My Release Notes

by Tiny Tools

/open-webui/open-webui/v0.10.0
v0.10.0
v0.10.0
View on GitHubView PackagePublished: Jun 29, 2026

Release Notes

Added

  • ๐Ÿค Share folders with your team. You can now share a folder and the chats inside it with specific users, groups, or everyone, with read or write access; people you share with see shared folders in their sidebar and open the chats in a read-only view when they are not the owner, and administrators control who is allowed to share folders with a new "Folders Sharing" permission that is off by default. Commit, Commit, Commit, Commit, Commit, Commit, Commit, Commit
  • ๐Ÿ—œ๏ธ Automatic context compaction for long chats. Conversations that grow past a configurable token threshold can now be summarized automatically so they stay within a model's context window, with a notification shown while it happens; administrators can enable it, set the threshold, customize the summarization prompt, and lower the threshold per model. It is off by default. Commit, Commit, Commit, #19594
  • ๐Ÿ–ฅ๏ธ Open WebUI Computer agent support. Open WebUI can now connect to Open WebUI Computer through its OpenAI-compatible gateway, letting chats run full agent sessions on your own machine with file, terminal, git, and web access. GitHub
  • ๐Ÿš€ Much faster hybrid search on large knowledge bases. Hybrid search now runs natively in the database on pgvector setups instead of loading an entire collection into memory, so querying large knowledge bases is dramatically faster. Commit, #20737
  • ๐Ÿ—‚๏ธ External knowledge bases. Knowledge bases can now be backed by an external retrieval source through configurable external knowledge connections, so you can search an existing external system from chat instead of only Open WebUI's built-in store. Commit
  • ๐Ÿง  Reworked memory system. Memory has been overhauled with distinct memory types โ€” long-lived personal memories and per-conversation context โ€” managed through a structured add, update, and delete flow, giving models a more reliable way to remember and apply what they've learned about you. Commit, Commit, Commit, Commit, Commit, Commit, Commit, Commit, Commit, Commit
  • ๐Ÿงฉ New plugin primitive: the Event function. Where pipe, filter, and action functions all run inside a conversation, the new Event function is the first primitive that hooks into the system itself: it runs your own Python in response to events emitted across the whole application โ€” sign-ups, configuration changes, file uploads, role changes, deletions, startup and shutdown, and more. That makes a new class of behavior possible directly inside Open WebUI, from onboarding and access control to auditing, lifecycle automation, and external integrations. Comes with starter boilerplate in the function editor. Commit, Docs
  • ๐Ÿ”” New event system with webhooks. Open WebUI now emits events for a wide range of system activity โ€” sign-ins, configuration changes, startup, and actions across chats, knowledge, files, and more. Administrators can send these as outbound webhooks, route them to specific users or groups, and manage which events go where from a new event settings admin page. Commit, Commit, Commit, Commit, Commit, Commit, Commit, Commit, Commit, #1240, #16426
  • ๐Ÿ” Configure authentication from the admin panel. LDAP and OAuth/OIDC settings now have a dedicated Authentication settings page, so providers can be configured from the admin interface. Commit, #12945
  • ๐Ÿท๏ธ More custom header variables. Custom request headers now support "{{USER_MESSAGE_ID}}", "{{USER_MESSAGE_PARENT_ID}}", and "{{TASK}}", letting connected services tell apart real user messages from automated background requests like title, tag, and follow-up generation. Commit
  • ๐Ÿ“„ File details forwarded to external document extractors. External custom document-extraction servers now receive the file's ID, name, and content type, and these are also available as custom header variables, so extraction can be tailored per file. Commit, #26259
  • ๐ŸŽฐ Last model pre-selected for new slots. When you add another model to a multi-model chat, the slot now defaults to the model you last picked instead of starting empty. #25974
  • โšก Faster model overview. The admin model overview now loads its feedback history and tags through batched queries, so it opens noticeably faster on instances with many chats. Commit
  • ๐ŸŽ๏ธ Lighter channel profile previews. Profile previews in channels now load a person's details only when you hover to open one, rather than fetching them for every message up front. Commit
  • โ†ฉ๏ธ Reset permissions to defaults. The group and default permission dialogs now include a button to restore all permissions back to their built-in defaults in one step. #25931
  • ๐Ÿ“ฅ Chat import permission. Administrators can now control whether users are allowed to import or clone chats, with a new "Allow Chat Import" permission. Commit, Commit, Commit, #25927
  • ๐Ÿ”” Per-group user webhook permission. Administrators can now control which users may set a personal notification webhook, with a new "User Webhooks" permission. #25923
  • โœ๏ธ Customizable autocomplete prompt. Administrators can now set a custom prompt template for autocomplete generation from the admin interface settings. Commit, #25879
  • ๐Ÿ”‘ Configurable secret key length. The auto-generated secret key length can now be set with a new environment variable, instead of always using a fixed length. Commit, #25906
  • ๐ŸŸ๏ธ Arena evaluation models configurable via environment. Arena evaluation models can now be defined through an environment variable, which previously could not be set that way. Commit
  • โœ๏ธ Edit prompts from the menu. The prompts list now has an Edit option in each prompt's menu, taking you straight to its editor. #25789
  • ๐Ÿ“‹ Clone automations. Automations now have a Clone option in their menu, so you can duplicate one as a starting point. #25790
  • ๐Ÿ” Recurring calendar events. The calendar event editor now includes a repeat option, so events can recur on a schedule. #25865
  • ๐Ÿงท Separate skills import and export permissions. Administrators can now control importing and exporting skills independently, with new skills import and export permissions. #25921
  • ๐Ÿท๏ธ Filter admin models by tag. The admin Models settings page now has a tag filter for narrowing the model list by base-model tags. Commit
  • ๐Ÿ“Š Sortable analytics chat list. The model chat list in analytics now has sortable column headers, so you can order it by title, last updated, or user. Commit, #26168
  • ๐Ÿ” Argon2 password hashing option. Password hashing can now use Argon2 through a configurable algorithm setting, removing the 72-byte password length limit that came with the previous default. Commit, Commit, #25656
  • ๐Ÿ” Optional encryption of valve values at rest. Tool and function valve values can now be encrypted at rest through a new opt-in setting, with existing stored values migrated automatically, so sensitive settings like API keys aren't kept in plaintext. Commit, #23721
  • ๐Ÿ—„๏ธ AWS RDS IAM database authentication. The database connection can now authenticate using AWS RDS IAM tokens through a new opt-in setting, instead of only a static password. Commit, #23580
  • ๐Ÿ”“ Automatic auth for models with OAuth 2.1 tools. When a model uses tools that require OAuth 2.1, Open WebUI now initiates the authorization flow automatically instead of failing the request. Commit, #23325, #23272
  • ๐Ÿ”ค Custom tokenizer for token-based text splitting. Token-based document splitting can now use a configurable Hugging Face tokenizer model, so chunking can match the tokenizer of the model you use. Commit, #24139
  • ๐Ÿ”’ Restrict OAuth scopes requested from MCP servers. A new setting lets administrators limit which OAuth scopes Open WebUI requests when connecting to MCP servers. Commit, #25981, #25978
  • ๐Ÿงฉ Filter Outlet Hook can now run on API requests and responses. A filter function's outlet hook now runs for direct API callers, including streaming responses, so response post-processing isn't limited to the web interface; this is controlled by a new setting and on by default. Commit, #25650
  • ๐Ÿ–ฅ๏ธ Setting for terminal sidebar auto-open. A new interface setting controls whether the files sidebar opens automatically when you select a terminal. Commit, #25628
  • ๐Ÿ“Œ Reorder pinned notes by dragging. Pinned notes in the sidebar can now be dragged to reorder them. #25677
  • ๐Ÿ”Ž Chat actions in search. The search dialog now offers a context menu on each result, so you can act on a chat directly from search. #25490
  • ๐Ÿ”Ž Snippets in chat search results. Searching your chats now shows a snippet of the matching content in each result, so you can tell results apart at a glance. Commit, Commit, Commit, #25178
  • ๐Ÿ“ Formatted valve descriptions. Valve descriptions for tools and functions now render Markdown, so they can include formatting and links. Commit
  • ๐Ÿ”ฝ Dropdown inputs for valve options. Valve and confirmation inputs can now present a set of options as a dropdown instead of free text, making fixed-choice settings easier to configure. Commit, #26278
  • ๐Ÿ”Œ Control the OAuth resource parameter for MCP connectors. MCP connectors can now be set to always send, never send, or automatically decide whether to include the OAuth resource parameter, so they work with providers that reject it. Commit
  • ๐Ÿ”Ž SERPHouse web search. SERPHouse can now be used as a web search provider. Commit, Commit, #26254
  • ๐Ÿ”Ž Microsoft Web IQ web search. Microsoft Web IQ can now be used as a web search provider, with a matching page-browse loader. #26178
  • โš ๏ธ Optional web search confirmation. Administrators can now require users to confirm before a web search runs, with a banner and message making it clear when search is about to be used. Commit, #24942
  • ๐Ÿชช Client User-Agent forwarded to model backends. The browser's User-Agent is now passed through to all model backends, so upstream services can see the originating client. #26333
  • ๐Ÿ–๏ธ Drag items from the sidebar into chat. Folders, notes, and models โ€” including pinned notes โ€” can now be dragged from the sidebar into the chat input. #25771, Commit, #26384
  • ๐Ÿท๏ธ Tag suggestions in the model editor. The model editor now suggests existing tags as you type, making it easier to reuse a consistent set. Commit, #25703
  • ๐Ÿ—ฃ๏ธ Voice suggestions in the model editor. The model editor now offers a dropdown of available text-to-speech voices, making it easier to pick one. Commit, #25706
  • ๐ŸŽ›๏ธ Unified model picker for workspace base model. Choosing a base model in the model editor now uses the searchable model selector instead of a plain field, making it easier to find and pick the right model. Commit, #24576
  • ๐Ÿ” Searchable pickers in the model editor. Attaching actions, filters, tools, knowledge, and skills to a model now uses type-to-search pickers instead of long checkbox lists, making large libraries easier to manage. Commit
  • ๐Ÿ–ผ๏ธ iPhone images work with OpenAI image editing. Uploaded images are now normalized before being sent to OpenAI image editing, fixing edits that failed for certain iPhone photo formats, with a new admin toggle to control the behavior. Commit, Commit, #26252, #26249
  • ๐ŸŸข Loaded-model indicator for llama.cpp. Models served through llama.cpp now report whether they're currently loaded in memory, including the sleeping state, so the loaded indicator works for them too. Commit
  • ๐Ÿงฑ Structured model output rendered on the client. Reasoning, tool calls, and server-side tool steps such as web and file search are now rendered in the browser from the model's structured output instead of being flattened into the message text on the server, giving more accurate and editable rendering of these items. Commit, Commit
  • ๐Ÿ“œ Custom CA bundle for outbound connections. A new environment variable lets you point Open WebUI at a custom CA certificate bundle, and the per-connection SSL settings now accept a bundle path, so deployments behind a corporate or internal CA can keep certificate verification on instead of disabling it. Commit, Commit
  • ๐Ÿ–ฅ๏ธ More terminal server orchestrator controls. Admins connecting an orchestrator terminal server can now configure session lifecycle policies and refresh or reset running terminal sessions, including targeting only idle ones, from the connection settings. Commit
  • ๐Ÿ“ Terminal file browser can stay within a root folder. The terminal file navigator now anchors to a defined root and home directory, so users can be kept within their workspace instead of browsing into system folders by accident. Commit
  • ๐Ÿง  Memory toggle follows the server default. When a user hasn't set their own memory preference, it now follows the admin's global memory setting instead of defaulting to off. #25909
  • ๐Ÿงน Unshare all shared chats at once. The Shared Chats dialog now has a button to stop sharing every shared chat in one action. #25848
  • ๐Ÿ“ˆ Richer analytics with a date picker. The analytics dashboard now lets you choose a date range and shows additional columns. #25922, #25919
  • ๐Ÿ”ข Chat and file counts in their dialogs. The Chats and Files dialogs now show the total number of chats and files in their titles. #25872, #25873
  • โšก Faster math rendering. Rendered math is now cached and reused, so messages with repeated or unchanged math expressions render more efficiently. #25847
  • โšก Lighter Markdown setup. Markdown extension setup now runs once instead of on every render, avoiding repeated work and extension stacking. #25837
  • โšก Snappier read-only code blocks. Read-only code blocks now skip language auto-detection, so they render faster. #25824
  • โšก Non-blocking audio model loading. Loading speech models no longer blocks the server, keeping it responsive while they initialize. #25806
  • โšก Faster URL safety checks. The safety check on fetched URLs now resolves addresses off the main loop, so it no longer blocks other work. #25825
  • โšก Fewer queries for channel reactions and replies. Channel reactions and thread replies now load through batched queries, reducing database load on busy channels. #25831
  • โšก Lighter streaming. Streaming responses now skip re-processing message content that hasn't changed, reducing work on every update. #26325, #26326
  • โšก Smoother tool-call rendering. Displaying tool calls now parses their content iteratively, avoiding slowdowns on deeply nested data. #26146
  • โšก Hidden tool-call details cost nothing. When tool-call arguments are collapsed, they are no longer rendered behind the scenes, noticeably speeding up chats with heavy tool use. Commit, #26147
  • โšก Leaner knowledge-file reading for agents. The built-in tools that let a model read knowledge files now return output in bounded, paginated chunks with a default and a hard cap, instead of potentially returning an entire large file at once, sharply reducing token usage. Commit, #26139
  • โšก Lighter, faster file search on large knowledge bases. Listing and searching files no longer returns each file's full extracted text by default, and content matching is now length-bounded, so these requests are far lighter and searching across very large knowledge bases is dramatically faster. Commit, Commit, Commit, #25774, #25741, #26145, #25867
  • โšก Faster password hashing and bulk user import. Password hashing and verification no longer block the server, and importing users from a CSV is now processed in a single batch, keeping large imports and sign-ins responsive. Commit, #25804, #25805
  • โšก Non-blocking model downloads. Downloading large Ollama models no longer blocks the server on file reads and checksums, keeping it responsive during big downloads. #25829
  • โšก Non-blocking uploads and link fetches. Hashing uploaded files and fetching URLs now run off the main loop, so large uploads and link previews don't hold up other requests. #25822
  • โšก More blocking work moved off the main loop. Additional blocking operations in audio, pipelines, and plugin handling now run in worker threads, keeping the server responsive under load. #26381
  • โšก Unreachable backends don't stall model loading. Loading models and tool servers no longer blocks on backends that are down or slow to respond, so the model list stays responsive when one connection is unreachable. #26289
  • โšก Batched streaming updates. Streaming responses now group small updates of the same type before sending them, reducing overhead during fast token streams and tool-call output. Commit, #26202
  • ๐Ÿ”„ General improvements. Various improvements were implemented across the application to enhance performance, stability, and security.
  • ๐ŸŒ Updated translations. Catalan, Brazilian Portuguese (pt-BR), Irish, German (de-DE), and Spanish (es-ES) translations were updated.

Fixed

  • ๐Ÿ›ก๏ธ Security Advisory: This release includes security and access-control fixes. We recommend updating production deployments at your earliest convenience. Not all security fixes in this version may be enumerated in the fixed section โ€” some may be withheld for a short time to give administrators time to upgrade. Advisories
  • ๐Ÿ” Knowledge base write access enforced on upload. Attaching an uploaded file to a knowledge base now requires the same write access as the rest of the knowledge API, so users without write access can no longer add files to a collection by referencing its ID. #26001
  • ๐Ÿ—๏ธ API key permission enforced on all key endpoints. Viewing and deleting API keys now respects the API keys permission, matching the protection already applied to key creation. #25992
  • ๐Ÿ”Š Text-to-speech permission enforced on the speech endpoint. The OpenAI speech proxy now honors the text-to-speech permission, so it can no longer be used by people who are not allowed to use that feature. #25993
  • ๐ŸŽฒ Model access enforced on arena fallback. Reaching a model indirectly through an arena model on background and task requests now enforces that model's access rules, closing a path that could otherwise bypass them. #26046
  • โฐ Scheduled automations stop for deactivated accounts. Scheduled automations now re-check the owner's account status and permissions before each run, so they stop when an account is deactivated or has automations access revoked. #26047
  • ๐Ÿšง Heavily encoded paths rejected behind the proxy. Request paths that remain encoded after repeated decoding are now rejected instead of forwarded, preventing a path traversal that could otherwise slip through. #26050
  • ๐ŸŒ Image URL fetches hardened against DNS rebinding. Fetching user-supplied image URLs now re-checks the destination address at connection time, closing a path that could be used to reach internal addresses behind a public hostname. #25960
  • ๐Ÿ›‚ Web fetch blocklist matches on hostname. The web fetch filter now matches entries against the request's hostname on domain boundaries, so blocked hosts can no longer slip through with an added path and lookalike domains are no longer mistaken for allowed ones. #25949
  • ๐Ÿชช MCP connectors request least-privilege scopes. MCP connectors that register dynamically over OAuth now request only the scopes for the specific resource rather than the authorization server's full catalog. #25958
  • ๐Ÿ™ˆ Channel member lists no longer expose private data. Viewing a channel's members now returns only basic profile details, instead of also exposing other members' settings, linked-account data, and personal information. Commit
  • ๐Ÿ›Ÿ SCIM sync can't demote an admin. A SCIM provisioning sync that marks a user inactive can no longer strip an existing administrator's role, preventing an instance from being locked out of its own administration. #25948
  • ๐Ÿ‘ป Collaborative notes reject unauthenticated presence events. The remaining real-time note-collaboration events now require an authenticated session, so presence and cursors can no longer be spoofed by someone who only knows a note's ID. #25946
  • โฑ๏ธ Login timing no longer reveals which accounts exist. Sign-in now takes the same amount of time whether or not an account exists, removing a timing difference that could be used to discover valid accounts. Commit, Commit
  • ๐Ÿ”Œ Terminal connections can't be redirected to another user. Terminal session identifiers are now safely encoded before being passed upstream, closing a way to tamper with the connection's user identity. #26042
  • ๐Ÿ“ก Real-time events only reach your own session. The server now verifies that a real-time event is delivered only to the requesting user's own active session, instead of trusting a client-supplied session identifier. #25763
  • ๐Ÿ”“ Revoked sessions are rejected on real-time connections. Real-time and terminal WebSocket connections now honor token revocation and expiry, so a signed-out or expired session can no longer keep a live connection open. Commit, #25764, #25686
  • ๐Ÿ•ณ๏ธ Another DNS-rebinding gap closed in URL fetching. Fetching a URL's content now re-checks the destination address at connection time, closing another path that could reach internal addresses behind a public hostname. #25775
  • ๐Ÿ—ฃ๏ธ Azure speech input is escaped. Voice and language values are now escaped when building Azure text-to-speech requests, preventing malformed or injected markup. #25776
  • โš™๏ธ Interface settings update respects its permission. Saving interface settings now enforces the interface permission, so users without it can no longer change those settings through the API. #25996
  • ๐Ÿ—„๏ธ Unknown knowledge collections are denied by default. Retrieval now rejects unknown or unscoped collection names by default, closing a legacy path that could be used to reach collections outside the normal access checks. Commit
  • ๐Ÿ™ˆ Error responses no longer leak internals. Server error responses now return sanitized messages instead of raw exception text, so internal details aren't exposed to signed-in users. Commit, Commit, Commit, Commit, #26375, #26374
  • ๐Ÿ“ Upload size limit enforced on the server. The maximum upload size is now enforced server-side, so it can't be bypassed by a client that ignores the limit. Commit, Commit, #25869
  • ๐Ÿ–ผ๏ธ OAuth profile pictures are validated. Profile picture URLs from OAuth providers are now validated and their type checked when stored, preventing unsafe image sources. Commit, #24548
  • ๐Ÿ“ฆ Security updates to frontend dependencies. Several frontend dependencies were updated to patch known security vulnerabilities. #26281
  • ๐Ÿค Chat sharing respects the user-sharing permission. The share-chat dialog now hides the option to share with specific users from people who lack that permission, matching the access rules enforced elsewhere. #25915
  • ๐Ÿ“ค Chat export respects its permission everywhere. Every chat export menu now checks the export permission, so users without it can no longer export chats through one of the dropdown menus. #25914
  • ๐Ÿ“‚ File write access requires real ownership. Editing or deleting a file through a knowledge base or workspace model now requires that the object's owner actually owns the file, so a read-only file can no longer gain write access by being referenced from an object you control. #26032
  • ๐Ÿ–Œ๏ธ Image edit endpoint enforces permission. The image-edit endpoint now checks the image-edit switch and the image-generation permission, matching image generation, so it can't be called by users who lack access. #26009
  • ๐Ÿ“ Folder permission enforced on all folder actions. Every folder operation now checks the folders permission, so the setting is respected consistently instead of only when listing folders. Commit
  • ๐Ÿงฉ Code Execution settings collapse when off. The Code Execution settings section now collapses when the toggle is disabled, keeping the settings page tidy. #25970
  • ๐Ÿ“… German date format in Notes. Dates in the Notes view now display correctly for German, where they previously failed to render. #25985
  • ๐ŸŽ™๏ธ ElevenLabs speech keeps working when voices can't load. Text-to-speech through ElevenLabs no longer fails when the available-voice list can't be fetched, instead of rejecting every voice. Commit, #26075
  • ๐ŸชŸ Default Permissions modal resets on close. Closing the Default Permissions dialog without saving now discards unsaved edits instead of keeping them around the next time you open it. Commit
  • ๐Ÿ‘ฏ Side-by-side chat with the same model. Running two panes with the same model no longer leaves one pane stuck waiting or showing the other pane's reply after a reload, since each pane's messages are now tracked separately. Commit, #25982
  • ๐Ÿ’พ Model edits no longer lost when changing access. Adjusting a model's access no longer auto-saves on its own and discards your other unsaved changes to that model. #26004
  • ๐Ÿ”ง Parallel tool calls over the Anthropic-compatible API. External Anthropic-compatible clients calling Open WebUI's messages endpoint now receive tool calls reliably when a model issues several at once or returns them in its final message. Commit, #25963, #25964
  • ๐Ÿ—ƒ๏ธ Prompt caching preserved over the Anthropic-compatible API. Requests through the Anthropic-compatible API now keep their prompt-caching markers instead of having them stripped, so clients that rely on caching work as intended. Commit, #25998, #25964
  • ๐Ÿ” Fewer redundant data loads. Several views no longer fire duplicate background fetches at once, avoiding occasional glitches from overlapping requests. #25943, #25942, #25934, #25935, #25838, Commit
  • ๐Ÿ”Ž Steadier search boxes across admin and workspace. Search fields for users, knowledge, prompts, tools, and similar lists now run only as you type and reset to the first page correctly, instead of occasionally re-searching on their own. Commit, #25938
  • ๐Ÿ“Š Admin feedback list loads again on PostgreSQL. The admin feedback list no longer fails to load on PostgreSQL setups, where it previously returned a server error. Commit, #25953
  • ๐Ÿ—‚๏ธ Deleting nested folders checks chats correctly. Deleting a folder that contains subfolders now accounts for the chats inside those subfolders when applying the delete-permission check, instead of only the top-level folder's chats. Commit, #25920
  • ๐Ÿ–ฑ๏ธ Dragging chats into folders is more reliable. Dragging a chat into a folder no longer throws an error in cases where the chat couldn't be resolved. #25928
  • ๐Ÿ› ๏ธ Workspace menu shows for the skills permission. Users who only have the skills permission now see the Workspace entry in their menu, which previously appeared only for other workspace permissions. #25925
  • ๐Ÿง  Admins can always reach memories. Administrators can now use the memories endpoints regardless of the memories permission toggle, matching how admin access works for other features. #25924
  • ๐Ÿ–ผ๏ธ Image settings page survives a config load failure. The admin image settings page no longer crashes when its configuration fails to load, showing the page instead. #25933
  • ๐Ÿงต Code blocks render in channel threads. Code blocks now display correctly in a channel's thread view, where duplicated message identifiers previously broke their rendering. Commit, #25917
  • ๐Ÿ”ต No more false unread badges on chats. Chats no longer show an unread indicator after automatic changes like title generation or pinning, archiving, and moving them between folders, and newly created chats are marked read correctly so they don't appear unread after a refresh. #25912, #25782, #25108
  • ๐Ÿ“Œ Pinned notes stay in sync. Pinning, unpinning, or deleting a note now updates the sidebar's pinned list consistently, instead of showing a stale pin state. #25918, #25640
  • ๐Ÿ“… All-day calendar events keep their date. Saving an all-day calendar event no longer shifts it by a day for users in certain time zones. #25864
  • ๐Ÿงท Damaged chat history recovers more reliably. When a chat's current position is missing or points at a malformed message, Open WebUI now repairs it from the latest valid message โ€” on both the client and the server โ€” instead of risking a broken history view. Commit, Commit, #26298, #26258, #26257
  • ๐Ÿ’พ Saving a chat no longer drops messages. Chat updates are now merged with the existing history on the server, with explicit tracking of deleted messages, instead of overwriting it, preventing message loss from concurrent or partial saves. Commit, Commit, Commit, #25657
  • ๐Ÿ“บ Channel message updates stay in their channel. Streaming updates to a channel message are now skipped if the message no longer exists or belongs to a different channel, preventing stray updates. Commit
  • ๐Ÿ“Œ Pinned channel messages update for everyone. Pinning or unpinning a channel message now updates live for all members and works from thread views, instead of only changing for the person who pinned it. Commit
  • ๐Ÿ“„ Mistral OCR uploads work again. Document OCR through Mistral has been repaired after an upstream library change broke its file uploads. #25779
  • ๐Ÿ—‚๏ธ Chroma collection detection fixed. Open WebUI now correctly detects existing Chroma collections, fixing a case where it always reported them as missing. #25780
  • ๐Ÿ“Š Vega-Lite charts render reliably. Vega-Lite charts in chat are now detected by their code block language tag, so they render correctly. #25843
  • ๐Ÿท๏ธ Long chat tag lists scroll. The tags section in the chat menu now scrolls instead of overflowing when a chat has many tags. #26031
  • โŒจ๏ธ Enter key shows correctly on iOS. The Enter key symbol in the keyboard shortcuts list no longer renders as an emoji on iOS. #26173
  • ๐Ÿ”— Whitespace in names no longer breaks MCP connections. User name and info headers are now trimmed before being forwarded, fixing MCP connection failures when a display name contained leading or trailing whitespace. #26182, #26181
  • ๐Ÿˆณ Search no longer fires mid-composition. Typing in search with an input method editor (such as Japanese, Chinese, or Korean) no longer triggers a search when you press Enter to confirm a composition. #26238, #26285, #26172
  • ๐Ÿงฐ Valves icon stays visible. The icon for configuring valves no longer disappears, so user-configurable tool and function settings remain reachable. #26256
  • ๐ŸŽ›๏ธ Chat controls persist across navigation. Edits to chat controls are now kept when navigating between chats, and reverting a control to the chat's saved value persists correctly, instead of being lost. #26336, #25793
  • ๐Ÿ” Chat search tool handles empty queries. The built-in chat search tool no longer crashes when called with an empty query. Commit, #26310
  • ๐Ÿ“‘ More robust MinerU document processing. Document processing through MinerU now handles its ZIP results more safely, including very large outputs. Commit, #26263
  • โฐ Scheduled automations with session-auth tools work. Automations that use session-authenticated tools or terminals now authenticate correctly when running on a schedule, instead of failing. Commit, #26247, #26137
  • ๐Ÿ“ Model system prompt preserved with knowledge. A model's system prompt is no longer dropped when knowledge retrieval runs with native tool calling. Commit, #26217
  • ๐Ÿ”‘ Expired sessions return you to sign-in. When a request fails because your session has expired, Open WebUI now redirects you to the sign-in page instead of leaving you on a broken view. Commit, #26237
  • ๐ŸŽฏ Ejecting a workspace model unloads the right model. Unloading a workspace model now resolves to its underlying base model, so the correct model is freed from memory. Commit, #26269
  • ๐Ÿ”„ Edited models refresh in the admin list. After editing a model in the admin settings, the models list now updates right away instead of needing a manual reload. Commit
  • ๐Ÿ—‚๏ธ Workspace model bulk actions and search work across pages. Bulk actions on workspace models now apply across all of them, and search results paginate correctly. #26274
  • ๐Ÿงฉ MCP resource results come through. Tool results that return resource content โ€” including binary blobs and URI references โ€” are no longer silently dropped, and image results are attached as files. #25260, #24038, Commit
  • ๐Ÿ”— Broader MCP server compatibility for OAuth. Open WebUI now discovers an MCP server's protected resource metadata even when the server doesn't advertise it, and recognizes more OAuth preflight variations, so more MCP servers connect. #25980, #25954, Commit, #26068
  • ๐Ÿ“ค Clearer upload error messages. Failed uploads now show a readable explanation instead of an opaque error stub. #25961
  • ๐Ÿ“‹ Cloned prompts get a proper title. Cloning a prompt now adds the clone suffix to the correct field, so the duplicate is named as expected. #25800
  • ๐Ÿ“ Long default group names don't overflow. A long default group name no longer overflows its row in the admin authentication settings. #25685
  • ๐Ÿ–๏ธ Sidebar drags don't trigger uploads. Dragging a chat item in the sidebar no longer shows the file-upload overlay. #25675
  • ๐Ÿ” Recovers from a stuck streaming response. If the signal that a response finished is missed โ€” for example after a mobile app is backgrounded mid-stream โ€” Open WebUI now recovers the chat instead of leaving it stuck in a streaming state. Commit, Commit, Commit, #26320, #26315
  • ๐Ÿง  Model skills load on demand instead of filling the prompt. A model's attached skills are now presented to the model as a manifest it can load when needed, rather than having their full content inserted into the system prompt; skills you mention inline still get their content included directly. Commit, Commit, #25592, #25599
  • ๐Ÿ—‚๏ธ Empty metadata no longer breaks Chroma indexing. Document metadata with empty values is now filtered out before indexing, fixing a case that could fail on Chroma. Commit, #26342, #26339
  • ๐Ÿ” Updating a knowledge file won't break the knowledge base. When a file's content is updated, its new embeddings are now added before the old ones are removed, so a failed reindex leaves the knowledge base intact and usable instead of empty. Commit, #23789, #23787
  • ๐Ÿ”ค Documents with special tokens index correctly. Measuring chunk sizes no longer fails when a document contains text that looks like a special token. #26210
  • ๐Ÿ“ Note file attachments stay in sync. Updating the files attached to a note now keeps the editor and saved note in sync. Commit
  • ๐Ÿ“ฑ Better banner layout on mobile. Notification banners now lay out correctly on small screens. Commit, #24912
  • ๐Ÿ“‚ Knowledge file listing includes attached files. Listing files through the knowledge tools now also shows files attached directly to a model, not only those inside a knowledge base, fixing cases where listing returned no results for a model with a single attached file. Commit, #26301
  • ๐Ÿท๏ธ Chat titles generate after long first responses. A new chat now gets its title even when the first response takes a long time, such as one with extensive reasoning or many tool calls, instead of staying "New Chat". Commit, #26240
  • ๐Ÿ”Œ Cancelling an MCP request no longer errors. Stopping a response that was using MCP tools now shuts the connection down cleanly instead of surfacing a server error. Commit
  • ๐Ÿง  Reasoning details preserved across turns. Models that return structured or encrypted reasoning data, such as Gemini, no longer have their assistant message split mid-stream, keeping reasoning continuity across turns. Commit, #23852
  • ๐Ÿ“ก Error messages show for non-standard streaming responses. Providers that send errors over non-standard server-sent events now surface a readable error instead of nothing. #23228
  • ๐Ÿ”‘ Whitespace in terminal server keys no longer breaks auth. Terminal server API keys are now trimmed before use, so a key with stray leading or trailing whitespace still authenticates. Commit, Commit
  • ๐Ÿ”ฅ One bad URL no longer fails Firecrawl scraping. When fetching multiple pages through Firecrawl, a single failing URL is now skipped instead of aborting the whole batch, and rate limits are respected between requests. Commit, #24183
  • ๐Ÿ“ฑ Usable chat input on mobile with many tools. When skills, tools, terminal, web search, and image generation buttons fill the chat input, the row of buttons now scrolls horizontally while the menu, voice, and send controls stay reachable, instead of pushing them off-screen. Commit, #26142
  • ๐Ÿ‘ค Owner avatars only show on shared folders. Chat owner avatars in a folder's chat list now appear only when the folder is actually shared, instead of showing whenever owner information happened to be present. Commit
  • ๐Ÿ“œ No stray scrollbar on the About page. Extra spacing that caused an unnecessary scrollbar on the About settings page has been removed. #25802
  • ๐Ÿšช Sign out works from the Account Pending page. Signing out while your account is pending now goes through the proper sign-out flow, so single sign-on sessions are ended and you are no longer left stuck on the pending screen. #25681, #25644
  • ๐Ÿ”ข Built-in tools accept numeric arguments. Built-in tools no longer crash when a model passes a number or a string where a specific scalar type is expected; values are now coerced to the declared type. Commit, #25638, #25731, #25641
  • โฑ๏ธ MinerU timeout saves. The MinerU API timeout can now be saved from the admin settings, accepting a numeric value. Commit, #25604, #25603
  • ๐Ÿ”ง Background completion no longer clears active tasks. Finishing a chat in the background no longer wipes the set of active tasks, fixing a case where ongoing task indicators could be lost. Commit, #25217
  • ๐Ÿ‘๏ธ Workspace base model selector respects visibility. The base model selector in the workspace now hides models you don't have access to, matching their visibility settings. #25668
  • ๐Ÿงต Channel threads bind to the right channel. A channel thread's parent and replies are now tied to the channel in the URL, preventing mismatches when switching channels. #25766
  • ๐Ÿ—‘๏ธ Unsharing cleans up orphaned rows. Unsharing a chat now handles leftover shared-chat records, avoiding stale entries. #25632
  • ๐Ÿ”Ž Web search results reach the model with retrieval on. Web search results are now passed to the model even when embedding and retrieval are enabled, instead of being left out. #25600
  • ๐Ÿ”ข Group count follows search. The groups count now reflects the filtered search results instead of the full list. #25689
  • โฃ Space key works when renaming. Pressing space while renaming a file or folder no longer opens it, so spaces can be typed in names. #25627
  • ๐Ÿฉน Missing local embedding model no longer blocks startup. A missing local embedding model now surfaces as a deferred error instead of preventing the server from starting. #25683
  • ๐Ÿ”ค Consistent settings label capitalization. Toggle labels in settings now use consistent title casing. #25765
  • โ™ฟ Better screen-reader labels on toggles. Integration and switch toggles now expose proper accessibility labels and pressed state for screen readers. #25258, #25230
  • ๐Ÿ“œ Long dropdowns scroll. Dropdown selects now scroll when their list is long, so all options stay reachable. Commit, #25608
  • ๐Ÿ”ฝ Collapsible sections don't misfire on load. Collapsible sections no longer trigger their change action when first rendered, avoiding unintended toggles on page load. Commit, #25229
  • โž— Large math expressions no longer crash rendering. Parsing math delimiters no longer overflows on very large or deeply nested input, so messages with heavy math render instead of failing. #25845
  • ๐Ÿ—„๏ธ Oversized chunks no longer break Milvus indexing. Overly long text chunks are now trimmed before being sent to Milvus, so a single large chunk can no longer fail the whole batch and leave a file with no embeddings. #25857, #25858
  • ๐Ÿ“ Code editor stays open when empty. The code editor drawer no longer collapses when its content is empty. #25855
  • ๐Ÿ’ฝ Settings no longer lost after a restart. Admin configuration is now stored more reliably, fixing cases where external connections and model parameters could be lost after restarting the server. Commit, Commit, Commit, #24743, #25911, #25959
  • ๐Ÿ“œ Visible chat scrollbar. The chat area now shows a scrollbar, making it easier to scroll through long responses. Commit, #25833
  • ๐ŸŽš๏ธ Default model parameters apply to requests. Default model parameters are now applied to outbound requests, so settings like temperature and the context window take effect as configured. Commit, Commit, #24930, #26209
  • ๐ŸŸข Ollama loaded-model indicator restored. The indicator showing which Ollama model is loaded in VRAM works again after recent changes. #25586, #25732
  • ๐Ÿชช Static MCP connectors recover missing OAuth details. MCP connectors configured with static OAuth credentials now fill in a missing scope or resource from the server's published metadata, so they connect correctly instead of failing when those values were left out. Commit, #25898
  • ๐Ÿ“Š Token usage and cost stats no longer wiped by background tasks. A response's token usage and cost are now preserved when background tasks like title, tag, and follow-up generation run on the same chat, instead of being overwritten. Commit
  • ๐Ÿ”— Model share link updated. Sharing a model now opens the current community post page, fixing the link that pointed at the old endpoint. #25801

Changed

  • โš ๏ธ Database Migrations: This update contains database migrations. Please be sure to back up your database before updating, as downgrading after the migration is not supported.
  • ๐Ÿ”” System events now fire automatically. With the new event system, Open WebUI emits events for activity like startup, sign-ins, and configuration changes, so any webhook you already have configured may begin receiving calls for these newly emitted events after upgrading. Review your event and webhook settings after updating so you only receive the events you want. Commit
  • ๐Ÿ”€ Native tool calling is now the default. Every chat and model that had not explicitly chosen a tool-calling mode now runs Native, which relies on a model's built-in tool support, while the old behavior has been renamed "Legacy" and made the explicit opt-out; if your models depend on the previous approach you must switch them back to "Legacy" per chat, per model, or globally in your default model parameters to preserve their behavior. Commit
  • ๐Ÿ—‚๏ธ Authentication settings moved to their own page. LDAP, OAuth, and related authentication settings have moved out of the General settings page into a dedicated Authentication page in the admin panel. Commit
  • ๐ŸŽ“ Several features are no longer beta. Memories, Notes, Channels, and High Contrast Mode have graduated out of beta and no longer carry a beta label. Commit
  • ๐Ÿ”ง Local web fetch setting renamed. The "ENABLE_RAG_LOCAL_WEB_FETCH" environment variable is now "ENABLE_LOCAL_WEB_FETCH", reflecting that it applies beyond retrieval; the old name still works as a deprecated alias. Commit
  • ๐Ÿ”ง You.com search key renamed. You.com web search now prefers the "YDC_API_KEY" environment variable, with the previous "YOUCOM_API_KEY" still accepted as a fallback. Commit, #26316
  • ๐Ÿงช Client-side Python now runs sandboxed. Client-side Python (Pyodide) now runs in a sandboxed, opaque-origin iframe by default, isolating executed code from your session, cookies, local storage, and the app's own endpoints, while full Python, JavaScript, and external network access keep working. Code that relied on reaching same-origin Open WebUI endpoints from Pyodide will no longer be able to, and Pyodide is now marked legacy in the admin Code Execution settings. Commit, Commit, Commit, Commit, Commit