LocalAI

v4.3.6 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 4d Model Serving & MLOps

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

agents ai api audio-generation decentralized distributed

+12 more

image-generation libp2p llama llm mamba mcp musicgen object-detection rerank stable-diffusion text-generation tts

Affected surfaces

auth rbac

ReleasePort's take

Moderate signal

editorial:auto 4d

The v4.3.6 release hardens outbound HTTP clients by refusing redirects and adds an NVIDIA NeMo Parakeet ASR backend.

Why it matters: Security: refuse redirects on all outbound HTTP client calls (severity 90). Feature: new ASR backend available (severity 40).

Summary

AI summary

Updates Other Changes, chore, and http across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Security	Critical	Refuse redirects on outbound HTTP clients for security hardening Refuse redirects on outbound HTTP clients for security hardening Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Medium	Adds NVIDIA NeMo Parakeet ASR backend (parakeet.cpp) Adds NVIDIA NeMo Parakeet ASR backend (parakeet.cpp) Source: llm_adapter@2026-05-30 Confidence: high	—

Full changelog

What's Changed

Other Changes

chore: :arrow_up: Update ggml-org/llama.cpp to 22d66b567eef11cf2e9832f04db64ee0323a0fd0 by @localai-bot in https://github.com/mudler/LocalAI/pull/10080
security(http): refuse redirects on outbound clients via hardened pkg/httpclient by @richiejp in https://github.com/mudler/LocalAI/pull/10087
feat(parakeet-cpp): add NVIDIA NeMo Parakeet ASR backend (parakeet.cpp) by @localai-bot in https://github.com/mudler/LocalAI/pull/10084
chore: :arrow_up: Update antirez/ds4 to e16ead1e29c81a67bbb64e5b001117679cf9ce6e by @localai-bot in https://github.com/mudler/LocalAI/pull/10076
chore: :arrow_up: Update mudler/parakeet.cpp to 30a307553f1965ceb38a1a922069a71e7dd67bf3 by @localai-bot in https://github.com/mudler/LocalAI/pull/10092

Full Changelog: https://github.com/mudler/LocalAI/compare/v4.3.5...v4.3.6

Security Fixes

Refuse redirects on outbound clients via hardened pkg/httpclient (http security)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track LocalAI

Get notified when new releases ship.

About LocalAI

LocalAI is the open-source AI engine. Run any model - LLMs, vision, voice, image, video - on any hardware. No GPU required.

All releases →