Skip to main content

v1.84.2 - Path-Handling Hardening Backport

Deploy this version​

docker run \
-e STORE_MODEL_IN_DB=True \
-p 4000:4000 \
docker.litellm.ai/berriai/litellm:1.84.2

v1.84.2 is a patch release on top of v1.84.1. It backports the path-handling hardening covered in the host-header authentication bypass advisory and restores npm to the non-root Docker builder.

Non-root deployments should pin v1.84.3 instead; the litellm-non_root:1.84.2 image failed to build because npm was missing from the builder, and v1.84.3 ships the same application code with a fixed Dockerfile.non_root.

Bug Fixes​

  • Proxy auth / routing
    • Route the proxy's path-dependent call sites through get_request_route() so they all derive the request route from the ASGI scope rather than the Host-reconstructed URL - PR #28547

Infrastructure​

  • Docker
    • Restore npm to the Dockerfile.non_root builder stage so prisma-python no longer falls back to a nodeenv-bootstrapped Node runtime. Applies to v1.84.3 and later; the litellm-non_root:1.84.2 image did not build - PR #28519

Full Changelog​

https://github.com/BerriAI/litellm/compare/v1.84.1...5560f35279

🚅
LiteLLM Enterprise
SSO/SAML, audit logs, spend tracking, multi-team management, and guardrails — built for production.
Learn more →