Releases: Chainlit/chainlit
2.0rc1
What's Changed
- fix: pass headers when connecting sockets by @willydouhard in #1575
- Cookie-based auth by @dokterbob in #1521
Full Changelog: 2.0.dev2...2.0rc1
2.0rc0
⚠️ Security Advisory
IMPORTANT: The element feature currently contains a known security vulnerability that could allow unauthorized file access. We strongly recommend against using elements in production environments until a comprehensive fix is implemented in an upcoming release.
Key Improvements
- Complete overhaul with OpenAI Realtime API support for streaming audio chat interactions by @willydouhard (#1401, #1406, #1410)
- New interactive DataFrame display functionality with auto-fit content by @desertproject and @hayescode (#1373, #1467)
- Enhanced security measures and development tooling by @dokterbob (#1431, #1414)
Breaking Changes
OpenAI Realtime API Integration
- Replaced
AudioChunk
withInputAudioChunk
andOutputAudioChunk
- Changed default audio sampling rate from 44100 to 24000
- Removed several audio configuration options (
min_decibels
,initial_silence_timeout
,silence_timeout
,chunk_duration
,max_duration
) - Removed
RecordScreen
component
Other Changes
New Features
- Implemented realtime audio streaming with new components by @willydouhard (#1401, #1406, #1410):
- Added
AudioPresence
for visual feedback - Introduced
WavRecorder
andWavStreamPlayer
classes - Added audio interruption functionality
- New
on_audio_start
callback
- Added
- Added interactive DataFrame display using MUI Data Grid with auto-fit content by @desertproject and @hayescode (#1373, #1467)
- Enhanced image interaction with popup view and download capabilities by @fgalind1 (#1402)
- Made websocket connections optional in react-client by @sandangel (#1379)
- Added current URL to message payload in copilot mode by @fgalind1 (#1403)
- Enabled empty chat input when submitting attachments by @EcoleKeine (#1261)
- Added support for regional language variants like es-419 by @erauld (#1399)
Technical Improvements
- Factored storage clients into separate modules by @ndricca (#1363)
- Implemented comprehensive linting with ruff by @dokterbob (#1495)
- Added mypy daemon for faster type-checking by @dokterbob (#1495)
- Enhanced GitHub Actions with additional linting by @dokterbob (#1445)
- Enabled direct installation from GitHub by @dokterbob (#1423)
- Various build script improvements by @dokterbob (#1462)
Migration Guide
OpenAI Realtime API Migration
If you're using audio features, you'll need to update your code to use the new realtime audio system:
- Update imports and types:
- from chainlit.types import AudioChunk
+ from chainlit.types import InputAudioChunk, OutputAudioChunk
- Update your audio callbacks:
@cl.on_audio_start
async def on_audio_start():
# New callback to initialize audio session
# Return True to enable audio connection
return True
@cl.on_audio_chunk
async def on_audio_chunk(chunk: cl.InputAudioChunk):
# Process incoming audio chunks
# chunk.data contains the raw audio data
pass
@cl.on_audio_end
async def on_audio_end():
# Clean up audio session
pass
- For streaming audio back to the client:
await cl.context.emitter.send_audio_chunk(
cl.OutputAudioChunk(
mimeType="pcm16",
data=audio_data,
track=track_id
)
)
See our documentation for a complete implementation example.
New Contributors
- @fgalind1 made their first contribution with URL and image interaction improvements (#1403)
- @erauld made their first contribution with regional language support (#1399)
- @ndricca made their first contribution with storage client modularization (#1363)
- @desertproject made their first contribution with interactive DataFrame display (#1373)
- @EcoleKeine made their first contribution with attachments handling improvements (#1261)
- @sandangel made their first contribution with optional websocket connections (#1379)
Full Changelog: 1.3.1...2.0rc0
1.3.2
⚠️ Security Advisory
IMPORTANT: The element feature currently contains a known security vulnerability that could allow unauthorized file access. We strongly recommend against using elements in production environments until a comprehensive fix is implemented in an upcoming release.
Breaking Changes
This release drops support for FastAPI versions before 0.115.3 and Starlette versions before 0.41.2 due to a severe security vulnerability (CVE-2024-47874). We strongly encourage all downstream dependencies to upgrade as well.
While this is technically a breaking change in a patch release, we are prioritizing security over strict semantic versioning in this case. We strongly encourage all users to upgrade to this version immediately for the latest security improvements.
Security Updates
- Critical dependency updates to address CVE-2024-47874 (#1493):
- Upgraded fastapi to 0.115.3
- Upgraded starlette to 0.41.2
- Upgraded werkzeug to 3.0.6
Bug Fixes
- Fixed incorrect message ordering in UI by @pmercier (#1501):
- Messages now display in the correct chronological order
- Resolved race conditions in message display logic
- Improved message state management
Contributors
- @dokterbob
- @pmercier made their first contribution in #1501
Full Changelog: 1.3.1...1.3.2
2.0.dev2
Important Security Notice
This development release temporarily reverts recent security improvements to restore element functionality. The element feature currently contains a known security vulnerability that could allow unauthorized file access. As this is a development release, it should not be used in production environments.
What's Changed
- Fixed elements not displaying when using authentication by @hayescode in #1474
- Temporarily reverted file access security improvements from 2.0.dev1 to restore functionality (#1441)
Development Status
Work is underway to implement HTTP-only cookie authentication as a comprehensive security solution. This will be a key feature of upcoming development releases.
Full Changelog: 2.0.dev1...2.0.dev2
1.3.1
Important Security Notice
This hotfix release temporarily reverts recent security improvements to restore element functionality. The element feature currently contains a known security vulnerability that could allow unauthorized file access. We strongly recommend against using elements in production environments until our next release, which will implement a comprehensive fix using HTTP-only cookie authentication.
What's Changed
- Fixed elements not displaying when using authentication by @hayescode in #1474
- Temporarily reverted file access security improvements from 1.3.0 to restore functionality (#1441)
Next Steps
We are actively working on a comprehensive security fix that will be released in the coming weeks.
Full Changelog: 1.3.0...1.3.1
2.0dev1
[2.0.dev1] - 2024-10-22
Features
- Added interactive
pandas.DataFrame
display component using MUI Data Grid (#1373) - Optional websocket connection in react-client (#1379)
- Added current URL to message payload (#1403)
- Improved image interaction UX - clicking opens in popup with download option (#1402)
- Added configurable user session timeout (#1032)
- Environment variables
OAUTH_<PROVIDER>_PROMPT
andOAUTH_PROMPT
to
override oauth prompt parameter.
Prevent automatic re-login withOAUTH_PROMPT=consent
. (#1362, #1456).
Security
- Fixed file access vulnerability in
get_file
andupload_file
endpoints (#1441) - Added authentication to
/project/file
endpoint (#1441) - Addressed security vulnerabilities in frontend dependencies (#1431, #1414)
Fixed
- Dialog boxes no longer extend beyond window (#1446)
- Allow empty chat input when submitting attachments (#1261)
- Fixed tasklist when Chainlit is submounted (#1433)
- Allow spaces in avatar filenames (#1418)
- Step argument input and concurrency issues (#1409)
- Correctly copy
display_name
toPersistentUser
during authentication (#1425)
Development
- Refactored storage clients into separate modules (#1363)
- Support for IETF BCP 47 language tags (#1399)
- Improved GitHub Actions workflows and build process (#1445)
- Allow direct installation from GitHub (#1423)
- Extended package metadata with homepage and documentation links (#1413)
- Various backend fixes and code cleanup (#1432)
1.3.0
Key Improvements
- Enhanced security with critical fixes for file handling and dependency updates (#1441, #1431, #1414)
- Added SQLite database support for storing chat history and user data (#1319)
- Made OAuth login behavior configurable through environment variables - use
OAUTH_PROMPT=consent
to prevent automatic re-login after logout (#1456) - Added support for localized languages like Latin American Spanish (es-419) through IETF language tags (#1399)
- Enhanced performance and reliability of cloud storage through LiteralAI 0.0.625 update (#1376)
What's Changed
- Made OAuth login prompts configurable via environment variables (#1456) by @dokterbob
- Fixed UI issue with dialog boxes extending beyond screen (#1446) by @laodanfeng
- Ensured user display names persist correctly after authentication (#1425) by @willydouhard
- Improved file upload and access security (#1441) by @dokterbob
- Fixed task list display when Chainlit is used within another app (#1433) by @dokterbob
- Added support for regional language variants like es-419 (#1399) by @erauld
- Fixed concurrent processing of user inputs (#1409) by @willydouhard
- Fixed avatar filename handling to support spaces (#1418) by @dokterbob
- Fixed database identifier handling in SQLAlchemy (#1395) by @hayescode
- Improved module loading performance (#1382) by @dokterbob
- Various documentation and text improvements (#1347, #1348, #1349) by @EWouters
New Contributors
- @laodanfeng made their first contribution in #1446
- @qvalentin made their first contribution in #1441
- @erauld made their first contribution in #1399
Full Commit Log: 1.2.0...1.3.0, CHANGELOG
2.0.dev0
Developer Preview
This is a developer preview release of Chainlit 2.0. It introduces significant changes and new features, particularly integration with the OpenAI Realtime API . As a dev preview, it may contain bugs and is not recommended for production use.
Major Changes
Realtime Audio Processing
The most significant change in this release is the introduction of realtime audio processing capabilities, as implemented in PR #1401 by @willydouhard. This feature enables real-time voice conversations with AI assistants.
Check out a screen grab of the demo on Twitter X.
For a practical implementation of this new feature, check out our cookbook entry on creating a realtime assistant.
Breaking Changes in Audio Implementation
- Replaced
AudioChunk
type withInputAudioChunk
andOutputAudioChunk
- Changed default audio sampling rate from 44100 to 24000
- Removed several audio configuration options (
min_decibels
,initial_silence_timeout
,silence_timeout
,chunk_duration
,max_duration
) - Introduced new
on_audio_start
callback - Modified
on_audio_end
callback to no longer accept file elements as arguments
New Features
- Audio connection signaling with
on
andoff
states AudioPresence
component for visual representation of audio stateWavRecorder
andWavStreamPlayer
classes for improved audio handlingstartConversation
andendConversation
methods inuseAudio
hook- Audio interruption functionality
Other Changes
- Updated
useChatInteract
hook withstartAudioStream
method - Modified
useChatSession
to handle new audio streaming functionality - Refactored UI components to reflect new audio implementation
- Added new wavtools directory with various audio processing utilities
- Implemented new AudioWorklet processors for more efficient audio handling
Removed
RecordScreen
component- Several audio-related configuration options from
config.toml
For a complete list of changes, please refer to the full changelog.
We encourage developers to test this preview release and provide feedback. Please report any issues or suggestions on our GitHub repository.
1.3.0rc0
Feedback and testing
This is a release candidate (rc0) for version 1.3.0.
We encourage thorough testing, especially of the LiteralAI integration and history features.
Feedback is highly appreciated to ensure stability for the final 1.3.0 release, specifically on the LiteralAI integration and SQLAlchemy/SQLite.
Key Features and Improvements
- Added SQLite support to the SQLAlchemy integration (#1319)
- Implemented extensive test coverage for LiteralDataLayer and SQLAlchemyDataLayer (#1376, #1346)
- Refactored the LiteralDataLayer for improved performance and consistency (#1376)
- Added
get_element()
method to SQLAlchemyDataLayer (#1346) - Enhanced OAuth logout process to prevent automatic re-login (#1362)
What's Changed
- Bump LiteralAI to 0.0.625, refactor LiteralDataLayer by @dokterbob in #1376
- Prevent automatic oauth login after logout by @ModEnter in #1362
- Update README.md by @willydouhard in 1d3ffd4
- Don't run code during import, don't import LiteralDataLayer by default by @dokterbob in #1382
- Update readme by @constantinidan in #1351
- Python fixes by @EWouters in #1353
- Get rid of context from SQL Alchemy data layer, fix SQLite support by @DanielAvdar in #1319
- Add get_element() and test infra for sql_alchemy.py by @hayescode in #1346
- YAML fixes, restrict GH Actions perms by @EWouters in #1349
- Markdownlint fixes by @EWouters in #1348
- Small text fixes by @EWouters in #1347
New Contributors
- @ModEnter made their first contribution in #1362
- @constantinidan made their first contribution in #1351
- @DanielAvdar made their first contribution in #1319
- @hayescode made their first contribution in #1346
Full Changelog: 1.2.0...1.3.0rc0
1.2.0rc0
Add experimental assistant feature