2.0.dev2

Important Security Notice

This development release temporarily reverts recent security improvements to restore element functionality. The element feature currently contains a known security vulnerability that could allow unauthorized file access. As this is a development release, it should not be used in production environments.

What's Changed

• Fixed elements not displaying when using authentication by @hayescode in #1474
• Temporarily reverted file access security improvements from 2.0.dev1 to restore functionality (#1441)

Development Status

Work is underway to implement HTTP-only cookie authentication as a comprehensive security solution. This will be a key feature of upcoming development releases.

Full Changelog: 2.0.dev1...2.0.dev2

1.3.1

Important Security Notice

This hotfix release temporarily reverts recent security improvements to restore element functionality. The element feature currently contains a known security vulnerability that could allow unauthorized file access. We strongly recommend against using elements in production environments until our next release, which will implement a comprehensive fix using HTTP-only cookie authentication.

What's Changed

• Fixed elements not displaying when using authentication by @hayescode in #1474
• Temporarily reverted file access security improvements from 1.3.0 to restore functionality (#1441)

Next Steps

We are actively working on a comprehensive security fix that will be released in the coming weeks.

Full Changelog: 1.3.0...1.3.1

2.0dev1

[2.0.dev1] - 2024-10-22

Features

• Added interactive pandas.DataFrame display component using MUI Data Grid (#1373)
• Optional websocket connection in react-client (#1379)
• Added current URL to message payload (#1403)
• Improved image interaction UX - clicking opens in popup with download option (#1402)
• Added configurable user session timeout (#1032)
• Environment variables OAUTH_<PROVIDER>_PROMPT and OAUTH_PROMPT to
  override oauth prompt parameter.
  Prevent automatic re-login with OAUTH_PROMPT=consent. (#1362, #1456).

Security

• Fixed file access vulnerability in get_file and upload_file endpoints (#1441)
• Added authentication to /project/file endpoint (#1441)
• Addressed security vulnerabilities in frontend dependencies (#1431, #1414)

Fixed

• Dialog boxes no longer extend beyond window (#1446)
• Allow empty chat input when submitting attachments (#1261)
• Fixed tasklist when Chainlit is submounted (#1433)
• Allow spaces in avatar filenames (#1418)
• Step argument input and concurrency issues (#1409)
• Correctly copy display_name to PersistentUser during authentication (#1425)

Development

• Refactored storage clients into separate modules (#1363)
• Support for IETF BCP 47 language tags (#1399)
• Improved GitHub Actions workflows and build process (#1445)
• Allow direct installation from GitHub (#1423)
• Extended package metadata with homepage and documentation links (#1413)
• Various backend fixes and code cleanup (#1432)

1.3.0

Key Improvements

• Enhanced security with critical fixes for file handling and dependency updates (#1441, #1431, #1414)
• Added SQLite database support for storing chat history and user data (#1319)
• Made OAuth login behavior configurable through environment variables - use OAUTH_PROMPT=consent to prevent automatic re-login after logout (#1456)
• Added support for localized languages like Latin American Spanish (es-419) through IETF language tags (#1399)
• Enhanced performance and reliability of cloud storage through LiteralAI 0.0.625 update (#1376)

What's Changed

• Made OAuth login prompts configurable via environment variables (#1456) by @dokterbob
• Fixed UI issue with dialog boxes extending beyond screen (#1446) by @laodanfeng
• Ensured user display names persist correctly after authentication (#1425) by @willydouhard
• Improved file upload and access security (#1441) by @dokterbob
• Fixed task list display when Chainlit is used within another app (#1433) by @dokterbob
• Added support for regional language variants like es-419 (#1399) by @erauld
• Fixed concurrent processing of user inputs (#1409) by @willydouhard
• Fixed avatar filename handling to support spaces (#1418) by @dokterbob
• Fixed database identifier handling in SQLAlchemy (#1395) by @hayescode
• Improved module loading performance (#1382) by @dokterbob
• Various documentation and text improvements (#1347, #1348, #1349) by @EWouters

New Contributors

• @laodanfeng made their first contribution in #1446
• @qvalentin made their first contribution in #1441
• @erauld made their first contribution in #1399

Full Commit Log: 1.2.0...1.3.0, CHANGELOG

2.0.dev0

Developer Preview

This is a developer preview release of Chainlit 2.0. It introduces significant changes and new features, particularly integration with the OpenAI Realtime API . As a dev preview, it may contain bugs and is not recommended for production use.

Major Changes

Realtime Audio Processing

The most significant change in this release is the introduction of realtime audio processing capabilities, as implemented in PR #1401 by @willydouhard. This feature enables real-time voice conversations with AI assistants.

Check out a screen grab of the demo on Twitter X.

For a practical implementation of this new feature, check out our cookbook entry on creating a realtime assistant.

Breaking Changes in Audio Implementation

• Replaced AudioChunk type with InputAudioChunk and OutputAudioChunk
• Changed default audio sampling rate from 44100 to 24000
• Removed several audio configuration options (min_decibels, initial_silence_timeout, silence_timeout, chunk_duration, max_duration)
• Introduced new on_audio_start callback
• Modified on_audio_end callback to no longer accept file elements as arguments

New Features

• Audio connection signaling with on and off states
• AudioPresence component for visual representation of audio state
• WavRecorder and WavStreamPlayer classes for improved audio handling
• startConversation and endConversation methods in useAudio hook
• Audio interruption functionality

Other Changes

• Updated useChatInteract hook with startAudioStream method
• Modified useChatSession to handle new audio streaming functionality
• Refactored UI components to reflect new audio implementation
• Added new wavtools directory with various audio processing utilities
• Implemented new AudioWorklet processors for more efficient audio handling

Removed

• RecordScreen component
• Several audio-related configuration options from config.toml

For a complete list of changes, please refer to the full changelog.

We encourage developers to test this preview release and provide feedback. Please report any issues or suggestions on our GitHub repository.

1.3.0rc0

Feedback and testing

This is a release candidate (rc0) for version 1.3.0.
We encourage thorough testing, especially of the LiteralAI integration and history features.

Feedback is highly appreciated to ensure stability for the final 1.3.0 release, specifically on the LiteralAI integration and SQLAlchemy/SQLite.

Key Features and Improvements

• Added SQLite support to the SQLAlchemy integration (#1319)
• Implemented extensive test coverage for LiteralDataLayer and SQLAlchemyDataLayer (#1376, #1346)
• Refactored the LiteralDataLayer for improved performance and consistency (#1376)
• Added get_element() method to SQLAlchemyDataLayer (#1346)
• Enhanced OAuth logout process to prevent automatic re-login (#1362)

What's Changed

• Bump LiteralAI to 0.0.625, refactor LiteralDataLayer by @dokterbob in #1376
• Prevent automatic oauth login after logout by @ModEnter in #1362
• Update README.md by @willydouhard in 1d3ffd4
• Don't run code during import, don't import LiteralDataLayer by default by @dokterbob in #1382
• Update readme by @constantinidan in #1351
• Python fixes by @EWouters in #1353
• Get rid of context from SQL Alchemy data layer, fix SQLite support by @DanielAvdar in #1319
• Add get_element() and test infra for sql_alchemy.py by @hayescode in #1346
• YAML fixes, restrict GH Actions perms by @EWouters in #1349
• Markdownlint fixes by @EWouters in #1348
• Small text fixes by @EWouters in #1347

New Contributors

• @ModEnter made their first contribution in #1362
• @constantinidan made their first contribution in #1351
• @DanielAvdar made their first contribution in #1319
• @hayescode made their first contribution in #1346

Full Changelog: 1.2.0...1.3.0rc0

1.2.0rc0

Add experimental assistant feature

1.2.0

Security

• Fixed critical vulnerabilities allowing arbitrary file read access (#1326)
• Improved path traversal protection in various endpoints (#1326)

Added

• Hebrew translation JSON (#1322)
• Translation files for Indian languages (#1321)
• Support for displaying function calls as tools in Chain of Thought for LlamaIndexCallbackHandler (#1285)
• Improved feedback UI with refined type handling (#1325)

Changed

• Upgraded cryptography from 43.0.0 to 43.0.1 in backend dependencies (#1298)
• Improved GitHub Actions workflow (#1301)
• Enhanced data layer cleanup for better performance (#1288)
• Factored out callbacks with extensive test coverage (#1292)
• Adopted strict adherence to Semantic Versioning (SemVer)

Fixed

• Websocket connection issues when submounting Chainlit (#1337)
• Show_input functionality on chat resume for SQLAlchemy (#1221)
• Negative feedback class incorrectness (#1332)
• Interaction issues with Chat Profile Description Popover (#1276)
• Centered steps within assistant messages (#1324)
• Minor spelling errors (#1341)

Development

• Added documentation for release engineering process (#1293)
• Implemented testing for FastAPI version matrix (#1306)
• Removed wait statements from E2E tests for improved performance (#1270)
• Bumped dataclasses to latest version (#1291)
• Ensured environment loading before other imports (#1328)

1.1.404

Breaking Changes

• Python Version: This release requires Python 3.9 or higher. Please ensure you're using a compatible Python version before upgrading.
• Containerized Deployments: If you're using containerized deployments, you may need to specify --host 0.0.0.0 for your container to work correctly with the new security changes.

What's Changed

• add css class based on active theme by @haskinsjg in #1201
• Ignore missing type stubs in Azure datalake. by @dokterbob in #1197
• fix: lc callback by @willydouhard in #1203
• Stop ignoring poetry lockfile. #1190 by @dokterbob in #1191
• Black isort as dev deps in pyproject.toml by @dokterbob in #1217
• Unbreak the build by @dokterbob in #1236
• fix: edit_message in correct place in config.toml by @EWouters in #1218
• #1178 Fix AttributeError: 'ChatCompletionChunk' object has no attribute 'get' by @dvquy13 in #1229
• Python unittest structure by @dokterbob in #1245
• Gracefully handle HTTP errors when sending steps by @oshoma in #1248
• Cleanup Python 3.9 by @EWouters in #1250
• modify config.py by @raihanou1 in #861
• Adding CHAINLIT_APP_ROOT to modify APP_ROOT by @MervinPraison in #1259
• fix: resolve #828 by updating websocket's thread id header with currentThreadId to ensure session continuation after backend restart by @qtangs in #996
• Various improvements in tests/CI by @dokterbob in #1271
• Data layer refactor/cleanup by @dokterbob in #1277
• Revert "Data layer refactor/cleanup" by @dokterbob in #1287
• Changelog for version 1.2.0. by @dokterbob in #1289
• Fix publish workflow. by @dokterbob in #1299
• Correct 1.2.0 release date in changelog by @dokterbob in #1297
• Fix publishworkflow again by @dokterbob in #1300
• Update pyproject with correct package version. by @dokterbob in #1302

New Contributors

• @haskinsjg made their first contribution in #1201
• @dokterbob made their first contribution in #1197
• @EWouters made their first contribution in #1218
• @dvquy13 made their first contribution in #1229
• @oshoma made their first contribution in #1248
• @raihanou1 made their first contribution in #861
• @MervinPraison made their first contribution in #1259

Full Changelog: 1.1.402...1.1.404

1.1.403rc0

Fixed

• Langchain Callback handler IndexError
• Attempt to fix websocket issues