Open WebUI Release Notes

Added

🧠 PaddleOCR-vl document extraction. Administrators can now use PaddleOCR-vl as a content extraction engine for document processing, with configurable API URL and token settings in document retrieval configuration. #23945

🔥 Firecrawl v2 API. Firecrawl web loading now uses the v2 API directly with proper retry logic, exponential backoff on rate limits, and configurable timeout handling, improving reliability for both cloud and self-hosted Firecrawl setups. #23934

⏰ Calendar event reminder customization. Calendar events now support a configurable reminder_minutes parameter, allowing models to set custom reminder durations instead of the default 10-minute notification.

🔑 Custom API key header. Administrators can now configure a custom header name for API key authentication via the CUSTOM_API_KEY_HEADER environment variable, enabling compatibility with reverse proxies that use the Authorization header for their own authentication.

🔌 OAuth session disconnection. Users can now disconnect OAuth sessions for specific providers (e.g., MCP connections) through a new API endpoint, enabling cleaner re-authentication workflows.

📚 Source overflow indicator. The Sources button now shows a +N badge when more than three sources are available, so hidden sources are clearly indicated in chat responses. #23918

⚡ Model list performance. Model list API responses now strip base64 profile image data from paginated results, and model tags are fetched via a dedicated efficient query instead of loading all models. This significantly reduces payload sizes and improves workspace Models page responsiveness.

⚡ Model avatar cache reuse. Default model profile images now redirect to a shared static path instead of reading files from disk per-request, reducing repeated I/O and improving loading efficiency when multiple models use the fallback icon. #24015

🚀 Faster splash image loading. Splash screen images are now prioritized earlier during page load with preload links, improving first-load LCP behavior and reducing delayed image discovery. #24011

🧵 Streaming markdown performance stability. Streaming responses now stay more memory-efficient by preventing repeated cleanup callback registration during markdown updates. #24048

📊 Telemetry gauge reliability. OpenTelemetry user gauge callbacks now use synchronous database queries directly, eliminating cross-thread async bridging issues that could cause silent failures in metric collection.

🔄 General improvements. Various improvements were implemented across the application to enhance performance, stability, and security.

🌐 Translation updates. Translations for Finnish, Korean, Portuguese (Brazil), and Dutch were enhanced and expanded.

Fixed

🔧 MCP task cancellation stability. Interrupted MCP tool calls no longer cause CPU spikes or runaway cleanup behavior. MCP client disconnection now runs in the same asyncio task as connection, respecting cancel scope constraints, and chat-active events are properly shielded during cancellation.

🧠 Persistent chat skill injection. Skills mentioned in persisted chats now inject into the system prompt reliably. Skill ID extraction from <$skillId|label> message tags is now handled server-side, and tags are stripped before messages reach the model.

🗄️ Async database driver migration. The async database backend now uses psycopg (v3) instead of asyncpg, eliminating brittle SSL parameter translation and supporting native libpq connection strings including sslmode, options, and target_session_attrs without any stripping or conversion.

🐳 Docker ARM64 reliability. Docker images built for arm64 via QEMU cross-compilation no longer produce 0-byte corrupted Python dependencies. UV_LINK_MODE=copy is now set in the Dockerfile to force reliable file installation.

🛠️ Throttle request handling. Request handling no longer fails when user activity status updates are throttled with a non-zero interval. #23979

✍️ Rich text extension conflicts. Rich text editing no longer triggers duplicate extension conflicts for lists and code blocks, improving editor stability. #24009

🔇 Fetch URL null content guard. The fetch_url built-in tool now safely handles None content returned by web loaders instead of crashing with a TypeError.

🌐 OAuth discovery fallback. OAuth protected resource discovery now falls back to well-known RFC 9728 URIs when the WWW-Authenticate header doesn't contain a resource_metadata link, improving compatibility with more MCP server implementations.

🔐 Session token resolution. Session user endpoints now gracefully handle missing Authorization headers by falling back to cookie and request state tokens, preventing errors when used behind forward-auth proxies.

🚫 Direct API error responses. Chat completion requests without a WebSocket channel (direct API calls) now return proper HTTP error responses instead of silently returning null on failure.

📡 Cancelled response stream cleanup. Cancelled chat generation now explicitly closes the upstream response body iterator, preventing orphaned async generators from spinning in anyio internals.

🔒 Model profile image path safety. Model profile image endpoints now validate and sanitize static asset redirect paths, preventing path traversal through encoded dots or malicious URL patterns.

📊 RAG template validation UI. The Documents settings page now displays a warning when RAG templates contain multiple [context] or {{CONTEXT}} placeholders, helping administrators avoid accidental redundant context injection.

🧩 Automation model detection. The create_automation tool now correctly detects the current model ID even when model_id is not yet set in metadata, falling back to the model dict.

🔄 MCP resource content handling. MCP tool results with the resource content type are now correctly detected and their resource.text payload is extracted, instead of being silently ignored.

🔄 Ollama and OpenAI metadata forwarding. Ollama and OpenAI proxy routes now forward request metadata to downstream handlers, ensuring consistent context propagation.

🧹 Browser-native message virtualization. The custom JavaScript-based message culling system (spacers, height caching, scroll listeners) was replaced with CSS content-visibility: auto, letting the browser natively skip rendering of off-screen messages without destroying component trees. This eliminates scroll jump artifacts and mount/destroy thrashing while preserving memory efficiency in long conversations.

📻 Redis notification compatibility. Redis pub/sub now handles missing or incompatible client_name support more gracefully, preventing connection errors with certain Redis configurations.

Changed

⚙️ psycopg v3 async driver. The async database driver has been migrated from asyncpg to psycopg (v3). This is a transparent change for most deployments, but custom connection strings with asyncpg-specific parameters may need adjustment.

🔑 Brotli dependency update. Brotli has been updated to address CVE-2025-6176.

🖥️ Windows startup script. The Windows startup batch script has been updated for improved compatibility.

Original source

Fixed

🐛 Missing aiosqlite dependency. Fixed a startup crash (ModuleNotFoundError: No module named 'aiosqlite') when installing Open WebUI via pip or uv by adding the missing aiosqlite package to pyproject.toml. The dependency was listed in requirements.txt but not in the published package metadata, so it was not installed automatically. #23916

🐛 Missing asyncpg dependency. Added the missing asyncpg package to pyproject.toml to prevent the same startup crash for PostgreSQL users. Like aiosqlite, it was present in requirements.txt but absent from the published package dependencies.

Original source

Caution
⚠️ Database Migrations: This release includes database schema changes; we strongly recommend backing up your database and all associated data before upgrading in production environments. If you are running a multi-worker, multi-server, or load-balanced deployment, all instances must be updated simultaneously, rolling updates are not supported and will cause application failures due to schema incompatibility.
Added
🖥️ Official Open WebUI Desktop App. Open WebUI is now available as a native desktop app for Mac, Windows, and Linux. No Docker, no terminal, no setup. Runs Open WebUI locally without any server setup, or connects to your existing remote Open WebUI instances. Switch between multiple servers instantly from the sidebar. Comes with a system-wide floating chat bar (Shift+Cmd+I on macOS, Shift+Ctrl+I on Windows/Linux), system-wide push-to-talk, offline support after first launch, automatic updates, and zero telemetry. #8262, Desktop
🤖 Scheduled chat automations. You can now schedule the AI to run tasks automatically on a recurring basis: daily digests, periodic reports, anything you'd otherwise need to remember to ask for. Create and manage automations from the Automations page or directly in chat, with full run history and manual trigger controls. #23303, Commit, Commit, Commit, Commit
🧰 Automation tools in chat. Built-in chat tools can now create, update, list, pause, and delete scheduled automations directly in conversation when automation access is enabled. Commit
⏱️ Automation scheduling limits. Administrators can now set "AUTOMATION_MAX_COUNT" and "AUTOMATION_MIN_INTERVAL" to limit how many automations each non-admin user can create and prevent overly frequent schedules that could overload the system. Commit
📋 Task management tool. AI models can now create, update, and track tasks within a chat conversation, breaking down complex requests into manageable steps with real-time status updates. Commit
🗓️ Calendar workspace and event management. Open WebUI now has a full Calendar workspace. Create and manage events, set up recurring schedules, get reminders via in-app toasts or browser notifications, and see your scheduled automations alongside your calendar. #23880
🔔 Calendar reminders and alerts. Calendar events now support reminder options from no alert up to one hour before start time, with upcoming alerts delivered through in-app toasts, browser notifications, and optional webhooks while avoiding duplicate sends. Commit
⚙️ Scheduler reminder configuration. Administrators can now configure calendar reminder processing with "SCHEDULER_POLL_INTERVAL" and "CALENDAR_ALERT_LOOKAHEAD_MINUTES", while existing "AUTOMATION_POLL_INTERVAL" setups continue to work as a legacy fallback. Commit
☁️ Azure responses support. Azure OpenAI connections now support the newer "/openai/v1" format, enabling chat, responses, and proxy calls to work correctly with that endpoint style. #23484
🤖 Ollama responses support. The Ollama proxy now supports the Responses API, letting clients use "/v1/responses" directly with Ollama-hosted models through Open WebUI. #23483
🧩 Responses tool output rendering. Built-in tool outputs in Responses API flows now render more consistently so downstream chat output is easier to interpret. Commit, #23482
🔎 Responses citation visibility. Responses API flows now emit citation sources more consistently, making linked references easier to preserve and display in chat output. Commit, #23774
📎 Attach previously uploaded files. The chat input menu now includes a Files tab for browsing and attaching previously uploaded files, eliminating the need to re-upload files you have already shared. Commit
🧷 Default model terminal selection. Workspace model editors can now preselect an Open Terminal connection, so new chats automatically start with the model’s configured terminal ready to use. Commit, #23605
🎙️ Mistral TTS support. Mistral can now be used as a text-to-speech provider, with admin settings for the API key, base URL, voices, and model selection. Commit
🎧 STT preprocessing bypass option. Administrators can now enable "AUDIO_STT_SKIP_PREPROCESSING" to send audio files directly to the speech-to-text backend, reducing memory and CPU consumption during large uploads for better transcription performance and stability on constrained deployments. #23661
🗑️ Admin model deletion. Administrators can now delete Ollama models directly from the model selector menu, making it easier to clean up unused or unwanted models. Commit
🔌 Backend outlet filters for local and persisted chats. Pipeline and function outlet filters now run reliably in backend completion flows for persisted chats and temporary local chats. #3237, Commit
🎨 Emoji shortcode support. Typing a colon in the chat input now opens an emoji suggestion menu, making it easier to insert emojis using shortcodes like 👋. Commit
📌 Recently used emojis. The emoji picker now shows your most recently used emojis at the top, making it faster to find emojis you use often. Commit
👆 Swipe to reply on mobile. Swiping right on a message now triggers a reply, making it easier to respond on touch devices with a natural gesture. Commit
📱 Screen-awake voice recording. Voice recording now keeps the screen awake during active dictation and safely re-acquires wake lock after visibility changes, helping prevent long transcriptions from being cut off on mobile devices. #23145
🔔 Unread chat indicators. Sidebar chats now show unread status and are marked as read when opened, making it easier to spot conversations with new activity. Commit
🔌 WebSocket reconnect status feedback. Open WebUI now warns when the real-time connection drops and confirms when it reconnects, while avoiding a reconnect message on the initial page load. Commit
📍 Pinned notes in sidebar. Notes can now be pinned to the sidebar for quick access, and you can also create a new note directly from the pinned notes section. Commit, Commit
🗂️ Model selector focus. The model selector now resets its search only when it opens, making the popup feel more predictable while still focusing the search field automatically. Commit
🗂️ Model selector layout. The model selector now behaves more predictably as a custom popup, and the completions playground uses a simpler model picker for easier selection. Commit
🎚️ Active filter valve shortcut. Active filter badges now expose valve configuration directly in the chat input area, so filter tuning is faster during conversations. Commit, #23811, #23813
🎨 Theme updates. Other windows can now update the app theme directly, keeping the interface in sync when theme changes are triggered externally. Commit
🚀 Async performance and responsiveness improvements. The core backend database and request paths now run asynchronously across the application, massively improving responsiveness and performance under concurrent load and reducing request blocking during heavy activity. Commit, Commit
⚡ Drawer performance and memory optimization. Drawer interactions now stay smoother over long sessions by removing stale keyboard listeners on teardown, which reduces memory growth and avoids accumulated event handling overhead. #23724
🚀 Chat history memory culling. Long conversations now stay responsive no matter how many messages they contain. Off-screen messages are unloaded automatically and reloaded as you scroll, keeping memory usage low and the UI smooth on both desktop and mobile. #23067, Commit, Commit
🧵 Async file and knowledge processing performance. File processing, knowledge reindexing, and channel message helper paths now consistently await async operations, preventing skipped processing steps and improving reliability and performance of indexing and tool responses. Commit
🚀 Persistent chat payload efficiency. Persisted chats now use server-side history loading instead of repeatedly resending full message payloads, improving multimodal performance and reducing stale-history overwrite risk across devices. #19064, Commit, Commit
🧵 Non-blocking file storage operations. Uploading, reading, transcribing, and deleting files now offloads storage I/O to background threads, keeping the application responsive during file-heavy workflows. Commit
🏎️ Streaming response performance. Streaming responses now process each output line in a single step instead of two separate yields, reducing async overhead and improving responsiveness during long-running generations. #23266
🔎 Faster mention parsing. Chat text with HTML-like content, file paths, or tool output now parses mentions more efficiently, which helps keep typing and rendering responsive in messages that contain many '<' characters. #23551
🧪 Code block rendering performance. Code blocks now reuse a shared HTML unescape helper, reducing extra browser work when displaying encoded output in chat. #23553
🚀 Inline code rendering performance. Inline code tokens in streaming responses now fade in with a lightweight CSS animation, making chat output feel smoother while reducing interface overhead during rapid token updates. #23258
🎞️ Streaming text token animation performance. Streaming text tokens now use a lightweight CSS intro animation, making output feel smoother while reducing transition overhead and preventing tokens from fading out when generation completes. #23257
🎯 Template token scan optimization. Streaming responses now skip unnecessary token-replacement processing when no template markers are present, reducing per-update overhead and keeping chat output smoother during rapid generation. #23161
🔬 Chinese text processing guard performance. Streaming responses without Chinese characters now skip unnecessary Chinese-format processing checks, reducing per-update overhead and keeping output smoother during rapid generation. #23162
🧠 HTML entity decode performance. Streaming text decoding now avoids repeated document parsing for HTML entity handling, reducing memory churn and improving responsiveness in token-heavy chat output. #23165
🏷️ Chat title update performance. Chat title updates now run in a single database operation instead of multiple round trips, improving responsiveness and reducing overhead when titles are generated or renamed. #23214
📂 Faster chat list queries performance. Chat and folder lists now load more efficiently by fetching only the fields needed for sidebar views, improving responsiveness when browsing large conversation histories. Commit
📈 Sidebar memory optimization. Sidebar chat items now use shared drag-preview resources and safer listener cleanup, reducing memory growth and keeping large chat lists more responsive during long sessions. #23209
🧠 Image viewer memory optimization. Viewing images and SVGs now uses significantly less memory and performs faster, keeping the application snappy and responsive even when browsing through many media files during extended sessions. #23236
📡 Optimized user activity tracking performance. User activity updates now use a single database query instead of multiple operations, improving response times across all authenticated requests. #23215
👥 Faster channel thread author loading. Channel thread responses now load author details in a single batch query, reducing database overhead and improving responsiveness in threads with many participants. #23795
💨 Optimized shared chat deletion. Deleting shared chats by user is now faster and more memory-efficient by only loading necessary data. #23216
🗃️ Faster chat tag loading. Chat tag lookups now load only the metadata needed instead of full chat payloads, improving responsiveness for chats with large histories. #23798
📎 Faster chat file deduplication. Attaching files to chat messages now checks duplicates more efficiently, reducing overhead when handling larger file lists. #23800
📈 Faster message diff checks. Chat message and status updates now compare content more efficiently during streaming, making active conversations feel smoother and more responsive. #23370
⚖️ Faster deep equality checks. Chat message updates, model selection, note editing, code block refreshes, and rich text state comparisons now use deep equality checks that reduce unnecessary UI work and improve responsiveness in active sessions. #23845
🏃 Faster knowledge access updates. Updating access grants for knowledge items now completes with less backend overhead, making permission changes apply more quickly. #23799
🧹 Mermaid render cleanup performance. Mermaid diagrams now always clean up temporary render elements after failures, reducing DOM buildup and keeping repeated rendering more stable over time. #23727
🖼️ Model image lookup efficiency. Model profile image requests now reuse the current request database session, reducing per-request overhead and improving response efficiency. #23796
👤 User endpoint query reduction. Session-based user settings and status endpoints now avoid redundant user re-fetches, reducing unnecessary database load while preserving behavior. #23794
🚦 Faster startup performance. Open WebUI now checks for Torch MPS support only on macOS, avoiding unnecessary startup work on other platforms. #23438
🛡️ Redis timeout consistency. Redis connections now honor the "REDIS_SOCKET_CONNECT_TIMEOUT" setting across standard and cluster setups, helping workers fail faster when Redis is unreachable. #23572
🧰 AIOHTTP pool controls. Administrators can now tune shared outbound HTTP connection behavior with "AIOHTTP_POOL_CONNECTIONS", "AIOHTTP_POOL_CONNECTIONS_PER_HOST", and "AIOHTTP_POOL_DNS_TTL" for better control under high concurrency. Commit
⏱️ MCP tool server timeout configuration. Administrators can now configure request timeouts for MCP tool server connections via the AIOHTTP_CLIENT_TIMEOUT_TOOL_SERVER environment variable. Commit
🎫 Static OAuth tool authentication. Tool server authentication now works reliably for both "oauth_2.1" and "oauth_2.1_static" connection types, so OAuth-backed tool access is correctly detected and forwarded during chat requests. Commit
🗄️ Configurable storage local cache. Administrators can now disable persistent local caching for cloud-backed uploads with the "STORAGE_LOCAL_CACHE" setting, reducing local disk usage by cleaning temporary upload copies after processing. Commit
🚪 Back-channel logout. OpenID Connect providers can now trigger centralized logout through the "ENABLE_OAUTH_BACKCHANNEL_LOGOUT" setting, helping administrators invalidate user sessions more reliably across connected devices. Commit
🛡️ Expanded security header controls. Administrators can now configure additional browser security headers, including "CONTENT_SECURITY_POLICY_REPORT_ONLY", "CROSS_ORIGIN_EMBEDDER_POLICY", "CROSS_ORIGIN_OPENER_POLICY", and "CROSS_ORIGIN_RESOURCE_POLICY", for stricter and more flexible deployment hardening. Commit
🖼️ Image MIME fallback option. Administrators can now enable "ENABLE_IMAGE_CONTENT_TYPE_EXTENSION_FALLBACK" so image-to-base64 conversion can still detect common image types by file extension when MIME metadata is missing, improving compatibility on minimal container images and older file records. Commit
🛡️ Public sharing permissions. Public channels, models, notes, prompts, and tools now respect allowed access grants more consistently, helping administrators control who can share content more safely. Commit
🆔 Skill lookup by ID. Skill instructions now include each skill’s ID, and the skill viewer now finds skills by ID in a case-insensitive way so attached skills are identified more reliably in chats. Commit
🏷️ Source context metadata. Retrieval source context now includes each source’s resource type and resource ID metadata, helping downstream model workflows preserve richer source identity during processing. Commit
🗂️ Feedback filtering. Administrators can now filter feedback history by model and export only the feedback they need. Commit
📤 CSV feedback export. Feedback history can now be exported as either JSON or CSV, making it easier to analyze feedback in spreadsheet tools. Commit
📝 Optional GET audit logging. Administrators can now enable auditing for GET requests with the "ENABLE_AUDIT_GET_REQUESTS" setting when they need fuller request visibility. Commit
🕒 Model access updates. Changing a model’s access grants now updates its timestamp, so recently modified models stay easier to find and sort correctly. Commit
💬 Queued message handling. Queued chat messages now send more reliably without advancing the queue too early, keeping follow-up prompts in the intended order. Commit
🔒 Rendered content safety. Placeholder descriptions and the pending account notice now render markdown with safer sanitization ordering, reducing the risk of unsafe HTML appearing in these views. Commit
🛡️ Safer placeholder rendering. Chat placeholder descriptions and the pending account notice now sanitize rendered markdown more consistently, reducing the risk of unsafe content being shown in these views. Commit
🧮 Usage analytics accuracy. Token usage is now normalized before chat messages are saved, so model and user usage reports stay accurate across OpenAI-compatible providers. Commit
🧩 Richer Anthropic tool results. Anthropic-compatible tool calls now preserve more tool result content types, including images and structured search or document outputs, so models can use fuller tool context instead of receiving only plain text fragments. #23188, Commit
🖼️ ComfyUI request reliability. ComfyUI image generation and editing now use shared async connections with consistent SSL handling, making image uploads and workflow runs more reliable under concurrent load. Commit
🎛️ Reranking batch size control. Administrators can now set "RAG_RERANKING_BATCH_SIZE" in Documents settings to control reranking workload size, helping balance retrieval speed and resource usage for their deployment. Commit
🔗 Shared chat access controls. You can now control who has access to a shared chat by granting access to specific users or groups, instead of sharing with anyone who has the link.
🔄 General improvements. Various improvements were implemented across the application to enhance performance, stability, and security.
🌐 Translation updates. Translations for Irish, Catalan, German, Simplified Chinese, Hindi, and Portuguese (Brazil) were enhanced and expanded.
Fixed
🛡️ Model description XSS protection. Model descriptions shown in chat placeholders are now sanitized before rendering, preventing malicious links from executing scripts and helping protect user sessions from takeover. #23621
🧠 Memory search filtering. Memory search now correctly filters by the query text instead of returning unrelated results. Commit, #23826
📊 Shared chat analytics consistency. Usage and message-count analytics now count assistant activity consistently across regular and shared chats, improving accuracy in model, user, chat, and time-based reporting views. Commit
🧭 Safer in-flight chat navigation. Sending a message no longer overwrites your active chat or causes duplicate background notifications when you switch conversations before a response finishes. Commit
🗣️ Pipeline error detail visibility. Pipeline inlet and outlet failures now preserve and surface provider error details more reliably in chat error messages, making troubleshooting failed requests much clearer. Commit
📨 Shared chat event routing. Message update and send events now target the chat owner’s event channel, so shared chats receive the correct real-time updates instead of routing events to the acting user. Commit
🔐 Consistent outbound SSL handling. External requests for tools, functions, terminals, webhooks, retrieval loaders, audio provider discovery, and OpenAI-compatible embedding calls now consistently apply the configured SSL client setting, improving reliability for deployments that require custom certificate or verification behavior. Commit, Commit
🖼️ Image SSL setting support. Image generation now respects the configured SSL session setting, preventing avoidable connection failures in strict certificate environments. Commit, #23777
🗂️ Folder ownership assignment hardening. Folder create and update inputs now reject unexpected extra fields, preventing clients from overriding protected values like ownership through mass-assignment payloads. #23648
🔐 Knowledge file deletion ownership checks. Collaborators with knowledge base write access can no longer permanently delete files they do not own, preventing unintended file removal across other linked chats and knowledge bases. Commit, #23636
🗑️ Knowledge deletion reliability. Deleting a knowledge base by ID now completes reliably without unexpected failures. Commit, #23776, #23814
🔐 OAuth 2.1 PKCE enforcement. OAuth 2.1 providers now default to S256 PKCE even when discovery metadata omits supported challenge methods, preventing login failures with providers that require PKCE by default. #23667, Commit
🔐 Static OAuth scope handling. Static OAuth credential flows now prioritize administrator-defined scopes and handle OAuth 2.1 static flow behavior more reliably. Commit, #23668, #23696, #23783
🔐 Static OAuth tool registration reliability. Static OAuth tool server registration now resolves and uses saved admin credentials more reliably, preventing registration failures when valid client credentials are provided. #23670, Commit, Commit
⏳ OAuth token expiry fallback. OAuth sessions now always store a safe expiry value even when providers omit "expires_in" or "expires_at", so token refresh checks continue working and tool calls are less likely to fail later with unexpected authorization errors. #23669, Commit
🔑 Anthropic x-api-key model access. Anthropic-compatible clients can now authenticate with the "x-api-key" header across all relevant API routes, so model listing requests like GET "/api/v1/models" no longer fail with unauthorized errors. #23319, Commit
🔑 SSO password option visibility. Account settings now hide password change controls when password-change access is disabled, avoiding misleading password options for SSO-focused setups. #15292, Commit
🔑 Open Terminal MCP authentication. Open Terminal MCP tool calls now include the configured API key when calling internal routes, preventing unauthorized errors for commands like file reads and command execution. #106
🧯 Provider error freeze recovery. Task-based chat requests now surface provider HTTP errors through normal failure handling, so content-filter and other upstream 4xx responses no longer leave chats stuck in a perpetual loading state. #23663, Commit
🔄 Immediate outlet filter updates. Assistant messages modified by outlet filters now appear correctly as soon as streaming completes, without requiring a page refresh. #23829
🌊 Middleware cancellation reliability. Long-running requests now complete more reliably by preventing middleware-level cancellations from interrupting in-flight database and embedding work, reducing unexpected failures and noisy error logs when connections close early. #23709
🚦 Async vector search responsiveness. File processing, memory updates, and knowledge retrieval no longer block the server event loop during vector database operations, so other chats and requests stay responsive while indexing or search is running. #23706
🗒️ Notes chat llama.cpp compatibility. Notes AI chat no longer sends empty assistant prefill messages that can conflict with reasoning-enabled llama.cpp responses, preventing immediate 400 errors in Notes conversations. Commit, #23703
🧩 Ollama thinking field preservation. Messages modified by filters now keep the Ollama "thinking" field when sent to the model, so reasoning-aware workflows and custom filter-based passthrough setups work reliably. Commit, #22508
🧾 Reasoning content preservation. Assistant tool-call messages now retain reasoning content across turns, improving reliability for reasoning-heavy model workflows. Commit, #23175, #23742
🧭 Background task scoping for new chats. Chat title and auto-tag generation now run only for the first message of a new conversation and only once in multi-model responses, preventing duplicate or incorrectly triggered background tasks in follow-up flows. Commit
📚 Channel document context retention. Channel conversations now preserve and load the correct stored message history so model responses can use uploaded and retrieved document context more reliably. #23686, Commit, Commit
⏳ Interrupted response recovery. Assistant placeholder messages now start as incomplete and recover more safely after interrupted generations, preventing silent empty replies after refreshes or dropped requests. #23176, Commit, Commit
🧰 Large tool result rendering. Tool call details now display large result payloads reliably in chat instead of intermittently showing empty output for bigger tool responses. #18743, Commit
🧼 Null-byte document sanitization. PDF and other document ingests now sanitize null bytes and invalid surrogate characters before pgvector writes, preventing PostgreSQL upload failures and allowing affected files to index successfully. #22992, Commit
📝 Knowledge text editor stability. The Knowledge "Add Text Content" modal now uses a plain text editor, avoiding current rich text editor issues and keeping drafting behavior consistent with existing knowledge editing flows. Commit
🎤 STT SSL setting consistency. Speech and related outbound media requests now consistently use shared async HTTP sessions and honor the configured SSL verification setting, improving compatibility with self-signed deployments. #23672, Commit
🎙️ Mistral speech input format. Mistral speech-to-text requests now use the correct chat-completions audio input format for better compatibility. Commit, #23822
🖼️ Optional image size parameter. Image generation no longer sends the "size" field when no size is configured, improving compatibility with providers that reject unsupported size arguments. #23611, Commit
🔎 FireCrawl timeout reliability. FireCrawl web loading now uses direct scrape requests and improved timeout handling for single-URL fetches, reducing empty results and premature timeout failures with local FireCrawl setups. #23411, Commit
🖱️ Custom action icon drag prevention. Custom user-added action icons in chat responses are no longer accidentally draggable, so clicks and hover interactions behave consistently with built-in action icons. #23412
🖼️ Image URL conversion reliability. Sending image URLs to AI models no longer fails with "cannot pickle 'coroutine' object" errors, so image inputs now convert to base64 reliably during request processing. #23685
📂 Channel input menu dismissal. In Workspace Channels, the message input dropdown now closes immediately after selecting "Upload Files" or "Capture", matching normal chat input behavior and preventing the menu from staying open unnecessarily. #23684
📋 Clipboard copy scroll stability. Copying content with the fallback clipboard method no longer triggers unwanted page scrolling during focus, keeping your current reading position stable. Commit
🖼️ Profile image URL validation. Profile saves now accept valid Open WebUI profile-image paths, trusted external HTTP(S) avatar URLs, and safe raster data-image formats while rejecting unsafe URL patterns that could be abused. #23389
👤 Partial user profile updates. User update API requests can now modify only the fields you provide, so administrators no longer need to resubmit unchanged name, email, and profile image values when changing a single setting like role. #23424, Commit
🚨 Provider SSE error visibility. Provider failures returned with streaming content types are now surfaced as proper API errors and logged clearly, so issues like context-window limits no longer fail silently during chat generation. #23379
🧵 Queued prompt race prevention. Chat request queues now prevent overlapping processing for the same chat, avoiding duplicate queue handling when multiple queue-processing triggers fire close together. #23181, Commit
🛑 Cancellation event delivery reliability. Cancelled chat processing now safely emits task-cancel and error events only when an event emitter is available, while provider HTTP errors now also route through task-cancel handling so chats recover from blocked-loading states more reliably. #23663, Commit, Commit
🔑 OIDC key-rotation recovery. OIDC login now retries token authorization with refreshed provider signing keys after a bad-signature failure, so logins recover automatically after identity-provider key rotation without requiring a service restart. #23582, Commit
🌍 Non-ASCII tag filtering. Prompt and model tag filters now handle non-Latin tags more reliably across SQLite and PostgreSQL, so tags like Cyrillic values return the expected items in Workspace lists. #23381, #23427, Commit
🏷️ Prompt tag query accuracy. Prompt tag filtering now uses JSON-element-aware queries so tag-based lookups return the correct prompts. Commit, #23386
🗃️ SQLite async pool compatibility. SQLite async database setup no longer forces an explicit queue pool class, avoiding pool configuration conflicts in SQLite deployments. Commit
🧠 Knowledge embedding deadlock prevention. Knowledge file processing now runs blocking vector-save work in a worker thread while keeping async status updates reliable, preventing file processing from stalling during long embedding operations. Commit, Commit
🤖 Automation worker async DB handling. Automation claiming and run recording now use async database sessions consistently, improving worker stability for scheduled automations. Commit
🕒 Automation timezone scheduling. Scheduled automations now calculate each user’s next run time using that user’s saved timezone, preventing run drift caused by server-time fallback. Commit
🔎 Notes search matching. Notes search now handles multi-word and hyphenated queries more reliably, so relevant notes and snippets are easier to find from partial phrase searches. Commit
📐 Display math rendering. Chat markdown now correctly recognizes and renders "$$...$$" expressions as display math, improving reliability for multiline and escaped KaTeX content while keeping malformed delimiters from disrupting message rendering. #23526, Commit
🚫 LDAP empty-password rejection. LDAP login now rejects empty or whitespace-only passwords before bind attempts, preventing unauthenticated simple-bind behavior from granting access on permissive LDAP server configurations. #23633
🌐 IPv6 SSRF address blocking. URL validation now uses standard IP address checks for both IPv4 and IPv6, preventing private, loopback, link-local, reserved, and mapped-address SSRF bypasses through IPv6 hostname resolution. #23453
🔒 API key endpoint restriction bypass. API key endpoint restrictions are now enforced regardless of whether the key is sent through Authorization headers, cookies, or "x-api-key", preventing bypass through alternate key transport paths. #23637
🔐 Channel sharing permission enforcement. Channel creation and updates now enforce allowed access grant rules for public sharing, preventing unauthorized wildcard sharing on group channels. #23638
🛑 Socket role invalidation. Socket sessions now disconnect automatically when a user is demoted or deleted, preventing stale admin privileges from persisting until reconnect. #23642
🛂 Tool server access checks. Tool listing now correctly awaits server access checks, preventing users from seeing server-backed tools they do not have permission to use. Commit
🛑 Task endpoint access control. Global task listing and direct task stop endpoints are now restricted to administrators, while regular users can stop only their own chat tasks through a scoped chat endpoint. #23454
🧱 Redis cache key isolation. Tool server and terminal server cache entries now include the Redis key prefix, preventing multiple Open WebUI instances that share one Redis database from overwriting each other’s cached connection data. #23649
🧠 Client session leak prevention. Outbound provider requests now use a shared session pool with safer response cleanup and shutdown handling, preventing aiohttp session buildup and reducing memory growth during heavy concurrent API traffic. #23540, Commit
🧩 Tool enum value handling. Tool schema generation now safely handles enum values as strings, preventing failures when OpenAPI parameters include non-string enum entries. #23597, Commit
🧷 Responses model access control. The OpenAI-compatible Responses endpoint now enforces per-model permissions, preventing non-admin users from accessing models they are not allowed to use. #23481
🛡️ Collection process endpoint permissions. Collection processing endpoints now enforce collection ownership checks for web and text processing requests. Commit, #23634
📚 Knowledge query access enforcement. Knowledge-base collection queries now block unauthorized enumeration and require read access before returning results. Commit, #23635, #23452
🔍 RAG collection query permissions. Vector search collection queries now enforce access checks before retrieval results are returned. Commit, #23627
🔗 Chained base model access checks. Chained base model execution now enforces per-model access rules to prevent unauthorized model usage. Commit, Commit, #23647
✍️ Collaborative document write checks. Collaborative document updates now require proper write permission before changes are accepted. Commit, Commit, #23624
📥 Model import ownership validation. Model import now enforces ownership and access grant checks to prevent unauthorized imports. Commit, #23628
🚫 Inactive member channel access. Deactivated group members can no longer read or write channel content through direct API calls, so channel permissions now match active membership status. #23623
🎛️ Ollama endpoint model permissions. Restricted models are now protected on Ollama show, generate, embed, and embeddings endpoints, preventing authenticated users from using private models without read access. #23631
🧭 Azure deployment path validation. Azure model names are now validated and safely encoded before request URL construction, preventing path traversal attempts from reaching unintended Azure endpoints. #23629
👥 Private channel member list access. Standard channel member lists now require proper read permission, preventing unauthorized users from enumerating members of private channels by direct API calls. #23625
🌀 Tool server schema recursion safety. Tool server OpenAPI conversion now handles circular request schema references safely, preventing conversion crashes and ensuring one bad tool server spec does not break the full tool server list. #23588, Commit
🧱 Safer file path handling. File upload, transcription cache, and model download paths now use safer path construction helpers to reduce path parsing risks and improve cross-platform path safety. Commit
🧾 Prompt save error feedback. Saving prompt edits now shows a clear error toast if the save fails, so failed updates are visible instead of silently failing in the editor flow. Commit
🧾 Tool call JSON rendering. Tool call arguments and structured results now render as plain formatted JSON blocks instead of markdown code fences, preventing formatting quirks and making tool output easier to read consistently. Commit
👥 First-user admin race protection. Concurrent first-time LDAP or OAuth registrations can no longer create multiple admin accounts, so only the true first account is promoted during initial setup. #23626
🔒 SCIM token checks. SCIM authentication now compares tokens in a safer way, helping prevent timing-based token guessing attacks. #23577
🔒 Safer file access checks. HTML file previews now treat missing or non-admin owners as inaccessible, preventing accidental access to files that should not be shown. Commit
🖼️ ComfyUI request hangs. Concurrent image generation and editing requests to ComfyUI now complete reliably instead of getting stuck when the same user starts multiple requests at once. #23592, #23591
🧭 Permission-aware built-in tools. Built-in tools now consistently respect user feature permissions for memories, web search, image generation, code interpreter, notes, channels, and automations, preventing tools from being exposed to users without access. Commit
🛑 Interrupted MCP cleanup stability. Interrupted MCP tool calls no longer leave runaway cleanup behavior that can drive container CPU usage to 100%, keeping instances stable after cancellations or dropped connections. #23143
🚪 OAuth redirect URI reliability. OAuth login redirects now use provider client metadata more consistently, preventing incorrect HTTP callback URLs behind reverse proxies and improving sign-in reliability for providers such as Feishu. #23203, #23128
🌐 OAuth redirect handling. OAuth provider token exchange now follows redirects automatically, improving sign-in reliability with identity providers that redirect token endpoint requests. #23409, Commit
☁️ OneDrive picker redirect handling. OneDrive file picker authentication now uses the current app origin as the redirect URI, improving sign-in reliability when launching the picker from deployed environments. #23450, Commit
🍪 OAuth session cookie persistence. OIDC sign-in now correctly sets the "oauth_session_id" cookie, so "system_oauth" connections can forward user OAuth tokens to upstream providers as expected. #23251, #23250
🔑 OAuth session cookie handling. OAuth callback processing no longer fails on undefined cookie expiry data, so OAuth session cookies are stored correctly after sign-in. #23207, #23197
🔏 Ollama SSL handling. Ollama model management and file uploads now respect the configured SSL verification setting, so self-signed certificates work when SSL verification is disabled. #23503, Commit
🛡️ OAuth avatar URL validation. OAuth sign-in now validates profile picture URLs before fetching them, preventing invalid image links from causing login-time errors. #23356
🔑 User invite token expiry. New user invite logins now respect the configured "JWT_EXPIRES_IN" setting, so signup tokens expire as expected instead of using the default lifetime. #23576
🚪 Channel access checks. Channel actions now verify the current user when checking access, improving permission enforcement across channel views and message actions. Commit
📣 Channel message lookups. Channel message details and pinning now work more reliably when the sender account is missing, avoiding failures in those views. Commit
📌 Pinned webhook message handling. Viewing pinned webhook messages now works reliably even when webhook profile data is missing, preventing server errors and frontend crashes in channel pinned message dialogs. #23414
🛡️ Note edit permission enforcement. Note saving now requires write access instead of read access, preventing unauthorized users from modifying notes while preserving expected collaboration permissions. Commit
🗂️ Archived chats menu visibility. The 'Archived Chats' option in the user menu is now shown reliably for all users, so non-admin accounts can consistently access archived conversations. Commit
💾 Error message persistence. LLM errors that occur during streaming are now saved to the database even if the connection drops, so users can see what went wrong when they reconnect. #23231
🚫 Missing message completion guard. Chat completion finalization now skips invalid requests without a message identifier, preventing unnecessary error toasts caused by rare frontend concurrency timing. #23184
🧠 Active message completion accuracy. Switching chats or refreshing during generation no longer marks the currently streaming assistant message as finished too early, so thinking blocks and action buttons appear at the correct time. #23171
📞 Call overlay visibility. Incoming call events now open the call overlay and controls reliably, preventing cases where the call interface briefly appeared and then disappeared. Commit
💬 Prompt submission handling. Chat messages now preserve attached files more reliably when prompts are sent, including queued messages and shared prompt actions. Commit
🧾 Prompt variable form saving. Prompt variable forms now save reliably without runtime errors or an unresponsive save action, so input values and placeholders work correctly when applying prompt templates with variables. #23225, #23480
🛟 Task model fallback safety. Task routing now handles missing default model entries safely, preventing task execution failures when the previously selected model is no longer available. #23169
📊 Usage statistic preservation. Follow-up generation no longer overwrites existing token usage fields, so stored usage statistics remain accurate for the main response. #23152
📝 Writing block parsing reliability. ":::writing" blocks now parse more reliably when headers or extra inline text are present, preventing malformed rendering and duplicate output artifacts. #23174
🧾 Code block line break reliability. Blank lines in submitted code blocks are now preserved more reliably instead of being collapsed. Commit, #20302, #23451
✂️ Citation spacing cleanup. When citations are disabled for a model, citation markers and their leftover spacing are now removed together so punctuation and copied text remain cleanly formatted. #23141
🧰 Pipe tool access. Pipe functions now receive built-in and MCP tools in tools, so tools like Web Search and code execution are available when enabled. #23365
📚 Batch file processing database handling. Batch knowledge file processing now consistently uses the active database session, preventing failures caused by missing database context during file ownership checks and update writes. #23137
⚙️ Default model parameter loading. The "DEFAULT_MODEL_PARAMS" environment variable is now parsed and applied correctly, so default generation settings are honored reliably without being ignored at startup. #23223
🔧 Web search settings save reliability. Saving web search configuration now works without server errors, so administrators can update "WEB_FETCH_MAX_CONTENT_LENGTH" and related retrieval settings successfully from the admin interface. Commit, #23127
🔍 Web search result count. The built-in search_web tool now respects the admin-configured "Search Result Count" setting instead of always returning 5 results when using Native Function Calling mode. #23488, #23485
🖼️ Open Terminal file response handling. Open Terminal tool responses now preserve binary content types in user-side connections, so image and non-text file reads work consistently instead of being forced into plain text. #23125
🖥️ Terminal label casing. Terminal names in the chat input now display exactly as stored instead of being automatically capitalized, so domain-style server names appear correctly. #23518
🖼️ Gravatar profile photo saving. Gravatar profile images can now be saved successfully from account settings, with clearer validation and error handling instead of failing with generic object errors. #23156
🪟 Details expansion preference. Tool call detail groups now honor the 'Always Expand Details' chat setting, so they open expanded by default when that preference is enabled. #23262, #23255
🖱️ Rapid sidebar action protection. Archive and delete actions in the chat sidebar now ignore repeated clicks while a request is in progress, preventing duplicate requests and stacked error toasts. #23172
📲 Mobile model selector positioning. The mobile model selector dropdown now applies a constrained viewport width and left offset, preventing overflow and making model selection easier on small screens. #23310
🔽 Task list toggle icons. The task list collapse button now shows the correct arrow direction, making task sections easier to expand and collapse at a glance. Commit, #23354
➕ Attachment menu auto-close. The chat attachment menu now closes immediately after selecting upload actions like file upload, camera capture, web attach, Google Drive, or OneDrive, preventing the menu from lingering on screen. Commit, #23320
🧹 Per-chat draft clearing. Sent message drafts are now cleared using the active chat key, so sent text no longer reappears in the input after a refresh. Commit, #23296
✉️ Context-aware input action button. The input now shows the send action when text or files are present during generation, while keeping stop controls for truly empty input states to avoid action confusion. Commit, #23306
📉 Pyodide prompt cache stability. Pyodide code interpreter context is now appended to the system prompt instead of user messages, preserving stable prefix caching across turns and reducing repeated token costs in long native tool-calling chats. #23269
🧪 Temp chat outlet filtering. Outlet filters now process temporary chats more reliably, preserving assistant output and usage data so local chat responses stay consistent when filter pipelines are enabled. Commit
Changed
⚠️ Database Migrations: This release includes database schema changes; we strongly recommend backing up your database and all associated data before upgrading in production environments. If you are running a multi-worker, multi-server, or load-balanced deployment, all instances must be updated simultaneously, rolling updates are not supported and will cause application failures due to schema incompatibility.
🧨 Plugin async migration required. Custom plugins for Tools, Functions, and Pipelines may require migration to the new async backend signatures after upgrading, so plugin maintainers should update handlers and database call patterns for compatibility and follow the 0.9.0 plugin migration guide. Migration Guide
🔄 Automation terminal source. Automations now use the terminal configured on the selected model instead of a separate per-automation terminal picker, keeping terminal behavior consistent between chat and scheduled runs. Commit
🚧 OpenAI passthrough now opt-in. Direct OpenAI catch-all proxy requests are now disabled by default and require enabling "ENABLE_OPENAI_API_PASSTHROUGH", so deployments relying on passthrough must explicitly turn it on after upgrading. #23640
🗄️ SQLite WAL default enabled. SQLite deployments now default to enabling write-ahead logging, improving concurrent read and write behavior without requiring manual configuration. Commit

Original source

Added

• 🌐 Translation updates. Translations for Simplified Chinese, Catalan, Portuguese (Brazil), Finnish, and Lithuanian were enhanced and expanded.

Fixed

• 🔒 Terminal server connection security. Terminal server verification and policy saving now proxy through the backend, preventing API key exposure and CORS errors when connecting to in-cluster services. Commit, Commit
• 🛠️ Terminal tools exception handling. Exceptions in middleware.py due to invalid return values from get_terminal_tools() have been resolved. Commit
• 📦 Missing beautifulsoup4 dependency. Users can now start Open WebUI using uvx without encountering the "bs4 module missing" error. Commit
• 🔌 API files list error. The /api/v1/files/ endpoint no longer returns a 500 error, fixing a regression that prevented file listing via the API. Commit
• 📜 License data loading. License data now loads correctly, displaying the expected color and logo in the interface. Commit
• 👑 Admin model visibility. Administrators can now see models even when no access control is configured yet, allowing them to manage all available models. Commit
• 📊 Tool call embed visibility. Rich UI embeds from tool calls (like visualizations) are now rendered outside collapsed groups and remain visible without requiring manual expansion. Commit, Commit

Original source

Added

• 🔀 Responses API streaming improvements. The OpenAI proxy now properly handles tool call streaming and re-invocations in the Responses API, preventing duplicate tool calls and preserving output during model re-invocations. Commit, Commit, Commit, Commit
• 🔀 Responses API stateful sessions. Administrators can now enable experimental stateful session support via the ENABLE_RESPONSES_API_STATEFUL environment variable, allowing compatible backends to store responses server-side with previous_response_id anchoring for improved multi-turn conversations. Commit
• 📄 File viewing pagination. The view_file and view_knowledge_file tools now support pagination with offset and max_chars parameters, allowing models to read large files in chunks. Commit
• 🗺️ Knowledge search scoping. The search_knowledge_files tool now respects model-attached knowledge, searching only within attached knowledge bases and files when available. Commit
• 🛠️ Tool HTML embed context. Tools can now return custom context alongside HTML embeds by using a tuple format, providing the LLM with actionable information instead of a generic message. #22691
• 🔒 Trusted role header configuration. Administrators can now configure the WEBUI_AUTH_TRUSTED_ROLE_HEADER environment variable to set user roles (admin, user, or pending) via a trusted header from their identity provider or reverse proxy. #22523
• 🔑 OIDC authorization parameter injection. Administrators can now inject extra parameters into the OIDC authorization redirect URL via the OAUTH_AUTHORIZE_PARAMS environment variable, enabling IdP pre-selection for brokers like CILogon and Keycloak. #22863, Commit
• 🔑 Google OAuth session persistence. Administrators can now configure Google OAuth to issue refresh tokens via the GOOGLE_OAUTH_AUTHORIZE_PARAMS environment variable, preventing OAuth sessions from expiring after one hour and ensuring tools and integrations that rely on OAuth tokens remain functional. #22652
• 🔌 Embed prompt confirmation. Interactive tool embeds can now submit prompts to the chat without requiring same-origin access, showing a confirmation dialog for cross-origin requests to prevent abuse. #22908
• 🏮 Tool binary response handling. Tool servers can now return binary data such as images, which are properly processed and displayed in chat for both multimodal and non-multimodal models. Commit, Commit
• ⚡ Svelte upgrade performance. Page and markdown rendering are now approximately 25% faster across the board, with significantly less memory usage for smoother UI interactions. #22611
• 🧩 Model and filter lookup optimization. Model and filter membership lookups are now faster thanks to optimized data structure operations during model list loading. Commit
• 💨 Chat render throttling. Chat message rendering now uses requestAnimationFrame batching to stay smooth during rapid model responses, preventing dropped frames when fast models send many events per second. #22947
• 🚀 Function list API optimization. The functions list API now returns only essential metadata without function source code, reducing payload sizes by over 99% and making the Functions admin page load significantly faster. #22788
• ✨ Smoother loading animation. The loading shimmer animation now looks smoother and more natural, with softer highlight colors. #22516
• 🧪 Terminal connection verification. Users can now verify their terminal server connection is working before saving the configuration, making setup more reliable. #22567
• 📁 Chat folder emoji reset. Users can now reset chat folder emojis back to the default icon using a "Reset to Default" button in the emoji picker, making it easier to revert custom icons. #22554
• 📊 Metrics export interval configuration. Administrators can now control OpenTelemetry metrics export frequency via the OTEL_METRICS_EXPORT_INTERVAL_MILLIS environment variable, enabling cost optimization for metrics services like Grafana Cloud. #22529
• 🏥 Readiness probe endpoint. A new /ready endpoint is now available for Kubernetes deployments, returning 200 only after startup completes and database/Redis are reachable, enabling more reliable container orchestration. #22507
• 🔩 Tool server timeout configuration. Administrators can now configure a separate HTTP timeout for tool server requests via the AIOHTTP_CLIENT_TIMEOUT_TOOL_SERVER environment variable, enabling fine-tuned control over how long tool calls are allowed to take. Commit
• 📌 Knowledge file previews. Knowledge base files can now be opened in a new tab directly from the file list, making it easier to view content without downloading. #22629
• 🎯 Knowledge tool hybrid search support. The built-in query_knowledge_files tool now respects hybrid search and reranking settings, matching the behavior of the middleware RAG pipeline. Commit
• 🗣️ Temporary chat folder support. Temporary chats can now use folder-level system prompts and knowledge files, making them more powerful for quick explorations. Commit
• 📡 Terminal port previews. Detected ports in the File Navigator can now be previewed inline with a browser-style view, navigation controls, and an address bar, instead of only opening in a new tab. Commit, Commit
• ✏️ File renaming. Files and folders in the File Navigator can now be renamed by double-clicking or using the context menu, with Enter to confirm and Escape to cancel. Commit
• 🧭 File Navigator navigation history. The File Navigator toolbar now includes Back and Forward buttons for navigating through folder and file history, similar to a web browser. Commit
• 🗑️ Delete connection confirmations. Users are now prompted with a confirmation dialog before deleting connections, preventing accidental deletions. Commit
• 📦 Document loader fallbacks. Excel and PowerPoint files can now be processed even when the unstructured package is not installed, using pandas and python-pptx as fallback loaders. Commit
• 🧠 Memory management search and sort. Users can now search and sort their personal memories in the Memory management modal, making it easier to find specific memories. Commit
• 📦 SBOM generation script. A new script for generating CycloneDX Software Bill of Materials is now available in the scripts directory. Commit
• ⚙️ Ruff linter and formatter. Added Ruff as the Python linter and formatter, replacing the black-based workflow for better code quality with near-instant execution. #22576, #22462
• 🖥️ Offline code formatting support. The black formatter for Python code editing is now bundled locally in the Docker image, enabling code formatting to work in air-gapped deployments where client browsers cannot reach PyPI. Formatting failures no longer block saves, allowing code to be preserved even when offline. #22509, Commit
• ✏️ Markdown file editing. Users can now edit and save Markdown files directly in the file navigator, with empty files automatically switching to editor mode for immediate editing. Commit
• 🍔 Model bulk actions menu. Users can now quickly enable, disable, show, or hide multiple models at once using a new hamburger menu on the workspace Models page filter bar, with actions respecting the current search and filter settings. #22484
• 📂 Files list pagination. The files list API now supports pagination, returning paginated results with a total count for easier navigation through large file collections. Commit
• 🖇 Web fetch content length config. Administrators can now configure the maximum characters to return from fetched URLs via WEB_FETCH_MAX_CONTENT_LENGTH environment variable or the admin settings page, instead of the previous hardcoded 50K limit. Commit, #22774
• 🤖 Ollama Anthropic endpoint support. The Ollama proxy now supports the Anthropic-compatible /v1/messages endpoint, allowing clients using the Anthropic API format to work through Open WebUI with proper authentication and model access controls. Commit, #22861
• 📝 Writing block rendering. Responses from OpenAI models that include :::writing blocks are now rendered as formatted content in a styled container with a copy button, instead of displaying raw marker text. #22672, Commit
• 💡 Memory deletion confirmation. Users are now asked to confirm before deleting individual memory entries, with the memory content displayed for review. #22888
• 📓 Multi-artifact HTML rendering. Code blocks with multiple HTML sections now render as separate artifacts instead of merging into one, allowing models to display distinct interactive components. Commit
• 🚩 Drag chats as references. Users can now drag chats from the sidebar and drop them into the message input to add them as Reference Chats. Commit
• ⌨️ Terminal system prompts. Terminal servers can now provide custom system prompts that are automatically included when their tools are used. Commit
• 💾 Terminal state persistence. The selected terminal server and its enabled state now persist across page loads, making terminal usage more seamless. Commit
• 💾 Terminal folder downloads. Users can now download folders as ZIP archives and bulk-download multiple selected files as a single ZIP directly from the File Navigator toolbar, making file exports faster and more convenient. Commit, Commit
• 🔐 MCP OAuth 2.1 static credentials. MCP servers that require static client_id and client_secret can now be connected using a new OAuth 2.1 Static auth type, enabling integration with MCP servers that don't support dynamic client registration. #22266, Commit
• 🎪 Collapsible tool and thinking groups. Consecutive tool calls and reasoning blocks are now grouped into a single collapsible summary (e.g., "Explored tool1, tool2"), keeping chat responses clean and readable while preserving full detail on expand. #21604, Commit
• 🔄 General improvements. Various improvements were implemented across the application to enhance performance, stability, and security.
• 🌐 Translations for Finnish, Portuguese (Portugal), Catalan, Turkish, Japanese, Simplified Chinese, Traditional Chinese, Estonian, Spanish, Azerbaijani, and German were enhanced and expanded.

Fixed

• 🔒 Model access control bypass. Fixed a security vulnerability where external clients could bypass model access controls by setting a URL parameter, preventing unauthorized access to restricted models. Commit
• 🛡️ Terminal proxy path sanitization. The terminal server proxy now properly sanitizes paths to prevent directory traversal and SSRF attacks, protecting against security vulnerabilities. Commit
• 🛡️ Tool configuration access control. Tool configuration endpoints now properly verify user permissions, preventing unauthorized access to tool settings. Commit
• 🗝️ Tool valves access control. The tool user valves endpoints now properly verify ownership and access grants before returning or updating configuration, with appropriate 404 responses for missing tools and 401 for unauthorized access. Commit
• 🔐 Collaborative document authorization. Fixed a security vulnerability in collaborative documents where authorization could be bypassed using alternative document ID formats, preventing unauthorized access to notes. Commit
• 🔏 OAuth session persistence. Users logging in via OAuth or OIDC providers now stay logged in for the configured JWT expiry duration instead of being logged out when closing the browser. #22809
• 🚪 OAuth sub claim configuration crash. Using the OAUTH_SUB_CLAIM environment variable no longer causes crashes during token exchange requests, fixing a missing configuration registration. #22865
• 🔍 OAuth discovery header parsing. The OAuth protected resource discovery now correctly handles both quoted and unquoted values in the WWW-Authenticate header, fixing compatibility with MCP servers that return unquoted metadata. #22646, Commit
• 👤 Admin OAuth group sync. Admin user group memberships from OAuth and LDAP providers are now properly synced to Open WebUI, fixing a limitation where admin role excluded users from group updates. #22537, Commit
• 🎫 Password change complexity validation. Password complexity rules are now properly enforced when users change their password, closing a security gap where new passwords could bypass configured complexity requirements. Commit
• 🔏 OAuth role enforcement. OAuth role management now properly denies access when a user's roles don't match any configured OAUTH_ALLOWED_ROLES or OAUTH_ADMIN_ROLES, instead of silently bypassing the restriction. #13676, #15551, Commit
• 🔑 Microsoft Entra ID role claim preservation. Role claims from Microsoft Entra ID tokens are now preserved during OAuth login, fixing ENABLE_OAUTH_ROLE_MANAGEMENT for Microsoft OAuth which was previously ignored because the userinfo endpoint stripped the roles claim. #20518, Commit
• 🔍 SCIM group filtering. The SCIM endpoint now properly handles displayName and externalId filters when provisioning groups from identity providers like Microsoft Entra ID, preventing all groups from being returned instead of the filtered subset. #21543
• 🔐 Forwarded allow IPs configuration. The FORWARDED_ALLOW_IPS environment variable is now properly respected by the startup scripts instead of being hardcoded to '*', allowing administrators to restrict which proxies are trusted for request forwarding. #22539, Commit
• 🍪 Model list auth cookie forwarding. Model list requests to backends that require cookie-based authentication now properly forward auth headers and cookies, preventing "Unauthorized" errors when loading models. Commit
• 🔱 Model lookup race condition. Fixed a race condition in Redis model storage that caused intermittent "model not found" errors in multi-replica deployments under heavy load, by eliminating the window between hash deletion and updates. Commit
• 🎚️ Bulk model action reliability. Bulk enable, disable, show, and hide operations in the admin Models settings now properly refresh the model list after completion, ensuring changes are reflected immediately and correct toast notifications are shown. #22962, Commit, Commit
• 🔄 Paginated list duplicates. Fixed duplicate items appearing in paginated lists when loading more items in chats, knowledge, notes, and search across the UI. Commit
• 🧽 Duplicate chat list refresh. Sending messages no longer triggers duplicate sidebar chat list refreshes, eliminating an unnecessary database query that was already handled by the save and completion handlers. #22982
• 🧹 Chat history save optimization. The chat list is no longer refreshed on every chat history save, branch navigation, or edit — only on meaningful state changes like new chat creation, title generation, and response completion. #22983
• 💬 Message queue responsiveness. The message queue no longer waits for background tasks like title generation and follow-up suggestions to complete, allowing users to send new messages immediately after a response finishes without unnecessary delays. Commit, #22565
• 🗄️ Migration reliability. Database migrations no longer fail when chat data has unexpected format, making upgrades more reliable. #22588, #22568
• 🫧 Memory modal event bubbling. Fixed an issue where clicking the Delete button in the Memory management modal would also open the Edit Memory modal due to event bubbling. #22783
• 🧩 Memory tool registration. Models with capabilities.memory: true now correctly have memory tools available for execution, fixing a retry loop where add_memory appeared in the tool schema but was not registered for backend execution. #22666, #22675, Commit
• 📝 Input variables modal crash. Fixed a crash that occurred when selecting custom prompts with prompt variables, causing the Input Variables modal to display an infinite loading spinner instead of the variable input fields. #22748, Commit
• 🪛 Function list API crash fix. Fixed a 500 error on the functions list API endpoint that was introduced by the recent optimization, by adding proper model configuration for SQLAlchemy ORM objects. #22924
• 🗂️ Sidebar chat menu closure. Sidebar chat dropdown menus now close properly after clicking "Clone", "Share", "Download", "Rename", "Pin", "Move", "Archive", or "Delete", instead of remaining visible. #22884, #22784
• 🧭 Chat deletion and archive redirection. Users are now redirected to the chat list when deleting or archiving the currently active chat, instead of being left on a stale chat page. #22755
• 🚩 User menu navigation fix. Clicking Playground or Admin Panel from the user menu now uses client-side routing instead of causing full page reloads, restoring smooth SPA navigation. Commit
• 🔧 Tool server connection persistence. Fixed a bug where tool server connection updates were not being saved to persistent storage, ensuring OAuth client information is now properly preserved. Commit
• 🔩 Tool server index bounds checking. Tool servers with invalid indices no longer crash the application with IndexError after upgrades, preventing tool server configuration loss. #22490, Commit
• 🔌 Tool server frontend timeout. Fetch requests to external tool servers now time out after 10 seconds, preventing the UI from hanging indefinitely when a configured tool server is unreachable. #22543, Commit
• 🔌 MCP OAuth tool auto-selection. MCP tools requiring OAuth authentication are now automatically re-selected after completing the auth flow, instead of leaving users to manually re-enable the tool on return to the chat. #22994, #22995, Commit
• 🏷️ Channel @mentions. Direct connection models no longer appear in channel @mention suggestions, preventing confusion since they don't work in channels. #22553, Commit
• 📎 Channel message attachments. Users can now press Enter to send messages with only file or image attachments in channels, direct messages, and threads, aligning with the behavior of the Send button. #22752
• 🗣️ Image-only message handling. Models like Gemini and Claude no longer fail when receiving messages with only file or image attachments and no text, by stripping empty text content blocks before sending to the API. Commit, #22880
• 🧹 Channel thread sidebar cleanup. The thread sidebar in channels and direct messages now automatically closes when the parent message is deleted, preventing orphaned threads. #22890
• 💡 Chat input suggestion modal. The suggestion modal for tags, mentions, and commands now correctly reappears when backspacing into a trigger character after it was dismissed. #22899
• ⏱️ Chat action button timing. Action buttons under assistant messages no longer appear prematurely when switching chats while a response is still streaming. Commit, #22891
• 💬 Skill and model mention persistence. Skills selected via $ and models selected via @ in the chat input are now properly restored after a page refresh, instead of reverting to plain text while losing their interactive state. #22913, Commit
• 🧹 Webhook profile image errors. Fixed 404 errors appearing in the browser console when scrolling through channel messages sent by webhooks, by skipping the user profile preview for webhook senders. #22893
• 🧮 Logit bias parameter handling. Using logit_bias parameters no longer causes errors when the input is already in dictionary format. #22597, Commit
• 🪛 Temp chat tool calling. Temporary chats now properly preserve tool call information, fixing native tool calling with JSON schema that was previously broken. #22475, Commit
• 🔗 Multi-system message merging. Models with strict chat templates like Qwen no longer fail when multiple pipeline stages inject separate system messages, as all system messages are now merged into one at the start. #22505, Commit
• 📜 Public note access. Opening public notes via direct share link no longer returns a 500 error caused by a missing function import. #22680, Commit
• 👤 Terminal access user visibility. The terminal connection access dialog now shows the currently logged-in user when searching for users to grant access, fixing an issue where users with identical display names were filtered incorrectly. #22491, Commit
• 👥 User groups display. User groups in the admin panel profile preview now wrap properly instead of overflowing horizontally, with a scrollbar when the list is long. #22547
• 🔧 Model list drag-and-drop. Fixed drag-and-drop reordering of models in admin settings, preventing UI glitches and state synchronization issues. Commit
• 🖼️ Model profile image fallbacks. Model profile images now display a fallback icon when they fail to load, and model icons no longer disappear on paginated Models pages in admin and workspace settings. #22485
• 🖼️ Profile image fallbacks. Added fallback handlers for model and user profile images throughout the chat interface, preventing broken image icons when avatars fail to load. #22486
• 🧲 RAG thinking model support. Knowledge base queries now correctly parse JSON responses from thinking models like GLM-5 and DeepSeek-R1 by stripping their reasoning blocks before JSON extraction. #22400
• 🔍 RAG query generation robustness. The RAG query generation, web search, and image generation handlers now correctly extract JSON from model responses containing thinking tags by finding the last JSON block instead of the first, preventing "No sources found" errors with thinking models. #21888, Commit
• 🔍 Ollama embedding robustness. Ollama embedding requests now include the truncate parameter to handle inputs exceeding the context window, preventing 500 errors when processing long documents. Error messages from failed embedding requests are also now properly surfaced instead of being silently swallowed. #22671, Commit
• 🔄 Ollama embedding retry logic. Embedding requests to Ollama now retry with exponential backoff when encountering 503 errors (such as when the model reloads mid-processing), preventing files from being silently dropped from knowledge bases. #22571, Commit
• 🗄️ Oracle 23AI hybrid search. Fixed an UnboundLocalError that occurred when using hybrid search with Oracle 23AI as the vector store, preventing knowledge base queries from failing. Commit, #22616
• 🧩 MCP integration visibility. MCP (Streamable HTTP) integrations are now hidden from user-level settings, matching the intended behavior where only administrators can configure MCP connections through the admin panel. User-level connections now show the connection type as read-only. #22615, Commit
• 🌐 Dynamic HTML language attribute. The HTML lang attribute now dynamically updates when users change their interface language, preventing browsers from triggering unwanted translation popups. Commit
• 📐 File upload deduplication. Attaching files that are already in the chat no longer triggers duplicate uploads. Commit
• 🕵️ Serper.dev search results. Fixed web search results not displaying properly when using the Serper.dev provider by using the correct API response field. #22869
• 🔲 Markdown task list checkbox styling. Fixed task list checkboxes in markdown rendering to display consistently without shrinking in narrow layouts. #22886
• 🎨 Artifacts sidebar tab background fix. The Artifacts sidebar now correctly updates and displays when switching back to a browser tab that was in the background, ensuring artifacts are visible without requiring a manual refresh. #22889
• 🔃 Chat input URL indexing fix. Fixed an issue where URLs could be indexed twice when using multiple triggers followed by backspace and re-entering a URL. #22749
• 🔎 Search modal chat preview avatars. Fixed assistant profile images not displaying in the chat preview pane of the Search Modal. #22782
• 📋 Prompts search pagination fix. Fixed a bug where searching prompts from a paginated page would incorrectly use the current page number, resulting in "No prompts found" even when matching results existed. #22912
• 🗂️ Reasoning block copy cleanup. Copied chat responses no longer include reasoning block content or excess whitespace, ensuring only the intended message text is captured. #22786, Commit
• 🔤 Emoji removal for text normalization. Fixed the emoji removal function used in search and title generation to correctly handle all emoji types, including those with variation selectors (❤️, ☀️, ✅), keycap sequences (1️⃣), and ZWJ family sequences (👨‍👩‍👧‍👦). #22915
• ⏹️ Task cancellation status tracking. Cancelled tasks now correctly mark only the affected messages as done instead of clearing all task statuses for the chat, ensuring proper status tracking when multiple messages have pending tasks. #22743
• 🎨 Filter icon display fix. Fixed filter icons showing the wrong icon after removing one of multiple active filters below the chat input. #22862
• 📊 Channel message data loading. Fixed redundant 404 API calls that occurred when rendering channel messages, preventing unnecessary requests and console errors. #22894
• 👻 Response message skeleton display. Fixed an issue where the skeleton loader would incorrectly show or hide based on complex status history conditions, by extracting the visibility logic into a cleaner reactive variable. Commit
• 🐛 Shared chat viewing crash. Shared chats can now be viewed by unauthenticated users without crashing, with proper fallback handling for missing user profile information. #22751, #22742
• 🛠️ Plugin ID sanitization. Creating Functions or Tools with emojis or special characters in their names now generates valid IDs that pass backend validation, instead of failing with an error. #22695
• 📋 Chat title preservation. Regenerating responses or using branches no longer overwrites user-specified chat titles when auto-naming is disabled, by checking the full chat message count instead of just the current branch. #22754
• 🎧 Read Aloud in chat preview. The Read Aloud button in the Search Chats modal preview no longer causes crashes, and TTS functionality is now properly hidden in read-only chat contexts. Commit
• 📡 Heartbeat event loop blocking. The WebSocket heartbeat handler no longer blocks the event loop when updating user activity, improving responsiveness under heavy load with many concurrent connections. #22980
• 🗝️ Message upsert API reliability. The message upsert API endpoint no longer crashes when called, fixing an error where a database session was incorrectly passed to a function that doesn't accept it. #22959, Commit
• 🔓 Forward auth proxy compatibility. Fixed error pages that could appear when using authenticating reverse-proxies by properly handling 401 responses from background API requests, allowing the browser to re-authenticate with the identity provider. #22942
• 🔃 Tool call streaming display. Sequential tool calls are now properly accumulated during streaming, fixing an issue where completed tool calls could disappear from the display before the next tool call finished streaming. Commit
• 🧠 Reasoning spinner content preservation. Prior assistant content and tool call blocks no longer disappear during the reasoning spinner when responding after tool execution. #23001
• 🖥️ Pyodide file list refresh. Files created or modified during manual code execution now appear immediately in the pyodide files list without requiring a browser tab refresh. Commit
• 🖱️ Dropdown submenu hover stability. Secondary hover menus like Download and Move now remain open while navigating into them, fixing an issue where an 8px gap between the trigger and submenu would cause the menu to disappear before a selection could be made. #22744, Commit
• 📊 Model tag normalization. Model tags from backends that return them as string arrays are now properly normalized to object format, preventing crashes when filtering models by tag in the admin and workspace models pages. #20819, Commit
• 🎯 Arena model sub-model settings. Arena models now properly use the selected sub-model's settings — including RAG knowledge bases, web access, code interpreter, and tool capabilities — instead of the arena wrapper's empty defaults. #16950, Commit
• 🧩 Model editor default metadata. The Model Editor now loads admin-configured default model metadata instead of hardcoded values, preventing admin defaults from being silently overwritten when users save models without realizing they were overriding system-wide settings. #22996, Commit
• ✏️ Rich text paste sanitization. Copying and pasting text with HTML characters (like < or >) no longer corrupts the editor content, as the paste handler now properly escapes HTML entities before processing mentions and special syntax. Commit

Changed

• 🪝 User webhooks disabled by default. User webhook notifications are now disabled by default and properly gated by the ENABLE_USER_WEBHOOKS configuration, ensuring webhooks only fire when explicitly enabled. Commit
• 🧲 Web search result limit. The configured web search result count now acts as a maximum limit, preventing models from requesting more results than administrators allow. #22577

Original source

Added

• 🔐 Custom OIDC logout endpoint. Administrators can now configure a custom OpenID Connect logout URL via OPENID_END_SESSION_ENDPOINT, enabling logout functionality for OIDC providers that require custom endpoints like AWS Cognito. Commit
• 🗄️ MariaDB Vector community support. Added MariaDB Vector as a new vector database backend, enabling deployments with VECTOR_DB=mariadb-vector; supports cosine and euclidean distance strategies with configurable HNSW indexing. #21931
• 📝 Task message truncation. Chat messages sent to task models for title and tag generation can now be truncated using a filter in the prompt template, reducing token usage and processing time for long conversations. #21499
• 🔄 General improvements. Various improvements were implemented across the application to enhance performance, stability, and security.
• 🌐 Translations for Portuguese (Brazil), Spanish, and Malay were enhanced and expanded.

Fixed

• 🔗 Pipeline filter HTTP errors. Fixed a bug where HTTP errors in pipeline inlet/outlet filters would silently corrupt the user's chat payload; errors are now properly raised before parsing the response. #22445
• 📚 Knowledge file embedding updates. Fixed a bug where updating knowledge files left old embeddings in the database, causing search results to include duplicate and stale data. #20558
• 📁 Files list stability. Fixed the files list ordering to use created_at with id as secondary sort, ensuring consistent ordering and preventing page crashes when managing many files. #21879
• 📨 Teams webhook crash. Fixed a TypeError crash in the Teams webhook handler when user data is missing from the event payload. #22444
• 🛠️ Process shutdown handling. Fixed bare except clauses in the main process that prevented clean shutdown; replaced with proper exception handling. #22423
• 🐳 Docker deployment startup. Docker deployments now start correctly; the missing OpenTelemetry system metrics dependency was added. #22447, #22401
• 🛠️ Tool access for non-admin users. Fixed a NameError that prevented non-admin users from viewing tools; the missing has_access function is now properly imported. #22393
• 🔐 OAuth error handling. Fixed a bug where bare except clauses silently caught SystemExit and KeyboardInterrupt, preventing clean process shutdown during OAuth authentication. #22420
• 🛠️ Exception error messages. Fixed three locations where incorrect exception raising caused confusing TypeError messages instead of proper error descriptions, making debugging much easier. #22446
• 📄 YAML file processing. Fixed an error when uploading YAML files with Docling enabled; YAML and YML files are now properly recognized as text files and processed correctly. #22399, #22263
• 📅 Time range month names. Fixed month names in time range labels appearing in the wrong language when OS regional settings differ from browser language; month names now consistently display in English. #22454
• 🔐 OAuth error URL encoding. Fixed OAuth error messages with special characters causing malformed redirect URLs; error messages are now properly URL-encoded. #22415
• 🛠️ Internal tool method filtering. Tools no longer expose internal methods starting with underscore to the LLM, reducing clutter and improving accuracy. #22408
• 🔊 Azure TTS locale extraction. Fixed Azure text-to-speech using incomplete locale codes in SSML; now correctly uses full locale like "en-US" instead of just "en". #22443
• 🎤 Azure speech transcription errors. Improved Azure AI Speech error handling to display user-friendly messages instead of generic connection errors; empty transcripts, no language identified, and other Azure-specific errors now show clear descriptions. #20485
• 📊 Analytics group filtering. Fixed token usage analytics not being filtered by user group; the query now properly respects group filters like other analytics metrics. #22167
• 🔍 Web search favicon fallback. Fixed web search sources showing broken image icons when favicons couldn't be loaded from external sources; now falls back to the default Open WebUI favicon. #21897
• 🔄 Custom model fallback. Fixed custom model fallback not working when the base model is unavailable; the base model ID is now correctly retrieved from model info instead of empty params. #22456
• 🖼️ Pending message image display. Fixed images in queued messages appearing blank; image thumbnails are now properly displayed in the pending message queue. #22256
• 🛠️ File metadata sanitization. Fixed file uploads failing with JSON serialization errors when metadata contained non-serializable objects like callable functions; metadata is now sanitized before database insertion. #20561

Original source

Added

• ▶️ Open Terminal notebook cell execution. Users can now run Jupyter Notebook code cells directly in the Open Terminal file navigator, execute entire notebooks with a single click, edit and modify cells before running, and control the kernel - bringing full interactive notebook execution to the browser. Commit
• 🗃️ Open Terminal SQLite browser. Users can now browse SQLite database files directly in the Open Terminal file navigator, viewing tables and running queries without downloading them first. Commit
• 📉 Open Terminal Mermaid diagram rendering. Markdown files with Mermaid code blocks are now rendered as diagrams directly in the Open Terminal file navigator, making it easier to visualize flowcharts and other diagrams. Commit
• 📓 Open Terminal Jupyter Notebook previews. Users can now preview Jupyter Notebook files directly in the Open Terminal file navigator, making it easier to view notebook content without downloading them first. Commit
• 🔃 Open Terminal auto-refresh. The Open Terminal file navigator now automatically refreshes when the model writes or modifies files, keeping the view in sync without manual refresh. Commit
• 📎 Open Terminal file copy button. Users can now copy file contents directly to clipboard in the Open Terminal file navigator with a single click, making it easier to quickly grab file content without downloading. Commit
• 💻 Code syntax highlighting and XLSX improvements in Open Terminal. Code files now display with syntax highlighting in the Open Terminal file navigator, and XLSX spreadsheets now show column headers and row numbers for easier navigation. Commit
• 🌳 Open Terminal JSON tree view. JSON, JSONC, JSONL, and JSON5 files now display as interactive collapsible tree views in the Open Terminal file navigator, and SVG files render as preview images with syntax highlighting support. Commit
• 🛜 Open Terminal port viewing. Users can now view listening ports in the Open Terminal file navigator and open proxy connections to them directly from the UI. Commit
• 🎬 Open Terminal video previews. Users can now preview video and audio files directly in the Open Terminal file navigator, making it easier to view media without downloading them first. Commit
• ✏️ Open Terminal HTML editing. Users can now edit HTML source files in Open Terminal with CodeMirror editor, and the save button is properly hidden in preview mode. Commit
• 📄 Open Terminal DOCX preview. Word documents generated or modified by the AI can now be viewed directly in the file navigator with formatted text, tables, and images rendered inline — no need to download and open in a separate application. Commit
• 📊 Open Terminal XLSX preview. Excel spreadsheets in the file navigator now render as interactive tables with column headers and row numbers, making it easy to verify data the AI has generated or processed. Commit
• 📽️ Open Terminal PPTX preview. PowerPoint presentations created by the AI can now be viewed slide-by-slide directly in the file navigator, enabling quick review and iteration without leaving the browser. Commit
• 📁 Pyodide file system support. Users can now upload files for Python code execution in the code interpreter. Uploaded files are available in the /mnt/uploads/ directory, and code can write output files there for download. The file system persists across code executions within the same session. The code interpreter now also informs models that pip install is not available in the Pyodide environment, guiding them to use alternative approaches with available modules. #3583, Commit, Commit
• 🧰 Tool files access. Tools can now access the files from the current chat context via the files property in their metadata, enabling more powerful tool integrations. Commit
• ⚡ Chat performance. Chat messages now load and display significantly faster thanks to optimized markdown rendering, eliminating delays when viewing messages with mathematical expressions. #22196, #20878
• 📜 Message list performance. Improved message list rendering performance by optimizing array operations, reducing complexity from O(n²) to O(n). #22280
• 🧵 Streaming markdown performance. Improved chat responsiveness during streaming by skipping unnecessary markdown re-parsing when the content hasn't changed, eliminating wasted processing during model pauses. #22183
• 🏃 Chat streaming performance. Chat streaming is now faster for users not using the voice call feature by skipping unnecessary text parsing that was running on every token. #22195
• 🔖 Source list performance. Source lists in chat now render faster thanks to optimized computation that avoids unnecessary recalculations, including moving sourceIds computation to a reactive variable. #22279, Commit, Commit
• 💨 Chat message tree operations. Chat message tree operations are now significantly faster, improving overall chat responsiveness. #22194
• 🚀 Initial page load speed. Page load is now significantly faster thanks to deferred loading of the syntax highlighting library, reducing the initial JavaScript bundle by several megabytes. #22304
• 🗓️ Action priority query optimization. Improved performance of action priority resolution by fixing an N+1 query pattern, reducing database round-trips when loading model actions. #22301
• 🔑 API key middleware optimization. The API key restriction middleware was converted to a pure ASGI middleware for improved streaming performance, removing per-chunk call overhead. #22188
• 🏎️ Model list loading performance. Model lists now load significantly faster thanks to optimized custom model matching that uses dictionary lookups instead of nested loops. #22299, Commit, Commit
• ⏱️ Event call timeout configuration. Administrators can now configure the WebSocket event call timeout via the WEBSOCKET_EVENT_CALLER_TIMEOUT environment variable, giving users more time to respond to event_call forms instead of timing out after 60 seconds. #22222, #22220
• 🔁 File refresh button visibility. The refresh button in the chat file navigator now appears when viewing files as well as directories, allowing users to refresh the file view at any time. Commit
• 📂 Nested folders support. Users can now create subfolders within parent folders, improving organization of chats. A new "Create Subfolder" option is available in the folder context menu. #22073, Commit
• 🔔 Banner loading on navigation. Admin-configured banners now load when navigating to the homepage, not just on page refresh, ensuring users see new banners immediately. #22340, #22180
• 📡 System metrics via OpenTelemetry. Administrators can now monitor Python runtime and system metrics including CPU, memory, garbage collection, and thread counts through the existing OpenTelemetry pipeline. #22265
• 🔄 General improvements. Various improvements were implemented across the application to enhance performance, stability, and security.
• 🌐 Translations for French, Finnish, Turkish, German, Simplified Chinese, and Traditional Chinese were enhanced and expanded.
• 🔍 Web search tool guidance. The web search tool description was updated to encourage direct usage without first checking knowledge bases, making it clearer for users who want to search the web immediately. #22264

Fixed

• 🗄️ Migration memory usage. Database migration on large deployments now processes messages in batches instead of loading everything into memory, preventing out-of-memory errors during upgrades. #21542, #21539
• 🔒 SQLCipher connection stability. Fixed a crash that occurred when using database encryption with SQLCipher by changing the default connection pool behavior, ensuring stable operation during multi-threaded operations like user signup. #22273, #22258
• 🛑 Stop sequence error. Fixed a bug where setting stop sequences on a model caused the chat to fail with a split error, preventing any responses from being returned. The fix handles both string and array formats for stop tokens. #22251, Commit
• 🔐 Microsoft OAuth refresh token fix. Fixed a bug where Microsoft OAuth refresh token requests failed with error AADSTS90009 by adding support for the required scope parameter. Users can now stay logged in reliably with Microsoft OAuth. #22359
• 🛠️ Parameterless tool calls. Fixed parameterless tool calls failing during streaming by correcting the default arguments initialization, eliminating unnecessary model retries. #22189
• 🔧 Tool call streaming fixes. Fixed two bugs where streaming tool calls failed silently for models like GPT-5: function names were incorrectly duplicated when sent in multiple delta chunks, and arguments containing multiple JSON objects were not properly split. Tools now execute correctly instead of failing without explanation. #22177, Commit, Commit
• 🔗 Tool server URL trailing slash. Fixed tool server connection failures when URLs have trailing slashes by stripping them before path concatenation. Previously, URLs like "http://host:8080/v1/" + "/openapi.json" produced double-slash URLs that some servers rejected. #22116, #21917
• 🛡️ Citation parser error handling. Fixed crashes when tools return error strings instead of expected data structures by adding type guards to the citation parser. The system now returns an empty source list instead of crashing with AttributeError. #22118
• 🧠 Artifacts memory leak. Fixed a memory leak where Svelte store subscriptions in the Artifacts component were not properly cleaned up when the component unmounted, causing memory to accumulate over time. #22303
• ♾️ Artifacts reactive loop fix. Fixed an infinite reactive loop in chat when artifacts are present by moving the animation frame logic outside the reactive block, preventing continuous re-rendering and CPU usage. #22238, Commit
• 🔀 Artifact navigation. Artifact navigation via arrow buttons now works correctly; the selected artifact is no longer reset when content updates. #22239
• 🧩 Artifact thinking block fix. Fixed a bug where HTML preview rendered code blocks inside thinking blocks for certain models like Mistral and Z.ai, causing stray code with ">" symbols to appear before the actual artifact. The fix strips thinking blocks before extracting code for artifact rendering. #22267, Commit
• 💬 Floating Quick Actions availability. Fixed an issue where the "Ask" and "Explain" Floating Quick Actions were missing when selecting text in chats that used a model that is no longer available. #22149, #22139
• 💡 Follow-up suggestions. Fixed follow-up suggestions not appearing by correcting contradictory format instructions in the prompt template, ensuring the LLM returns the correct JSON object format. #22212
• 🔊 TTS thinking content. Fixed TTS playback reading think tags instead of skipping them by handling edge cases where code blocks inside thinking content prevented proper tag removal. #22237, #22197
• 🎨 Button spinner alignment. Button spinners across multiple modals now align correctly and stay on the same line as the button text, fixing layout issues when loading states are displayed. #22227
• 📶 Terminal keepalive. Terminal connections now stay active without being closed by idle timeouts from proxies or load balancers, and spurious disconnection messages no longer appear. Commit
• 📥 Chat archive handler. The archive button in the chat navbar now actually archives the chat and refreshes the chat list, instead of doing nothing. #22229
• 🐍 BeautifulSoup4 dependency. Added the missing BeautifulSoup4 package to backend requirements, fixing failures when using features that depend on HTML parsing. #22231
• 👥 Group users default sort. Group members in the admin panel now sort by last active time by default instead of creation date, making it easier to find active users. #22211
• 🔓 Tool access permissions. Users can now change tool and skill access permissions from private to public without errors. #22325, #22324
• 🖥️ Open Terminal permission fix. Open Terminal is now visible without requiring "Allow Speech to Text" permission, fixing an issue where users without microphone access couldn't access the terminal feature. #22374, Commit
• 📌 Stale pinned models cleanup. Pinned models that are deleted or hidden are now automatically unpinned, keeping your pinned models list up to date. Commit
• 📏 OpenTelemetry metric descriptions. Fixed conflicting metric instrument descriptions that caused warnings in the OpenTelemetry collector, resulting in cleaner telemetry logs for administrators. #22293
• 🔢 Non-streaming token tracking. Token usage from non-streaming chat responses is now correctly saved to the database, fixing missing token counts in the Admin Panel analytics. Previously, non-streaming responses saved NULL usage data, causing messages to be excluded from token aggregation queries. #22166
• ⌨️ Inline code typing. Fixed a bug where typing inline code with backticks incorrectly deleted the character immediately before the opening backtick, so text formatted as inline code now correctly produces the full word instead of missing the last character. #20417, Commit
• 📝 Variable input newlines. Fixed a bug where variables containing newlines were not displayed correctly in chat messages, and input values from Windows systems are now properly normalized to use standard line endings. #21447, Commit
• 📷 Android photo capture. Fixed an issue where the first photo taken in chat appeared completely black on some Android devices by using an alternative canvas export method. #22317
• 🪟 Open Terminal Windows path fix. Fixed a bug where navigating back to parent directories on Windows added an incorrect leading slash, causing directory loads to fail. Paths are now properly normalized for Windows drive letters. #22352, Commit
• 🖼️ Chat overview profile image sizing. Fixed a bug where profile images in the chat overview could shrink incorrectly in tight spaces. The images now maintain their proper size with the flex-shrink-0 property. #22261
• 📨 Queued messages display. Fixed an issue where queued messages could be cut off or hidden. The queued messages area now scrolls properly when content exceeds the visible area, showing up to 25% of the viewport height. #22176
• 🖌️ Image generation in temporary chats. Generated images now display correctly in temporary chat mode when using builtin image generation tools. Previously, images were not shown because the code was overwriting the image list with a null database response. #22330, #22309
• 🤖 Ollama model unload fix. Fixed a bug where unloading a model from Ollama via the Open WebUI proxy failed with a "Field required" error for the prompt field. The proxy now correctly allows omitting the prompt when using keep_alive: 0 to unload models. #22260, Commit
• 🏷️ Banner type dropdown fix. Fixed a bug where selecting a banner type required two clicks to register, as the first selection was being swallowed due to DOM structure changes. The dropdown now works correctly on the first click. #22378
• 📈 Analytics URL encoding fix. Fixed a bug where the Analytics page failed to load data for models with slashes in their ID, such as "anthropic/claude-opus-4.6". The frontend now properly URL-encodes forward slashes, allowing model analytics to load correctly. #22380, #22382
• 📋 Analytics chat list duplicate fix. Fixed a bug where the Analytics page chat list threw an "each_key_duplicate" Svelte error when chat IDs were duplicated during pagination. The fix adds deterministic ordering to prevent duplicate entries. #22383
• 📂 Folder knowledge base native tool call fix. Fixed a bug where folders with attached knowledge bases were querying the knowledge base twice when using native tool call mode. The fix now correctly separates knowledge files from regular attachments, letting the builtin query_knowledge_files tool handle knowledge searches instead of duplicating RAG queries. #22236, Commit, Commit

Original source

[0.8.8] - 2026-03-02

Added

• 📁 Open Terminal file moving. Users can now move files and folders between directories in the Open Terminal file browser by dragging and dropping them. Commit, Commit, Commit, Commit
• 📄 Open Terminal HTML file preview. Users can now preview HTML files directly in the Open Terminal file browser, with a rendered iframe view and source toggle, enabling iterative AI editing of HTML files. Commit, Commit
• 🌐 Open Terminal WebSocket proxy. Added a new WebSocket proxy endpoint for interactive terminal sessions, enabling real-time bidirectional terminal communication with the terminal server. Commit
• ⚙️ Open Terminal feature toggle. Administrators can now enable or disable the Interactive Terminal feature for Open Terminal via configuration on the terminal server, controlling access to terminal routes. Commit
• 🔄 General improvements. Various improvements were implemented across the application to enhance performance, stability, and security.
• 🌐 Translations for Simplified Chinese, Traditional Chinese, Irish, and Catalan were enhanced and expanded.

Fixed

• 🔧 Middleware variable shadowing. Fixed a variable shadowing issue in the middleware that could cause incorrect tool output processing during chat. #22145
• ⚡ ChatControls reactivity fix. Fixed a Svelte reactivity issue where the active tab state in the ChatControls panel was not properly saved when switching between chats. #22127
• 🔧 ChatControls TypeScript fix. Fixed a TypeScript syntax error in ChatControls.svelte where the module script block was missing lang="ts", causing esbuild to fail during vite dev. #22131
• 🔌 Open Terminal tools for direct connections. Fixed an issue where Open Terminal tools were not available to the model when the terminal was configured via direct connection settings, ensuring users can now interact with terminal files and operations through the AI. #22137
• 📜 Chat history pagination. Fixed an issue where older messages in long chats were not loaded when scrolling to the top. Commit, Commit
• 🔧 Terminal tool null parameter handling. Fixed a bug where null parameters in terminal tool calls were sent as the string "None" instead of being omitted, causing 422 validation errors from the open-terminal server. #22124, #22144

Changed

Original source

[0.8.7] - 2026-03-01

Fixed

• 🔒 Connection access control privacy. Tool server and terminal connections without explicit access grants are now private (admin-only) by default, fixing a bug where connections configured with no access grants were visible to all users instead of being restricted. Commit
• 🧠 ChatControls memory leak. The ChatControls panel no longer leaks event listeners, ResizeObserver instances, and media query handlers when navigating between chats, fixing memory accumulation that could degrade performance during extended use. #22112
• 💾 Temporary chat params preservation. Model parameters are now correctly saved when creating a temporary chat, ensuring custom settings like temperature and top_p persist across the session. Commit
• ⚡ Faster artifact content updates. Artifact content extraction during streaming is now debounced via requestAnimationFrame, reducing redundant DOM reads and improving CPU efficiency when tokens arrive faster than the browser can paint. Commit

Original source

[0.8.6] - 2026-03-01

Added

• 🖥️ Open Terminal integration. Users can now connect to Open Terminal instances to browse, read, and upload files directly in chat, with the terminal acting as an always-on tool. File navigation includes folder browsing, image and PDF previews, drag-and-drop uploads, directory creation, and file deletion. The current working directory is automatically injected into tool descriptions for context-aware commands. Commit, Commit, Commit
• 📄 Terminal file creation. Users can now create new empty files directly in the Open Terminal file browser, in addition to the existing folder creation functionality. Commit
• ✏️ Terminal file editing. Users can now edit text files directly in the Open Terminal file browser, with the ability to save changes back to the terminal. Commit
• 🛠️ Terminal file preview toolbar. The Open Terminal file browser now displays contextual toolbar buttons based on file type, including preview/source toggle for Markdown and CSV files, reset view for images, and improved editing controls for text files. Commit
• 🔄 Terminal file write refresh. The file browser now automatically refreshes when files are written or modified via the write_file or replace_file_content tools, eliminating the need to manually refresh. Commit
• 🛡️ Docker image SBOM attestation. Docker images now include a Software Bill of Materials (SBOM) for vulnerability scanning and supply chain security compliance. #21779, Commit
• 📡 Reporting-Endpoints security header. Administrators can now configure a Reporting-Endpoints header via the REPORTING_ENDPOINTS environment variable to receive CSP violation reports directly, aiding in security policy debugging and hardening. #21830
• 🎯 Action button priority sorting. Action buttons under assistant messages now appear in a consistent order based on the priority field from function Valves, allowing developers to control button placement. #21790
• 🏷️ Public/Private model filtering. The Admin Settings Model listing now displays Public/Private badges and includes filter options to easily view public or private models. #21732, #21797
• 👁️ Show/Hide all models bulk action. Administrators can now show or hide all models at once from the Admin Settings Models page Actions menu, making it faster to manage model visibility. Bulk actions now display a single toast notification on success for better user feedback. #21838, #21958
• 🔐 Individual user sharing control. Administrators can now disable individual user sharing via the USER_PERMISSIONS_ACCESS_GRANTS_ALLOW_USERS environment variable, allowing only group-based sharing when set to false. #21793, Commit, Commit
• 🔄 OAuth profile sync on login. Administrators can now enable automatic synchronization of user profile name and email from OAuth providers on login via the OAUTH_UPDATE_NAME_ON_LOGIN and OAUTH_UPDATE_EMAIL_ON_LOGIN environment variables. #21787, Commit
• 👥 Default group share permission. Administrators can now configure the default sharing permission for new groups via the DEFAULT_GROUP_SHARE_PERMISSION environment variable, controlling whether anyone, no one, or only members can share to new groups. Commit
• 💨 Streaming performance. Chat responses now render more efficiently during streaming, reducing CPU usage and improving responsiveness. Commit
• 🧮 Streaming message comparison. Chat message updates during streaming are now faster thanks to an optimization that skips expensive comparisons when content changes. #21884
• 🚀 Streaming scroll optimization. Chat auto-scroll during streaming is now more efficient by batching scroll operations via requestAnimationFrame, reducing unnecessary layout reflows when tokens arrive faster than the browser can paint. #21946
• 📋 Message cloning performance. Chat message cloning during streaming is now more efficient thanks to the use of structuredClone() instead of JSON.parse(JSON.stringify(...)). #21948
• 🎯 Faster code block rendering. Chat message updates during streaming are now faster. #22101
• 📊 Faster status history display. Chat message updates during streaming are now faster. #22103
• 🛠️ Faster tool result handling. Tool execution results are now handled more efficiently, improving streaming performance. #22104
• 💾 Faster model and file operations. Model selection, file preparation, and history saving are now faster. #22102
• 🛠️ Tool server advanced options toggle. Advanced OpenAPI configuration options in the tool server modal are now hidden by default behind a toggle, simplifying the interface for basic setups. The admin settings tab was also renamed from "Tools" to "Integrations" for clearer organization. Commit, Commit
• 🔧 Faster tool loading. Tool access control now skips an unnecessary database query when no tools are attached to the request, slightly improving performance. #21873
• ➗ Faster math rendering. Mathematical notation now renders more efficiently, improving responsiveness when displaying equations in chat. #21880
• 🏎️ Faster message list updates. The chat message list now rebuilds at most once per animation frame during streaming, reducing CPU overhead. #21885
• 📋 Faster message rendering. Chat message rendering is now more efficient during streaming. #22086
• 🗄️ Faster real-time chat updates. Chat responses now process faster with improved handling for concurrent users. #22087
• 📝 Faster status persistence. Only final status updates are now saved to the database during streaming, reducing unnecessary writes. #22085
• 🔄 Faster event matching. Event handling in the socket handler is now more efficient. Commit
• 🔀 General improvements. Various improvements were implemented across the application to enhance performance, stability, and security.
• 🌐 Translation updates. Translations for German, Portuguese (Brazil), Simplified Chinese, Traditional Chinese, Catalan, and Spanish were enhanced and expanded.

Fixed

• 🗄️ Database migration execution. Database migrations now run correctly on startup, fixing a circular import issue that caused schema updates to fail silently. #21848, Commit
• 🔔 Notification HTML escaping. Notification messages now properly escape HTML content, matching the behavior in chat messages and ensuring consistent rendering across the interface. #21860, Commit
• 🛠️ Tool call JSON error handling. Chat no longer crashes when models generate malformed JSON in tool call arguments; instead, a descriptive error message is returned to the model for retry. #21984, Commit
• 🧠 Reasoning model KV cache preservation. Reasoning model thinking tags are no longer stored as HTML in the database, preserving KV cache efficiency for backends like llama.cpp and ensuring faster subsequent conversation turns. #21815, Commit
• ⚡ Duplicate model execution prevention. Models are no longer called twice when no tools are configured, eliminating unnecessary API requests and reducing latency. #21802, Commit
• 🔐 OAuth session database error. OAuth login no longer fails with a database error when creating sessions, fixing the "'NoneType' object has no attribute 'id'" and "can't adapt type 'dict'" errors that occurred during OAuth group creation. #21788
• 👤 User sharing permission enforcement. The user sharing option now correctly respects the USER_PERMISSIONS_ACCESS_GRANTS_ALLOW_USERS setting, fixing an issue where sharing to individual users was incorrectly allowed even when disabled. #21856, Commit, Commit
• 🔑 Password manager autofill. Password manager autofill (like iCloud Passwords, 1Password, Bitwarden) now correctly captures filled-in passwords, fixing login failures where the password appeared filled but was sent as empty. #21869, Commit
• 📝 RAG template duplication. RAG templates are no longer duplicated in chat messages when models make multiple tool calls, preventing hallucinations and incorrect tool usage. #21780, Commit
• 📋 Audit log stdout. Audit logs now correctly appear on stdout when the ENABLE_AUDIT_STDOUT environment variable is set to true, aligning runtime behavior with the intended configuration. #21777
• 🎯 Function valve priority resolution. Function priorities defined in code are now correctly applied when no custom value has been saved in the database, ensuring consistent action button and filter ordering. #21841
• 📄 Web content knowledge base append. Processing web URLs with overwrite=false now correctly appends content to existing knowledge bases instead of silently doing nothing, fixing a regression where no content was being added. #21786, Commit
• 🔍 Web search domain filter config. The WEB_SEARCH_DOMAIN_FILTER_LIST environment variable is now correctly read and applied, fixing an issue where domain filtering for web searches always used an empty default value. #21964, #20186
• 🧹 Tooltip memory leak. Tooltip instances are now properly destroyed when elements change, fixing a memory leak that could cause performance issues over time. #21969
• ⌨️ MessageInput memory leak. Event listeners in the message input component are now properly cleaned up, preventing a memory leak that could cause page crashes during extended use. #21968
• 📝 Notes memory leak. Event listeners in the Notes component are now properly cleaned up, fixing a memory leak that could cause page crashes during extended use. #21963
• 🏗️ Model create memory leak. Event listeners in the model creation page are now properly cleaned up, fixing a memory leak that could cause page crashes during extended use. #21966
• 💬 MentionList memory leak. Event listeners in the MentionList component are now properly cleaned up, fixing a memory leak that could cause page crashes during extended use. #21965
• 📐 Sidebar memory leak. Event listeners in the Sidebar component are now properly cleaned up, fixing a memory leak that could cause page crashes during extended use. #22082
• 🎨 Sidebar user menu positioning. The sidebar user menu no longer drifts rightward when the sidebar is resized, keeping the menu properly aligned with its trigger. #21853
• 💻 Code block UI. Code block headers are now sticky and properly positioned, with language labels now showing tooltips for truncated text. Commit
• 📊 Multi-model responses horizontal scroll. The model list in multi-model responses tabs now has horizontal scroll support, making all models accessible on desktop screens. #21800, Commit
• 🎭 TailwindCSS gray color theme. Custom gray color palette is now correctly applied to the CSS root theme layer, fixing an issue where --color-gray-x variables were missing. #21900, #21899
• 📎 Broken documentation links. Fixed broken links in the backend config and admin settings that pointed to outdated documentation locations. #21904
• 🔓 OAuth session token decryption. OAuth sessions are now properly detached from the database context before token decryption, preventing potential database session conflicts when reading encrypted tokens. #21794
• 🕐 Chat timestamp i18n fix. Chat timestamps in the sidebar now display correctly, fixing an issue where the time ago format (e.g., "5m", "2h", "3d") was not being localized properly due to incorrect variable casing in the translation function. Commit
• 🍞 Model toast notification fix. Hiding or showing a single model now displays only one toast notification instead of two, removing the redundant generic "model updated" message when a specific action toast is shown. #22079
• 📡 Offline mode embedding model fix. Open WebUI no longer attempts to download embedding models when in offline mode, fixing error logs that occurred when trying to fetch models that weren't cached locally. #22106, #21405

Original source

[0.8.5] - 2026-02-23

Added

• ⌨️ Voice dictation shortcut. Users can now toggle voice dictation using Cmd+Shift+L (or Ctrl+Shift+L on Windows/Linux), making it faster to start and stop dictation without clicking the microphone button.

Fixed

• 🚫 Model access KeyError fix. The /api/models endpoint no longer crashes with a 500 error when models have incomplete info metadata missing the user_id field (e.g. models using global default metadata).
• 🔄 Frontend initialization resilience. The app layout now gracefully handles individual API failures during initialization (getModels, getBanners, getTools, getUserSettings, setToolServers) instead of blocking the entire page load when any single call fails.
• 🛡️ Backend config null safety. Language detection during app initialization no longer crashes when the backend config fetch fails, preventing a secondary cause of infinite loading.

Original source

[0.8.4] - 2026-02-23

Added

• 🛜 Provider URL suggestions. The connection form now displays a dropdown with suggested URLs for popular AI providers, making it easier to configure connections. Commit
• ☁️ Anthropic model fetching. The system now properly fetches available models from the Anthropic API, ensuring all Anthropic models are accessible. Commit
• 💡 No models prompt. When no models are available, a helpful prompt now guides users to manage their provider connections. Commit
• ⚙️ Connection enable/disable toggles. Individual provider connections can now be enabled or disabled from both admin and user settings. Commit
• ⏸️ Prompt enable/disable toggle. Users can now enable or disable prompts directly from the prompts list using a toggle switch, without needing to delete and recreate them. Inactive prompts display an "Inactive" badge and are still visible in the list. Commit
• 🗑️ Memory deletion. Agents can now delete specific memories that are no longer relevant, duplicated, or incorrect, giving better control over stored memory content. Commit
• 📋 Memory listing. Agents can now list all stored memories, enabling them to identify which memories to manage or delete based on the complete memory inventory. Commit
• 📦 Auto pip install toggle. Administrators can now disable automatic pip package installation from function frontmatter requirements using the ENABLE_PIP_INSTALL_FRONTMATTER_REQUIREMENTS environment variable, providing more control over function dependency management. Commit
• 🔗 Anthropic Messages API proxy. A new API endpoint now supports the Anthropic Messages API format, allowing tools like Claude Code to authenticate through Open WebUI and access configured models. Tool calls are now properly supported in streaming responses with correct multi-block indexing, and error status from tools is propagated correctly. The endpoint converts requests to OpenAI format internally, routes them through the existing chat pipeline, and returns responses in Anthropic format. #21390, Commit, Commit
• 👥 Multi-device OAuth sessions. Users can now stay logged in on multiple devices simultaneously with OAuth, as re-logging in no longer terminates existing sessions. The oldest sessions are automatically pruned when the session limit is exceeded. #21647, Commit
• 🔐 OAuth group default share setting. Administrators can now configure the default sharing setting for OAuth-created groups using the OAUTH_GROUP_DEFAULT_SHARE environment variable, allowing control over whether new groups default to private or shared with members. #21679, Commit
• 🔧 Knowledge base import behavior. The web content import endpoint now supports a configurable overwrite flag, allowing users to add multiple URLs to the same knowledge base instead of replacing existing content. #21613, #21336, Commit
• 🧩 Skill JSON import support. Skills can now be imported from both JSON and Markdown files. #21511
• 🔍 You.com web search provider. A new web search provider option for You.com is now available, giving users another search engine choice for web-enabled models. The You.com provider enriches search results by including both descriptions and snippets for better context. #21599
• 🚀 Message list performance. Loading conversation history when sending messages is now significantly faster, improving response latency before the model starts generating. This also speeds up chat search and RAG context building. #21588
• 🎯 Concurrent embedding request control. Administrators can now control the maximum number of concurrent embedding API requests using the RAG_EMBEDDING_CONCURRENT_REQUESTS environment variable, helping manage API rate limits while maintaining embedding performance. #21662, Commit
• ⚡ Message upsert optimization. Loading chat data during message saving is now significantly faster by eliminating a redundant database call that occurred on every message upsert, which happens many times during streaming responses. #21592
• ⚡ Message send optimization. Loading chat data during message sending is now significantly faster by eliminating unnecessary full conversation history loads. The system now uses targeted queries that fetch only the needed data instead of loading entire chat objects with all message history. #21596
• 🚀 Tag filtering optimization. Chat search with tag filtering now uses more efficient database queries, making filtered searches significantly faster. Commit
• ⚡ Shared chat loading optimization. The shared chats endpoint now loads only the needed columns instead of the full conversation history, making shared chat listings significantly faster. #21614
• 🗂️ Archived and pinned chat loading. Loading archived and pinned chat lists is now significantly faster by loading only the needed columns instead of full conversation data. #21591
• 💨 Chat title query optimization. Retrieving chat titles now queries only the title column instead of the entire conversation history, making title lookups significantly faster and reducing database load. #21590
• 🗄️ Batch access grants for multiple resources. Loading channels, knowledge bases, models, notes, prompts, skills, and tools now uses batch database queries for access grants instead of individual queries per item, significantly reducing database load. For 30 items, this reduces approximately 31 queries to just 3. #21616
• 📋 Notes list payload optimization. Notes list and search endpoints now return only a 200-character preview instead of the full note content, reducing response payload from ~167 MB to ~10 KB for 60 notes and eliminating N+1 queries for access grants. The Notes tab now loads in seconds instead of tens of seconds. #21549
• ⚡ Tools list performance. Loading the tools list is now significantly faster by deferring content and specs fields from database queries, and using cached tool modules instead of reloading them for each request. Commit
• 📝 Group description display. The admin groups list now shows each group's description, making it easier for administrators to identify groups at a glance.
• 🏷️ Sort by dropdown. Administrators can now sort groups using a dropdown menu with options for Name or Members, replacing the previous clickable column headers.
• 📶 Admin groups list sorting. The Group and Users columns in the admin groups list are now clickable for sorting, allowing administrators to sort groups alphabetically by name or numerically by member count. #21692
• 🔽 Rich UI auto-scroll. The view now automatically scrolls to action-generated Rich UI content once it renders, ensuring users can see the results without manually scrolling. #21698, #21482
• 📊 Admin analytics toggle. Administrators can now enable or disable the analytics feature using the ENABLE_ADMIN_ANALYTICS environment variable, giving more control over available admin features. #21651, Commit
• 📊 Analytics sorting enhancement. The Analytics dashboard now supports sorting by Tokens column for both Model Usage and User Usage tables, and the Share/Percentage columns are now clickable for sorting. Administrators can more easily identify the most token-consuming models and users. Commit
• 📑 Fetch URL citation sources. When models fetch URLs during tool calling, the fetched URLs now appear as clickable citation sources in the UI with content previews, matching the existing behavior of web search and knowledge file tools. #21669
• 🔗 Admin settings tab navigation. The admin settings sidebar now supports native browser tab opening, allowing users to middle-click or right-click to open settings pages in new tabs. The navigation was converted from button-based to anchor-based elements. #21721
• 🏷️ Model visibility badges. The Admin Settings Models page now displays Public or Private badges directly on each model, making it easy to identify model access levels at a glance without opening the edit screen. #21732, Commit
• 🛠️ Global model defaults. Administrators can now configure default metadata and parameters that automatically apply to all models, reducing manual configuration for newly discovered models. Default capabilities (like vision, web search, code interpreter) and parameters (like temperature, max_tokens) can be set globally in Admin Settings, with per-model overrides still available. #20658, Commit
• 💬 Plaintext tool output display. Tool outputs that are plain strings now display naturally in a monospace block instead of quoted/escaped format, making multi-line string outputs easier to read. #21553, Commit
• 🔐 Event call input masking. Functions can now request masked password input in confirmation dialogs, allowing sensitive data entry to be hidden from view. This extends the existing masking feature from user valves to event calls. #21540, Commit
• 🗂️ JSON logging support. Administrators can now enable JSON-formatted logging by setting the LOG_FORMAT environment variable to "json", making logs suitable for log aggregators like Loki, Fluentd, CloudWatch, and Datadog. #21747
• ♿ UI accessibility improvements. Screen reader users can now navigate the interface more easily with improved keyboard navigation in dialogs and proper ARIA labels on all interactive elements. Added aria-labels to close, back, and action buttons across various components, and improved semantic HTML and screen reader support across auth, sidebar, chat, and notification components, addressing WCAG compliance. Added aria-labels to search inputs, select fields, and modals in admin and user settings, and improved accessibility for text inputs, rating components, citations, and web search results. Added aria-labels to workspace components including Knowledge, Models, Prompts, Skills, and Tools pages for improved screen reader support. #21706, #21705, #21710, #21709, #21717, #21715, #21708, #21719
• 🔄 General improvements. Various improvements were implemented across the application to enhance performance, stability, and security.
• 🌐 Translations for Finnish, French, Portuguese (Brazil), Simplified Chinese, and Traditional Chinese were enhanced and expanded.

Fixed

• 💥 Admin functions page crash fix. The admin Functions tab no longer crashes when clicked, fixing a null reference error that occurred while the functions list was loading. #21661, Commit
• 💀 Cyclic chat history deadlock fix. Chat histories with circular parent-child message references no longer cause the backend to freeze when syncing usage stats. The system now detects and safely aborts when encountering cyclic message references. #21681
• 🔀 Model fallback routing fix. Custom model fallback now works correctly across all model types, preventing "Model not found" errors when the fallback model uses a different backend (pipe, Ollama, or OpenAI). #21736
• 🐛 Default model selection fix. Admin-configured default models are now properly respected when starting new chats instead of being overwritten by the first available model. #21736
• 👁️ Scroll jumping fix. Deleting a message pair after stopping generation no longer causes the chat to visually jump around, making message deletion smoother. #21743, Commit
• 💬 New chat message handling fix. Fixed a bug where clicking "New Chat" after sending a message would silently drop subsequent messages. The system now properly clears pending message queues when starting a new conversation. #21731
• 🔍 RAG template mutation fix. Fixed a bug where RAG template text was recursively injected into user messages during multiple sequential tool calls, causing message content to grow exponentially and potentially confuse the model. The system now preserves the original user message before tool-calling loops and correctly accumulates citation sources. #21663, #21668, Commit
• 🔒 Iframe sandbox security. Embedded tools can no longer submit forms or access same-origin content by default, improving security for users. #21529
• 🔐 Signup race condition fix. Fixed a security vulnerability where multiple admin accounts could be created on fresh deployments when running multiple uvicorn workers. The signup handler now properly handles concurrent requests during first-user registration, preventing unauthorized admin privilege escalation. #21631
• 🔐 LDAP optional fields fix. LDAP configuration now properly accepts empty Application DN and password values, allowing LDAP authentication to work without these optional fields. Previously, empty values caused authentication failures. Commit
• 🛠️ API tools fix. The /api/v1/chat/completions endpoint now properly respects caller-provided tools instead of overriding them with server-side tools, fixing issues where external agents like Claude Code or Cursor would receive unexpected tool advertisements. #21557, #21555
• ⏱️ Embeddings and proxy timeout fix. The embeddings and OpenAI proxy endpoints now properly honor the AIOHTTP_CLIENT_TIMEOUT environment variable, instead of using default timeouts that could cause requests to hang. #21558
• 📄 Text file type detection fix. TypeScript and other text files that were mis-detected as video files based on their extension are now correctly identified and processed as text files, fixing upload rejections for .ts files. #21454, Commit
• 🗄️ File access control respect. The files list and search endpoints now properly respect the BYPASS_ADMIN_ACCESS_CONTROL setting, ensuring admins only see their own files when the setting is disabled, consistent with other endpoints. #21595, #21589
• 🗄️ PostgreSQL workspace cloning. Cloning workspace models now works correctly on PostgreSQL databases by generating proper unique IDs for access grants instead of using potentially duplicate or invalid IDs. Commit
• 🔓 MCP SSL verification fix. MCP tool connections now properly respect the AIOHTTP_CLIENT_SESSION_TOOL_SERVER_SSL environment variable to disable SSL verification, instead of always verifying SSL certificates. Commit, #21481
• 🔒 Model default feature permissions. Model default features like code interpreter, web search, and image generation now respect global configuration and user permission settings, preventing disabled features from appearing in the chat input. #21690
• 🔍 Model selector typing fix. The model selector list no longer disappears or becomes grayed out when typing quickly in the search field, thanks to improved virtual scroll handling. #21659
• ⛔ Disabled model cloning prevention. Disabled models can no longer be cloned as workspace models, preventing invalid empty configurations from being created. The Clone option is now hidden for inactive models. #21724
• 🔧 SCIM parameter handling. The SCIM Users and Groups endpoints now accept out-of-range startIndex and count values by clamping them to valid ranges instead of returning errors, in compliance with RFC 7644. #21577
• 🔍 Hybrid search result fix. Hybrid search now returns correct results after fixing a bug where query result unpacking order was mismatched, causing search results to appear empty. #21562
• 🛠️ Imported items display. Imported functions and tools now appear immediately in the list after import, without requiring a page reload. #21593
• 🔄 WebSocket race condition fix. Collaborative note saves no longer crash with errors when users disconnect before pending saves complete, preventing AttributeError exceptions and excessive logging. #21601, Commit
• ✋ Drag-and-drop overlay fix. The "Add Files" overlay no longer remains stuck on screen when dragging files back out of the chat window in Mozilla Firefox. #21664
• 👁️ Group search visibility fix. Groups now appear correctly in access control search results, even when the search doesn't match any users. #21691
• 🖱️ User menu drag and click fixes. Fixed draggable ghost images when dragging menu items and eliminated phantom link clicks that occurred when dragging outside dropdown menus. #21699
• 🧭 Admin and workspace nav drag fix. Fixed ghost drag images when dragging top navigation tabs in the Admin and Workspace panels by adding proper drag constraints and text selection prevention. #21701
• 🎮 Playground nav drag fix. Fixed ghost drag images when dragging top navigation tabs in the Playground panel by adding proper drag constraints and text selection prevention. #21704
• ✋ Dropdown menu drag fix. Dropdown menu items can no longer be accidentally dragged as ghost images when highlighting text, making menu interactions smoother. #21713
• 🗂️ Folder menu drag fix. Folder dropdown menu items can no longer be accidentally highlighted or dragged as ghost images, making folder options behave like standard menus. #21753
• 📝 Console log spam fix. Requesting deleted or missing files no longer floods the backend console with Python traceback logs, thanks to proper exception handling for expected 404 errors. #21687
• 🐛 Firefox avatar overflow fix. Fixed a visual bug in Firefox where broken model or user avatar images would display overflowing alt text that overlapped adjacent labels on the Analytics and Leaderboard pages. Failed avatar images now properly show fallback icons instead. #21730
• 🎨 Dark mode select background fix. Fixed an issue where select inputs and dropdown menus had inconsistent lighter background colors in dark mode by removing conflicting dark theme overrides, ensuring a cohesive transparent look. #21728
• 💾 Prompt import fix. Importing prompts that were previously exported no longer fails with a "[object Object]" error toast, making prompt backup and restore work correctly. #21594
• 🔧 Ollama reasoning effort fix. Reasoning effort now works correctly with Ollama models that require string values ("low", "medium", "high") instead of boolean, fixing "invalid option provided" errors when using models like GPT-OSS. #20921, #20928, Commit
• 🔍 Hybrid search deduplication fix. Hybrid search now correctly deduplicates results using content hashes, preventing duplicate chunks from appearing when using enriched text for BM25 search. Commit
• 📋 SQLAlchemy warning fix. Fixed a SQLAlchemy warning that appeared in logs when deleting shared chats, improving log clarity. Commit

Changed

• 🎯 Prompt suggestions relocated. Prompt suggestions have been moved from Admin Panel - Settings - Interface to Admin Panel - Settings - Models, where they can now be configured per-model or globally via the new model defaults.
• 📢 Banners relocated. Banners configuration has been moved from Admin Panel - Settings - Interface to Admin Panel - Settings - General.

Original source

[0.8.3] - 2026-02-17

Added

• ✏️ Model edit shortcut. Users can now edit models directly from the model selector dropdown menu, making it faster to modify model settings without navigating to separate admin or workspace pages. Commit
• 🎨 Image edit API background support. The image edit API now supports the background parameter for OpenAI's gpt-image-1 model, enabling background transparency control ("transparent", "opaque", "auto") when the feature is exposed in the UI. #21459
• ⚡ Faster model filtering. Model access control filtering no longer makes a redundant database query to re-fetch model info that is already available in memory, reducing latency when loading model lists for non-admin users. Commit
• 🔧 Tool call display improvements. Tool call results now display arguments in a cleaner key-value format instead of raw JSON, with a responsive layout that shows only the tool name on narrow screens and the full label on wider screens, preventing text wrapping to multiple lines. Commit
• 🔄 General improvements. Various improvements were implemented across the application to enhance performance, stability, and security.
• 🌐 Translations for Portuguese (Brazil), Simplified Chinese, and Traditional Chinese were enhanced and expanded.

Fixed

• 📧 USER_EMAIL variable fix. The {{USER_EMAIL}} template variable now correctly returns the user's email address instead of "Unknown" in prompts. #21479, #21465
• 🖼️ Image and file attachment handling fixes. Uploaded images are now correctly sent to vision-enabled models, and file attachments now work even when no user text is entered alongside a system prompt. This fixes two issues where the backend was not properly processing file attachments: images weren't converted to the expected format for API requests, and file context was dropped when the user sent only a file without accompanying text. Commit, #21477, #21457
• 🛡️ Missing function error handling. Models that reference deleted functions no longer cause the entire /api/models endpoint to crash; instead, the missing functions are skipped and logged, allowing the rest of the models to load successfully. #21476, #21464
• 🚀 Startup model pre-fetch error handling. If model pre-fetching fails during app startup, the application now logs a warning and continues instead of crashing entirely. Commit
• ⚙️ Function module loading error handling. Function modules that fail to load during startup or model processing are now caught and logged, preventing crashes when models reference functions with loading errors. Commit
• 🗄️ PostgreSQL group query fix. The '/api/v1/groups/' endpoint no longer fails with a GROUP BY error when using PostgreSQL; member counts are now calculated using correlated subqueries for better database compatibility. #21458, #21467

Original source

[0.8.2] - 2026-02-16

Added

• 🧠 Skill content handling. User-selected skills now have their full content injected into the chat, while model-attached skills only display name and description in the available skills list. This allows users to override skill behavior while model-attached skills remain flexible. Commit
• ⚙️ Chat toggles now control built-in tools. Users can now disable web search, image generation, and code execution on a per-conversation basis, even when those tools are enabled as builtin tools on the model. #20641, #21318, Commit, Commit
• 🖼️ Image preview in file modal. Images uploaded to chats can now be previewed directly in the file management modal, making it easier to identify and manage image files. #21413, Commit
• 🏷️ Batch tag operations. Tag creation, deletion, and orphan cleanup for chats now use batch database queries instead of per-tag loops, significantly reducing database round trips when updating, archiving, or deleting chats with multiple tags. Commit
• 💨 Faster group list loading. Group lists and search results now load with a single database query that joins member counts, replacing the previous pattern of fetching groups first and then counting members in a separate batch query. Commit
• 🔐 Skills sharing permissions. Administrators can now control skills sharing and public sharing permissions per-group, matching the existing capabilities for tools, knowledge, and prompts. Commit
• ⚡ Long content truncation in preview modals. Citation and file content modals now truncate markdown-rendered content at 10,000 characters with a "Show all" expansion button, preventing UI jank when previewing very large documents.
• 🌐 Translation updates. Translations for Spanish and German were enhanced and expanded.

Fixed

• 🔐 OAuth session error handling. Corrupted OAuth sessions are now gracefully handled and automatically cleaned up instead of causing errors. Commit
• 🐛 Task model selector validation. The task model selector in admin settings now correctly accepts models based on the new access grants system instead of rejecting all models with an incorrect error. Commit
• 🔗 Tool call message preservation. Models no longer hallucinate tool outputs in multi-turn conversations because tool call history is now properly preserved instead of being merged into assistant messages. #21098, #20600, Commit
• 🔧 Tool server startup initialization. External tool servers configured via the "TOOL_SERVER_CONNECTIONS" environment variable now initialize automatically on startup, eliminating the need to manually visit the Admin Panel and save for tools to become available. This enables proper GitOps and containerized deployments. #18140, #20914, Commit
• ♻️ Resource handle cleanup. File handles are now properly closed during audio transcription and pipeline uploads, preventing resource leaks that could cause system instability over time. #21411
• ⌨️ Strikethrough shortcut conflict fix. Pressing Ctrl+Shift+S to toggle the sidebar no longer causes text to become struck through in the chat input, by disabling the TipTap Strike extension's default keyboard shortcut when rich text mode is off. Commit
• 🔧 Tool call finish_reason fix. API responses now correctly set finish_reason to "tool_calls" instead of "stop" when tool calls are present, fixing an issue where external API clients (such as OpenCode) would halt prematurely after tool execution when routing Ollama models through the Open WebUI API. #20896

Original source

[0.8.1] - 2026-02-14

Caution

⚠️ Database Migrations: This release includes database schema changes; we strongly recommend backing up your database and all associated data before upgrading in production environments. If you are running a multi-worker, multi-server, or load-balanced deployment, all instances must be updated simultaneously, rolling updates are not supported and will cause application failures due to schema incompatibility.

Added

• 🚀 Channel user active status. Checking user active status in channels is now faster thanks to optimized database queries. Commit
• 🔗 Responses API endpoint with model routing. The OpenAI API proxy now supports a /responses endpoint that routes requests to the correct backend based on the model field in the request, instead of always using the first configured endpoint. This enables support for backends like vLLM that provide /skills and /v1/responses endpoints. Commit, Commit
• ⚡ Model and prompt list optimization. Improved performance when loading models and prompts by pre-fetching user group IDs once instead of making multiple database queries. Commit
• 🗄️ Batch access control queries. Improved performance when loading models, prompts, and knowledge bases by replacing multiple individual access checks with single batch queries, significantly reducing database load for large deployments. Commit
• 💨 Faster user list loading. User lists now load significantly faster by deferring profile image loading; images are fetched separately in parallel by the browser, improving caching and reducing database load. Commit
• 🔍 Web search result count. The built-in search_web tool now respects the admin-configured "Search Result Count" setting instead of always returning 5 results when using Native Function Calling mode. #21373, #21371
• 🔐 SCIM externalId support. SCIM-enabled deployments can now store and manage externalId for user provisioning, enabling better integration with identity providers like Microsoft Entra ID and Okta. #21099, #21280, Commit
• 🌐 Translation updates. Portuguese (Brazil) translations were updated.

Fixed

• 🛡️ Public sharing security fix. Fixed a security issue where users with write access could see the Public sharing option regardless of their actual public sharing permission, and direct API calls could bypass frontend sharing restrictions. #21358, #21356
• 🔒 Direct model access control fix. Model access control changes now persist correctly for direct Ollama and OpenAI models that don't have database entries, and error messages display properly instead of showing "[object Object]". Commit, #21377
• 💭 Reasoning trace rendering performance. Reasoning traces from models now render properly without being split into many fragments, preventing browser slowdowns during streaming responses. #21348, Commit
• 🖥️ ARM device compatibility fix. Fixed an issue where upgrading to 0.8.0 would fail to start on ARM devices (like Raspberry Pi 4) due to torch 2.10.0 causing SIGILL errors; now pinned to torch<=2.9.1. #21385, #21349
• 🗄️ Skills PostgreSQL compatibility fix. Fixed a PostgreSQL compatibility issue where creating or listing skills would fail with a TypeError, while SQLite worked correctly. #21372, Commit, #21365
• 🗄️ PostgreSQL analytics query fix. Fixed an issue where retrieving chat IDs by model ID would fail on PostgreSQL due to incompatible DISTINCT ordering, while SQLite worked correctly. #21347, Commit
• 🗃️ SQLite cascade delete fix. Deleting chats now properly removes all associated messages in SQLite, matching PostgreSQL behavior and preventing orphaned data. #21362
• ☁️ Ollama Cloud model naming fix. Fixed an issue where using Ollama Cloud models would fail with "Model not found" errors because ":latest" was incorrectly appended to model names. #21386
• 🛠️ Knowledge selector tooltip z-index. Fixed an issue where tooltips in the "Select Knowledge" dropdown were hidden behind the menu, making it difficult to read knowledge item names and descriptions. #21375
• 🎯 Model selector scroll position. The model selector dropdown now correctly scrolls to and centers the currently selected model when opened, and resets scroll position when reopened. Commit
• 🐛 Sync modal unexpected appearance. Fixed an issue where the Sync Modal would appear unexpectedly after enabling the "Community Sharing" feature if the user had previously visited the app with the sync parameter. #21376
• 🎨 Knowledge collection layout fix. Fixed a layout issue in the Knowledge integration menu where long collection names caused indentation artifacts and now properly truncate with ellipsis. #21374
• 📝 Metadata processing crash fix. Fixed a latent bug where processing document metadata containing certain keys (content, pages, tables, paragraphs, sections, figures) would cause a RuntimeError due to dictionary mutation during iteration. #21105
• 🔑 Password validation regex fix. Fixed the password validation regex by adding the raw string prefix, ensuring escape sequences like d and w are interpreted correctly. #21400, #21399

Changed

• ⚠️ Database Migrations: This release includes database schema changes; we strongly recommend backing up your database and all associated data before upgrading in production environments. If you are running a multi-worker, multi-server, or load-balanced deployment, all instances must be updated simultaneously, rolling updates are not supported and will cause application failures due to schema incompatibility.

Original source