renovate-bot alexlebens
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: alexlebens/infrastructure#5212
Delete Branch "renovate/unified-open-webuiopen-webui"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?