Skip to content

mlflow

Tracing

An open‑source AI engineering platform for building, debugging, evaluating, and deploying agents, LLMs, and ML models

Track releases GitHub Website
Python Latest ts/v0.2.0 · 19d ago Security brief →

Features

  • Production‑grade observability and tracing of LLM applications via OpenTelemetry
  • Comprehensive evaluation framework with built‑in metrics and LLM judges
  • Prompt registry, versioning, and automated optimization for prompt management

Security Response History

2 CVEs
CVE Severity Disclosed Patched (this tool) vs Ecosystem Median
CVE-2026-42208 KEV critical
CVSS 9.8
 2026-05-08 2026-05-15 7d
CVE-2023-4863 KEV high
CVSS 8.8
 2023-09-13 2026-01-29 2y 5mo / median 2y 4mo

Recent releases

View all 7 releases →
No immediate action
ts/v0.2.0 Security

Routine maintenance and dependency updates.

patches CVE-2023-4863 patches CVE-2026-42208
Open
v3.12.0 Breaking risk
Breaking changes
  • [Scoring] Deprecate `enable_mlserver` in pyfunc serving backend
Notable features
  • Multimodal Tracing: store multimodal content as artifact attachments with mlflow-attachment:// URIs
  • Gateway guardrails: set guardrails on gateway endpoints to block unsafe or non‑compliant inputs/outputs
  • Trace table pagination: traces tab now paginated instead of loading up to 1000 entries
Full changelog

MLflow 3.12.0 includes several major features and improvements

Major New Features

  • 🖼️ Multimodal Tracing: Users can now store multimodal content in tracing spans as artifact attachments instead of inline binary data. We've also patched the UI to support the new mlflow-attachment:// style URI, with rich rendering available for PDFs, audio, and images.
  • 🤖 Codex, Gemini, Qwen coding agent tracing support: Similar to our Claude Code tracing integration, we've now added support for the Codex, Gemini, and Qwen coding agent platforms as well!
  • 🛡️ Gateway guardrails: You can now set guardrails on your gateway endpoints to prevent unsafe or non-compliant model inputs and outputs. Try it out in the MLflow UI!
  • ⚡ Trace table pagination: The traces tab is now paginated, rather than fetching all traces up to a limit of 1000. This improves initial load time, and makes the page feel more responsive overall.

Breaking Changes

  • [Scoring] Deprecate enable_mlserver in pyfunc serving backend (#22994, @B-Step62)

Other Assorted Features & Improvements:

  • [UI] Add coding agents section to AI Gateway quick start (#23006, @TomeHirata)
  • [Tracing] feat: record caller in gateway traces from request headers (#22926, @TomeHirata)
  • [] Run guardrails on passthrough endpoints; skip response_format for non-chat payloads (#22856, @TomeHirata)
  • [] Gateway: preserve client auth header for subscription-based CLI tools (claude-cli, Codex-Desktop, GeminiCLI) (#22915, @TomeHirata)
  • [Tracing] Expose Codex and Qwen Code hooks as installable CLI binaries (#22853, @kriscon-db)
  • [Tracking / UI] Add Portkey as a supported AI Gateway provider (#22830, @sairavuri-sudo)
  • [Tracking] Cache successful basic-auth credential checks to eliminate per-request PBKDF2 (#22817, @PattaraS)
  • [] Add last_updated_at field to model catalog entries (#22838, @copilot-swe-agent)
  • [Evaluation] Enable third-party scorer registration in OSS MLflow (#22634, @smoorjani)
  • [] Add platform-side telemetry fields to Gateway invocation and budget events (#22557, @PattaraS)
  • [Tracing] Auto-start SQL warehouse before V4/V5 MLflow tracing calls (#22798, @artjen)
  • [Tracing] Migrate Claude Code tracing to TypeScript-based plugin for simpler installation and runtime handling. (#22338, @B-Step62)
  • [Tracing] Add TypeScript Qwen Code tracing via Stop hook (#22411, @kriscon-db)
  • [] Support model_kwargs in DeepEval scorers for LLM parameter control (#22494, @debu-sinha)
  • [] Add Application Default Credentials auth mode for Vertex AI gateway (#22754, @harupy)
  • [UI] Reorganize Settings into section-based routing with sub-sidebar navigation (#22743, @serena-ruan)
  • [Tracing] Add TypeScript Codex CLI tracing via notify hook (#22410, @kriscon-db)
  • [Tracing / UI] Add Share button to trace detail view (#22608, @alkispoly-db)
  • [Docs / Models] Add mlflow.diffusers flavor for diffusion model LoRA adapters (#22253, @Rasaboun)
  • [Tracing] Add size limit for trace attachments (#22575, @kriscon-db)
  • [Tracing] Add GeminiCliTranslator for Gemini CLI OTLP span type mapping (#22409, @kriscon-db)
  • [Tracing] Add JSON OTLP encoding support for trace ingestion (#22408, @kriscon-db)
  • [Tracing] Extract service.name from OTLP resource attributes for usage telemetry (#22407, @kriscon-db)
  • [Tracing] Add MLflow tracing spans to guardrail execution in gateway (#22581, @TomeHirata)
  • [Tracing / UI] Add rendering size guards for large media content (#22574, @kriscon-db)
  • [Tracking] #21037 Add presigned upload URL endpoint for S3 artifact uploads (#21039, @henishborad)
  • [UI] Add Guardrails tab to endpoint editor (#22360, @TomeHirata)
  • [UI] Add click-to-expand modal for trace attachment images (#22461, @kriscon-db)
  • [UI] Enhance Gateway quick start cards with logos, multi-model options, and compact variant (#22513, @xq-yin)
  • [Tracing] Add @mlflow/vercel for better Vercel AI SDK tracing in Databricks UC (#22105, @dbrx-euirim)
  • [UI] [UI] Refactor API keys page: bulk delete, inline drawer editing, consistent list pattern (#22485, @xq-yin)
  • [] Add Guardrail base class and JudgeGuardrail implementation (#21964, @TomeHirata)
  • [Tracing] Add multimodal demo traces with synthetic image and audio data (#22465, @kriscon-db)
  • [] [FR] #22217 Add configurable provider allow/deny list to AI Gateway (#22291, @etirelli)
  • [UI] [UI] Add bulk duplicate and delete actions to AI Gateway endpoints table (#22404, @xq-yin)
  • [UI] Redesign endpoint details model section with unified Model card (#22376, @xq-yin)
  • [] Add X-MLflow-Gateway-Duration-Ms and X-MLflow-Gateway-Overhead-Duration-Ms response headers (#22229, @PattaraS)
  • [UI] Redesign AI Gateway endpoint details: Overview tab, starter code, and Try in Browser (#22284, @xq-yin)
  • [] Add guardrail proto definitions, server handlers, and REST store (#21962, @TomeHirata)
  • [Build] Add aiohttp as a core dependency of mlflow (#22189, @TomeHirata)
  • [] Add gateway guardrail DB layer: schema, store methods, and tests (#21960, @TomeHirata)
  • [UI] Add quick-start template cards to AI Gateway empty state (#22249, @xq-yin)
  • [Tracing / UI] Add freeform Notes section to trace assessments pane (#21676, @smoorjani)
  • [Tracing / UI] [UI] Improve traces table visual design and UX (#20424, @ridgupta26)
  • [UI] Improve Image Grid chart UX for multi-run image comparison (#22118, @Rasaboun)
  • [Models] Add base_model_path parameter to save PEFT adapter-only with local base model reference (#22052, @rpathade)
  • [Tracking] Add mlflow db move-resources command to move resources between workspaces (#21263, @mprahl)
  • [Tracking] feat(tracking): Add composite index on metrics (run_uuid, key, step) (#21727, @ravidarbha)

Bug fixes:

  • [Tracing / Tracking] Redact presigned URL credentials in urllib3 retry logs (#22995, @B-Step62)
  • [Tracing] Fix assessment logging silently dropped in distributed tracing (#22963, @serena-ruan)
  • [] Filter _list_budget_windows results by active workspace when request is workspace-scoped (#22885, @copilot-swe-agent)
  • [Models / Scoring] Fix uv custom index URLs omitted from model requirements.txt (#22921, @serena-ruan)
  • [Tracing / UI] Set mlflow.message.format on gateway passthrough spans to enable Chat tab (#22916, @TomeHirata)
  • [Server-infra] Add RBAC regression tests + gateway validator fix (#22862, @PattaraS)
  • [Server-infra] Include role-based grants in list_accessible_workspace_names (#22864, @PattaraS)
  • [Tracing] Preserve cache_read tokens in claude_code tracing for cache observability (#22683, @dgokeeffe)
  • [Tracing] Fix InferenceTableSpanProcessor init for opentelemetry-sdk 1.41.0 (#22867, @harupy)
  • [UI] Fix audio artifact viewer failing in non-default workspaces (#22811, @harupy)
  • [Tracking] Fix O(n^2) body buffering in WSGIMiddleware for large uploads (#22729, @harupy)
  • [Tracking] Propagate workspace_id as X-Databricks-Org-Id header for SPOG support (#22554, @B-Step62)
  • [UI] Fix sessions pagination not auto-loading after virtualizer settles (#22808, @daniellok-db)
  • [Tracing] Fix _get_token_usage dropping zero-valued token counts (#22748, @copilot-swe-agent)
  • [Tracing] Fix _get_token_usage dropping cache token fields (#22818, @harupy)
  • [UI] Remove rendering size guards from artifact image and video views (#22816, @kriscon-db)
  • [UI] Disable Create Guardrail in AddGuardrailModal until a Guardrail Model endpoint is selected (#22766, @copilot-swe-agent)
  • [UI] Disable Guardrails tab in EditEndpointFormRenderer when endpoint.experiment_id is null, refresh i18n messages, and fix JS type-check follow-ups (#22757, @copilot-swe-agent)
  • [] Fix OPENAI_API_KEY requirement when guardrails use gateway:/ judge model (#22769, @TomeHirata)
  • [Tracking] Fix ABFSS URI double-encoding in _parse_abfss_uri (#22759, @artjen)
  • [UI] Persist immediate gateway usage-tracking updates and preserve dirty edits in useEditEndpointForm (#22734, @copilot-swe-agent)
  • [] Fix Vertex AI gateway global location handling for Gemini 3 models (#22696, @harupy)
  • [Tracing] Fix ValueError: Circular reference detected crash in dump_span_attribute_value (pydantic_ai autolog) (#22693, @barry3406)
  • [Tracing] Add Bedrock Converse models to model catalog (#22515, @ajgassner)
  • [Tracing] Fix incorrect cost calculation for Anthropic cached requests (#22516, @ajgassner)
  • [UI] Disable Create button when experiment name is empty (#22649, @ssam18)
  • [Tracing] Fix AsyncHttpxClientWrapper AttributeError by avoiding deepcopy in TraceJSONEncoder (#22742, @harupy)
  • [Evaluation] Fix JSON parsing failure for judge model responses containing newlines (#22736, @harupy)
  • [Evaluation] Fix non-ASCII characters being escaped in judge template variables (#22728, @harupy)
  • [Tracking] Fix pandas 3.x datetime64 resolution compatibility in cast_df_types_according_to_schema (#22705, @copilot-swe-agent)
  • [Tracing] Fix conversation simulator adding wrapper span that breaks custom scorers (#21321, @B-Step62)
  • [] Fix Bedrock tool-use chat response parsing (#22677, @lavaFreak)
  • [UI] Fix AI Gateway provider dropdown by flattening OpenAI / Azure OpenAI (#22701, @harupy)
  • [Evaluation / Tracing] Preserve predict_fn signature in simulation turn tracing (#22610, @rogalski)
  • [Tracing / Tracking] fix: Extract cached_tokens in OpenAI streaming responses to correct cost tracking (#22620, @Rishabh-git10)
  • [Tracing / UI] Auto-select first endpoint and API key in issue detection modal (#22633, @serena-ruan)
  • [Model Registry] Use SQL MAX() in create_model_version instead of loading all rows (#22635, @neolunar7)
  • [Tracing] Add modality/tool pricing extraction to dev/update_model_catalog.py, backfill anthropic.json / gemini.json, and skip reasoning modality pricing (#22699, @copilot-swe-agent)
  • [Tracing] Fix pydantic-ai run_stream_sync autologging broken by AgentSpec forward reference in _returns_sync_streamed_result (#22666, @copilot-swe-agent)
  • [UI] Unify execution duration cell rendering in session header rows (#22631, @daniellok-db)
  • [] Implement guardrail execution in gateway API handlers (#22306, @TomeHirata)
  • [Tracing / Tracking] Fast-path trace-id search in frontend to avoid spans.content scan (#22433, @harupy)
  • [UI] Fix tag cutoff in prompts table (#22507, @nananosirova)
  • [Scoring] Fix pandas 3.0 StringDtype mismatch in cast_df_types_according_to_schema (#22537, @copilot-swe-agent)
  • [Tracing] Fix exception propagation in @mlflow.trace within @trace_disabled context (#22501, @harupy)
  • [UI] [UI] Show header and breadcrumb on gateway usage page when no endpoints exist (#22445, @xq-yin)
  • [Model Registry] Fix performance degradation for single-tenant installation (#22405, @abaland)
  • [UI] Render attachments inline in Details & Timeline span view (#22451, @kriscon-db)
  • [UI] Skip markdown rendering for oversized chat content to prevent browser freezes (#22464, @kriscon-db)
  • [UI] Render attachment images embedded in complex JSON structures (#22462, @kriscon-db)
  • [UI] Handle input_file content type in Responses API chat rendering (#22466, @kriscon-db)
  • [UI] Fall back to OpenAI parser for LangChain traces with OpenAI-format data (#22456, @kriscon-db)
  • [UI] Combine multi-part Responses API input into a single chat message (#22459, @kriscon-db)
  • [UI] Render text content before audio parts in chat messages (#22460, @kriscon-db)
  • [Tracing] Handle Gemini SDK bytes repr format in inline_data extraction (#22453, @kriscon-db)
  • [UI] Show all output fields alongside attachment renderings in summary view (#22449, @kriscon-db)
  • [UI] Handle single dict contents in Gemini chat input normalization (#22455, @kriscon-db)
  • [UI] Fix audio player not loading on first render in attachment view (#22450, @kriscon-db)
  • [UI] Allow Gemini chat rendering when role field is omitted (#22454, @kriscon-db)
  • [Evaluation] Add server side check for registering custom scorer (#22381, @WeichenXu123)
  • [UI] [UI] Cache gateway provider/model queries to eliminate redundant fetches (#22440, @xq-yin)
  • [Tracing] Eager-load trace relationships in search_traces (#22431, @harupy)
  • [Model Registry] Fix cross-workspace copy_model_version failure caused by get_logged_model call (#22262, @TomeHirata)
  • [UI] [UI] Fix endpoint details to display all API keys for multi-model endpoints (#22406, @xq-yin)
  • [UI] Fix tag cutoff in experiments table (#21871, @nananosirova)
  • [Tracking] Fix rename_experiment in SqlAlchemyStore to enforce 500-char name limit (#22418, @copilot-swe-agent)
  • [Tracking] Fix download_artifacts and list_artifacts returning wrong status for missing artifacts (#22310, @Karim-siala)
  • [Docs / Tracing] Enable async trace logging by default for OSS MLflow (#22304, @PattaraS)
  • [UI] Show Save/Cancel buttons only when endpoint has unsaved changes (#22367, @xq-yin)
  • [UI] Remove mp4 from AUDIO_EXTENSIONS to fix video artifact preview (#22350, @copilot-swe-agent)
  • [Evaluation] Fix MetaPromptOptimizer failing on prompts with no template variables (#22301, @alkispoly-db)
  • [Prompts / UI] Fix misleading placeholder text in PromptsListFilters (#22321, @copilot-swe-agent)
  • [Evaluation] Fix make_judge with bool/numeric types not reporting aggregated metrics in evaluate() (#22302, @alkispoly-db)
  • [UI] Fix dark mode CSS not consistently applied in compare runs page (#22254, @DaoDaoNoCode)
  • [Tracking] Fix 500 error in start_trace when merging traces with existing metrics (#22257, @alkispoly-db)
  • [Model Registry / Tracing / Tracking] Fix _all_tables_exist to derive expected_tables from Base.metadata dynamically (#22128, @copilot-swe-agent)
  • [UI] Hide 'Show more columns' button when runs are selected (#21867, @nananosirova)
  • [Evaluation] Support T | None as top-level feedback_value_type in make_judge (#22201, @copilot-swe-agent)
  • [UI] Fix dataset details drawer: local source display, profile parsing, broken link (#22143, @Rasaboun)
  • [Tracking] Fix --static-prefix not applied to /api/ REST routes (#22159, @TomeHirata)
  • [Tracing / Tracking] Map user.id span attribute to mlflow.trace.user during OTel ingestion (#22150, @ajgassner)

Documentation updates:

  • [Docs] Docs: Add AI Gateway CLI Tools pages (Claude Code, Codex, Gemini CLI) (#22918, @TomeHirata)
  • [Docs / Tracing / UI] Add documentation for Codex CLI, Gemini CLI, and Qwen Code tracing (#22412, @kriscon-db)
  • [Docs] Add Live Demo documentation page for demo.mlflow.org (#22840, @serena-ruan)
  • [Docs] Docs: Adds Middleware in the tracing section for integrated observability platforms (#22791, @luharshekhar2000-dot)
  • [Docs / UI] Rename guardrail stage terminology to Pre-LLM / Post-LLM across guardrail_utils.py, Gateway API, UI, docs, and guardrailValidation.ts (#22767, @copilot-swe-agent)
  • [Docs] Fix EvaluationDataset type references in GenAI datasets docs (#22761, @harupy)
  • [Docs] docs: add guardrails documentation for AI Gateway (#22577, @TomeHirata)
  • [] Allow different PGPORT in docker compose (#22646, @riklopfer)
  • [Docs] Remove docs/docs/genai/governance/ai-gateway/legacy/* and redirect legacy AI Gateway routes to ai-gateway/index (#22579, @copilot-swe-agent)
  • [Docs] Remove unused parameter from invocation() function example in manual tracing docs (#22524, @prithvipal)
  • [Docs] Document uv run --frozen flag for offline/no-network usage in CLAUDE.md (#22505, @copilot-swe-agent)
  • [Docs] Add documentation for multimodal trace attachments (#21783, @kriscon-db)
  • [Docs] Add AI Gateway Performance & Benchmarks docs page (#22390, @copilot-swe-agent)
  • [Docs] Update changelog for 3.11.0 release (#22394, @WeichenXu123)

Small bug fixes and documentation updates:

#22993, #22978, #21482, #21321, #22559, #21319, #22483, #22346, #22091, @B-Step62; #22919, #22925, #22854, #22821, #22786, #22820, #22615, #22819, #22781, #22703, #22565, #22200, #22193, @serena-ruan; #22869, #22863, #22843, #22839, #22837, #22815, #22765, #22762, #22749, #22708, #22486, #22481, #22471, #22401, #22366, #22278, #22281, @harupy; #22848, #22775, #22764, #22763, #22772, #22527, #22435, #22358, #22357, #22356, #22355, #22261, #22259, #22202, #22234, #22243, @TomeHirata; #22824, @vinh412; #22805, #22804, #22803, #22802, #22801, #22800, #22447, #22632, #22735, #22697, #22691, #22508, #22628, #22567, #22482, #22441, #22273, #22272, #22190, #22434, #22154, #22147, #22144, #22268, #22241, #22187, #22074, @daniellok-db; #22557, #22722, #22807, #22721, #22558, #22589, #22319, #22145, #21789, @PattaraS; #22825, #22783, #22789, #22787, #22784, #22782, #22757, #22771, #22770, #22758, #22756, #22755, #22744, #22737, #22715, #22718, #22714, #22713, #22711, #22710, #22707, #22704, #22700, #22692, #22686, #22690, #22689, #22688, #22684, #22685, #22682, #22670, #22669, #22668, #22667, #22664, #22663, #22662, #22655, #22657, #22659, #22601, #22580, #22578, #22576, #22563, #22550, #22549, #22548, #22547, #22545, #22544, #22541, #22540, #22539, #22538, #22511, #22532, #22529, #22528, #22526, #22523, #22525, #22519, #22518, #22517, #22514, #22512, #22509, #22510, #22506, #22504, #22490, #22488, #22480, #22478, #22477, #22470, #22468, #22443, #22438, #22436, #21203, #22417, #22403, #22413, #22399, #22395, #22391, #22392, #22388, #22379, #22348, #22347, #22343, #22341, #22342, #22340, #22339, #22337, #22330, #22329, #22328, #22316, #22309, #22305, #22250, #22207, #22204, #22198, #22177, #22174, @copilot-swe-agent; #22795, @rollyjoel; #22629, #22730, #22614, #22573, #22334, #22502, #22448, #22196, #22263, #22186, #22185, #22184, #21956, #22183, #22246, #21955, @kriscon-db; #22627, #22238, @xsh310; #22295, #22212, @smoorjani; #22463, #22370, #22365, #22240, #22226, @xq-yin; #22473, #22439, #22437, @WeichenXu123; #22387, #21419, @mprahl; #22382, #22373, @SeldonAi; #21848, @alkispoly-db; #22160, @amotl

View release on GitHub
v3.11.1 Breaking risk
Breaking changes
  • TypeScript SDK renamed: mlflow-tracing→@mlflow/core, mlflow-openai→@mlflow/openai, mlflow-anthropic→@mlflow/anthropic, mlflow-gemini→@mlflow/gemini
  • Removed MLFLOW_ENABLE_INCREMENTAL_SPAN_EXPORT environment variable
  • Block / and : in Registered Model names
Notable features
  • Automatic Issue Identification in traces
  • Gateway budget alerts and spending limits
  • Trace graph view visualization
View release on GitHub
v3.10.0 New feature
Notable features
  • Multi-workspace organization support
  • Multi-turn conversation evaluation and simulation
  • Trace cost tracking and visualization
View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
26,243
Forks
5,810
Languages
Python TypeScript JavaScript
Downloads/week
11,191
NPM Maintainers
1
Contributors
100
TypeScript
Types included ✓
View on GitHub View on npm Homepage Live demo Documentation

Similar tools

langfuse
phoenix
metaflow
haystack
agentops

Beta — feedback welcome: [email protected]