Added

• 🛡️ Redirect-based SSRF protection. All outbound HTTP requests now block 3xx redirects by default via a new AIOHTTP_CLIENT_ALLOW_REDIRECTS environment variable, preventing redirect-based SSRF where a public URL silently redirects to internal addresses (RFC 1918, loopback, cloud-metadata endpoints). Affected call sites include web fetch, image loading, OAuth discovery, tool server execution, and code interpreter login. #24491
• 🛡️ Iframe content security policy. Administrators can now configure a Content-Security-Policy for all srcdoc iframes (Artifacts, tool embeds, file previews, citation modals) via the IFRAME_CSP environment variable, restricting what LLM-generated or user-uploaded HTML can load and execute inside previews. Commit
• 🎛️ Granular markdown rendering controls. Users can now independently disable Markdown rendering for user messages and assistant responses from Interface settings, preventing unintended formatting when pasting text that contains Markdown-sensitive characters. Commit
• 🔧 Terminal proxy response headers. Administrators can now inject custom response headers into terminal proxy responses via the TERMINAL_PROXY_HEADERS environment variable (JSON object), enabling deployment-specific security headers like sandbox policies for proxied content. Commit
• 🔌 Channel streaming and tool support. Mentioning a model in a Channel now streams responses in real time and supports the full chat completion pipeline, including native and default function calling, built-in tools (web search, image generation), user tools, MCP tools, filters, and RAG knowledge injection — the same capabilities available in standard chats.

Fixed

• 📝 Notes create and open reliability. Creating new notes and opening existing notes no longer fails with a TypeError caused by is_pinned being passed to the SQLAlchemy model on create, and passed twice to NoteResponse on read. #24484, #24486
• 🔐 Skill public sharing permission enforcement. Creating or updating skills now filters access grants through the sharing.public_skills permission, preventing non-admin users from making skills publicly accessible without the required permission. #24494
• 🔐 Calendar public sharing permission enforcement. Creating or updating calendars now filters access grants through a new sharing.public_calendars permission, preventing users from making calendars publicly readable or writable without explicit admin-granted sharing permission. #24493
• 🔐 Feedback user attribution spoofing. Submitting evaluation feedback can no longer forge the user_id field through mass-assignment, preventing authenticated users from attributing ratings to other users and corrupting Elo leaderboard rankings and admin feedback exports. #24508
• 🛡️ Image URL redirect-based SSRF. Chat messages containing image URLs no longer follow 3xx redirects to internal addresses during base64 conversion, closing the most reachable redirect-based SSRF variant that required no special permissions or feature flags. #24524
• 🛡️ Collection write access on file processing. The process_file and process_files_batch retrieval endpoints now enforce collection write-access checks before embedding content, preventing authenticated users from injecting file content into another user's knowledge-base collection. #24524
• 🔐 Tool source code update authorization. Updating a tool's Python source code now requires workspace.tools or workspace.tools_import permission, preventing users with only a write-access grant from overwriting executable tool code while still allowing metadata edits. #24513
• 🔐 Channel message ownership enforcement. Updating or deleting messages in group and DM channels now requires message ownership, preventing channel members from tampering with or silently removing other members' messages. #24506
• 🔐 Channel pin write permission. Pinning and unpinning messages on standard channels now requires write permission instead of read permission, preventing read-only users from modifying pinned content. #24521
• 🛡️ Image generation URL validation. Generated image URLs are now validated through validate_url() before fetching, aligning the defense-in-depth posture with sibling image-loading paths. #24518
• 🔐 Model params exposure for read-only users. The per-model API endpoint now strips the params dict (including system prompts) from responses to callers without write access, preventing read-only users from viewing admin-curated model configuration. #24525
• 🛡️ URL parser SSRF bypass. URL validation now rejects backslash, tab, CR, and LF characters that cause urllib and requests/aiohttp to disagree on the target host, closing a parser-confusion SSRF bypass. #24534
• 🛡️ Profile image MIME-type allowlist. Serving profile images from data URIs now enforces a strict MIME-type allowlist (PNG, JPEG, GIF, WEBP by default, configurable via PROFILE_IMAGE_ALLOWED_MIME_TYPES) and sets X-Content-Type-Options: nosniff, preventing stored-XSS through SVG or other executable content types. Commit
• 🔐 File ownership in folder and knowledge attachments. Attaching files to folders or knowledge bases now verifies per-file read access, and folder file lists in chat middleware are filtered to entries the caller can read, preventing unauthorized file content from being injected into RAG context. Commit
• 🔐 Shared chat access for owners and admins. Chat owners can now view and clone their own shared chats without requiring an explicit access grant, and administrators can manage shared chat access controls on any chat. Commit, Commit
• 🧵 Legacy chat history self-healing. Loading legacy conversations now automatically detects broken parent-link graphs in migrated message records, merges missing messages from the embedded JSON history, and backfills them to the normalized table so future loads use the fast path without data loss. Commit
• 🎛️ Filter selector reactivity. Model filter checkboxes now derive state reactively from the current filter list and selected IDs instead of capturing a one-time snapshot at mount, so checkboxes update correctly when model contexts or filter configurations change at runtime. Commit
• 🌐 Portuguese (Brazil) translation updates. Translations for newly added UI items were added along with a consistency pass across existing entries. #24503

Changed

• 🧹 Removed unauthenticated retrieval status endpoint. The unauthenticated GET /api/v1/retrieval/ status endpoint has been removed as dead code — retrieval configuration is already available through authenticated admin endpoints. #24497
• 📋 PR template issue requirement. Pull requests now require a linked Issue or Discussion reference, ensuring better traceability for all contributions. PRs without a linked issue or discussion may be closed without review.

Fixed

• 📜 Chat scroll position on load. Opening a chat conversation now reliably scrolls to the bottom of the message history, fixing a regression caused by content-visibility: auto where estimated element sizes prevented the initial scroll from reaching the true bottom.

Added

• 🔇 Voice Mode mute control. Voice Mode now includes a dedicated mute toggle with an "M" shortcut and auto-unmute after assistant playback, so you can prevent accidental interruptions from background noise without leaving the call overlay. Commit, #23832
• 🚀 Faster prompt list loading. Prompt and prompt-tag pages now load much faster for non-admin users, even with large prompt libraries, because accessible prompts are filtered efficiently in a single database query. #24288, #24258
• ⚡ Faster chat history loading. Chat history maps now load from normalized message records when available, reducing overhead for large conversations while preserving fallback behavior for legacy chats. Commit, #23159
• 🗑️ Delete from conversation menu. You can now delete the current conversation directly from the chat menu with a confirmation step, so cleanup is faster without searching through the full chat list. Commit, #24329
• ⬆️ Scroll to Top shortcut. Long conversations now include a Scroll to Top action in the chat menu when you are away from the top, making it much faster to jump back to the beginning of a chat. Commit, #24133
• 📅 Calendar creation flow. Users can now create calendars from a dedicated modal and a quick-add action in the calendar sidebar, making calendar setup faster from the calendar workspace. Commit, Commit
• 🧭 Unified model unload controls. Administrators can now unload running models from the model selector across supported providers, with loaded-state indicators shown for Ollama and llama.cpp models. Commit
• ⚡ Health check responsiveness. Health and readiness probes now avoid blocking database calls and skip sync session commit handling on probe paths, improving responsiveness and reducing false unready transitions during database pressure. #24380, #24384
• 🎛️ Playground controls panel. The Playground now includes a dedicated Controls toggle so you can adjust parameters like temperature and related settings per chat run without changing model-level defaults. Commit, #24103
• 🎙️ STT file extension controls. Administrators can now configure which audio file extensions are accepted for speech-to-text uploads, helping enforce safer and more predictable upload policies. Commit
• 📷 Remembered call camera selection. Voice call overlay now remembers your last selected camera and restores it automatically when available, so you do not need to reselect it every time you start voice mode. Commit, #24416
• 👥 User group prompt variable. System and template prompts now support the "{{USER_GROUPS}}" variable, which expands to the user’s group memberships so prompts can adapt to role- or access-based context automatically. Commit, #24462
• 🔐 Public chat sharing permission control. Administrators can now control whether users are allowed to create publicly shareable chats through a dedicated permission setting. Commit
• 🔐 Profile image forwarding control. Administrators can now disable external profile image URL forwarding with the "ENABLE_PROFILE_IMAGE_URL_FORWARDING" setting to prevent browser metadata leaks to third-party servers. #24420
• 🏷️ Dynamic header template variables. Administrators can now use chat, message, and user template variables in custom connection and tool server headers so each request can carry per-conversation context automatically. Commit, #24164
• 🛂 MCP OAuth server URL setting. Static OAuth tool server setups can now define a separate OAuth server URL, making discovery and client registration work when authentication endpoints are hosted separately from the tool server URL. Commit, #24164, #24216
• ⚡ Faster memory query performance. Per-user memory lookups and deletions now run much faster at scale because the memory user filter is indexed for existing and new installations. Commit, #23836
• 🚀 Smarter function dependency installs. Function dependencies are now skipped when they were already preinstalled and unchanged, reducing first-load delays and repeated package installation churn after startup. Commit, #24166
• 🔎 Brave LLM Context web search. Administrators can now choose Brave LLM Context as a web search provider to retrieve richer grounded passages with a configurable context token budget. Commit, #24120
• 🗂️ Open Terminal date sorting. Open Terminal now includes sort controls for name and date, with directory-first ordering and modified-time visibility to make file browsing faster. Commit, #24425
• 🎤 Voice mode prompt toggle. Administrators can now explicitly enable or disable the Voice Mode custom prompt behavior from Interface settings, giving finer control over how voice replies are guided. Commit
• 🧮 LaTeX copy shortcut. You can now click rendered LaTeX expressions to copy the raw formula to your clipboard, making it easier to reuse equations outside chat. Commit, #24244
• ✨ Smoother rich text editing. The message composer now defers formatting toolbar refresh work to the next animation frame, reducing typing jank while formatting controls stay accurate. Commit, #24013
• 🖼️ Arena model profile images. Arena models can now reliably display configured profile images instead of falling back to the default icon. Commit, #24412
• 🔄 Replaceable tool embed updates. Pipes and Tools can now overwrite previously emitted rich-UI embeds in-place by passing a replace flag on the embeds event, enabling live dashboards and progress panels that update without stacking duplicate entries.
• ✏️ Assistant response editing and continuation. You can now edit and restructure assistant output items — including reasoning blocks, tool calls, and text content — from a dedicated editor view, and continue generating from the edited state so the model receives full prior context.
• 🔄 General improvements. Various improvements were implemented across the application to enhance performance, stability, and security.
• 🌐 Translation updates. Translations for Chinese, Catalan, Filipino, and Korean were enhanced and expanded.

Fixed

• 🧵 Background code execution reliability. Code execution no longer hangs indefinitely when you switch conversations or browser tabs during a run, and disconnected or inactive sessions now fail with a clear timeout error instead of endless processing. Commit, #24089
• 🎙️ Voice recording MIME fallback support. Voice recording now tries a broader set of browser-supported audio formats and resets halted audio playback cleanly, improving microphone capture reliability in browsers where recording previously...

Added

• 🧠 PaddleOCR-vl document extraction. Administrators can now use PaddleOCR-vl as a content extraction engine for document processing, with configurable API URL and token settings in document retrieval configuration. #23945
• 🔥 Firecrawl v2 API. Firecrawl web loading now uses the v2 API directly with proper retry logic, exponential backoff on rate limits, and configurable timeout handling, improving reliability for both cloud and self-hosted Firecrawl setups. #23934
• ⏰ Calendar event reminder customization. Calendar events now support a configurable reminder_minutes parameter, allowing models to set custom reminder durations instead of the default 10-minute notification.
• 🔑 Custom API key header. Administrators can now configure a custom header name for API key authentication via the CUSTOM_API_KEY_HEADER environment variable, enabling compatibility with reverse proxies that use the Authorization header for their own authentication.
• 🔌 OAuth session disconnection. Users can now disconnect OAuth sessions for specific providers (e.g., MCP connections) through a new API endpoint, enabling cleaner re-authentication workflows.
• 📚 Source overflow indicator. The Sources button now shows a +N badge when more than three sources are available, so hidden sources are clearly indicated in chat responses. #23918
• ⚡ Model list performance. Model list API responses now strip base64 profile image data from paginated results, and model tags are fetched via a dedicated efficient query instead of loading all models. This significantly reduces payload sizes and improves workspace Models page responsiveness.
• ⚡ Model avatar cache reuse. Default model profile images now redirect to a shared static path instead of reading files from disk per-request, reducing repeated I/O and improving loading efficiency when multiple models use the fallback icon. #24015
• 🚀 Faster splash image loading. Splash screen images are now prioritized earlier during page load with preload links, improving first-load LCP behavior and reducing delayed image discovery. #24011
• 🧵 Streaming markdown performance stability. Streaming responses now stay more memory-efficient by preventing repeated cleanup callback registration during markdown updates. #24048
• 📊 Telemetry gauge reliability. OpenTelemetry user gauge callbacks now use synchronous database queries directly, eliminating cross-thread async bridging issues that could cause silent failures in metric collection.
• 🔄 General improvements. Various improvements were implemented across the application to enhance performance, stability, and security.
• 🌐 Translation updates. Translations for Finnish, Korean, Portuguese (Brazil), and Dutch were enhanced and expanded.

Fixed

• 🔧 MCP task cancellation stability. Interrupted MCP tool calls no longer cause CPU spikes or runaway cleanup behavior. MCP client disconnection now runs in the same asyncio task as connection, respecting cancel scope constraints, and chat-active events are properly shielded during cancellation.
• 🧠 Persistent chat skill injection. Skills mentioned in persisted chats now inject into the system prompt reliably. Skill ID extraction from <$skillId|label> message tags is now handled server-side, and tags are stripped before messages reach the model.
• 🗄️ Async database driver migration. The async database backend now uses psycopg (v3) instead of asyncpg, eliminating brittle SSL parameter translation and supporting native libpq connection strings including sslmode, options, and target_session_attrs without any stripping or conversion.
• 🐳 Docker ARM64 reliability. Docker images built for arm64 via QEMU cross-compilation no longer produce 0-byte corrupted Python dependencies. UV_LINK_MODE=copy is now set in the Dockerfile to force reliable file installation.
• 🛠️ Throttle request handling. Request handling no longer fails when user activity status updates are throttled with a non-zero interval. #23979
• ✍️ Rich text extension conflicts. Rich text editing no longer triggers duplicate extension conflicts for lists and code blocks, improving editor stability. #24009
• 🔇 Fetch URL null content guard. The fetch_url built-in tool now safely handles None content returned by web loaders instead of crashing with a TypeError.
• 🌐 OAuth discovery fallback. OAuth protected resource discovery now falls back to well-known RFC 9728 URIs when the WWW-Authenticate header doesn't contain a resource_metadata link, improving compatibility with more MCP server implementations.
• 🔐 Session token resolution. Session user endpoints now gracefully handle missing Authorization headers by falling back to cookie and request state tokens, preventing errors when used behind forward-auth proxies.
• 🚫 Direct API error responses. Chat completion requests without a WebSocket channel (direct API calls) now return proper HTTP error responses instead of silently returning null on failure.
• 📡 Cancelled response stream cleanup. Cancelled chat generation now explicitly closes the upstream response body iterator, preventing orphaned async generators from spinning in anyio internals.
• 🔒 Model profile image path safety. Model profile image endpoints now validate and sanitize static asset redirect paths, preventing path traversal through encoded dots or malicious URL patterns.
• 📊 RAG template validation UI. The Documents settings page now displays a warning when RAG templates contain multiple [context] or {{CONTEXT}} placeholders, helping administrators avoid accidental redundant context injection.
• 🧩 Automation model detection. The create_automation tool now correctly detects the current model ID even when model_id is not yet set in metadata, falling back to the model dict.
• 🔄 MCP resource content handling. MCP tool results with the resource content type are now correctly detected and their resource.text payload is extracted, instead of being silently ignored.
• 🔄 Ollama and OpenAI metadata forwarding. Ollama and OpenAI proxy routes now forward request metadata to downstream handlers, ensuring consistent context propagation.
• 🧹 Browser-native message virtualization. The custom JavaScript-based message culling system (spacers, height caching, scroll listeners) was replaced with CSS content-visibility: auto, letting the browser natively skip rendering of off-screen messages without destroying component trees. This eliminates scroll jump artifacts and mount/destroy thrashing while preserving memory efficiency in long conversations.
• 📻 Redis notification compatibility. Redis pub/sub now handles missing or incompatible client_name support more gracefully, preventing connection errors with certain Redis configurations.

Changed

• ⚙️ psycopg v3 async driver. The async database driver has been migrated from asyncpg to psycopg (v3). This is a transparent change for most deployments, but custom connection strings with asyncpg-specific parameters may need adjustment.
• 🔑 Brotli dependency update. Brotli has been updated to address CVE-2025-6176.
• 🖥️ Windows startup script. The Windows startup batch script has been updated for improved compatibility.

Fixed

• 🐛 Missing aiosqlite dependency. Fixed a startup crash (ModuleNotFoundError: No module named 'aiosqlite') when installing Open WebUI via pip or uv by adding the missing aiosqlite package to pyproject.toml. The dependency was listed in requirements.txt but not in the published package metadata, so it was not installed automatically. #23916
• 🐛 Missing asyncpg dependency. Added the missing asyncpg package to pyproject.toml to prevent the same startup crash for PostgreSQL users. Like aiosqlite, it was present in requirements.txt but absent from the published package dependencies.

Added

• 🖥️ Official Open WebUI Desktop App. Open WebUI is now available as a native desktop app for Mac, Windows, and Linux. No Docker, no terminal, no setup. Runs Open WebUI locally without any server setup, or connects to your existing remote Open WebUI instances. Switch between multiple servers instantly from the sidebar. Comes with a system-wide floating chat bar (Shift+Cmd+I on macOS, Shift+Ctrl+I on Windows/Linux), system-wide push-to-talk, offline support after first launch, automatic updates, and zero telemetry. #8262, Desktop
• 🤖 Scheduled chat automations. You can now schedule the AI to run tasks automatically on a recurring basis: daily digests, periodic reports, anything you'd otherwise need to remember to ask for. Create and manage automations from the Automations page or directly in chat, with full run history and manual trigger controls. #23303, Commit, Commit, Commit, Commit
• 🧰 Automation tools in chat. Built-in chat tools can now create, update, list, pause, and delete scheduled automations directly in conversation when automation access is enabled. Commit
• ⏱️ Automation scheduling limits. Administrators can now set "AUTOMATION_MAX_COUNT" and "AUTOMATION_MIN_INTERVAL" to limit how many automations each non-admin user can create and prevent overly frequent schedules that could overload the system. Commit
• 📋 Task management tool. AI models can now create, update, and track tasks within a chat conversation, breaking down complex requests into manageable steps with real-time status updates. Commit
• 🗓️ Calendar workspace and event management. Open WebUI now has a full Calendar workspace. Create and manage events, set up recurring schedules, get reminders via in-app toasts or browser notifications, and see your scheduled automations alongside your calendar. #23880
• 🔔 Calendar reminders and alerts. Calendar events now support reminder options from no alert up to one hour before start time, with upcoming alerts delivered through in-app toasts, browser notifications, and optional webhooks while avoiding duplicate sends. Commit
• ⚙️ Scheduler reminder configuration. Administrators can now configure calendar reminder processing with "SCHEDULER_POLL_INTERVAL" and "CALENDAR_ALERT_LOOKAHEAD_MINUTES", while existing "AUTOMATION_POLL_INTERVAL" setups continue to work as a legacy fallback. Commit
• ☁️ Azure responses support. Azure OpenAI connections now support the newer "/openai/v1" format, enabling chat, responses, and proxy calls to work correctly with that endpoint style. #23484
• 🤖 Ollama responses support. The Ollama proxy now supports the Responses API, letting clients use "/v1/responses" directly with Ollama-hosted models through Open WebUI. #23483
• 🧩 Responses tool output rendering. Built-in tool outputs in Responses API flows now render more consistently so downstream chat output is easier to interpret. Commit, #23482
• 🔎 Responses citation visibility. Responses API flows now emit citation sources more consistently, making linked references easier to preserve and display in chat output. Commit, #23774
• 📎 Attach previously uploaded files. The chat input menu now includes a Files tab for browsing and attaching previously uploaded files, eliminating the need to re-upload files you have already shared. Commit
• 🧷 Default model terminal selection. Workspace model editors can now preselect an Open Terminal connection, so new chats automatically start with the model’s configured terminal ready to use. Commit, #23605
• 🎙️ Mistral TTS support. Mistral can now be used as a text-to-speech provider, with admin settings for the API key, base URL, voices, and model selection. Commit
• 🎧 STT preprocessing bypass option. Administrators can now enable "AUDIO_STT_SKIP_PREPROCESSING" to send audio files directly to the speech-to-text backend, reducing memory and CPU consumption during large uploads for better transcription performance and stability on constrained deployments. #23661
• 🗑️ Admin model deletion. Administrators can now delete Ollama models directly from the model selector menu, making it easier to clean up unused or unwanted models. Commit
• 🔌 Backend outlet filters for local and persisted chats. Pipeline and function outlet filters now run reliably in backend completion flows for persisted chats and temporary local chats. #3237, Commit
• 🎨 Emoji shortcode support. Typing a colon in the chat input now opens an emoji suggestion menu, making it easier to insert emojis using shortcodes like 👋. Commit
• 📌 Recently used emojis. The emoji picker now shows your most recently used emojis at the top, making it faster to find emojis you use often. Commit
• 👆 Swipe to reply on mobile. Swiping right on a message now triggers a reply, making it easier to respond on touch devices with a natural gesture. Commit
• 📱 Screen-awake voice recording. Voice recording now keeps the screen awake during active dictation and safely re-acquires wake lock after visibility changes, helping prevent long transcriptions from being cut off on mobile devices. #23145
• 🔔 Unread chat indicators. Sidebar chats now show unread status and are marked as read when opened, making it easier to spot conversations with new activity. Commit
• 🔌 WebSocket reconnect status feedback. Open WebUI now warns when the real-time connection drops and confirms when it reconnects, while avoiding a reconnect message on the initial page load. Commit
• 📍 Pinned notes in sidebar. Notes can now be pinned to the sidebar for quick access, and you can also create a new note directly from the pinned notes section. Commit, Commit
• 🗂️ Model selector focus. The model selector now resets its search only when it opens, making the popup feel more predictable while still focusing the search field automatically. Commit
• 🗂️ Model selector layout. The model selector now behaves more predictably as a custom popup, and the completions playground uses a simpler model picker for easier selection. Commit
• 🎚️ Active filter valve shortcut. Active filter badges now expose valve configuration directly in the chat input area, so filter tuning is faster during conversations. Commit, #23811, #23813
• 🎨 Theme updates. O...

Added

• 🌐 Translation updates. Translations for Simplified Chinese, Catalan, Portuguese (Brazil), Finnish, and Lithuanian were enhanced and expanded.

Fixed

• 🔒 Terminal server connection security. Terminal server verification and policy saving now proxy through the backend, preventing API key exposure and CORS errors when connecting to in-cluster services. Commit, Commit
• 🛠️ Terminal tools exception handling. Exceptions in middleware.py due to invalid return values from get_terminal_tools() have been resolved. Commit
• 📦 Missing beautifulsoup4 dependency. Users can now start Open WebUI using uvx without encountering the "bs4 module missing" error. Commit
• 🔌 API files list error. The /api/v1/files/ endpoint no longer returns a 500 error, fixing a regression that prevented file listing via the API. Commit
• 📜 License data loading. License data now loads correctly, displaying the expected color and logo in the interface. Commit
• 👑 Admin model visibility. Administrators can now see models even when no access control is configured yet, allowing them to manage all available models. Commit
• 📊 Tool call embed visibility. Rich UI embeds from tool calls (like visualizations) are now rendered outside collapsed groups and remain visible without requiring manual expansion. Commit, Commit

Added

• 🔀 Responses API streaming improvements. The OpenAI proxy now properly handles tool call streaming and re-invocations in the Responses API, preventing duplicate tool calls and preserving output during model re-invocations. Commit, Commit, Commit, Commit
• 🔀 Responses API stateful sessions. Administrators can now enable experimental stateful session support via the ENABLE_RESPONSES_API_STATEFUL environment variable, allowing compatible backends to store responses server-side with previous_response_id anchoring for improved multi-turn conversations. Commit
• 📄 File viewing pagination. The view_file and view_knowledge_file tools now support pagination with offset and max_chars parameters, allowing models to read large files in chunks. Commit
• 🗺️ Knowledge search scoping. The search_knowledge_files tool now respects model-attached knowledge, searching only within attached knowledge bases and files when available. Commit
• 🛠️ Tool HTML embed context. Tools can now return custom context alongside HTML embeds by using a tuple format, providing the LLM with actionable information instead of a generic message. #22691
• 🔒 Trusted role header configuration. Administrators can now configure the WEBUI_AUTH_TRUSTED_ROLE_HEADER environment variable to set user roles (admin, user, or pending) via a trusted header from their identity provider or reverse proxy. #22523
• 🔑 OIDC authorization parameter injection. Administrators can now inject extra parameters into the OIDC authorization redirect URL via the OAUTH_AUTHORIZE_PARAMS environment variable, enabling IdP pre-selection for brokers like CILogon and Keycloak. #22863, Commit
• 🔑 Google OAuth session persistence. Administrators can now configure Google OAuth to issue refresh tokens via the GOOGLE_OAUTH_AUTHORIZE_PARAMS environment variable, preventing OAuth sessions from expiring after one hour and ensuring tools and integrations that rely on OAuth tokens remain functional. #22652
• 🔌 Embed prompt confirmation. Interactive tool embeds can now submit prompts to the chat without requiring same-origin access, showing a confirmation dialog for cross-origin requests to prevent abuse. #22908
• 🏮 Tool binary response handling. Tool servers can now return binary data such as images, which are properly processed and displayed in chat for both multimodal and non-multimodal models. Commit, Commit
• ⚡ Svelte upgrade performance. Page and markdown rendering are now approximately 25% faster across the board, with significantly less memory usage for smoother UI interactions. #22611
• 🧩 Model and filter lookup optimization. Model and filter membership lookups are now faster thanks to optimized data structure operations during model list loading. Commit
• 💨 Chat render throttling. Chat message rendering now uses requestAnimationFrame batching to stay smooth during rapid model responses, preventing dropped frames when fast models send many events per second. #22947
• 🚀 Function list API optimization. The functions list API now returns only essential metadata without function source code, reducing payload sizes by over 99% and making the Functions admin page load significantly faster. #22788
• ✨ Smoother loading animation. The loading shimmer animation now looks smoother and more natural, with softer highlight colors. #22516
• 🧪 Terminal connection verification. Users can now verify their terminal server connection is working before saving the configuration, making setup more reliable. #22567
• 📁 Chat folder emoji reset. Users can now reset chat folder emojis back to the default icon using a "Reset to Default" button in the emoji picker, making it easier to revert custom icons. #22554
• 📊 Metrics export interval configuration. Administrators can now control OpenTelemetry metrics export frequency via the OTEL_METRICS_EXPORT_INTERVAL_MILLIS environment variable, enabling cost optimization for metrics services like Grafana Cloud. #22529
• 🏥 Readiness probe endpoint. A new /ready endpoint is now available for Kubernetes deployments, returning 200 only after startup completes and database/Redis are reachable, enabling more reliable container orchestration. #22507
• 🔩 Tool server timeout configuration. Administrators can now configure a separate HTTP timeout for tool server requests via the AIOHTTP_CLIENT_TIMEOUT_TOOL_SERVER environment variable, enabling fine-tuned control over how long tool calls are allowed to take. Commit
• 📌 Knowledge file previews. Knowledge base files can now be opened in a new tab directly from the file list, making it easier to view content without downloading. #22629
• 🎯 Knowledge tool hybrid search support. The built-in query_knowledge_files tool now respects hybrid search and reranking settings, matching the behavior of the middleware RAG pipeline. Commit
• 🗣️ Temporary chat folder support. Temporary chats can now use folder-level system prompts and knowledge files, making them more powerful for quick explorations. Commit
• 📡 Terminal port previews. Detected ports in the File Navigator can now be previewed inline with a browser-style view, navigation controls, and an address bar, instead of only opening in a new tab. Commit, Commit
• ✏️ File renaming. Files and folders in the File Navigator can now be renamed by double-clicking or using the context menu, with Enter to confirm and Escape to cancel. Commit
• 🧭 File Navigator navigation history. The File Navigator toolbar now includes Back and Forward buttons for navigating through folder and file history, similar to a web browser. Commit
• 🗑️ Delete connection confirmations. Users are now prompted with a confirmation dialog before deleting connections, preventing accidental deletions. Commit
• 📦 Document loader fallbacks. Excel and PowerPoint files can now be processed even when the unstructured package is not installed, using pandas and python-pptx as fallback loaders. Commit
• 🧠 Memory management search and sort. Users can now search and sort their personal memories in the Memory management modal, making it easier to find specific memories. Commit
• 📦 SBOM generation script. A new script for generating CycloneDX Software Bill of Materials is now available in the scripts directory. Commit
• ⚙️ Ruff linter and formatter. Added Ruff as the Python linter and formatter, replacing the black-based workflow for better code quality with near-instant execution. #22576, #22462
• 🖥️ Offline code formatting support. The black formatter for Python code editing is now bundled locally in the Docker image, enabling code formatting to work in air-gapped deployments where client browsers cannot reach PyPI. Formatting failures no longer block saves, allowing code to be preserved even when offline. #22509, Commit
• ✏️ Markdown file editing. Users can now edi...

Added

• 🔐 Custom OIDC logout endpoint. Administrators can now configure a custom OpenID Connect logout URL via OPENID_END_SESSION_ENDPOINT, enabling logout functionality for OIDC providers that require custom endpoints like AWS Cognito. Commit
• 🗄️ MariaDB Vector community support. Added MariaDB Vector as a new vector database backend, enabling deployments with VECTOR_DB=mariadb-vector; supports cosine and euclidean distance strategies with configurable HNSW indexing. #21931
• 📝 Task message truncation. Chat messages sent to task models for title and tag generation can now be truncated using a filter in the prompt template, reducing token usage and processing time for long conversations. #21499
• 🔄 General improvements. Various improvements were implemented across the application to enhance performance, stability, and security.
• 🌐 Translations for Portuguese (Brazil), Spanish, and Malay were enhanced and expanded.

Fixed

• 🔗 Pipeline filter HTTP errors. Fixed a bug where HTTP errors in pipeline inlet/outlet filters would silently corrupt the user's chat payload; errors are now properly raised before parsing the response. #22445
• 📚 Knowledge file embedding updates. Fixed a bug where updating knowledge files left old embeddings in the database, causing search results to include duplicate and stale data. #20558
• 📁 Files list stability. Fixed the files list ordering to use created_at with id as secondary sort, ensuring consistent ordering and preventing page crashes when managing many files. #21879
• 📨 Teams webhook crash. Fixed a TypeError crash in the Teams webhook handler when user data is missing from the event payload. #22444
• 🛠️ Process shutdown handling. Fixed bare except clauses in the main process that prevented clean shutdown; replaced with proper exception handling. #22423
• 🐳 Docker deployment startup. Docker deployments now start correctly; the missing OpenTelemetry system metrics dependency was added. #22447, #22401
• 🛠️ Tool access for non-admin users. Fixed a NameError that prevented non-admin users from viewing tools; the missing has_access function is now properly imported. #22393
• 🔐 OAuth error handling. Fixed a bug where bare except clauses silently caught SystemExit and KeyboardInterrupt, preventing clean process shutdown during OAuth authentication. #22420
• 🛠️ Exception error messages. Fixed three locations where incorrect exception raising caused confusing TypeError messages instead of proper error descriptions, making debugging much easier. #22446
• 📄 YAML file processing. Fixed an error when uploading YAML files with Docling enabled; YAML and YML files are now properly recognized as text files and processed correctly. #22399, #22263
• 📅 Time range month names. Fixed month names in time range labels appearing in the wrong language when OS regional settings differ from browser language; month names now consistently display in English. #22454
• 🔐 OAuth error URL encoding. Fixed OAuth error messages with special characters causing malformed redirect URLs; error messages are now properly URL-encoded. #22415
• 🛠️ Internal tool method filtering. Tools no longer expose internal methods starting with underscore to the LLM, reducing clutter and improving accuracy. #22408
• 🔊 Azure TTS locale extraction. Fixed Azure text-to-speech using incomplete locale codes in SSML; now correctly uses full locale like "en-US" instead of just "en". #22443
• 🎤 Azure speech transcription errors. Improved Azure AI Speech error handling to display user-friendly messages instead of generic connection errors; empty transcripts, no language identified, and other Azure-specific errors now show clear descriptions. #20485
• 📊 Analytics group filtering. Fixed token usage analytics not being filtered by user group; the query now properly respects group filters like other analytics metrics. #22167
• 🔍 Web search favicon fallback. Fixed web search sources showing broken image icons when favicons couldn't be loaded from external sources; now falls back to the default Open WebUI favicon. #21897
• 🔄 Custom model fallback. Fixed custom model fallback not working when the base model is unavailable; the base model ID is now correctly retrieved from model info instead of empty params. #22456
• 🖼️ Pending message image display. Fixed images in queued messages appearing blank; image thumbnails are now properly displayed in the pending message queue. #22256
• 🛠️ File metadata sanitization. Fixed file uploads failing with JSON serialization errors when metadata contained non-serializable objects like callable functions; metadata is now sanitized before database insertion. #20561

Added

• ▶️ Open Terminal notebook cell execution. Users can now run Jupyter Notebook code cells directly in the Open Terminal file navigator, execute entire notebooks with a single click, edit and modify cells before running, and control the kernel - bringing full interactive notebook execution to the browser. Commit
• 🗃️ Open Terminal SQLite browser. Users can now browse SQLite database files directly in the Open Terminal file navigator, viewing tables and running queries without downloading them first. Commit
• 📉 Open Terminal Mermaid diagram rendering. Markdown files with Mermaid code blocks are now rendered as diagrams directly in the Open Terminal file navigator, making it easier to visualize flowcharts and other diagrams. Commit
• 📓 Open Terminal Jupyter Notebook previews. Users can now preview Jupyter Notebook files directly in the Open Terminal file navigator, making it easier to view notebook content without downloading them first. Commit
• 🔃 Open Terminal auto-refresh. The Open Terminal file navigator now automatically refreshes when the model writes or modifies files, keeping the view in sync without manual refresh. Commit
• 📎 Open Terminal file copy button. Users can now copy file contents directly to clipboard in the Open Terminal file navigator with a single click, making it easier to quickly grab file content without downloading. Commit
• 💻 Code syntax highlighting and XLSX improvements in Open Terminal. Code files now display with syntax highlighting in the Open Terminal file navigator, and XLSX spreadsheets now show column headers and row numbers for easier navigation. Commit
• 🌳 Open Terminal JSON tree view. JSON, JSONC, JSONL, and JSON5 files now display as interactive collapsible tree views in the Open Terminal file navigator, and SVG files render as preview images with syntax highlighting support. Commit
• 🛜 Open Terminal port viewing. Users can now view listening ports in the Open Terminal file navigator and open proxy connections to them directly from the UI. Commit
• 🎬 Open Terminal video previews. Users can now preview video and audio files directly in the Open Terminal file navigator, making it easier to view media without downloading them first. Commit
• ✏️ Open Terminal HTML editing. Users can now edit HTML source files in Open Terminal with CodeMirror editor, and the save button is properly hidden in preview mode. Commit
• 📄 Open Terminal DOCX preview. Word documents generated or modified by the AI can now be viewed directly in the file navigator with formatted text, tables, and images rendered inline — no need to download and open in a separate application. Commit
• 📊 Open Terminal XLSX preview. Excel spreadsheets in the file navigator now render as interactive tables with column headers and row numbers, making it easy to verify data the AI has generated or processed. Commit
• 📽️ Open Terminal PPTX preview. PowerPoint presentations created by the AI can now be viewed slide-by-slide directly in the file navigator, enabling quick review and iteration without leaving the browser. Commit
• 📁 Pyodide file system support. Users can now upload files for Python code execution in the code interpreter. Uploaded files are available in the /mnt/uploads/ directory, and code can write output files there for download. The file system persists across code executions within the same session. The code interpreter now also informs models that pip install is not available in the Pyodide environment, guiding them to use alternative approaches with available modules. #3583, Commit, Commit
• 🧰 Tool files access. Tools can now access the files from the current chat context via the files property in their metadata, enabling more powerful tool integrations. Commit
• ⚡ Chat performance. Chat messages now load and display significantly faster thanks to optimized markdown rendering, eliminating delays when viewing messages with mathematical expressions. #22196, #20878
• 📜 Message list performance. Improved message list rendering performance by optimizing array operations, reducing complexity from O(n²) to O(n). #22280
• 🧵 Streaming markdown performance. Improved chat responsiveness during streaming by skipping unnecessary markdown re-parsing when the content hasn't changed, eliminating wasted processing during model pauses. #22183
• 🏃 Chat streaming performance. Chat streaming is now faster for users not using the voice call feature by skipping unnecessary text parsing that was running on every token. #22195
• 🔖 Source list performance. Source lists in chat now render faster thanks to optimized computation that avoids unnecessary recalculations, including moving sourceIds computation to a reactive variable. #22279, Commit, Commit
• 💨 Chat message tree operations. Chat message tree operations are now significantly faster, improving overall chat responsiveness. #22194
• 🚀 Initial page load speed. Page load is now significantly faster thanks to deferred loading of the syntax highlighting library, reducing the initial JavaScript bundle by several megabytes. #22304
• 🗓️ Action priority query optimization. Improved performance of action priority resolution by fixing an N+1 query pattern, reducing database round-trips when loading model actions. #22301
• 🔑 API key middleware optimization. The API key restriction middleware was converted to a pure ASGI middleware for improved streaming performance, removing per-chunk call overhead. #22188
• 🏎️ Model list loading performance. Model lists now load significantly faster thanks to optimized custom model matching that uses dictionary lookups instead of nested loops. #22299, Commit, Commit
• ⏱️ Event call timeout configuration. Administrators can now configure the WebSocket event call timeout via the WEBSOCKET_EVENT_CALLER_TIMEOUT environment variable, giving users more time to respond to event_call forms instead of timing out after 60 seconds. #22222, #22220
• 🔁 File refresh button visibility. The refresh button in the chat file navigator now appears when viewing files as well as directories, allowing users to refresh the file view at any time. Commit
• 📂 Nested folders support. Users can now create subfolders within parent folders, improving organization of chats. A new "Create Subfolder" option is available in the folder context menu. #22073, Commit
• 🔔 Banner loading on navigation. Admin-configured banners now load when navigating to the homepage, not just on page refresh, ensuring users see new banners immediately. #22340, #22180
• 📡 System metrics via OpenTelemetry. Administrators can now monitor Python runtime and system metrics including CPU, memory, garbage collection, and thread counts through the existing OpenTelemetry pipeline. #22265
• 🔄 General improvements. Various improvements were implemented ac...