·
188 commits
to main
since this release
1.10.1-fix.1
laipz8200
-LAN-
This tag was signed with the committer’s verified signature.
laipz8200
-LAN-
Important
For users who upgraded to version 1.10.1-fix.1 before 2025-12-09 03:00:00 UTC, please verify your docker compose configuration to ensure the web service is using the correct image version langgenius/dify-web:1.10.1-fix.1. This verification is critical to address the GHSA-fv66-9v8q-g76r security vulnerability.
- Security/deps: backend bumps pyarrow 17.0.0, werkzeug 3.1.4, urllib3 2.5.0 in api/uv.lock; frontend bumps React 19.2.1 (addresses CVE-2025-55182) and Next.js 15.5.7 in web/package.json + web/pnpm-lock.yaml.
Full Changelog: 1.10.1...1.10.1-fix.1