flower

vframework-1.30.0 scope: framework Breaking

This release includes 1 breaking change for platform teams planning a safe upgrade.

Published 14d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai android artificial-intelligence c++ machine-learning federated-analytics

+12 more

federated-learning federated-learning-framework fleet-intelligence fleet-learning flower grpc ios python pytorch raspberry-pi scikit-learn tensorflow

Affected surfaces

auth crypto_tls

Summary

AI summary

Updates What's new?, Incompatible changes, and https://github.com/flwrlabs/flower/pull/7097 across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Breaking	Medium	Disallow manually running internal flwr-* commands Disallow manually running internal flwr-* commands Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Feature
Feature	Medium	Introduce the task system for executor process lifecycle management Introduce the task system for executor process lifecycle management Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Feature	Medium	Add initial runtime version compatibility checks across framework components Add initial runtime version compatibility checks across framework components Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Feature	Medium	Add TLS support for AppIo APIs Add TLS support for AppIo APIs Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Feature	Medium	Improve framework documentation Improve framework documentation Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Bugfix	Medium	Support dynamic ClientAppIo ports in SuperNode Support dynamic ClientAppIo ports in SuperNode Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Refactor	Medium	Improve framework CI and release workflows Improve framework CI and release workflows Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—

Full changelog

Thanks to our contributors

We would like to give our special thanks to all the contributors who made the new version of Flower possible (in git shortlog order):

Charles Beauville, Chong Shen Ng, Daniel J. Beutel, Daniel Nata Nugraha, Heng Pan, Javier, Micah Sheller, Mohammad Naseri, Patrick Foley, Taner Topal, Yan Gao

What's new?

Introduce the task system for executor process lifecycle management (#7030, #7031, #7036, #7040, #7044, #7047, #7053, #7054, #7058, #7068, #7069, #7078, #7079, #7080, #7081, #7083, #7087, #7088, #7089, #7090, #7094, #7095, #7097, #7100, #7101, #7102, #7105, #7106, #7110, #7111, #7112, #7115, #7116, #7117, #7118, #7122, #7139, #7144, #7151, #7153, #7157, #7158, #7163, #7167, #7180, #7184, #7197)

Introduces the task system as the foundation for managing task process lifecycles across the framework. Tasks represent executable units such as flwr-serverapp and flwr-clientapp, enabling consistent creation, claiming, activation, heartbeat tracking, completion, and logging. The change also refactors existing run and executor workflows to operate on tasks and links a run status to its primary task for improved orchestration and lifecycle tracking.
Add initial runtime version compatibility checks across framework components (#7038, #7067, #7077, #7084, #7091, #7092, #7093, #7103, #7107, #7108, #7113, #7141, #7146, #7160, #7191)

Introduces runtime version compatibility metadata and checks across Flower runtime components. AppIo communication for flwr-serverapp, flwr-simulation, and flwr-clientapp now enforces matching major.minor Flower releases, which prevents incompatible app runtime combinations from proceeding. Control API and Fleet API also observe runtime version metadata to prepare these paths for stricter compatibility handling in future releases.
Add TLS support for AppIo APIs (#6986, #7046, #7175)

Introduces TLS support for the ServerAppIo and ClientAppIo APIs. Adds root certificate configuration for flwr- commands and flower-superexec. Find out more details in the TLS guide.
Support dynamic ClientAppIo ports in SuperNode (#7128)

Fixes support for localhost:0 in the SuperNode ClientAppIo API.
Improve framework CI and release workflows (#7007, #7034, #7041, #7055, #7072, #7073, #7086, #7138, #7145, #7152, #7154, #7159, #7166, #7170, #7176, #7187)
Improve framework documentation (#7006, #7011, #7022, #7050, #7150, #7186)
General improvements (#7013, #7021, #7024, #7025, #7027, #7028, #7037, #7043, #7051, #7056, #7057, #7061, #7063, #7104, #7109, #7123, #7124, #7125, #7134, #7136, #7140, #7143, #7148, #7149, #7161, #7162, #7165, #7172, #7183, #7192, #7195, #7196, #7200, #7204)

As always, many parts of the Flower framework and quality infrastructure were improved and updated.

Incompatible changes

Disallow manually running internal flwr-* commands (#7019)

Removes support for manually starting flwr-serverapp, flwr-simulation, and flwr-clientapp; these commands can only be launched by SuperExec.

Breaking Changes

Disallow manually running internal `flwr-serverapp`, `flwr-simulation`, and `flwr-clientapp` commands; they must be launched by SuperExec.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track flower

Get notified when new releases ship.

About flower

Flower: A Friendly Federated AI Framework

All releases →