Skip to content

Releases: Chainlit/chainlit

1.3.2

08 Nov 10:25
Compare
Choose a tag to compare

⚠️ Security Advisory

IMPORTANT: The element feature currently contains a known security vulnerability that could allow unauthorized file access. We strongly recommend against using elements in production environments until a comprehensive fix is implemented in an upcoming release.

Breaking Changes

This release drops support for FastAPI versions before 0.115.3 and Starlette versions before 0.41.2 due to a severe security vulnerability (CVE-2024-47874). We strongly encourage all downstream dependencies to upgrade as well.

While this is technically a breaking change in a patch release, we are prioritizing security over strict semantic versioning in this case. We strongly encourage all users to upgrade to this version immediately for the latest security improvements.

Security Updates

  • Critical dependency updates to address CVE-2024-47874 (#1493):
    • Upgraded fastapi to 0.115.3
    • Upgraded starlette to 0.41.2
    • Upgraded werkzeug to 3.0.6

Bug Fixes

  • Fixed incorrect message ordering in UI by @pmercier (#1501):
    • Messages now display in the correct chronological order
    • Resolved race conditions in message display logic
    • Improved message state management

Contributors

Full Changelog: 1.3.1...1.3.2

2.0.dev2

25 Oct 12:38
67de9c7
Compare
Choose a tag to compare
2.0.dev2 Pre-release
Pre-release

Important Security Notice

This development release temporarily reverts recent security improvements to restore element functionality. The element feature currently contains a known security vulnerability that could allow unauthorized file access. As this is a development release, it should not be used in production environments.

What's Changed

  • Fixed elements not displaying when using authentication by @hayescode in #1474
  • Temporarily reverted file access security improvements from 2.0.dev1 to restore functionality (#1441)

Development Status

Work is underway to implement HTTP-only cookie authentication as a comprehensive security solution. This will be a key feature of upcoming development releases.

Full Changelog: 2.0.dev1...2.0.dev2

1.3.1

25 Oct 12:31
daa960c
Compare
Choose a tag to compare

Important Security Notice

This hotfix release temporarily reverts recent security improvements to restore element functionality. The element feature currently contains a known security vulnerability that could allow unauthorized file access. We strongly recommend against using elements in production environments until our next release, which will implement a comprehensive fix using HTTP-only cookie authentication.

What's Changed

  • Fixed elements not displaying when using authentication by @hayescode in #1474
  • Temporarily reverted file access security improvements from 1.3.0 to restore functionality (#1441)

Next Steps

We are actively working on a comprehensive security fix that will be released in the coming weeks.

Full Changelog: 1.3.0...1.3.1

2.0dev1

22 Oct 10:25
2556985
Compare
Choose a tag to compare
2.0dev1 Pre-release
Pre-release

[2.0.dev1] - 2024-10-22

Features

  • Added interactive pandas.DataFrame display component using MUI Data Grid (#1373)
  • Optional websocket connection in react-client (#1379)
  • Added current URL to message payload (#1403)
  • Improved image interaction UX - clicking opens in popup with download option (#1402)
  • Added configurable user session timeout (#1032)
  • Environment variables OAUTH_<PROVIDER>_PROMPT and OAUTH_PROMPT to
    override oauth prompt parameter.
    Prevent automatic re-login with OAUTH_PROMPT=consent. (#1362, #1456).

Security

  • Fixed file access vulnerability in get_file and upload_file endpoints (#1441)
  • Added authentication to /project/file endpoint (#1441)
  • Addressed security vulnerabilities in frontend dependencies (#1431, #1414)

Fixed

  • Dialog boxes no longer extend beyond window (#1446)
  • Allow empty chat input when submitting attachments (#1261)
  • Fixed tasklist when Chainlit is submounted (#1433)
  • Allow spaces in avatar filenames (#1418)
  • Step argument input and concurrency issues (#1409)
  • Correctly copy display_name to PersistentUser during authentication (#1425)

Development

  • Refactored storage clients into separate modules (#1363)
  • Support for IETF BCP 47 language tags (#1399)
  • Improved GitHub Actions workflows and build process (#1445)
  • Allow direct installation from GitHub (#1423)
  • Extended package metadata with homepage and documentation links (#1413)
  • Various backend fixes and code cleanup (#1432)

1.3.0

22 Oct 16:51
Compare
Choose a tag to compare

Key Improvements

  • Enhanced security with critical fixes for file handling and dependency updates (#1441, #1431, #1414)
  • Added SQLite database support for storing chat history and user data (#1319)
  • Made OAuth login behavior configurable through environment variables - use OAUTH_PROMPT=consent to prevent automatic re-login after logout (#1456)
  • Added support for localized languages like Latin American Spanish (es-419) through IETF language tags (#1399)
  • Enhanced performance and reliability of cloud storage through LiteralAI 0.0.625 update (#1376)

What's Changed

New Contributors

Full Commit Log: 1.2.0...1.3.0, CHANGELOG

2.0.dev0

08 Oct 12:13
2e9569b
Compare
Choose a tag to compare
2.0.dev0 Pre-release
Pre-release

Developer Preview

This is a developer preview release of Chainlit 2.0. It introduces significant changes and new features, particularly integration with the OpenAI Realtime API . As a dev preview, it may contain bugs and is not recommended for production use.

Major Changes

Realtime Audio Processing

The most significant change in this release is the introduction of realtime audio processing capabilities, as implemented in PR #1401 by @willydouhard. This feature enables real-time voice conversations with AI assistants.

Check out a screen grab of the demo on Twitter X.

For a practical implementation of this new feature, check out our cookbook entry on creating a realtime assistant.

Breaking Changes in Audio Implementation

  • Replaced AudioChunk type with InputAudioChunk and OutputAudioChunk
  • Changed default audio sampling rate from 44100 to 24000
  • Removed several audio configuration options (min_decibels, initial_silence_timeout, silence_timeout, chunk_duration, max_duration)
  • Introduced new on_audio_start callback
  • Modified on_audio_end callback to no longer accept file elements as arguments

New Features

  • Audio connection signaling with on and off states
  • AudioPresence component for visual representation of audio state
  • WavRecorder and WavStreamPlayer classes for improved audio handling
  • startConversation and endConversation methods in useAudio hook
  • Audio interruption functionality

Other Changes

  • Updated useChatInteract hook with startAudioStream method
  • Modified useChatSession to handle new audio streaming functionality
  • Refactored UI components to reflect new audio implementation
  • Added new wavtools directory with various audio processing utilities
  • Implemented new AudioWorklet processors for more efficient audio handling

Removed

  • RecordScreen component
  • Several audio-related configuration options from config.toml

For a complete list of changes, please refer to the full changelog.

We encourage developers to test this preview release and provide feedback. Please report any issues or suggestions on our GitHub repository.

1.3.0rc0

02 Oct 16:45
79639b6
Compare
Choose a tag to compare
1.3.0rc0 Pre-release
Pre-release

Feedback and testing

This is a release candidate (rc0) for version 1.3.0.
We encourage thorough testing, especially of the LiteralAI integration and history features.

Feedback is highly appreciated to ensure stability for the final 1.3.0 release, specifically on the LiteralAI integration and SQLAlchemy/SQLite.

Key Features and Improvements

  • Added SQLite support to the SQLAlchemy integration (#1319)
  • Implemented extensive test coverage for LiteralDataLayer and SQLAlchemyDataLayer (#1376, #1346)
  • Refactored the LiteralDataLayer for improved performance and consistency (#1376)
  • Added get_element() method to SQLAlchemyDataLayer (#1346)
  • Enhanced OAuth logout process to prevent automatic re-login (#1362)

What's Changed

New Contributors

Full Changelog: 1.2.0...1.3.0rc0

1.2.0rc0

18 Sep 12:40
Compare
Choose a tag to compare
1.2.0rc0 Pre-release
Pre-release

Add experimental assistant feature

1.2.0

16 Sep 16:19
052e8d8
Compare
Choose a tag to compare

Security

  • Fixed critical vulnerabilities allowing arbitrary file read access (#1326)
  • Improved path traversal protection in various endpoints (#1326)

Added

  • Hebrew translation JSON (#1322)
  • Translation files for Indian languages (#1321)
  • Support for displaying function calls as tools in Chain of Thought for LlamaIndexCallbackHandler (#1285)
  • Improved feedback UI with refined type handling (#1325)

Changed

  • Upgraded cryptography from 43.0.0 to 43.0.1 in backend dependencies (#1298)
  • Improved GitHub Actions workflow (#1301)
  • Enhanced data layer cleanup for better performance (#1288)
  • Factored out callbacks with extensive test coverage (#1292)
  • Adopted strict adherence to Semantic Versioning (SemVer)

Fixed

  • Websocket connection issues when submounting Chainlit (#1337)
  • Show_input functionality on chat resume for SQLAlchemy (#1221)
  • Negative feedback class incorrectness (#1332)
  • Interaction issues with Chat Profile Description Popover (#1276)
  • Centered steps within assistant messages (#1324)
  • Minor spelling errors (#1341)

Development

  • Added documentation for release engineering process (#1293)
  • Implemented testing for FastAPI version matrix (#1306)
  • Removed wait statements from E2E tests for improved performance (#1270)
  • Bumped dataclasses to latest version (#1291)
  • Ensured environment loading before other imports (#1328)

1.1.404

04 Sep 10:01
21c607a
Compare
Choose a tag to compare

Breaking Changes

  • Python Version: This release requires Python 3.9 or higher. Please ensure you're using a compatible Python version before upgrading.
  • Containerized Deployments: If you're using containerized deployments, you may need to specify --host 0.0.0.0 for your container to work correctly with the new security changes.

What's Changed

New Contributors

Full Changelog: 1.1.402...1.1.404