DeepTutor v1.3.10 Release Notes

Release Date: 2026.05.10

v1.3.10 is a focused reliability release for the issues reported after v1.3.9.
It restores smoother remote Docker access, makes self-signed LLM endpoints work
consistently across SDK-backed providers, protects code snippets from citation
rewrites, and splits Matrix E2EE into an explicit opt-in dependency.

Highlights

Remote Docker and CORS Recovery

• Remote single-user Docker works out of the box again - when
  AUTH_ENABLED=false, DeepTutor now accepts browser origins over HTTP/HTTPS so
  LAN or remote-server frontends no longer hit the v1.3.8/v1.3.9 CORS
  regression reported in #463.
• Authenticated deployments stay explicit - when AUTH_ENABLED=true, CORS
  still requires a concrete allowlist through CORS_ORIGIN or CORS_ORIGINS,
  preserving the credentialed-auth safety boundary.
• Multiple deployment origins are supported - CORS_ORIGINS accepts comma
  or newline separated values, and both Docker Compose files pass the setting
  through to the backend container.
• Settings no longer drop network flags - CORS_ORIGIN, CORS_ORIGINS, and
  DISABLE_SSL_VERIFY are part of the canonical .env write order.

Provider TLS and Rendering Fixes

• DISABLE_SSL_VERIFY now reaches OpenAI SDK paths - OpenAI-compatible,
  Azure OpenAI, executor, TutorBot, and legacy embedding SDK clients all receive
  a shared httpx.AsyncClient(verify=False) when the flag is enabled, fixing
  self-signed HTTPS LLM endpoints reported in #464.
• Production still blocks unsafe TLS bypasses - ENVIRONMENT=prod or
  ENVIRONMENT=production rejects DISABLE_SSL_VERIFY, with a single warning
  logged in non-production use.
• Code blocks keep array indexes intact - Markdown citation linkification now
  masks fenced and inline code before rewriting references, so values[0] stays
  code instead of becoming a #references citation link (#468).

Matrix Install Compatibility

• Matrix no longer installs E2EE by default - the standard matrix extra and
  requirements/matrix.txt now use plain matrix-nio, avoiding the
  python-olm / libolm build failures seen on macOS Python 3.14 and Apple
  Clang 21 (#462).
• Encrypted rooms are an explicit add-on - install deeptutor[matrix-e2e]
  or requirements/matrix-e2e.txt when E2EE support is needed and libolm is
  available.
• Runtime failures are clearer - Matrix defaults to non-E2EE mode, and
  enabling E2EE without crypto dependencies now raises an actionable install
  message instead of failing at import time.

Multi-User Runtime Compatibility

• Default workspace paths stay stable outside user scope - when no current
  multi-user context is active, path resolution falls back to the default data
  workspace rather than forcing an admin scope.
• Legacy test and monkeypatch hooks remain available - session and settings
  routers keep compatibility shims used by tests and older integrations.
• Local agent artifacts are ignored - .claude/ is now excluded from Git so
  local worktrees and agent metadata do not accidentally enter releases.

Tests

• Added CORS setting tests for unauthenticated remote origins and authenticated
  explicit allowlists.
• Added shared OpenAI SDK HTTP-client tests across provider-core, Azure,
  executors, TutorBot, and embedding adapters.
• Added Markdown display tests for prose citations, fenced code, inline code,
  and explicit backticked citations.
• Added Matrix dependency split tests to keep default installs free of
  matrix-nio[e2e].
• Re-ran targeted Python tests, web node tests, Ruff checks, and diff whitespace
  validation for the release patch.

Upgrade Notes

• If you run remote Docker with AUTH_ENABLED=false, no extra CORS setting is
  required for normal HTTP/HTTPS browser origins.
• If you run a shared or authenticated deployment with AUTH_ENABLED=true, set
  CORS_ORIGIN or CORS_ORIGINS to the exact frontend origin(s), for example
  https://learn.example.com.
• Use DISABLE_SSL_VERIFY=true only for local, self-signed, or air-gapped test
  LLM endpoints. It remains blocked in ENVIRONMENT=prod and
  ENVIRONMENT=production.
• Matrix installs are now non-E2EE by default. For encrypted Matrix rooms,
  install .[matrix-e2e] or requirements/matrix-e2e.txt, ensure libolm is
  present, and set e2ee_enabled=true in the Matrix channel config.
• If you previously installed .[matrix] only to get non-encrypted Matrix
  messaging, reinstalling after this release should no longer require native
  libolm build tooling.

Full Changelog: https://github.com/HKUDS/DeepTutor/compare/v1.3.9...v1.3.10