opik

v2.0.43 Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 13d Error & Performance Tracking

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 3 known CVEs

Topics

evaluation hacktoberfest2025 langchain llama-index llm llm-evaluation

+5 more

llm-observability llmops openai playground prompt-engineering

Affected surfaces

deps

ReleasePort's take

Light signal

editorial:auto 13d

opik 2.0.43 patches CVE-2026-27135 in nghttp2-libs and clears HIGH-severity CVEs in Java backend dependencies (Corretto, netty, jetty, httpclient5) and CRITICAL-severity CVEs in docker base and urllib3.

Why it matters: Patch frontend immediately for CVE-2026-27135; upgrade backend Java dependencies to clear HIGH CVEs. Docker and urllib3 layers contain CRITICAL vulnerabilities requiring urgent patching.

Summary

AI summary

Updates deps, docker, and CVE-2026-27135 across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Bump Corretto, netty, jetty, httpclient5 to clear HIGH CVEs in opik-backend Bump Corretto, netty, jetty, httpclient5 to clear HIGH CVEs in opik-backend Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—
Security	Medium	Upgrade nghttp2-libs in opik-frontend to address CVE-2026-27135 Upgrade nghttp2-libs in opik-frontend to address CVE-2026-27135 Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—
Feature
Feature	Medium	Inject trace spans into LLM-as-judge prompts; enrich thread context with tool calls Inject trace spans into LLM-as-judge prompts; enrich thread context with tool calls Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Feature	Medium	Extend experiment project migration to handle deleted-project and no-inference tail Extend experiment project migration to handle deleted-project and no-inference tail Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Feature	Medium	Honor OPIK_VERSION_OVERRIDE in TS suite global setup Honor OPIK_VERSION_OVERRIDE in TS suite global setup Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Feature	Medium	Add prompt masks Add prompt masks Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Feature	Medium	Update automatically OpenAPI spec and Fern code Update automatically OpenAPI spec and Fern code Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Feature	Medium	Add sequential prompt version numbers Add sequential prompt version numbers Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Feature	Medium	Show dataset version inline with item source in experiments Show dataset version inline with item source in experiments Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Feature	Medium	Add experiment and dataset migration skip columns to workspaces Add experiment and dataset migration skip columns to workspaces Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Dependency	Medium	Bump docker base and urllib3 to clear CRITICAL+HIGH CVEs in opik-python-backend Bump docker base and urllib3 to clear CRITICAL+HIGH CVEs in opik-python-backend Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—
Bugfix	Medium	Skip release on 403 "cannot publish over" instead of failing Skip release on 403 "cannot publish over" instead of failing Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—

Full changelog

What's Changed

[NA] [BE][FE] chore: sync provider model definitions by @CometActions in https://github.com/comet-ml/opik/pull/6779
[NA] [BE] Update model prices file by @CometActions in https://github.com/comet-ml/opik/pull/6778
[OPIK-5333] Inject trace spans into LLM-as-judge prompts; enrich thread {{context}} with tool calls by @aadereiko in https://github.com/comet-ml/opik/pull/6751
[OPIK-6579] [BE] feat: extend experiment project migration to handle deleted-project and no-inference tail by @andrescrz in https://github.com/comet-ml/opik/pull/6785
[NA] [QA] feat: honor OPIK_VERSION_OVERRIDE in TS suite global setup by @AndreiCautisanu in https://github.com/comet-ml/opik/pull/6795
[OPIK-6624] [CI] fix(release): skip on 403 "cannot publish over" instead of failing by @JetoPistola in https://github.com/comet-ml/opik/pull/6797
[OPIK-6501] [SDK] feat: prompt masks by @petrotiurin in https://github.com/comet-ml/opik/pull/6710
[NA] [SDK] [DOCS] Update automatically OpenAPI spec and Fern code by @CometActions in https://github.com/comet-ml/opik/pull/6791
[OPIK-6454] [BE] feat: add sequential prompt version numbers by @BorisTkachenko in https://github.com/comet-ml/opik/pull/6789
[NA] [SDK] [DOCS] Update automatically OpenAPI spec and Fern code by @CometActions in https://github.com/comet-ml/opik/pull/6802
[OPIK-6613] fix(deps): bump docker base + urllib3 to clear CRITICAL+HIGH CVEs in opik-python-backend by @Nimrod007 in https://github.com/comet-ml/opik/pull/6783
[OPIK-6186] [BE] feat: add experiment and dataset migration skip columns to workspaces by @thiagohora in https://github.com/comet-ml/opik/pull/6774
[OPIK-6623] fix(security): bump Corretto + netty + jetty + httpclient5 to clear HIGH CVEs in opik-backend by @Nimrod007 in https://github.com/comet-ml/opik/pull/6796
[OPIK-6616] fix(docker): upgrade nghttp2-libs in opik-frontend (CVE-2026-27135) by @Nimrod007 in https://github.com/comet-ml/opik/pull/6788
[NA] [FE] feat: show dataset version inline with item source in experiments by @olesya-comet in https://github.com/comet-ml/opik/pull/6794
[OPIK-6547] [INFRA] ci: add Scout issue triage workflow by @dsblank in https://github.com/comet-ml/opik/pull/6776

Full Changelog: https://github.com/comet-ml/opik/compare/2.0.42...2.0.43

Security Fixes

CVE-2026-27135 — upgrade nghttp2-libs in opik-frontend
Clear HIGH CVEs by bumping Corretto, Netty, Jetty, HttpClient5 in opik-backend
Clear CRITICAL+HIGH CVEs by bumping docker base and urllib3 in opik-python-backend

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track opik

Get notified when new releases ship.

About opik

Debug, evaluate, and monitor your LLM applications, RAG systems, and agentic workflows with comprehensive tracing, automated evaluations, and production-ready dashboards.

All releases →

Related context

Related tools

Related CVEs

CVE-2026-27135 NVD KEV EPSS

Earlier breaking changes

v2.0.38 Split stats query and gate legacy feedback_scores UNION in BE.