1.13.0 - Human-in-the-Loop and Workflow Execution Upgrades

🚀 New Features

Human-in-the-Loop (HITL)

We are introducing the Human Input node, a major update that transforms how AI and humans
collaborate within Dify workflows.

Background

Previously, workflows were binary: either fully automated or fully manual. This created a "trust gap" in
high-stakes scenarios where AI speed is needed but human judgment is essential. With HITL, we are making h
uman oversight a native part of the workflow architecture, allowing you to embed
review steps directly into the execution graph.

Key Capabilities

• Native Workflow Pausing: Insert a "Human Input" node to suspend workflow execution at critical decision points.
• Review & Edit: The node generates a UI where humans can review AI outputs and modify variables (e.g., editing a draft or correcting data) before the process continues.
• Action-Based Routing: Configure custom buttons (like "Approve," "Reject," or "Escalate") that determine
  the subsequent path of the workflow.
• Flexible Delivery Methods: Human input forms can be delivered via Webapp or Email. In cloud environments, Email delivery availability may depend on plan/feature settings.

🛠 Architecture Updates

To support the stateful pause/resume mechanism required by HITL and provide event‑subscription APIs, we refactored the execution engine: Workflow‑based streaming executions and Advanced Chat executions now run in Celery workers, while non‑streaming WORKFLOW runs still execute in the API process.
All pause/resume paths (e.g., HITL) are resumed via Celery, and events are streamed back through Redis Pub/Sub.

For Large Deployments & Self-Hosted Users:

We have introduced a new Celery queue named workflow_based_app_execution. While standard setups will work out of the box, high-throughput environments should consider the following optimizations to ensure stability and performance:

1. Scale Workers: Adjust the number of workers consuming the workflow_based_app_execution queue based on your specific workload.
2. Dedicated Redis (Optional): For large-scale deployments, we recommend configuring the new PUBSUB_REDIS_URL environment variable to point to a dedicated Redis instance. Using Redis Cluster mode with Sharded PubSub is strongly advised to ensure horizontal scalability.

⚠️ Important Upgrade Note

New Celery Queue Required: workflow_based_app_execution

Please ensure your deployment configuration (Docker Compose, Helm Chart, etc.) includes workers listening to the new workflow_based_app_execution queue.
This queue is required for workflow‑based streaming executions and all resume flows (e.g., HITL); otherwise, streaming executions and resume tasks will not be processed.

🔧 Operational Note

Additional Celery Queue: api_token

If ENABLE_API_TOKEN_LAST_USED_UPDATE_TASK=true, ensure your deployment also has workers listening to api_token.
This queue is used by the scheduled batch update task for API token last_used_at timestamps.

⚙️ Configuration Changes

We have introduced several new environment variables to support the architectural changes. Large deployments should pay special attention to the PubSub Redis configurations to ensure scalability.

• PUBSUB_REDIS_URL (Critical): Specifies the Redis URL used for PubSub communication between the API and Celery workers. If left empty, it defaults to the standard REDIS_* configuration.
• PUBSUB_REDIS_CHANNEL_TYPE (Critical): Defines the channel type for streaming events. Options are pubsub (default) or sharded. We highly recommend using sharded for high-throughput environments.
• PUBSUB_REDIS_USE_CLUSTERS (Critical): Set to true to enable Redis cluster mode for PubSub. Combined with sharded PubSub, this is essential for horizontal scaling.

Other Additions:

• WEB_FORM_SUBMIT_RATE_LIMIT_MAX_ATTEMPTS: Maximum number of web form submissions allowed per IP within the rate limit window (Default: 30).
• WEB_FORM_SUBMIT_RATE_LIMIT_WINDOW_SECONDS: Time window in seconds for web form submission rate limiting (Default: 60).
• HUMAN_INPUT_GLOBAL_TIMEOUT_SECONDS: Maximum seconds a workflow run can stay paused waiting for human input before global timeout (Default: 604800, 7 days).
• ENABLE_HUMAN_INPUT_TIMEOUT_TASK: Enables the background task that checks for expired human input requests (Default: true).
• HUMAN_INPUT_TIMEOUT_TASK_INTERVAL: Sets the interval (in minutes) for the timeout check task (Default: 1).
• ENABLE_API_TOKEN_LAST_USED_UPDATE_TASK: Enables the periodic background task that batch-updates API token last_used_at timestamps (Default: true).
• API_TOKEN_LAST_USED_UPDATE_INTERVAL: Sets the interval (in minutes) for batch-updating API token last_used_at timestamps (Default: 30).
• SANDBOX_EXPIRED_RECORDS_CLEAN_BATCH_MAX_INTERVAL: Maximum random delay (in milliseconds) between retention cleanup batches to reduce DB pressure spikes (Default: 200).

📌 Additional Changelog Highlights

Reliability & Correctness

• Added migration-time deduplication and a unique constraint for tenant default models to prevent duplicate default model records.
• Fixed a tools-deletion edge case caused by provider ID type mismatch.
• Fixed a FastOpenAPI integration regression where authenticated users could be resolved as anonymous in remote file APIs.
• Fixed message event type detection for file-related responses, and hid the workspace invite action for non-manager users.

Performance & Scalability

• Reduced backend load and console latency with plugin manifest pre-caching and AppListApi query optimizations.
• Improved large-data task stability with split DB sessions, batched cleanup execution, index tuning, and configurable inter-batch throttling for retention cleanup jobs.

API & Platform Capabilities

• Added a Service API endpoint for end-user lookup with tenant/app scope enforcement.
• Improved workflow run history refresh behavior during run state transitions.
• Enhanced MCP Tool integration by extracting and reporting usage metadata (for example, token/cost fields) from MCP responses.

Security

• Removed dynamic new Function evaluation from ECharts parsing and now return explicit parsing errors for unsupported chart code.

Localization

• Added Dutch (nl-NL) language support across backend language mapping and web localization resources.

---

Upgrade Guide

Important

If you use custom CELERY_QUEUES, make sure workflow_based_app_execution is included.
If ENABLE_API_TOKEN_LAST_USED_UPDATE_TASK=true, also include api_token.

For background and details, see ⚠️ Important Upgrade Note and 🔧 Operational Note above.

Docker Compose Deployments

1. Back up your customized docker-compose YAML file (optional)

   cd docker
   cp docker-compose.yaml docker-compose.yaml.$(date +%s).bak

2. Get the latest code from the main branch

   git checkout main
   git pull origin main

3. Stop the service. Please execute in the docker directory

   docker compose down

4. Back up data

   tar -cvf volumes-$(date +%s).tgz volumes

5. Upgrade services

   docker compose up -d

Note

If you encounter errors like below

2025/11/26 11:37:57 /app/internal/db/pg/pg.go:30
[error] failed to initialize database, got error failed to connect to `host=db_postgres user=postgres database=dify_plugin`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)

2025/11/26 11:37:57 /app/internal/db/pg/pg.go:34
[error] failed to initialize database, got error failed to connect to `host=db_postgres user=postgres database=postgres`: hostname > resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)
2025/11/26 11:37:57 init.go:99: [PANIC]failed to init dify plugin db: failed to connect to `host=db_postgres user=postgres database=postgres`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)
panic: [PANIC]failed to init dify plugin db: failed to connect to `host=db_postgres user=postgres database=postgres`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)

Please use the following command instead. For details, please read this #28706

docker compose --profile postgresql up -d

Source Code Deployments

1. Stop the API server, Worker, and Web frontend Server.

2. Get the latest code from the release branch:

   git checkout 1.13.0

3. Update Python dependencies:

   cd api
   uv sync

4. Then, let's run the migration script:

   uv run flask db upgrade

5. Finally, run the API server, Worker, and Web frontend Server again.

---

What's Changed

• refactor(api): replace reqparse with Pydantic models in trial.py by @Sean-Kenneth-Doherty in #31789
• refactor: plugin detail panel components for better maintainability and code organization. by @CodingOnStar in #31870
• fix: remove api reference doc link en prefix by @hyoban in #31910
• fix: missing import console_ns by @hjlarry in #31916
• fix: fix mcp server status is not right by @fatelei in #31826
• test: try fix test, clear test log in CI by @hyoban in #31912
• fix: fix mcp output schema is union type frontend crash by @fatelei in https://github.com/langgenius/dify/pull...

v1.12.1 - Fix base URL in client and other bugs

What's Changed

• fix(docker): persist IRIS data across container recreation using Durable %SYS by @TomoOkuyama in #31899
• fix(docker): improve IRIS data persistence with proper Durable %SYS by @TomoOkuyama in #31901
• fix: base url in client by @hyoban in #31902
• fix: auto summary env by @zxhlyh in #31930
• fix: fix delete_draft_variables_batch cycle forever by @fatelei in #31934
• chore: bump version in docker-compose and package manager to 1.12.1 by @QuantumGhost in #31947

v1.12.0 - Introducing Summary Index: Smarter Retrieval with AI Summarization

🚀 New Features: Summary Index

We are introducing Summary Index, a powerful enhancement to our knowledge base retrieval system that significantly improves search accuracy by generating AI-powered summaries for document chunks.

Background

Traditional vector search relies on raw chunk embeddings, which can miss semantic nuances and context when matching user queries. This is especially challenging for long documents or complex content where key information might be scattered across multiple chunks. Summary Index addresses this by creating concise, semantically-rich summaries for each document chunk, which are then vectorized and used as an additional retrieval layer.

Key Capabilities

• AI-Powered Summarization: Automatically generates concise summaries for document chunks using configurable LLM models, capturing essential semantic information in a compact format.
• Multimodal Support: When using vision-capable LLMs (e.g., GPT-4V, Claude-3), the system can generate summaries that incorporate both text and images from document chunks, providing richer context understanding.
• Enhanced Retrieval Accuracy: Summary vectors serve as an additional retrieval layer, improving the precision of knowledge base searches by matching queries against both original content and AI-generated summaries.
• Flexible Configuration: Supports default summary prompts, allowing you to tailor the summarization style to match your domain-specific requirements.
• Asynchronous Processing: Summary generation runs asynchronously, ensuring that document indexing remains fast and non-blocking.
• Manual Summary Editing: Allows you to manually edit and refine AI-generated summaries to better align with the original chunk content, ensuring summaries accurately reflect domain-specific terminology and context.
• Index Structure Compatibility: Works with both general chunking and parent-child chunking modes, with intelligent handling of hierarchical document relationships.
• High-Quality Index Integration: Available exclusively for datasets using the "high_quality" indexing technique, ensuring optimal performance for production knowledge bases.

Other Improvements

• Agent App Multimodal Support: Agent App now natively supports multimodal inputs (images/files).
• Qdrant Full-Text Search: Implemented full-text search with multi-keyword support for Qdrant vector database.
• Workflow Enhancements:
  • Added support for registering and reading context in workflows.
  • Added OpenTelemetry support for single runs.
• Plugin System: Added an option to delete or keep API keys when uninstalling a plugin.
• Template Preview Before Creating: Added a detailed app template preview with workflow graphs or app configs by app type.

🐞 Bug Fixes & Security Updates

• Security:
  • Logstore security fix: Addressed potential SQL injection, serialization issues, and optimized initialization.
  • Fixed an SSRF vulnerability in WordExtractor URL download.
  • Upgraded tanstack devtools to fix seroval RCE vulnerability.
  • Security updates for pdfminer.six, authlib, werkzeug, aiohttp, and pycryptodome.
• Workflow & Graph Engine:
  • Fixed issues where single iteration or loop nodes could not run.
  • Fixed NextStep crash when the target node is missing.
  • Fixed ToolInvokeMessage Union type parsing issue.
• API & Backend:
  • Fixed CORS resource pattern for /console/api routes.
  • Fixed IRIS hybrid search returning zero results.
  • Fixed billing account deletion issues.
  • Fixed vdb-migrate command for parent-child segment migration.
• Frontend:
  • Fixed "Expand all chunks" button not working.
  • Fixed vertical scrolling support for floating elements.
  • Fixed validation error when uploading images with None URL values.

⚙️ Configuration Changes

• SANDBOX_EXPIRED_RECORDS_CLEAN_TASK_LOCK_TTL: Sets the lock TTL for the sandbox expired records cleanup task (Default: 90000).
• SMTP_LOCAL_HOSTNAME: Optional override for the local hostname used during SMTP HELO/EHLO.
• PLUGIN_MODEL_SCHEMA_CACHE_TTL: Sets the cache TTL for plugin model schemas (Default: 3600).
• ENABLE_TRIAL_APP: Enables trial app (Default: false).
• ENABLE_EXPLORE_BANNER: Enables explore banner (Default: false).

Upgrade Guide

Docker Compose Deployments

1. Back up your customized docker-compose YAML file (optional)

   cd docker
   cp docker-compose.yaml docker-compose.yaml.$(date +%s).bak

2. Get the latest code from the main branch

   git checkout main
   git pull origin main

3. Stop the service. Please execute in the docker directory

   docker compose down

4. Back up data

   tar -cvf volumes-$(date +%s).tgz volumes

5. Upgrade services

   docker compose up -d

What's Changed

• fix: fix instance is not bind to session by @fatelei in #30913
• feat: inject traceparent in enterprise api by @wylswz in #30895
• refactor: init orpc contract by @hyoban in #30885
• refactor(variables): clarify base vs union type naming by @laipz8200 in #30634
• feat: change param to pydantic model by @fatelei in #30870
• chore(deps): bump filelock from 3.20.0 to 3.20.3 in /api by @dependabot[bot] in #30939
• feat: Add option to delete or keep API keys when uninstalling plugin by @UMDKyle in #28201
• chore(deps): bump azure-core from 1.36.0 to 1.38.0 in /api by @dependabot[bot] in #30941
• fix: Correction to the full name of Volc TOS by @jneless in #30741
• fix(logstore): prevent SQL injection, fix serialization issues, and optimize initialization by @adongfan in #30697
• fix: use Factory to create repository in Aliyun Trace by @hieheihei in #30899
• fix: fix LOOP_CHILDREN_Z_INDEX by @fatelei in #30719
• refactor(web): MCP tool availability to context-based version gating by @lyzno1 in #30955
• refactor(http_request_node): apply DI for http request node by @laipz8200 in #30509
• fix(web): preserve HTTP method in ORPC fetchCompat mode by @lyzno1 in #30971
• chore(web): disable Serwist dev logs by @lyzno1 in #30980
• chore(web): remove unused demo service component by @lyzno1 in #30979
• fix(deps): security updates for pdfminer.six, authlib, werkzeug, aiohttp and others by @kenwoodjw in #30976
• fix: redirect after login by @hyoban in #30985
• feat: allow pass hostname in docker env by @fatelei in #30975
• fix: fix Cannot destructure property 'name' of 'value' as it is undef… by @fatelei in #30991
• fix: correct API Extension documentation link by @Milad93R in #30962
• feat: add .agent/skills symlink and orpc-contract-first skill by @lyzno1 in #30968
• fix: increase name length limit in ExternalDatasetCreatePayload by @BeautyyuYanli in #31000
• fix: fix missing id and message_id by @fatelei in #31008
• fix: Use raw SQL UPDATE to set read status without triggering updated… by @fatelei in #31015
• refactor: port TidbAuthBinding( by @asukaminato0721 in #31006
• fix: fix plugin edit endpoint app disappear by @fatelei in #30951
• refactor: delete_endpoint should be idempotent by @fatelei in #30954
• refactor: port TenantCreditPool by @asukaminato0721 in #30926
• refactor: port AppAnnotationHitHistory by @asukaminato0721 in #30922
• feat: implement document creation pipeline with multi-step wizard and datasource management by @CodingOnStar in #30843
• feat(web): refactor documents component structure and enhance functionality by @CodingOnStar in #30854
• build: require node 24.13.0 by @hyoban in #30945
• refactor(contract): restructure console contracts with nested billing module by @lyzno1 in #30999
• fix: validation error when uploading images with None URL values by @josephadamsdev in #31012
• test: add unit tests for PluginPage and related components by @CodingOnStar in #30908
• feat: single run add opentelemetry by @fatelei in #31020
• chore: bump version to 1.11.4 by @laipz8200 in #30961
• refactor: enhance clean messages task by @hj24 in #29638
• fix: message clean service ut by @hj24 in #31038
• refactor: remove manual set query logic by @hyoban in #31039
• f...

v1.11.4

🔒 Security

Dify now requires Node.js 24.13.0 to pick up the upstream fix for the AsyncLocalStorage/async_hooks DoS CVE that can crash apps with deeply nested input. All self-hosted deployments should upgrade Node.js. Thanks to @hyoban in #30945.

Related: #30935.

🛠️ Bug Fixes

• Redirect After Login: We’ve sorted out the login redirects to bring you back to your intended destination smoothly after logging in. Shoutout to @hyoban for this fix in #30985.

• Missing ID and Message ID: Missing the essentials? Not anymore! We’ve patched the missing id and message_id issue, thanks to @fatelei in #31008.

• Destructuring Undefined Properties: Ever run into that annoying error where you can't destructure name from value because it's undefined? That’s been crushed too, all thanks to @fatelei in #30991.

---

Upgrade Guide

Docker Compose Deployments

1. Back up your customized docker-compose YAML file (optional)

   cd docker
   cp docker-compose.yaml docker-compose.yaml.$(date +%s).bak

2. Get the latest code from the main branch

   git checkout main
   git pull origin main

3. Stop the service. Please execute in the docker directory

   docker compose down

4. Back up data

   tar -cvf volumes-$(date +%s).tgz volumes

5. Upgrade services

   docker compose up -d

Note

If you encounter errors like below

2025/11/26 11:37:57 /app/internal/db/pg/pg.go:30
[error] failed to initialize database, got error failed to connect to `host=db_postgres user=postgres database=dify_plugin`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)

2025/11/26 11:37:57 /app/internal/db/pg/pg.go:34
[error] failed to initialize database, got error failed to connect to `host=db_postgres user=postgres database=postgres`: hostname > resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)
2025/11/26 11:37:57 init.go:99: [PANIC]failed to init dify plugin db: failed to connect to `host=db_postgres user=postgres database=postgres`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)
panic: [PANIC]failed to init dify plugin db: failed to connect to `host=db_postgres user=postgres database=postgres`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)

Please use the following command instead. For details, please read this #28706

docker compose --profile postgresql up -d

Source Code Deployments

1. Stop the API server, Worker, and Web frontend Server.

2. Get the latest code from the release branch:

   git checkout 1.11.4

3. Update Python dependencies:

   cd api
   uv sync

4. Then, let's run the migration script:

   uv run flask db upgrade

5. Finally, run the API server, Worker, and Web frontend Server again.

---

What's Changed

• fix: redirect after login by @hyoban in #30985
• fix: fix missing id and message_id by @fatelei in #31008
• build: require node 24.13.0 by @hyoban in #30945
• chore: bump version to 1.11.4 by @laipz8200 in #30961
• fix: fix Cannot destructure property 'name' of 'value' as it is undef… by @hyoban in #30991

Full Changelog: 1.11.3...1.11.4

v1.11.3

🚀 What's New in v1.11.3?

Our latest release, v1.11.3, brings to you a slew of bug fixes and features focused on performance, functionality, and user experience. Here's a look at what's changed:

🎬 New Features

• MCP Tool Enhancements: Added support for embeddedResource and made MCP tools display directly for quicker access by @IthacaDream and @fatelei in #30261 and #30019.
• Batch Operations: Introduced re-index operation in document batch operations by @fatelei in #30275.
• Agent and Workflow Updates: New AgentMaxIterationError and enhancements in app mode checks make workflows and agents more robust by @fatelei.
• OAuth Integration: Frontend login now supports oauth_new_user flag by @zyssyz123 in #30370.
• PDF Extraction: Improved RAG extractor to support image extraction from PDFs by @yangzq50 in #30399.
• Storage and Archive: Added archive storage client and config settings by @hjlarry in #30422.
• Translation and Internationalization: Added initial RSC support for translations for a global audience by @hyoban in #30596.

🛠️ Bug Fixes

• Redis and Cache: Used pipelines to optimize Redis cache deletions, enhancing speed and reliability by @fatelei in #30159.
• UI/UX Fixes: From preventing page crashes due to permission errors to fixing flicking button sizes, multiple UI-related issues have been addressed by various contributors.
• Data Operations: Fixed dataset access errors and improved error handling in batch operations by @zhaobingshuang and others.
• Performance: Released runtime state references under high load to prevent potential memory leaks by @SherlockShemol in #30236.
• Security: Rectified CORS and SSL issues that could've affected bot integrations and Celery operations.
• Internationalization: Korean translations and content were updated for accuracy by @sangyun-han in #30347.

🔧 Under the Hood

• CI/CD and Build Enhancements: Enhanced GitHub actions and build processes for better reliability and less downtime by @bowenliang123 and @hyoban.
• Code & Query Optimization: Addressed inefficiencies in SQL queries and data handling in workflows and the API, improving overall stability.

This release emphasizes streamlining backend operations, fortifying security, and enriching the user interface for a smoother, more productive experience. Thank you to all contributors for refining Dify and pushing our platform forward! 🛠️💡

---

Upgrade Guide

Docker Compose Deployments

1. Back up your customized docker-compose YAML file (optional)

   cd docker
   cp docker-compose.yaml docker-compose.yaml.$(date +%s).bak

2. Get the latest code from the main branch

   git checkout main
   git pull origin main

3. Stop the service. Please execute in the docker directory

   docker compose down

4. Back up data

   tar -cvf volumes-$(date +%s).tgz volumes

5. Upgrade services

   docker compose up -d

Note

If you encounter errors like below

2025/11/26 11:37:57 /app/internal/db/pg/pg.go:30
[error] failed to initialize database, got error failed to connect to `host=db_postgres user=postgres database=dify_plugin`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)

2025/11/26 11:37:57 /app/internal/db/pg/pg.go:34
[error] failed to initialize database, got error failed to connect to `host=db_postgres user=postgres database=postgres`: hostname > resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)
2025/11/26 11:37:57 init.go:99: [PANIC]failed to init dify plugin db: failed to connect to `host=db_postgres user=postgres database=postgres`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)
panic: [PANIC]failed to init dify plugin db: failed to connect to `host=db_postgres user=postgres database=postgres`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)

Please use the following command instead. For details, please read this #28706

docker compose --profile postgresql up -d

Source Code Deployments

1. Stop the API server, Worker, and Web frontend Server.

2. Get the latest code from the release branch:

   git checkout 1.11.3

3. Update Python dependencies:

   cd api
   uv sync

4. Then, let's run the migration script:

   uv run flask db upgrade

5. Finally, run the API server, Worker, and Web frontend Server again.

---

What's Changed

• perf: using pipeline to delete redis cache by @fatelei in #30159
• fix: update permission in member list caused page crash by @iamjoel in #30164
• feat(refactoring): introduce comprehensive guidelines and tools for component refactoring in Dify by @CodingOnStar in #30162
• fix: validate first then save to db by @fatelei in #30107
• fix: load i18n on server by @hyoban in #30171
• chore: some test by @iamjoel in #30148
• fix(web): correct deleted tools matching to use provider_id instead of id by @majiayu000 in #30138
• fix: add transparent border to prevent button size flickering by @Pleasurecruise in #30128
• refactor: part of remove all reqparser by @asukaminato0721 in #29847
• fix: fix metadata filter not survive a rename by @fatelei in #30174
• feat: add mcp tool display directly by @fatelei in #30019
• feat: allow config NEXT_PUBLIC_BATCH_CONCURRENCY by @fatelei in #30086
• fix(dataset): dataset tags service_api error "Dataset not found" by @zhaobingshuang in #30028
• refactor: split changes for api/controllers/console/workspace/load_ba… by @asukaminato0721 in #29887
• refactor: split changes for api/controllers/console/explore/saved_mes… by @asukaminato0721 in #29889
• refactor: split changes for api/controllers/console/explore/message.py by @asukaminato0721 in #29890
• chore: bypass InsufficientPrivilege on Azure PostgreSQL by @fatelei in #30191
• chore: some tests for components by @iamjoel in #30194
• fix: use query param for delete method by @GareArc in #30206
• fix: fix DatasetRetrieval._process_metadata_filter_func miss in operator by @fatelei in #30199
• fix: fix missing not in by @fatelei in #30207
• fix: retrieval test and knowledge retrieval node failed in multimodal mode by @JohnJyong in #30210
• test(web): add unit tests for Avatar component by @SherlockShemol in #30201
• fix: remove unused CSS styles and fix HitTestingPage layout by @WTW0313 in #30235
• chore(web): remove unused dev-preview page by @sarxxt in #30226
• fix: Add JSON RPC request type guard by @Nov1c444 in #30216
• fix: consolidate duplicate InvokeRateLimitError definitions by @Mairuis in #30229
• fix: wrong usage of redis lock by @NeatGuyCoding in #28177
• chore(claude-code): migrate from legacy MCP configuration to official plugin system by @lyzno1 in #30265
• fix: fix custom tool content is not update by @fatelei in #30250
• fix(api): fix credential type handling and rebuild subscription transaction safety by @NeatGuyCoding in #30242
• chore(deps): bump scheduler from 0.26.0 to 0.27.0 in /web by @dependabot[bot] in #30284
• chore(deps): bump json-repair from 0.54.1 to 0.54.3 in /api by @dependabot[bot] in #30285
• refactor(web): Migrate to Unified TanStack Devtools by @lyzno1 in #30279
• fix: Workflow Start node optional enum parameter is treated as required by @hjlarry in #30287
• feat: document batch operation tool add re-index operation by @fatelei in #30275
• chore(sdk/nodejs): update deps by @hyoban in #30291
• feat: MCP tool adds support for embeddedResource by @IthacaDream in #30261
• fix(web): handle null/undefined message in log list by @majiayu000 in #30253
• fix: release graph_runtime_state reference to prevent memory leak under high load by @SherlockShemol in #30236
• fix(web): rollback React Scan dynamic import by @lyzno1 in #30294
• refactor(query-state): migrate query param state management to nuqs by @lyzno1 in #30184
• build: update github actions by @bowenliang123 in #30106
• fix(template-transform): use base64 encoding ...

v1.11.2

🌟 What’s New in v1.11.2 🌟

Welcome to version 1.11.2! This release sees a significant number of improvements, especially around testing, fixes, and new integrations to enhance the robustness and flexibility of the platform. Here's the lowdown:

🚀 New Features

• InterSystems IRIS Vector Database: We've added support for this database to bolster data handling capabilities. Big ups to @TomoOkuyama! (#29480)
• Aliyun SLS Integration: Workflow execution logging can now leverage Aliyun's Simple Log Service, courtesy of @adongfan. (#28986)
• Tunisian Arabic Support: We've expanded our language support with Tunisian Arabic. Shukran @nourzakhama2003! (#29306)

⚙️ Enhancements

• Comprehensive Test Coverage: A slew of Jest tests have been added to various components, such as the ConfirmModal, AppCard, CustomizeModal, and more. Thanks to everyone involved, especially @lyzno1! These enhance our confidence in releasing robust changes. (#29627, #29667, etc.)
• Amplitude Tracking: Enhanced user behavior tracking across the platform for deeper insights, thanks to @CodingOnStar. (#29662)
• Pipeline Setting Tests: Automated testing has been added to ensure any future changes to pipeline settings won't break your optimizations. (#29478)
• Responsive Chat Wrapper: We've optimized the chat interface for better usability across all device types. Props to @hangboss1761. (#29687)

🛠️ Bug Fixes

• Unified Translation: Fixed various translation-related issues across multiple languages for a more coherent global experience. Thanks, @ZeroZ-lab! (#29759)
• Security Enhancements: We've patched an XSS vulnerability with the Mermaid Graph and tackled SSRF and CSV injection issues. Kudos to @zyssyz123 and @laipz8200. (#29811, #29462)
• Upload Fixes: If file uploads are disabled, they'll now be consistently so across the board. Big thanks to @iamjoel. (#29681)
• API Key Validation: Ensures API keys in HTTPRequest nodes are never empty, thanks to @AziizBg. (#29950)
• Miscellaneous Fixes: A whole host of tweaks ranging from workflow past version data synchronization to adjustment of padding for better alignment. Massive thanks to all who squashed these bugs! (#30139, #29999)

🎨 Code Quality & Maintenance

• Refactor Marathon: We've massively refactored our API and web controllers to make future updates easier and more performant. Big thanks to @asukaminato0721 for spearheading this. (#29894, #29888, etc.)
• Jest and Webpack Optimizations: Improved Jest caching, configuration, and migration to Vitest/ESM in the web components for quicker, more reliable tests. Hats off to @lyzno1 and @hyoban. (#29881, #29974)
• Documentation Cleanup: The Swagger UI is now disabled by default in production releases, being more cautious about what information hangs out there. Thanks @laipz8200. (#29723)

That's the round-up for v1.11.2! As always, a huge shoutout to all contributors who make these improvements possible. You rock! Now, go try the new release, and hit us up with feedback. Happy coding! 🙌

---

Upgrade Guide

Docker Compose Deployments

1. Back up your customized docker-compose YAML file (optional)

   cd docker
   cp docker-compose.yaml docker-compose.yaml.$(date +%s).bak

2. Get the latest code from the main branch

   git checkout main
   git pull origin main

3. Stop the service. Please execute in the docker directory

   docker compose down

4. Back up data

   tar -cvf volumes-$(date +%s).tgz volumes

5. Upgrade services

   docker compose up -d

Note

If you encounter errors like below

2025/11/26 11:37:57 /app/internal/db/pg/pg.go:30
[error] failed to initialize database, got error failed to connect to `host=db_postgres user=postgres database=dify_plugin`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)

2025/11/26 11:37:57 /app/internal/db/pg/pg.go:34
[error] failed to initialize database, got error failed to connect to `host=db_postgres user=postgres database=postgres`: hostname > resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)
2025/11/26 11:37:57 init.go:99: [PANIC]failed to init dify plugin db: failed to connect to `host=db_postgres user=postgres database=postgres`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)
panic: [PANIC]failed to init dify plugin db: failed to connect to `host=db_postgres user=postgres database=postgres`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)

Please use the following command instead. For details, please read this #28706

docker compose --profile postgresql up -d

Source Code Deployments

1. Stop the API server, Worker, and Web frontend Server.

2. Get the latest code from the release branch:

   git checkout 1.11.2

3. Update Python dependencies:

   cd api
   uv sync

4. Then, let's run the migration script:

   uv run flask db upgrade

5. Finally, run the API server, Worker, and Web frontend Server again.

---

What's Changed

• chore: add test case for download components by @iamjoel in #29569
• chore: test for app card and no data by @iamjoel in #29570
• test(web): add comprehensive tests for workflow-log component by @lyzno1 in #29562
• fix: bump wandb to 0.23.1 urllib3 to 2.6.0 by @kenwoodjw in #29481
• fix: remove unnecessary error log when trigger endpoint returns 404 by @Mairuis in #29587
• feat(i18n): add Tunisian Arabic (ar-TN) translation by @nourzakhama2003 in #29306
• fix: validate page_size limit in plugin list and tasks endpoints by @aplulu in #29611
• fix(workflow): agent prompt editor canvas not covering full text height by @abesticode in #29623
• chore: add anthropic skills for frontend testing by @lyzno1 in #29608
• fix: fix mime type is none by @fatelei in #29579
• fix(ci): use setup-python to avoid 504 errors and use project oxlint config by @lyzno1 in #29613
• fix: show uninstalled plugin nodes in workflow checklist by @lyzno1 in #29630
• fix: fix delete_account_task not check billing enabled by @fatelei in #29577
• fix: add secondary text color to plugin task headers by @Pleasurecruise in #29529
• fixes: #28300 Change the Citations banner in dark mode to fully opaque by @Rickon-dev in #28673
• feat: Add InterSystems IRIS vector database support by @TomoOkuyama in #29480
• chore(deps): bump @hookform/resolvers from 3.10.0 to 5.2.2 in /web by @dependabot[bot] in #29442
• chore: add AGENTS.md for frontend by @lyzno1 in #29647
• test: add comprehensive Jest tests for ConfirmModal component by @lyzno1 in #29627
• fix(api): Populate Missing Attributes For Arize Phoenix Integration by @ialisaleh in #29526
• fix(workflow): tool plugin output_schema array type not selectable in subsequent nodes by @importcjj in #29035
• Add file upload enabled check and new i18n message by @halogen22 in #28946
• chore: disable swagger doc in production by @lin-snow in #29283
• fix(api): use json_repair for conversation title parsing by @quicksandznzn in #29649
• perf: commit once by @fatelei in #29590
• fix: delete knowledge pipeline but pipeline and workflow don't delete by @JohnJyong in #29591
• refactor: admin api using session factory by @fatelei in #29628
• chore(i18n): translate i18n files and update type definitions by @github-actions[bot] in #29651
• fix: does not save segment vector when there is no attachment_ids by @Chenyl-Sai in #29520
• test: Consolidate API CI test runner by @laipz8200 in #29440
• fix: correct i18n SSO translations and fix validation/type issues by @NeatGuyCoding in #29564
• fix: dos in annotation import by @zyssyz123 in #29470
• feat: Enhance Amplitude tracking across various components by @CodingOnStar in #29662
• chore: tests for annotation by @iamjoel in #29664
• chore: some billing test by @iamjoel in #29648
• fix: ssrf, add internal ip filter when parse tool schema by @zyssyz123 in #29548
• fix: csv injection in annotations export by @zyssyz123 in #29462
• fix: all upload files are disabled if upload file feature disabled by @iamjoel in #29681
• fix: webhook node output file as file variable by ...

v1.11.1

Important

This version contains very important security updates, and we recommend that all users upgrade to this version as soon as possible.

This release is all about tightening up security, boosting performance, and squashing those pesky bugs. Let's dive into what's changed:

🛠️ Fixes and Improvements

• React and Next.js Security Upgrades: We've bumped up react and react-dom to 19.2.3 to fix some CVE vulnerabilities. Next.js also got a security update, courtesy of @douxc (PRs #29532 and #29545).

• Credential Management: If you've been seeing empty available_credentials, that's sorted out now (thanks to @fatelei in #29521).

• Description Length Limitation: Autogenerated descriptions will now be truncated to avoid the 400-character limit error, ensuring smoother submissions by @shua-chen in #28681.

• Content Type Charset: Response content types now include charsets to keep your data formats consistent, by @Pleasurecruise in #29534.

• Flask-Restx Attribute Error: The pesky AttributeError caused by validate=True in flask-restx is no more (fixed by @Mairuis in #29552).

• Document Handling: Optimized the save_document_with_dataset_id function for better performance by @fatelei in #29550. Plus, we fixed an issue where external images in DOCX files were causing extraction failures (@JohnJyong in #29558).

• Token Retrieval: No more errors when access_token is empty; it now gracefully returns None by @kashira2339 in #29516.

• Hit-Test Failures: Resolved the hit-test failure when an attachment ID doesn’t exist by @JohnJyong in #29563.

🚀 New Features

• Amplitude Integration: We’ve integrated the Amplitude API key into our layout and provider components for enhanced analytics. Big thanks to @CodingOnStar in #29546.

🧪 Testing

• Container Integration Tests: Added integration tests for triggers to make sure everything runs smoothly in container environments by @Stream29 in #29527.

⚡ Performance Enhancements

• Excel Extractor: We've optimized the performance and memory usage of the Excel extractor, making it faster and more efficient, by @NieRonghua in #29551.

Thanks to everyone who contributed to this release! Your feedback and contributions make all the difference. As always, happy coding! 🌟

---

Upgrade Guide

Docker Compose Deployments

1. Back up your customized docker-compose YAML file (optional)

   cd docker
   cp docker-compose.yaml docker-compose.yaml.$(date +%s).bak

2. Get the latest code from the main branch

   git checkout main
   git pull origin main

3. Stop the service. Please execute in the docker directory

   docker compose down

4. Back up data

   tar -cvf volumes-$(date +%s).tgz volumes

5. Upgrade services

   docker compose up -d

Note

If you encounter errors like below

2025/11/26 11:37:57 /app/internal/db/pg/pg.go:30
[error] failed to initialize database, got error failed to connect to `host=db_postgres user=postgres database=dify_plugin`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)

2025/11/26 11:37:57 /app/internal/db/pg/pg.go:34
[error] failed to initialize database, got error failed to connect to `host=db_postgres user=postgres database=postgres`: hostname > resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)
2025/11/26 11:37:57 init.go:99: [PANIC]failed to init dify plugin db: failed to connect to `host=db_postgres user=postgres database=postgres`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)
panic: [PANIC]failed to init dify plugin db: failed to connect to `host=db_postgres user=postgres database=postgres`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)

Please use the following command instead. For details, please read this #28706

docker compose --profile postgresql up -d

Source Code Deployments

1. Stop the API server, Worker, and Web frontend Server.

2. Get the latest code from the release branch:

   git checkout 1.11.1

3. Update Python dependencies:

   cd api
   uv sync

4. Then, let's run the migration script:

   uv run flask db upgrade

5. Finally, run the API server, Worker, and Web frontend Server again.

---

What's Changed

• fix: upgrade react and react-dom to 19.2.3,fix cve errors by @douxc in #29532
• fix: fix available_credentials is empty by @fatelei in #29521
• fix: nextjs security update by @douxc in #29545
• fix: truncate auto-populated description to prevent 400-char limit error by @shua-chen in #28681
• test(trigger): add container integration tests for trigger by @Stream29 in #29527
• feat: integrate Amplitude API key into layout and provider components by @CodingOnStar in #29546
• fix: set response content type with charset in helper by @Pleasurecruise in #29534
• fix: remove validate=True to fix flask-restx AttributeError by @Mairuis in #29552
• perf(core/rag): optimize Excel extractor performance and memory usage by @NieRonghua in #29551
• perf: optimize save_document_with_dataset_id by @fatelei in #29550
• fix: docx extractor external image failed by @JohnJyong in #29558
• fix: hit-test failed when attachment id is not exist by @JohnJyong in #29563
• fix: return None from retrieve_tokens when access_token is empty by @kashira2339 in #29516
• chore: Bump version references to 1.11.1 by @laipz8200 in #29568

New Contributors

• @shua-chen made their first contribution in #28681
• @Pleasurecruise made their first contribution in #29534
• @kashira2339 made their first contribution in #29516

Full Changelog: 1.11.0...1.11.1

v1.11.0 - Your knowledge base just went from mono to full HD

🧠 Multimodal Knowledge Base

Dify can now understand both text and images in your knowledge base.

Before, embeddings only cared about words. But real docs? They’re full of screenshots, diagrams, memes (don’t lie), and markdown with embedded images. Now those visuals count too.

What’s Actually Happening

1. Auto‑Image Extraction
   Drop a doc with Markdown images — like ![vibe](https://cats.png) — and Dify grabs them automatically (JPG, PNG, GIF ≤ 2 MB).
2. Smart Attachment Handling
   Each image is linked to its matching text chunk, so context stays tight.
3. Embedding Behavior
   • Using a multimodal embedding model? Then both text + image get vectorized. You can:
     • search text ↔ image,
     • image ↔ image,
     • or image ↔ text.
       Basically, everything ↔ everything.
   • Sticking with a regular text‑only model? Cool — the images still go along for the ride and will appear in prompts when you use a Vision‑enabled LLM.
4. Developer Candy
   Knowledge Pipeline’s KnowledgeBase node speaks two new dialects —
   • multimodal‑Parent‑Child
   • multimodal‑General
     Perfect for plugin devs who want to feed Dify structured mixed‑modality data without headaches.
5. Supported Multimodal Models （tips: update below plugin to the latest version）
   • AWS Bedrock: nova‑2‑multimodal‑embeddings‑v1:0
   • Google Vertex AI: multimodalembedding@001
   • Jina: jina‑embedding‑v4, jina‑clip‑v1, jina‑clip‑v2, jina‑reranker‑m0
   • Tongyi (Qwen): multimodal‑embedding‑v1

Once everything’s embedded, you’ll see a shiny new Multimodal tag in your knowledge base — because now your data’s two‑dimensional (and twice as cool).

Huge thanks to @JohnJyong (#29115) and @WTW0313 (#27793) for bringing visual intelligence to Dify. Absolute legends.

🧩 Other New Features

• Zen Mode — disappear into your flow; fewer buttons, more focus. use cmd + k to enter.
  thanks @ZeroZ‑lab (#28794)
• “Open Workflow” shortcut for WorkflowTool — hop straight into editing like a boss.
  props @CrabSAMA (#28898)
• Start Node JSON Schema — keeps your workflows honest.
  thanks @fatelei (#29053)
• Admin API Keys skip CSRF — automation now flows smoother than espresso.
  thanks @kenwoodjw (#29139)
• Dark‑mode icons, ReactScan, and spicy color polish all landed too.
  shoutout @hjlarry (#28858) and @zhsama (#29086)

⚙️ Performance & Infrastructure

A whole lot of behind‑the‑curtain magic here:

• GraphEngine got chill pause/resume handling — no more jumping gears mid‑flow.
  thanks @QuantumGhost (#28196)
• Automatic Storage Permission Repair
  Introduced an init container that automatically fixes file system permissions on startup, removing the need for manual intervention when deploying with different storage backends.
  thanks to @kurokobo and @zhutong6688 (#29297).
• Redis caching makes tool provider listings zoom.
  thanks @yangzheli (#29101)
• Milvus 2.6.0 upgrade in Docker — fewer installation freak‑outs.
  cheers @majinghe (#26618)
• Pydantic upgrade cleaned up node hydration code.
  thanks @asukaminato0721 (#28993)
• Less UI lag — fewer unnecessary re‑renders across Workflow and Marketplace.
  props @iamjoel (#28776, #28783)
• Massive test overhaul — embeddings, datasets, plugins, workflows… you name it.
  thanks @codomposer, @SmartDever02, @hsparks‑codes

🐞 Key Fixes

• Webhook Node Conversion Error Resolved
  Fixed an issue where converting an existing node into a webhook node could cause a 404 error.
  thanks to @hjlarry (#28686).
• Chat Auto‑Scroll Stability Restored
  Addressed a problem that caused the chat interface to stop auto‑scrolling during active conversations.
  thanks to @utsumi‑fj (#28690).
• OceanBase Vector Search Accuracy Improved
  Implemented proper handling of the score_threshold parameter to ensure consistent and relevant retrieval results.
  thanks to @connermo (#28536).
• Dark Theme Rendering Adjustments
  Corrected tooltip display and text color inconsistencies in dark mode for a more stable visual experience.
  thanks to @hjlarry (#29186).
• MySQL Query Compatibility Fixes
  Resolved issues with UUID queries and unsupported returning statements when using MySQL drivers.
  thanks to @wangype (#28941) and @longbingljw (#29069).
• Database Session Management
  Fixed errors that could occur when database sessions were initialized multiple times during workflow execution.
  thanks to @fatelei (#29160).
• UI Consistency Enhancements
  Addressed several minor rendering and layout issues, including small‑screen text visibility and tooltip behavior.

🤘 A ton of folks touched this release — whether you built features, fixed a typo, or added a single test, thank you.
You made Dify 1.11.0 faster, funnier, and just plain better.

---

Upgrade Guide

Note

We have re-released the image of this version. If you pulled the image before the release time, you need to delete them and re-fetch.

Docker Compose Deployments

1. Back up your customized docker-compose YAML file (optional)

   cd docker
   cp docker-compose.yaml docker-compose.yaml.$(date +%s).bak

2. Get the latest code from the main branch

   git checkout main
   git pull origin main

3. Stop the service. Please execute in the docker directory

   docker compose down

4. Back up data

   tar -cvf volumes-$(date +%s).tgz volumes

5. Upgrade services

   docker compose up -d

Note

If you encounter errors like below

2025/11/26 11:37:57 /app/internal/db/pg/pg.go:30
[error] failed to initialize database, got error failed to connect to `host=db_postgres user=postgres database=dify_plugin`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)

2025/11/26 11:37:57 /app/internal/db/pg/pg.go:34
[error] failed to initialize database, got error failed to connect to `host=db_postgres user=postgres database=postgres`: hostname > resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)
2025/11/26 11:37:57 init.go:99: [PANIC]failed to init dify plugin db: failed to connect to `host=db_postgres user=postgres database=postgres`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)
panic: [PANIC]failed to init dify plugin db: failed to connect to `host=db_postgres user=postgres database=postgres`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)

Please use the following command instead. For details, please read this #28706

docker compose --profile postgresql up -d

Source Code Deployments

1. Stop the API server, Worker, and Web frontend Server.

2. Get the latest code from the release branch:

   git checkout 1.11.0

3. Update Python dependencies:

   cd api
   uv sync

4. Then, let's run the migration script:

   uv run flask db upgrade

5. Finally, run the API server, Worker, and Web frontend Server again.

---

What's Changed

• Enhanced GraphEngine Pause Handling by @QuantumGhost in #28196
• chore: update packageManager version to pnpm@10.23.0 by @ZeroZ-lab in #28708
• fix: prevent auto-scrolling from stopping in chat by @utsumi-fj in #28690
• fix: change existing node to a webhook node raise 404 by @hjlarry in https://github.com/langgenius/dify/...

v1.10.1-fix.1

Important

For users who upgraded to version 1.10.1-fix.1 before 2025-12-09 03:00:00 UTC, please verify your docker compose configuration to ensure the web service is using the correct image version langgenius/dify-web:1.10.1-fix.1. This verification is critical to address the GHSA-fv66-9v8q-g76r security vulnerability.

• Security/deps: backend bumps pyarrow 17.0.0, werkzeug 3.1.4, urllib3 2.5.0 in api/uv.lock; frontend bumps React 19.2.1 (addresses CVE-2025-55182) and Next.js 15.5.7 in web/package.json + web/pnpm-lock.yaml.

Full Changelog: 1.10.1...1.10.1-fix.1

v1.10.1 – Multi-Database Era Begins: MySQL Joins the Family

🎉 Major new capabilities, critical stability fixes
🧩 And the long-awaited MySQL support finally arrives!

🚀 New Features

Infrastructure & DevOps

MySQL adaptation (PostgreSQL / MySQL / OceanBase now fully supported)
Thanks @longbingljw from the OceanBase team!
PR: #28188

• Adds DB_TYPE configuration option
• Supports MySQL JSON / LONGTEXT / UUID / index differences
• Updates Alembic migrations for multi-DB compatibility
• Introduces cross-DB SQL helpers for statistics and date handling
• Rewrites dataset metadata filters with SQLAlchemy JSON operators
• Adds CI workflows for MySQL migration testing

This is a significant backend upgrade in Dify’s history — multi-database support is now first-class.

Performance & Workflow Editor Optimization

• Implemented a major performance upgrade for the Workflow Editor, eliminating costly per-node validation scans, reducing unnecessary re-renders, and improving responsiveness from becoming laggy at ~50 nodes to remaining smooth even near ~200 nodes — #28591, by @iamjoel.

Pipelines & Workflow Engine

• Introduced a broad set of workflow-editor improvements, including UI refinement, stability fixes, and quality-of-life enhancements across variable inspection, media components, and node interactions — #27981, by @Xiu-Lan, @crazywoola, @johnny0120, @Woo0ood.

🛠 Fixes & Improvements

Runtime Stability & Workflow Execution

• Fixed an issue where advanced-chat workflows could fail to stop, preventing stuck or lingering processes — #27803, by @Kevin9703.
• Fixed a 500 error triggered when running “any node” in draft mode, improving workflow debugging reliability — #28636, by @hjlarry.
• Corrected token overcounting during loop/iteration evaluation (not related to billing tokens) — #28406, by @anobaka.
• Fixed workflow-as-tool returning an empty files field, ensuring tool integrations receive correct file metadata — #27925, by @CrabSAMA.
• Resolved a session-scope error in FileService that could cause inconsistent file deletion behavior — #27911, by @ethanlee928.

Knowledge Base

• Fixed a 500 error when using the weightedScore retrieval option, restoring stability for weighted ranking scenarios — #28586, by @Eric-Guo.

Developer Experience & SDKs

• Fixed Node.js SDK route and multipart upload handling, ensuring robust file and data submission through JavaScript integrations — #28573, by @lyzno1.
• Fixed OpenAPI/Swagger failing to load, restoring developer documentation access — #28509, by @changkeke, with contributions from @asukaminato0721.

Web UI & UX

• Corrected dark-mode rendering for the ExternalDataToolModal, ensuring consistent appearance across themes — #28630, by @Nov1c444.
• Fixed Marketplace search-trigger behavior and scroll position, improving discovery and navigation — #28645, by @lyzno1.
• Fixed incorrect navigation when opening chatflow log details, providing more predictable UI behavior — #28626, by @hjlarry.
• Fixed layout and rendering issues in the README display panel, ensuring cleaner content presentation — #28658, by @yangzheli.
• Reduced unnecessary re-renders in the useNodes hook, improving overall front-end performance — #28682, by @iamjoel.

Plugins & Integrations

• Updated plugin verification logic to use a unique identifier, improving correctness across plugin installations and updates — #28608, by @Mairuis.

System Robustness

• Prevented nullable tags in TriggerProviderIdentity, avoiding potential runtime errors — #28646, by @Yeuoly.
• Improved error messaging for invalid webhook requests, providing clearer diagnostics — #28671, by @hjlarry.

Feedback & Logging

• Fixed like/dislike feedback not appearing in logs, ensuring end-user rating signals are correctly visualized — #28652, by @fatelei.

Internationalization (i18n)

• Standardized terminology for trigger and billing events, improving translation consistency — #28543, by @NeatGuyCoding.
• Fixed multiple issues in execution-related translations, correcting missing or malformed entries — #28610, by @NeatGuyCoding.
• Removed incorrect “running” translation entries — #28571, by @NeatGuyCoding.
• Refactored i18n scripts and removed obsolete translation keys — #28618, by @lyzno1.
• Added missing translations across the UI, improving language coverage — #28631, by @lyzno1.

Maintenance & Developer Tooling

• Added front-end automated testing rules to strengthen baseline reliability — #28679, by @CodingOnStar and contributors.
• Upgraded system libraries and Python dependencies to maintain security and compatibility — #28624, by @laipz8200 and @GareArc.
• Updated start-web development script to use pnpm dev, simplifying contributor workflows — #28684, by @laipz8200.

---

Upgrade Guide

Docker Compose Deployments

Important

Required Action Before Upgrading

Starting from 1.10.1, the Dify API image now runs as a non-root user (UID 1001) for improved security.
If you are using local filesystem storage (the default in community deployments), you must update the ownership of your mounted storage directories on the host machine, or the containers will fail to read/write files.

Affected services:

• api
• worker

Affected host directory:

• ./volumes/app/storage → mounted to /app/api/storage

What you must do before restarting the new version:

# Stop existing containers
docker compose down

# Update directory ownership on the host
sudo chown -R 1001:1001 ./volumes/app/storage

# Restart normally
docker compose up -d

After this one-time migration, Dify will operate normally with the new non-root user model.

1. Back up your customized docker-compose YAML file (optional)

   cd docker
   cp docker-compose.yaml docker-compose.yaml.$(date +%s).bak

2. Get the latest code from the main branch

   git checkout main
   git pull origin main

3. Stop the service. Please execute in the docker directory

   docker compose down

4. Back up data

   tar -cvf volumes-$(date +%s).tgz volumes

5. Upgrade services

   docker compose up -d

If you encounter errors like below

2025/11/26 11:37:57 /app/internal/db/pg/pg.go:30
[error] failed to initialize database, got error failed to connect to `host=db_postgres user=postgres database=dify_plugin`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)

2025/11/26 11:37:57 /app/internal/db/pg/pg.go:34
[error] failed to initialize database, got error failed to connect to `host=db_postgres user=postgres database=postgres`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)
2025/11/26 11:37:57 init.go:99: [PANIC]failed to init dify plugin db: failed to connect to `host=db_postgres user=postgres database=postgres`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)
panic: [PANIC]failed to init dify plugin db: failed to connect to `host=db_postgres user=postgres database=postgres`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)

Please use the following command instead. For details, please read this #28706

docker compose --profile postgresql up -d

Source Code Deployments

1. Stop the API server, Worker, and Web frontend Server.

2. Get the latest code from the release branch:

   git checkout 1.10.1

3. Update Python dependencies:

   cd api
   uv sync

4. Then, let's run the migration script:

   uv run flask db upgrade

5. Finally, run the API server, Worker, and Web frontend Server again.

---

What's Changed

• Upgrade weave version to fix weave configuration failure by @xprilion in #28197
• fix: knowledge pipeline can not published by @hjlarry in #28203
• feat: add icon gallery stories by @lyzno1 in #28214
• fix: card view render by @lyzno1 in #28189
• add icon for forum by @crazywoola in #28164
• fix: click log panel of log page cause whole page crash by @hjlarry in #28218
• Perf/mutual node UI by @zhsama in #28282
• fix: update currentTriggerPlugin check in BasePanel component by @Yessenia-d in #28287
• chore: remove unused style.module.css from app-icon component by @lyzno1 in #28302
• fix: published webhook can't receive inputs by @hjlarry in #28205
• add cnt script and one more example by @asukaminato0721 in #28272
• add vdb-test workflow run filter by @JohnJyong in #28336
• doc: add doc for env config when site and backend are in different domains by @iamjoel in #28318
• fix: dataset metadata counts when documents are deleted by @kenwoodjw in #28305
• chore: translate i18n files and update type definitions ...