Skip to main content

v1.85.2 - Path-Handling Hardening Backport

Deploy this version

Docker
Pip

docker run \
-e STORE_MODEL_IN_DB=True \
-p 4000:4000 \
docker.litellm.ai/berriai/litellm:1.85.2

pip install litellm==1.85.2

v1.85.2 is a patch release on top of v1.85.1. It backports the path-handling hardening covered in the host-header authentication bypass advisory and restores npm to the non-root Docker builder.

Bug Fixes

Proxy auth / routing
- Route the proxy's path-dependent call sites through get_request_route() so they all derive the request route from the ASGI scope rather than the Host-reconstructed URL - PR #28547

Infrastructure

Docker
- Restore npm to the Dockerfile.non_root builder stage so prisma-python no longer falls back to a nodeenv-bootstrapped Node runtime - PR #28519

Full Changelog

https://github.com/BerriAI/litellm/compare/v1.85.1...v1.85.2

Deploy this version
- Bug Fixes
- Infrastructure
Full Changelog

🚅

LiteLLM Enterprise

SSO/SAML, audit logs, spend tracking, multi-team management, and guardrails — built for production.