Onyx Community Edition

v3.3.10 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 5d LLM Frameworks

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

ai ai-chat chatgpt chatui enterprise-search gen-ai

+7 more

information-retrieval llm llm-ui nextjs python self-hosted vector-db

Affected surfaces

rce_ssrf

Summary

AI summary

Fix eliminates a regular expression denial-of-service vulnerability in the chat citation processor.

Changes in this release

Type	Severity	Summary	CVE
Dependency	Low	Downgrade transformers dependency from 5.5.4 to 4.57.6 Downgrade transformers dependency from 5.5.4 to 4.57.6 Source: llm_adapter@2026-05-29 Confidence: high	—
Bugfix	Medium	Eliminate ReDoS in citation processor partial-citation regex Eliminate ReDoS in citation processor partial-citation regex Source: llm_adapter@2026-05-29 Confidence: low	—
Bugfix	Low	Omit sampling parameters and use adaptive thinking for Claude Opus 4.8 LLM integration Omit sampling parameters and use adaptive thinking for Claude Opus 4.8 LLM integration Source: llm_adapter@2026-05-29 Confidence: low	—

Full changelog

See the assets to download this version and install.

What's Changed

chore(deps): downgrade transformers from 5.5.4 to 4.57.6 (#11479) to release v3.3 by @jmelahman in https://github.com/onyx-dot-app/onyx/pull/11487
fix(llm): omit sampling params + use adaptive thinking for Claude Opus 4.8 (backport #11524) by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/11529
fix(chat): eliminate ReDoS in citation processor partial-citation regex (#11527) to release v3.3 by @justin-tahara in https://github.com/onyx-dot-app/onyx/pull/11534

Full Changelog: https://github.com/onyx-dot-app/onyx/compare/v3.3.9...v3.3.10

Security Fixes

fix(chat): eliminate ReDoS in citation processor partial-citation regex (#11527)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Onyx Community Edition

Get notified when new releases ship.

About Onyx Community Edition

Chat UI that works with any LLM. It comes loaded with advanced features like agents, web search, RAG, MCP, deep research, Connectors to 40+ knowledge sources, and more.

All releases →

Related context

Related tools

Earlier breaking changes

v4.0.2 Requires running the OpenSearch document index migration before upgrading to v4.0.
v3.3.7 Environment variable DANSWER_RUNNING_IN_DOCKER renamed to ONYX_RUNNING_IN_DOCKER.
v3.0.13 OpenSearch enabled as default search backend replacing Vespa
v3.0.13 License enforcement enabled by default in EE mode