This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+5 more
ReleasePort's take
Moderate signalv4.2.0 introduces a FastAPI‑hosted React console and runtime LLM configuration UI/API, while securing API key handling.
Why it matters: Security severity of 90 triggers immediate attention for masked LLM API key previews; developers gain new console/UI features.
Summary
AI summaryAdded a React console with LLM configuration UI and API for multiple providers.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Critical |
LLM API keys accepted by local FastAPI process and returned only as masked previews. LLM API keys accepted by local FastAPI process and returned only as masked previews. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Feature | Medium |
Adds FastAPI-hosted React console at /console with TypeScript, Vite, Tailwind. Adds FastAPI-hosted React console at /console with TypeScript, Vite, Tailwind. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Feature | Medium |
Adds runtime LLM configuration UI and API supporting multiple providers. Adds runtime LLM configuration UI and API supporting multiple providers. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Feature | Medium |
Adds multi-file assessment submission with SSDLC phase, project, skill, and review controls. Adds multi-file assessment submission with SSDLC phase, project, skill, and review controls. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Feature | Medium |
Adds six built‑in SSDLC stage skills. Adds six built‑in SSDLC stage skills. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Feature | Low |
Adds Dashboard, Assessments, Knowledge Base, Skills, and Settings pages to the console. Adds Dashboard, Assessments, Knowledge Base, Skills, and Settings pages to the console. Source: granite4.1:30b@2026-06-03-audit Confidence: low |
— |
| Bugfix | Medium |
Clears LLM client cache when runtime LLM config changes. Clears LLM client cache when runtime LLM config changes. Source: llm_adapter@2026-06-03 Confidence: low |
— |
| Bugfix | Low |
Updates README, architecture docs, Makefile targets, .env.example, and version metadata for v4.2.0. Updates README, architecture docs, Makefile targets, .env.example, and version metadata for v4.2.0. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Bugfix | Low |
Adds optional `phase` parameter to `POST /api/v1/assessments` and propagates SSDLC phase metadata into reports. Adds optional `phase` parameter to `POST /api/v1/assessments` and propagates SSDLC phase metadata into reports. Source: llm_adapter@2026-06-03 Confidence: low |
— |
Full changelog
v4.2.0 — React Console and LLM Configuration
Added
- FastAPI-hosted React + TypeScript + Vite + Tailwind console at
/console. - Dashboard, Assessments, Knowledge Base, Skills, and Settings pages.
- Runtime LLM configuration UI and API for OpenAI, Anthropic Claude, Qwen, DeepSeek, OpenAI-compatible APIs, local OpenAI-compatible APIs, and Ollama.
- Multi-file assessment submission with SSDLC phase, project, skill, and collaborative review controls.
- Six SSDLC built-in stage skills.
- Console screenshot and updated architecture diagrams.
Changed
POST /api/v1/assessmentsaccepts optionalphaseand propagates SSDLC phase metadata into reports.- LLM client cache is cleared when runtime LLM config changes.
- README, architecture docs, Makefile targets,
.env.example, and version metadata updated for v4.2.0.
Security
- LLM API keys are accepted by the local FastAPI process and returned only as masked previews.
Validation
npm run build --prefix frontend.venv/bin/python -m pytest tests/test_health.py tests/test_assessments_api.py tests/test_skills_api.py -q
PR: https://github.com/arthurpanhku/DocSentinel/pull/10
Security Fixes
- LLM API keys are now accepted by the local FastAPI process and returned only as masked previews
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Beta — feedback welcome: [email protected]