Skip to content

v6.41

Choose a tag to compare

View all tags
@ekassos ekassos released this 12 Jan 22:39
· 676 commits to main since this release
901-srv459-web278
1ec811b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Release Notes

This update provides important bug fixes, improvements and security updates.

Assistants

Resolved Issues

  • Fixed: Creating or updating an assistant may raise an error.

Threads

New Features

  • Support for parallel tool calls, which could speed up response times for Next-Gen Assistants.
  • Tool calls can be updated with new information at any time during response generation, even if another item has been added to the conversation context.

Updates & Improvements

  • Cached tool calls with a final status (i.e., completed, failed) are no longer overwritten and marked as incomplete when the response generation ends prematurely.

Resolved Issues

  • Fixed: MCP List tools calls made in parallel may show "List tools was canceled" in the UI.
  • Fixed: Details of tools calls made before the assistant started replying cannot be updated in the UI once the assistant message begins streaming.
  • Fixed: A log line that a user has removed authentication details for an MCP server tool may be incorrectly recorded when no changes have been made to a No Authentication MCP server.

Security

Resolved Issues

  • Fixed: In rare cases, instructors may be able to identify anonymized threads. An issue in thread exports was addressed with improved data de-identification.
  • Fixed: The server may infer incorrect permissions based on authentication server responses. A logic issue was addressed with improved validation. [This issue was introduced and resolved within this release and was not present in any prior release.]

Internal

New Features

  • Add new Dependabot workflow to update dependencies.

Updates & Improvements

  • Dependency updates across pingpong, web/pingpong and web/study.
  • Add major version ignore rules for multiple web/pingpong dependencies.
  • Enhance UI code formatting and typing in various components based on dependency updates.
  • Migrate Pydantic schemas from v1 to v2 patterns:
    • Replace class Config: with model_config = ConfigDict(...)
    • Replace .dict() with .model_dump()
    • Replace Field(env="...") with SettingsConfigDict(case_sensitive=False)
  • Fix FastAPI lifespan deprecation:
    • Add @asynccontextmanager decorator to lifespan function
  • Fix starlette deprecation in test auth patterns:
    • Replace cookie-based auth (cookies={"session": token}) with header-based auth (headers={"Authorization": f"Bearer {token}"}) to resolve starlette deprecation. Setting per-request cookies=<…> is being deprecated, because the expected behavior on cookie persistence is ambiguous.

Deployment Information

Schema Upgrade Migration Script Permissions Update Task Definition Update Configuration Update
No No No No No

Deployment Details

  • N/A

Related PRs

What's Changed

  • workflow/ add automatic dependabot dep updates by @ekassos in #1169
  • deps(gha)/ bump the github-actions group with 8 updates by @dependabot[bot] in #1178
  • deps(study-dev): bump the development-dependencies group in /web/study with 25 updates by @dependabot[bot] in #1176
  • deps(py): bump the production-dependencies group with 36 updates by @dependabot[bot] in #1179
  • deps(study-dev): bump the development-dependencies group in /web/study with 4 updates by @dependabot[bot] in #1181
  • deps(py-dev): bump the development-dependencies group with 6 updates by @dependabot[bot] in #1180
  • change/ Resolve old code deprecations by @ekassos in #1182
  • deps(py-dev): bump pytest from 8.4.2 to 9.0.2 in the development-dependencies group by @dependabot[bot] in #1185
  • deps(py): bump anyio from 4.12.0 to 4.12.1 in the production-dependencies group by @dependabot[bot] in #1184
  • deps(web): bump the production-dependencies group across 1 directory with 10 updates by @dependabot[bot] in #1187
  • deps(web): add ignore rules for additional major version updates by @ekassos in #1188
  • deps(web): bump @sentry/sveltekit from 10.30.0 to 10.32.1 in /web/pingpong in the production-dependencies group by @dependabot[bot] in #1189
  • deps(web-dev): bump the development-dependencies group in /web/pingpong with 19 updates by @dependabot[bot] in #1191
  • deps(web-dev): bump @sveltejs/kit from 2.49.2 to 2.49.4 in /web/pingpong in the development-dependencies group by @dependabot[bot] in #1192
  • fix(server): pass class_id to list_class_models in create_assistant and update_assistant by @ekassos in #1193
  • fix(authz): add correlation_id to batch check and ensure ordered results by @ekassos in #1194
  • fix/ Potential for data leaks through Thread Exports & Record User Name by @ekassos in #1195
  • feat: support for parallel tool calls by @ekassos in #1197

Full Changelog: 887-srv450-web272...901-srv459-web278

Contributors

dependabot and ekassos
Assets 2
Loading