Skip to content

Onyx Community Edition

v3.2.14 Security

This release includes 4 security fixes for security teams reviewing exposed deployments.

Published 14d LLM Frameworks
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 4 known CVEs

Topics

ai ai-chat chatgpt chatui enterprise-search gen-ai
+7 more
information-retrieval llm llm-ui nextjs python self-hosted vector-db

Affected surfaces

deps crypto_tls

ReleasePort's take

Light signal
editorial:auto 14d

v3.2.14 adds observability across RDS, EKS, and applications via Prometheus, Grafana, Cloudwatch, and Sentry release tracking. Fixes address celery connection leaks and enforce chat session ownership.

Why it matters: Test RDS alerts and Grafana dashboards in staging before production. Deploy security and reliability fixes to all environments immediately; validate celery connection pool in staging.

Summary

AI summary

Broad release touches chat, fix, deps, and refactor.

Changes in this release

Feature Medium

Configurable file upload size and token limits via admin settings

Configurable file upload size and token limits via admin settings

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

Prometheus metrics ports and Services for celery workers added by Helm

Prometheus metrics ports and Services for celery workers added by Helm

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

Admin page to create or edit hooks

Admin page to create or edit hooks

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

`SelectCard` + `CardHeaderLayout` added to Opal

`SelectCard` + `CardHeaderLayout` added to Opal

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

Release tracking for backend and frontend in Sentry

Release tracking for backend and frontend in Sentry

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

RDS Snapshots, CPU Alerts, Freeable Memory alert, IO Metrics Alarms added

RDS Snapshots, CPU Alerts, Freeable Memory alert, IO Metrics Alarms added

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

Grafana dashboard provisioning for Helm

Grafana dashboard provisioning for Helm

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

Frontend source map uploads enabled in cloud CI

Frontend source map uploads enabled in cloud CI

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

Cloudwatch logging added to EKS

Cloudwatch logging added to EKS

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

Batch chunks during doc processing implemented

Batch chunks during doc processing implemented

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

`SelectCard` + `CardHeaderLayout` added to Opal (second mention)

`SelectCard` + `CardHeaderLayout` added to Opal (second mention)

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

Multi-model parallel streaming backend for chat added

Multi-model parallel streaming backend for chat added

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

Seed default Admin and Basic user groups

Seed default Admin and Basic user groups

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

Cluster disabled admin sidebar tabs at the bottom

Cluster disabled admin sidebar tabs at the bottom

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

Filestore delete missing error added

Filestore delete missing error added

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

GitHub star prompt added at end of install script

GitHub star prompt added at end of install script

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

Optional CA certificate update step added to api-server startup by Helm

Optional CA certificate update step added to api-server startup by Helm

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

Generic OpenAI Compatible LLM Provider setup implemented

Generic OpenAI Compatible LLM Provider setup implemented

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

Ad Hoc Deploys added to ODS

Ad Hoc Deploys added to ODS

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

`@opal/logos` added

`@opal/logos` added

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

Chat preference to disable smooth streaming added

Chat preference to disable smooth streaming added

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

Uploaded files as knowledge source support added

Uploaded files as knowledge source support added

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

Sharepoint members recursion fixed

Sharepoint members recursion fixed

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

Image Extraction from PDF files allowed

Image Extraction from PDF files allowed

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

Support for GPT Image 2 added to OpenAI

Support for GPT Image 2 added to OpenAI

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Feature Medium

Model information added to Generated Report metrics

Model information added to Generated Report metrics

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Bugfix Medium

Popover content overflow on small screens fixed

Popover content overflow on small screens fixed

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Bugfix Medium

Redis connection leak in celery prevented by broker connection pool

Redis connection leak in celery prevented by broker connection pool

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Bugfix Medium

Chat session ownership enforced on stop endpoint (security)

Chat session ownership enforced on stop endpoint (security)

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Bugfix Medium

Uploaded files blocked during chat fixed

Uploaded files blocked during chat fixed

Source: granite4.1:8b-q6_K@2026-05-20

Confidence: high
Full changelog

See the assets to download this version and install.

What's Changed

  • perf: perm sync start time by @evan-onyx in https://github.com/onyx-dot-app/onyx/pull/9685
  • fix(nginx): route /scim/* to api_server by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/9686
  • chore(greptile): add nginx routing rule for non-api backend routes by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/9687
  • chore(deps-dev): bump handlebars from 4.7.8 to 4.7.9 in /web by @dependabot[bot] in https://github.com/onyx-dot-app/onyx/pull/9689
  • chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2 in /web by @dependabot[bot] in https://github.com/onyx-dot-app/onyx/pull/9691
  • chore(devtools): ods trace by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9688
  • feat: configurable file upload size and token limits via admin settings by @Subash-Mohan in https://github.com/onyx-dot-app/onyx/pull/9232
  • refactor(indexing): Vespa & Opensearch index function use Iterable by @Danelegend in https://github.com/onyx-dot-app/onyx/pull/9384
  • feat(helm): add Prometheus metrics ports and Services for celery workers by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/9630
  • fix(fe): Popover content doesnt overflow on small screens by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9612
  • chore(deps): bump brace-expansion in /backend/onyx/server/features/build/sandbox/kubernetes/docker/templates/outputs/web by @dependabot[bot] in https://github.com/onyx-dot-app/onyx/pull/9698
  • chore(devtools): upgrade ods: 0.7.1->0.7.2 by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9701
  • chore(playwright): deflake settings_pages.spec.ts by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9684
  • Update README.md by @yuhongsun96 in https://github.com/onyx-dot-app/onyx/pull/9703
  • chore(gha): pin helm release docker image by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9706
  • feat(hook): admin page create or edit hook by @Bo-Onyx in https://github.com/onyx-dot-app/onyx/pull/9690
  • chore(gha): fix helm release after image update by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9707
  • fix(celery): use broker connection pool to prevent Redis connection leak by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/9682
  • chore(gha): helm release upstream nits by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9708
  • chore(gha): fix git error after helm release migration to alpine base image by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9709
  • chore(release): build all CLI wheels before publishing by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9710
  • chore(deps): upgrade go deps by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9711
  • fix(cli): onyx-cli --version interpolation by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9712
  • feat(cli): --version and validate-config warn if backend version is incompatible by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9715
  • chore(deps): bump cryptography from 46.0.5 to 46.0.6 by @dependabot[bot] in https://github.com/onyx-dot-app/onyx/pull/9721
  • chore(deps): bump langchain-core from 1.2.11 to 1.2.22 by @dependabot[bot] in https://github.com/onyx-dot-app/onyx/pull/9720
  • fix: Anthropic litellm thinking workaround by @evan-onyx in https://github.com/onyx-dot-app/onyx/pull/9713
  • feat(widget): add citation badges to chat widget by @rohoswagger in https://github.com/onyx-dot-app/onyx/pull/9714
  • fix(openpyxl): Colors must be aRGB hex values by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/9727
  • feat(cli): onyx-cli serve over SSH by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9726
  • perf(swr): convert raw-fetch hooks to SWR to eliminate duplicate requests by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/9694
  • refactor(opal): unify Interactive color system by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9717
  • feat(indexing): Max chunk processing by @Danelegend in https://github.com/onyx-dot-app/onyx/pull/9400
  • refactor(indexing): Change adapters to support iterables by @Danelegend in https://github.com/onyx-dot-app/onyx/pull/9469
  • refactor(indexing): Refactor indexing vector db abstraction by @Danelegend in https://github.com/onyx-dot-app/onyx/pull/9653
  • feat(indexing): Batch chunks during doc processing by @Danelegend in https://github.com/onyx-dot-app/onyx/pull/9468
  • chore(gha): prefer ci-protected env by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9728
  • chore(deps): bump pygments from 2.19.2 to 2.20.0 by @dependabot[bot] in https://github.com/onyx-dot-app/onyx/pull/9757
  • feat(opal): SelectCard + CardHeaderLayout by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9760
  • chore(deps): bump actions/cache from 5.0.3 to 5.0.4 by @dependabot[bot] in https://github.com/onyx-dot-app/onyx/pull/9765
  • chore(deps): bump runs-on/cache from 50350ad4242587b6c8c2baa2e740b1bc11285ff4 to a5f51d6f3fece787d03b7b4e981c82538a0654ed by @dependabot[bot] in https://github.com/onyx-dot-app/onyx/pull/9763
  • chore(fe): polish Query History table by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9767
  • chore(deps): bump helm/chart-testing-action from b5eebdd9998021f29756c53432f48dab66394810 to 2e2940618cb426dce2999631d543b53cdcfc8527 by @dependabot[bot] in https://github.com/onyx-dot-app/onyx/pull/9764
  • chore(types): fix IconButton size props by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9772
  • feat(sentry): add release tracking to backend and frontend by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/9773
  • feat(rds): Adding RDS Snapshosts by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/9779
  • feat(helm): add Grafana dashboard provisioning by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/9725
  • feat(sentry): enable frontend source map uploads in cloud CI by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/9775
  • feat(eks): Adding Cloudwatch logging by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/9783
  • feat(rds): Adding CPU Alerts by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/9784
  • refactor: migrate away from cards/Select by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9771
  • feat(rds): Add Freeable Memory alert by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/9787
  • fix(tenants): run migrations on pool tenants before assigning to new users by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/9788
  • feat(canvas): Canvas Connector data fetching 2/4 by @benwu408 in https://github.com/onyx-dot-app/onyx/pull/9386
  • feat(hook): hook status and logs by @Bo-Onyx in https://github.com/onyx-dot-app/onyx/pull/9770
  • chore(opensearch): Add Grafana dashboard for retrieval by @acaprau in https://github.com/onyx-dot-app/onyx/pull/9657
  • refactor(admin): image-generation by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9769
  • refactor(admin): LLM Config by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9806
  • fix(llm): when multiple providers are same type ensure name is prioritized when default by @jessicasingh7 in https://github.com/onyx-dot-app/onyx/pull/9777
  • refactor(admin): web-search by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9761
  • perf(swr): add SWR_KEYS registry and skip revalidation for stable hooks by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/9695
  • refactor(admin): code-interpreter by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9790
  • feat(voice): VAD auto-stop only when auto-send is enabled by @jessicasingh7 in https://github.com/onyx-dot-app/onyx/pull/9809
  • chore: fix batch logging by @evan-onyx in https://github.com/onyx-dot-app/onyx/pull/9808
  • chore: Rag script for benchmark/regression by @yuhongsun96 in https://github.com/onyx-dot-app/onyx/pull/9781
  • chore: fix indexing log2 by @evan-onyx in https://github.com/onyx-dot-app/onyx/pull/9811
  • fix(connectors): fix reindex on paused file connectors by @jessicasingh7 in https://github.com/onyx-dot-app/onyx/pull/9812
  • feat(hook): refactor under ee by @Bo-Onyx in https://github.com/onyx-dot-app/onyx/pull/9776
  • feat(rds): Adding IO Metrics Alarms by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/9789
  • fix: discord token validation by @evan-onyx in https://github.com/onyx-dot-app/onyx/pull/9817
  • fix: install early exit by @evan-onyx in https://github.com/onyx-dot-app/onyx/pull/9818
  • fix(perf): optimize chat sessions query to prevent DB cascading failures by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/9802
  • feat(file-upload): Upload files exceeding tokens but skip indexing by @Danelegend in https://github.com/onyx-dot-app/onyx/pull/9751
  • refactor(opal): split Card sizeVariant into padding + rounding by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9823
  • refactor(files): Port csv type to tabular by @Danelegend in https://github.com/onyx-dot-app/onyx/pull/9785
  • feat(files): Inject file metadata over content for certain files by @Danelegend in https://github.com/onyx-dot-app/onyx/pull/9786
  • refactor(admin): revamp Service Accounts page and AdminListHeader by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9824
  • chore(fe): prefer Button w/ href to wrapped Link by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9774
  • fix(a11y): migrate some buttons to Hoverable by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9778
  • fix(fe): foldable buttons unfold on tab by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9828
  • refactor(swr): migrate all inline cache keys to SWR_KEYS registry by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/9782
  • chore(deployment): rework trivy job by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9780
  • chore(deps): bump fastmcp from 3.0.2 to 3.2.0 by @dependabot[bot] in https://github.com/onyx-dot-app/onyx/pull/9814
  • docs(readme): README and Contrib by @yuhongsun96 in https://github.com/onyx-dot-app/onyx/pull/9829
  • README Update by @yuhongsun96 in https://github.com/onyx-dot-app/onyx/pull/9833
  • feat(hook): frontend ee by @Bo-Onyx in https://github.com/onyx-dot-app/onyx/pull/9825
  • chore(gha): cleanup connector tests by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9836
  • refactor: drive connector by @evan-onyx in https://github.com/onyx-dot-app/onyx/pull/9834
  • chore(deps): bump aiohttp from 3.13.3 to 3.13.4 by @dependabot[bot] in https://github.com/onyx-dot-app/onyx/pull/9839
  • feat(hook): integrate document ingestion hook point by @Bo-Onyx in https://github.com/onyx-dot-app/onyx/pull/9810
  • refactor(opal): split SelectCard's sizeVariant prop into paddingVariant + roundingVariant by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9830
  • fix(db): remove unnecessary selectinload(User.memories) from auth paths by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/9838
  • feat(hook): update hook doc link and reference by @Bo-Onyx in https://github.com/onyx-dot-app/onyx/pull/9841
  • fix(opensearch): Add Vespa server-side timeout for the migration by @acaprau in https://github.com/onyx-dot-app/onyx/pull/9843
  • chore(opensearch): Increase DEFAULT_NUM_HYBRID_SUBQUERY_CANDIDATES to 500, disable profiling by default by @acaprau in https://github.com/onyx-dot-app/onyx/pull/9844
  • fix(xlsx): Improve empty row/col handling by @Danelegend in https://github.com/onyx-dot-app/onyx/pull/9288
  • fix(opal): guard opal/interactive's onClick handlers against React portal event bubbling by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9850
  • fix(llm): Azure custom model support + Mistral tool call message ordering by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/9729
  • refactor(emitter): replace bus-polling with merge-queue by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/9803
  • refactor: Hook Extensions edits by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9831
  • docs: Chat README by @yuhongsun96 in https://github.com/onyx-dot-app/onyx/pull/9853
  • feat(chat): add multi-model parallel streaming backend by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/9647
  • feat(chat): add frontend types and API helpers for multi-model streaming by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/9648
  • feat(groups): seed default Admin and Basic user groups by @Subash-Mohan in https://github.com/onyx-dot-app/onyx/pull/9795
  • refactor: update Button to define its own internal disabled styling by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9851
  • feat(hook): Show connection lost status by @Bo-Onyx in https://github.com/onyx-dot-app/onyx/pull/9848
  • refactor: simplify opal/Disabled by removing its context by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9852
  • fix(offline): fallback to system sans-serif font by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9860
  • refactor: move SidebarTab to opal by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9863
  • Revert "refactor: move SidebarTab to opal" by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9865
  • chore(playwright): stabalize icon loading, users table timestamp by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9864
  • refactor: move SidebarTab to Opal with disabled prop and variant/state API (v2) by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9866
  • feat(install): add GitHub star prompt at end of install script by @rohoswagger in https://github.com/onyx-dot-app/onyx/pull/9861
  • fix(opensearch): Re-order migration task logic to not hold DB sessions too long by @acaprau in https://github.com/onyx-dot-app/onyx/pull/9872
  • fix(opensearch): Doc IDs whose length would exceed OpenSearch's ID length are hashed by @acaprau in https://github.com/onyx-dot-app/onyx/pull/9847
  • chore: remove unused db rows by @evan-onyx in https://github.com/onyx-dot-app/onyx/pull/9869
  • fix(desktop): prefer native scrollbar styling by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9879
  • feat(cli): make onyx-cli agent-friendly by @rohoswagger in https://github.com/onyx-dot-app/onyx/pull/9874
  • fix(fe): fix sticky sidebar headers overlapping scrollbars by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9884
  • fix(mcp server): propagate detailed error messages to mcp client instead of generic message and migrate to OnyxError by @wenxi-onyx in https://github.com/onyx-dot-app/onyx/pull/9880
  • feat: cluster disabled admin sidebar tabs at the bottom by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9867
  • feat: filestore delete missing error by @evan-onyx in https://github.com/onyx-dot-app/onyx/pull/9878
  • fix(fe): projects buttons transition in like other sidebar items by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9875
  • fix(fe): closed sidebar button tooltip text color by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9876
  • feat(hook): UI improve disconnect error popover by @Bo-Onyx in https://github.com/onyx-dot-app/onyx/pull/9877
  • feat(cli): onyx install-skill by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9889
  • fix(mobile): update sidebar responsiveness by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9862
  • fix(notion): extract people properties and inline table content by @jessicasingh7 in https://github.com/onyx-dot-app/onyx/pull/9891
  • fix: user files deleted by cleanup task by @evan-onyx in https://github.com/onyx-dot-app/onyx/pull/9890
  • fix(mobile): sidebar overlaps content on medium-sized screens by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9870
  • fix: Edit bifrost colour by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9897
  • fix(mt): Update Preprovision Workflow by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/9896
  • chore(deps): bump litellm from 1.81.6 to 1.83.0 by @dependabot[bot] in https://github.com/onyx-dot-app/onyx/pull/9898
  • feat(cli): render markdown while streaming (experiment) by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9893
  • refactor: rework admin sidebar footer by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9895
  • Revert "chore(deps): bump litellm from 1.81.6 to 1.83.0 (#9898)" by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9908
  • fix: Edit AccountPopover + Separator's appearances when folded by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9906
  • refactor: flatten opal card layouts, add children to CardHeaderLayout by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9907
  • chore: rm remnants of old kombu psql broker code by @wenxi-onyx in https://github.com/onyx-dot-app/onyx/pull/9924
  • fix(federated): prevent masked credentials from corrupting stored secrets by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/9868
  • feat(chat): add multi-model selector and chat hook by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/9854
  • refactor: remove dead LLM provider code from chat page load path by @wenxi-onyx in https://github.com/onyx-dot-app/onyx/pull/9925
  • feat(helm): add optional CA certificate update step to api-server startup by @alex000kim in https://github.com/onyx-dot-app/onyx/pull/9378
  • chore: bump sleep time in flaky test by @evan-onyx in https://github.com/onyx-dot-app/onyx/pull/9900
  • chore(deps): bump azure/setup-helm from 4.3.1 to 5.0.0 by @dependabot[bot] in https://github.com/onyx-dot-app/onyx/pull/9934
  • chore(deps): bump softprops/action-gh-release from 2.2.2 to 2.6.1 by @dependabot[bot] in https://github.com/onyx-dot-app/onyx/pull/9935
  • fix: set correct ee mode for mcp server by @wenxi-onyx in https://github.com/onyx-dot-app/onyx/pull/9933
  • chore(deps): bump actions/stale from 10.1.1 to 10.2.0 by @dependabot[bot] in https://github.com/onyx-dot-app/onyx/pull/9936
  • chore(db): Add env var for multiple postgres hosts by @acaprau in https://github.com/onyx-dot-app/onyx/pull/9942
  • chore(deps-dev): bump vite from 6.4.1 to 6.4.2 in /web by @dependabot[bot] in https://github.com/onyx-dot-app/onyx/pull/9944
  • chore(deps-dev): bump vite from 7.3.1 to 7.3.2 in /widget by @dependabot[bot] in https://github.com/onyx-dot-app/onyx/pull/9950
  • refactor: clean up KeyValueInput and EmptyMessageCard by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9947
  • chore: update custom LLM modal descriptions by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9946
  • fix(llm-config): extract first-class fields from custom provider key-value list by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9945
  • chore: context gitignore by @evan-onyx in https://github.com/onyx-dot-app/onyx/pull/9949
  • chore(helm): Bumping Python Sandbox to v0.3.2 by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/9955
  • refactor: conditionally render LLM modals instead of early-returning null by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9954
  • fix: a proper revamp of "Custom LLM Configuration Models" by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9958
  • fix: replace React context hover tracking with pure CSS by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9961
  • fix: stop falsely rejecting owner-password-only PDFs as protected by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9953
  • feat(chat): add multi-model response panels by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/9855
  • docs(celery): add Prometheus metrics integration guide by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/9969
  • feat: generic OpenAI Compatible LLM Provider setup by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9968
  • fix(groups): Global Curator Permissions by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/9974
  • chore(mt): Update cloud tasks by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/9967
  • fix(indexing, powerpoint files): Patch markitdown _convert_chart_to_markdown to no-op by @acaprau in https://github.com/onyx-dot-app/onyx/pull/9970
  • chore(docker): docker bake cache-from :edge images by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/9976
  • fix(fe): use Modal.Footer for token rate limit modal button by @jessicasingh7 in https://github.com/onyx-dot-app/onyx/pull/9978
  • refactor(ollama): manual fetch and fix ollama cloud base url by @wenxi-onyx in https://github.com/onyx-dot-app/onyx/pull/9973
  • feat(chat): wire multi-model streaming into chat controller and UI by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/9929
  • feat(pruning): Add Wire Prometheus metrics into the Heavy Celery worker by @Bo-Onyx in https://github.com/onyx-dot-app/onyx/pull/9982
  • chore(mt): reduce cleanup-idle-sandboxes beat cadence by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/9984
  • fix(auth): migrate limited-role checks to account-type based access control by @Subash-Mohan in https://github.com/onyx-dot-app/onyx/pull/9930
  • fix: onboarding LLM Provider configuration fixes by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9972
  • fix: LM Studio API key field mismatch by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9991
  • refactor: remove auto-refresh from LLM provider model selection by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9995
  • fix: initialize tracing in Slack bot service by @wenxi-onyx in https://github.com/onyx-dot-app/onyx/pull/9993
  • refactor: foldable model list in ModelSelectionField by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9996
  • chore: delete unused files by @raunakab in https://github.com/onyx-dot-app/onyx/pull/10001
  • fix: enable force-delete for last LLM provider by @raunakab in https://github.com/onyx-dot-app/onyx/pull/9998
  • fix: Custom LLM Provider requires a Provider Name by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/10003
  • fix: fetch Custom Models provider names by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/10004
  • feat(metrics): add pruning-specific Prometheus metrics by @Bo-Onyx in https://github.com/onyx-dot-app/onyx/pull/9983
  • feat: @opal/logos by @raunakab in https://github.com/onyx-dot-app/onyx/pull/10002
  • feat(ods): Ad Hoc Deploys by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/10014
  • chore(python sandbox): Bump to v0.3.3 by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/10016
  • chore(ods): Bump from v0.7.2 -> v0.7.3 by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/10018
  • fix: /api/admin/llm/built-in/options/custom 404 by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/10009
  • chore(edge): Skip edge tag by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/10019
  • chore: update generic LLM configuration help copy by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/10011
  • fix(chat): resolve model selector showing stale model on agent switch by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/10022
  • fix(input): differentiate attach file and add model icons by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/10024
  • fix(chat): center multi-model response panels in chat view by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/10006
  • fix(chat): gate ModelSelector render on agent and provider readiness by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/10017
  • fix(chat): only collapse sidebar on multi-model submit by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/10020
  • fix(chat): prevent popover flash when selecting 3rd model by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/10021
  • chore(python): simplify internal packages/workspace by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/10029
  • feat(nrf): add ModelSelector and multi-model support to Chrome extension by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/10023
  • feat(chat): add deselect preferred response with smooth transitions and scroll preservation by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/10026
  • refactor: consolidate LLM provider modal routing by @raunakab in https://github.com/onyx-dot-app/onyx/pull/10030
  • fix(chat): set consistent 720px content width for chat and input bar by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/10032
  • fix(helm): declare metrics port on celery-worker-heavy by @Bo-Onyx in https://github.com/onyx-dot-app/onyx/pull/10033
  • fix: jira bulk issue fetch batching (#10044) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10049
  • feat(federated): full thread replies + direct URL fetch in Slack search (#9940) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10050
  • fix(LLM config): resolve API Key before fetching models (#10056) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10057
  • fix(license): exclude service account users from seat count (#10053) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10061
  • feat(slack-bot): make agent selector searchable (#10036) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10038
  • fix(scim): add advisory lock to prevent seat limit race condition (#10048) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10065
  • fix(chat): hide ModelSelector in search mode (#10052) to release v3.2 by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/10068
  • fix(mcp): prevent masked OAuth credentials from being stored on re-auth (#10066) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10069
  • fix(chat): model selection + multi-model follow-up correctness (#10075) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10078
  • feat(chat): smooth character-level streaming (#10076) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10081
  • Revert "feat(chat): smooth character-level streaming (#10076) to release v3.2" by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/10082
  • fix(copy-button): fall back when Clipboard API unavailable (#10080) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10084
  • fix(chat): isolate multi-model streaming errors to their panels (#10113) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10127
  • fix: welcome message alignment in chrome extension/desktop (#10094) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10135
  • fix(chat): disable Deep Research in multi-model mode (ENG-4009) (#10126) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10139
  • feat(chat): scrollable tables with overflow fade (#10097) to release v3.2 by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/10136
  • feat(chat): smooth character-level streaming (#10093) to release v3.2 by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/10138
  • chore(hotfix): cherry-pick 2 commits to release v3.2 by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/10140
  • fix(google): handle JSON credential payloads in KV storage (@jack-larch) (#10160) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10165
  • feat(notifications): announce upcoming group-based permissions migration (#10178) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10180
  • fix(llm): Fix the Auto Fetch workflow (#10181) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10182
  • fix(chat): speed up text gen (#10186) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10187
  • Add Datadog admission opt-out label to sandbox pods (#10040) to release v3.2 by @wenxi-onyx in https://github.com/onyx-dot-app/onyx/pull/10188
  • fix(chat): eliminate long-lived DB session in multi-model worker threads (#10159) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10191
  • fix(chat): render inline citation chips in multi-model panels (#10196) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10201
  • fix(fe): handle file attachment overflow (#10211) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10212
  • fix(ollama): always include model tag in display name (#10218) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10219
  • fix(voice): send TTS text in POST body instead of query params (#10213) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10221
  • fix(chat): hide incomplete citation links during streaming (#10224) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10232
  • fix(chat): snap typewriter to full content on tab re-focus (#10226) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10231
  • fix(chat): disable hover/pointer states on multi-model panels during streaming (#10202) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10215
  • fix(chat): fix fade gradient missing on last multi-model panel (#10199) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10214
  • fix(chat): keep model selector popover open until max models reached (#10203) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10216
  • fix(chat): only header click selects preferred in multi-model panels (#10198) to release v3.2 by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/10234
  • feat(img): Editing User Uploaded Images (#10264) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10278
  • feat(anthropic): include Opus 4.7 in recommended models (#10273) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10280
  • fix(logos): github logo displays correctly in dark mode (#10269) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10284
  • fix: gmail datetime parsing on unexpected values (#10290) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10294
  • fix(llm-selector): show each provider instance as its own group (#10292) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10296
  • fix(image): Cap Uploaded File Image Count (#10298) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10303
  • chore(hotfix): cherry-pick 5 commits to release v3.2 by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/10306
  • chore(hotfix): cherry-pick 3 commits to release v3.2 by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/10309
  • fix(fe): LineItem can disable icon stroke (#10289) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10315
  • fix(web): Sentry Token Check (#10310) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10316
  • fix(deps): install transitive vertexai dependency (#10328) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10332
  • fix(metrics): Adding in hostname (#10335) to release v3.2 by @github-actions[bot] in https://github.com/onyx-dot-app/onyx/pull/10336
  • feat(connectors): convert Gong connector from poll to checkpointed (#10258) to release v3.2 by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/10359
  • fix(gong): move call-details retry into checkpoint state instead of blocking (#10369) to release v3.2 by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/10388
  • fix(files): harden authorization on chat file downloads (#10380) to release v3.2 by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/10390
  • fix(security): enforce chat session ownership on stop endpoint (#10413) to release v3.2 by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/10417
  • fix: uploaded files as knowledge source (#10167) to release v3.2 by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/10435
  • fix(files): Add img generated files to user accessible (#10434) to release v3.2 by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/10449
  • feat(chat): chat preference to disable smooth streaming (#10460) to release v3.2 by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/10468
  • fix(files): Img generated files blocked during chat (#10465) to release v3.2 by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/10512
  • fix(deep_research): emit synthetic tool_result on failed research call (#10527) to release v3.2 by @nmgarza5 in https://github.com/onyx-dot-app/onyx/pull/10530
  • fix(files): allow connector file previews through /chat/file (#10498) to release v3.2 by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/10571
  • fix: sharepoint members recursion (#10505) to release v3.2 by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/10605
  • fix(pdf): Allowing Image Extraction from PDF files (#10395) to release v3.2 by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/10655
  • feat(openai): Add support for GPT Image 2 (#10653) to release v3.2 by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/10657
  • feat(metrics): Adding model information to Generated Report (#10648) to release v3.2 by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/10666
  • fix(indexing): drop SectionType usage on release/v3.2 by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/10667
  • chore(mypy): Disable mypy cache for release/v3.2 by @acaprau in https://github.com/onyx-dot-app/onyx/pull/10894
  • fix(litellm): Opus 4.7 no longer accepts temperature param, litellm is not dropping it (#10878) to release v3.2 by @acaprau in https://github.com/onyx-dot-app/onyx/pull/10889
  • fix: mcp oauth token handling (#11238) to release v3.2 by @evan-onyx in https://github.com/onyx-dot-app/onyx/pull/11242

Full Changelog: https://github.com/onyx-dot-app/onyx/compare/v3.1.10...v3.2.14

Security Fixes

  • fix(security): enforce chat session ownership on stop endpoint (#10413) to release v3.2
  • fix(federated): prevent masked credentials from corrupting stored secrets
  • fix(mcp): prevent masked OAuth credentials from being stored on re‑auth (#10066)
  • fix(files): harden authorization on chat file downloads (#10380)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Onyx Community Edition

Get notified when new releases ship.

Sign up free

About Onyx Community Edition

Chat UI that works with any LLM. It comes loaded with advanced features like agents, web search, RAG, MCP, deep research, Connectors to 40+ knowledge sources, and more.

All releases →

Related context

Earlier breaking changes

  • v4.0.2 Requires running the OpenSearch document index migration before upgrading to v4.0.
  • v3.3.7 Environment variable DANSWER_RUNNING_IN_DOCKER renamed to ONYX_RUNNING_IN_DOCKER.
  • v3.0.13 OpenSearch enabled as default search backend replacing Vespa
  • v3.0.13 License enforcement enabled by default in EE mode

Beta — feedback welcome: [email protected]