Skip to content

ypollak2/llm-router

v8.0.4 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 29d LLM Frameworks
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai-routing anthropic claude claude-code cost-optimization gemini
+7 more
litellm llm llm-router mcp-server model-router ollama openai

Affected surfaces

auth

Summary

AI summary

Removed leaked files from sdist containing live API keys and internal documents.

Full changelog

Security

  • Removed leaked files from sdist: Previous versions (7.6.1–8.0.3) shipped .env (live API keys), .internal/ (strategy docs), CLAUDE.md, and other internal files in the PyPI source distribution. All affected keys have been rotated.
  • Comprehensive [tool.hatch.build.targets.sdist] exclude list now only ships: src/, pyproject.toml, LICENSE, README.md, CHANGELOG.md, CONTRIBUTING.md

Fixed

  • Session savings report audit: 8 fixes to the session-end summary for trust and accuracy
    • Subscription deltas: show "no change" instead of misleading +0.0pp
    • Mock/test models filtered from production reports
    • Call reconciliation line: Total: N routed = X local/prepaid + Y external
    • Savings transparency: show actual + baseline cost
    • "Free models" → "Local models (Ollama)" / "Prepaid models (Codex)"
    • Router efficiency: honest "No fallbacks (N decisions)" instead of vague "100% on-target"
  • Star CTA SVG: redesigned layout, no text/icon overlap
  • Stars badge: cache-bust to clear stale "invalid" state

Tests

  • 30 new tests for session report formatting and data integrity
  • 1768 total tests passing

Security Fixes

  • Removed `.env` with live API keys, `.internal/`, `CLAUDE.md`, and other internal files from sdist in versions 7.6.1–8.0.3; all affected keys have been rotated.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track ypollak2/llm-router

Get notified when new releases ship.

Sign up free

About ypollak2/llm-router

Subscription-aware LLM router for Claude Code. Routes tasks to 20+ providers (OpenAI, Gemini, Groq, Ollama, Codex) based on complexity classification, Claude subscription pressure, and cost. Free tasks stay on Claude subscription; expensive tasks fall back to the cheapest capable model. Includes 30 MCP tools, 6 auto-routing hooks, semantic dedup cache, prompt caching, daily spend cap, and a live web dashboard.

All releases →

Related context

Earlier breaking changes

  • v9.2.0 Changes auto‑route directive from advisory "DO NOT SKIP" to hard constraint with explicit blocked tools list.
  • v9.2.0 Breaks permanent downgrade of enforcement after first Edit/Write; v13 now requires per‑turn routing.

Beta — feedback welcome: [email protected]