89fb9321fe
fix(api): pass ssl verify flag to ssrf proxy mounts
...
Propagate the HTTP request node SSL verification setting into the per-scheme httpx proxy transports
so disabling certificate verification is honored when separate SSRF HTTP and HTTPS proxies are configured.
Add a regression test that covers the proxy-mounted SSRF client construction.
(cherry picked from commit 30deef45d9 )
2026-06-30 17:31:10 +08:00
86d41c3bf5
feat: redis add retry logic ( #34566 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
(cherry picked from commit 27e484e7f8 )
2026-06-26 17:56:29 +08:00
d60dbb146e
chore(deps): bump dep versions for CVE fixes
...
- starlette 1.0.1 -> 1.3.1 (CVE-2026-41947, CVE-2026-41948, CVE-2026-41949, CVE-2026-41950, CVE-2026-41951)
- aiohttp 3.13.4 -> 3.14.1 (CVE-2026-3245, CVE-2026-3246, CVE-2026-3247, CVE-2026-3248, CVE-2026-3249, CVE-2026-3250, CVE-2026-3251)
- pypdf 6.10.2 -> 6.14.2 (CVE-2026-3352, CVE-2026-3353, CVE-2026-3354, CVE-2026-3355, CVE-2026-3356, CVE-2026-3357, CVE-2026-3358, CVE-2026-3359)
- cryptography 46.0.7 -> 49.0.0 (CVE-2026-29497)
- bleach 6.3.0 -> 6.4.0 (CVE-2026-32786)
- ujson 5.12.1 -> 5.13.0 (CVE-2026-32787)
- langsmith 0.8.5 -> 0.8.18 (GHSA-f4xh-w4cj-qxq8)
- pydantic-settings 2.13.1 -> 2.14.2 (CVE-2026-32788)
- add cryptography>=48.0.1 to override-dependencies to force upgrade past 46.x
(cherry picked from commit ce6297bed2 )
2026-06-26 11:17:05 +08:00
4cda173a94
fix: preserve inline image for chatflow messages ( #37455 )
...
(cherry picked from commit 4b15b0e6a6 )
2026-06-15 16:04:43 +08:00
8b49092695
chore: compatiable conversation is not exists ( #33274 )
...
Co-authored-by: -LAN- <laipz8200@outlook.com >
(cherry picked from commit 56d4d54c16 )
2026-06-13 10:03:27 +08:00
72b229524f
fix: fix orm_exc.DetachedInstanceError ( #34904 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
(cherry picked from commit bcd738d2e6 )
2026-06-12 22:41:36 +08:00
392807545d
feat: trace document retrieval ( #37283 )
...
(cherry picked from commit 84490179b0 )
2026-06-12 14:49:35 +08:00
50ba050bf2
fix(security): reject path traversal sequences before plugin daemon forward (GHSA-gvc6-fh3x-89xh) ( #35796 )
...
Co-authored-by: Ido Shani <ido@zafran.io >
Co-authored-by: -LAN- <laipz8200@outlook.com >
(cherry picked from commit 0ce0127e7e )
2026-06-09 09:58:24 +08:00
8be9c5f4d7
chore(deps): bump pyjwt to 2.13.0
...
(cherry picked from commit a247d625e5 )
2026-06-04 10:23:11 +08:00
5b91f871b8
fix(security): tenant-scope FilePreviewApi text-extract endpoint (GHSA-2qwc-c2cc-2xwv) ( #35797 )
...
Signed-off-by: xr843 <137012659+xr843@users.noreply.github.com >
Co-authored-by: Ido Shani <ido@zafran.io >
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: -LAN- <laipz8200@outlook.com >
(cherry picked from commit 432a6412a3 )
2026-06-03 13:14:07 +08:00
9d903a5f79
fix(security): enforce tenant scoping on app trace-config endpoints (GHSA-48xc-wmw8-3jr3) ( #35793 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Ido Shani <ido@zafran.io >
Co-authored-by: -LAN- <laipz8200@outlook.com >
(cherry picked from commit 55d05fe52d )
2026-06-03 13:14:07 +08:00
c67c1090a2
chore(deps): bump sendgrid to v6.12.5
...
CVE-2024-23342 (ecdsa) fixed by upgrading sendgrid from 6.12.4 to 6.12.5,
which replaces ecdsa with cryptography. ecdsa dependency removed entirely.
2026-05-23 23:07:27 +08:00
c9dd4a0dd4
fix: delete redundant api/libs/typing.py ( #35890 )
...
(cherry picked from commit c6a5de3c18 )
2026-05-22 15:59:46 +08:00
bcfe8c368c
feat(ci): add pyrefly type coverage reporting to CI ( #34754 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
(cherry picked from commit 26e8f1f876 )
2026-05-22 15:59:46 +08:00
c5d8c008da
fix: allow config pubsub join timeout for lower post-run latency ( #36438 )
...
Co-authored-by: QuantumGhost <obelisk.reg+git@gmail.com >
(cherry picked from commit e3b45a48eb )
2026-05-20 18:28:36 +08:00
d8a465a746
chore: bump versions for litellm and langsmith ( #36385 )
...
(cherry picked from commit 718ab8433e )
2026-05-20 14:25:32 +08:00
0ef793f935
fix: performance optimization on TTFE critical path ( #36185 )
2026-05-15 16:30:31 +08:00
cc72e56cd0
fix: fix imports ( #36042 )
2026-05-11 17:26:36 +08:00
a5d6a0369d
feat: allow disabling run-time credential check ( #35894 )
2026-05-11 14:14:30 +08:00
1eac1aa03d
fix: sync 34720 to lts ( #36030 )
2026-05-11 14:01:21 +08:00
654153fcf5
fix: Image rendering in the knowledge base failed. ( #35975 )
2026-05-11 13:02:33 +08:00
f3d4605dc7
fix(tools): scope builtin tool default-credential clear to tenant ( #35888 )
2026-05-08 12:45:33 +08:00
cb94877c18
chore: bump versions ( #35866 )
2026-05-07 13:53:39 +08:00
d666fb1b25
chore: lts bump litellm and langsmith versions ( #35592 )
2026-04-28 13:05:49 +08:00
573ec3af9e
fix: cache credentials & enterprise calls ( #35528 )
2026-04-23 23:08:04 +08:00
e7746cb256
fix: sync 35447 to lts ( #35508 )
...
Co-authored-by: -LAN- <laipz8200@outlook.com >
2026-04-23 13:30:59 +08:00
2256e75f16
fix: fix opensearch import ( #35476 )
2026-04-22 12:09:23 +08:00
3184ffd39b
chore: bump dependencies for lts ( #35231 )
2026-04-15 14:21:45 +08:00
57a4828dbf
chore: bump litellm to 1.83.0 ( #34842 )
2026-04-09 18:07:15 +08:00
3bd6f1a253
feat: sync enterprise telemetry to lts ( #34190 )
...
Merge feat: enterprise otel exporter (#33138 ) into lts/1.13
Co-authored-by: Xiyuan Chen <52963600+GareArc@users.noreply.github.com >
Co-authored-by: QuantumGhost <obelisk.reg+git@gmail.com >
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-03-27 17:54:16 +08:00
59639ca9b2
chore: bump Dify to 1.13.3 and sandbox to 0.2.13 ( #34079 )
...
Signed-off-by: -LAN- <laipz8200@outlook.com >
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-03-25 20:03:15 +08:00
66b8c42a25
feat: add inner API endpoints for admin DSL import/export ( #34059 )
2026-03-25 19:48:53 +08:00
1789988be7
fix(api): fix concurrency issues in StreamsBroadcastChannel ( #34061 )
2026-03-25 15:47:31 +08:00
5f82ccc750
test: migrate workflow app service tests to testcontainers ( #34036 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-03-25 13:43:06 +09:00
a9f2fb86a3
test: migrate tools transform service tests to testcontainers ( #34035 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-03-25 13:41:38 +09:00
ad3899f864
fix: resolve SADeprecationWarning for callable default in remaining TypeBase models ( #34049 )
2026-03-25 12:51:36 +09:00
81a2eba2a0
test: migrate app service tests to testcontainers ( #34025 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-03-25 12:50:30 +09:00
d87263f7c3
refactor: select in console datasets document controller ( #34029 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-03-25 12:47:25 +09:00
4c32acf857
refactor: select in console datasets segments and API key controllers ( #34027 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-03-25 12:46:22 +09:00
b4e541e11a
test: migrate advanced prompt template service tests to testcontainers ( #34034 )
2026-03-25 12:45:13 +09:00
a3855eca8b
test: migrate webapp auth service tests to testcontainers ( #34037 )
2026-03-25 12:42:41 +09:00
a946015ebf
test: replace indexing_technique string literals with IndexTechnique ( #34042 )
2026-03-25 12:39:58 +09:00
eef13853b2
fix(api): StreamsBroadcastChannel start reading messages from the end ( #34030 )
...
The current frontend implementation closes the connection once `workflow_paused` SSE event is received and establish a new connection to subscribe new events. The implementation of `StreamsBroadcastChannel` sets initial `_last_id` to `0-0`, consumes streams from start and send `workflow_paused` event created before pauses to frontend, causing excessive connections being established.
This PR fixes the issue by setting initial id to `$`, which means only new messages are received by the subscription.
2026-03-25 10:21:57 +08:00
3f13db11c8
fix: use query params instead of request body for decode_plugin_from_identifier ( #31697 )
...
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com >
2026-03-25 09:50:57 +08:00
6f137fdb00
test: unit test cases for rag.cleaner, rag.data_post_processor and rag.datasource ( #32521 )
2026-03-25 02:19:15 +08:00
36cc1bf025
test: unit test cases for sub modules in core.app (except core.app.apps) ( #32476 )
2026-03-25 02:13:28 +08:00
e873cea99e
fix: SQLAlchemy deprecation warnings for default parameter ( #33980 )
...
Co-authored-by: Asuka Minato <i@asukaminato.eu.org >
2026-03-25 00:18:29 +09:00
ca703fdda1
test: migrate mcp tools manage service tests to testcontainers ( #34024 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-03-25 00:06:28 +09:00
ceb2e10179
refactor: use sessionmaker().begin() in console auth controllers ( #33966 )
2026-03-24 23:59:21 +09:00
b15d312f68
test: migrate dataset service document indexing tests to testcontainers ( #34022 )
2026-03-24 23:42:34 +09:00