feat(container)!: Update image langgenius/dify-api to v1

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Update	Change
langgenius/dify-api	major	0.6.11 → 1.11.2

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

langgenius/dify (langgenius/dify-api)

v1.11.2

Compare Source

🌟 What’s New in v1.11.2 🌟

Welcome to version 1.11.2! This release sees a significant number of improvements, especially around testing, fixes, and new integrations to enhance the robustness and flexibility of the platform. Here's the lowdown:

🚀 New Features

• InterSystems IRIS Vector Database: We've added support for this database to bolster data handling capabilities. Big ups to @​TomoOkuyama! (#​29480)
• Aliyun SLS Integration: Workflow execution logging can now leverage Aliyun's Simple Log Service, courtesy of @​adongfan. (#​28986)
• Tunisian Arabic Support: We've expanded our language support with Tunisian Arabic. Shukran @​nourzakhama2003! (#​29306)

⚙️ Enhancements

• Comprehensive Test Coverage: A slew of Jest tests have been added to various components, such as the ConfirmModal, AppCard, CustomizeModal, and more. Thanks to everyone involved, especially @​lyzno1! These enhance our confidence in releasing robust changes. (#​29627, #​29667, etc.)
• Amplitude Tracking: Enhanced user behavior tracking across the platform for deeper insights, thanks to @​CodingOnStar. (#​29662)
• Pipeline Setting Tests: Automated testing has been added to ensure any future changes to pipeline settings won't break your optimizations. (#​29478)
• Responsive Chat Wrapper: We've optimized the chat interface for better usability across all device types. Props to @​hangboss1761. (#​29687)

🛠️ Bug Fixes

• Unified Translation: Fixed various translation-related issues across multiple languages for a more coherent global experience. Thanks, @​ZeroZ-lab! (#​29759)
• Security Enhancements: We've patched an XSS vulnerability with the Mermaid Graph and tackled SSRF and CSV injection issues. Kudos to @​zyssyz123 and @​laipz8200. (#​29811, #​29462)
• Upload Fixes: If file uploads are disabled, they'll now be consistently so across the board. Big thanks to @​iamjoel. (#​29681)
• API Key Validation: Ensures API keys in HTTPRequest nodes are never empty, thanks to @​AziizBg. (#​29950)
• Miscellaneous Fixes: A whole host of tweaks ranging from workflow past version data synchronization to adjustment of padding for better alignment. Massive thanks to all who squashed these bugs! (#​30139, #​29999)

🎨 Code Quality & Maintenance

• Refactor Marathon: We've massively refactored our API and web controllers to make future updates easier and more performant. Big thanks to @​asukaminato0721 for spearheading this. (#​29894, #​29888, etc.)
• Jest and Webpack Optimizations: Improved Jest caching, configuration, and migration to Vitest/ESM in the web components for quicker, more reliable tests. Hats off to @​lyzno1 and @​hyoban. (#​29881, #​29974)
• Documentation Cleanup: The Swagger UI is now disabled by default in production releases, being more cautious about what information hangs out there. Thanks @​laipz8200. (#​29723)

That's the round-up for v1.11.2! As always, a huge shoutout to all contributors who make these improvements possible. You rock! Now, go try the new release, and hit us up with feedback. Happy coding! 🙌

---

Upgrade Guide

Docker Compose Deployments

1. Back up your customized docker-compose YAML file (optional)

   cd docker
   cp docker-compose.yaml docker-compose.yaml.$(date +%s).bak

2. Get the latest code from the main branch

   git checkout main
   git pull origin main

3. Stop the service. Please execute in the docker directory

   docker compose down

4. Back up data

   tar -cvf volumes-$(date +%s).tgz volumes

5. Upgrade services

   docker compose up -d

[!NOTE]

If you encounter errors like below

2025/11/26 11:37:57 /app/internal/db/pg/pg.go:30
[error] failed to initialize database, got error failed to connect to `host=db_postgres user=postgres database=dify_plugin`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)

2025/11/26 11:37:57 /app/internal/db/pg/pg.go:34
[error] failed to initialize database, got error failed to connect to `host=db_postgres user=postgres database=postgres`: hostname > resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)
2025/11/26 11:37:57 init.go:99: [PANIC]failed to init dify plugin db: failed to connect to `host=db_postgres user=postgres database=postgres`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)
panic: [PANIC]failed to init dify plugin db: failed to connect to `host=db_postgres user=postgres database=postgres`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)

Please use the following command instead. For details, please read this #​28706

docker compose --profile postgresql up -d

Source Code Deployments

1. Stop the API server, Worker, and Web frontend Server.

2. Get the latest code from the release branch:

   git checkout 1.11.2

3. Update Python dependencies:

   cd api
   uv sync

4. Then, let's run the migration script:

   uv run flask db upgrade

5. Finally, run the API server, Worker, and Web frontend Server again.

---

What's Changed

• chore: add test case for download components by @​iamjoel in #​29569
• chore: test for app card and no data by @​iamjoel in #​29570
• test(web): add comprehensive tests for workflow-log component by @​lyzno1 in #​29562
• fix: bump wandb to 0.23.1 urllib3 to 2.6.0 by @​kenwoodjw in #​29481
• fix: remove unnecessary error log when trigger endpoint returns 404 by @​Mairuis in #​29587
• feat(i18n): add Tunisian Arabic (ar-TN) translation by @​nourzakhama2003 in #​29306
• fix: validate page_size limit in plugin list and tasks endpoints by @​aplulu in #​29611
• fix(workflow): agent prompt editor canvas not covering full text height by @​abesticode in #​29623
• chore: add anthropic skills for frontend testing by @​lyzno1 in #​29608
• fix: fix mime type is none by @​fatelei in #​29579
• fix(ci): use setup-python to avoid 504 errors and use project oxlint config by @​lyzno1 in #​29613
• fix: show uninstalled plugin nodes in workflow checklist by @​lyzno1 in #​29630
• fix: fix delete_account_task not check billing enabled by @​fatelei in #​29577
• fix: add secondary text color to plugin task headers by @​Pleasurecruise in #​29529
• fixes: #​28300 Change the Citations banner in dark mode to fully opaque by @​Rickon-dev in #​28673
• feat: Add InterSystems IRIS vector database support by @​TomoOkuyama in #​29480
• chore(deps): bump @​hookform/resolvers from 3.10.0 to 5.2.2 in /web by @​dependabot[bot] in #​29442
• chore: add AGENTS.md for frontend by @​lyzno1 in #​29647
• test: add comprehensive Jest tests for ConfirmModal component by @​lyzno1 in #​29627
• fix(api): Populate Missing Attributes For Arize Phoenix Integration by @​ialisaleh in #​29526
• fix(workflow): tool plugin output_schema array type not selectable in subsequent nodes by @​importcjj in #​29035
• Add file upload enabled check and new i18n message by @​halogen22 in #​28946
• chore: disable swagger doc in production by @​lin-snow in #​29283
• fix(api): use json_repair for conversation title parsing by @​quicksandznzn in #​29649
• perf: commit once by @​fatelei in #​29590
• fix: delete knowledge pipeline but pipeline and workflow don't delete by @​JohnJyong in #​29591
• refactor: admin api using session factory by @​fatelei in #​29628
• chore(i18n): translate i18n files and update type definitions by @​github-actions[bot] in #​29651
• fix: does not save segment vector when there is no attachment_ids by @​Chenyl-Sai in #​29520
• test: Consolidate API CI test runner by @​laipz8200 in #​29440
• fix: correct i18n SSO translations and fix validation/type issues by @​NeatGuyCoding in #​29564
• fix: dos in annotation import by @​zyssyz123 in #​29470
• feat: Enhance Amplitude tracking across various components by @​CodingOnStar in #​29662
• chore: tests for annotation by @​iamjoel in #​29664
• chore: some billing test by @​iamjoel in #​29648
• fix: ssrf, add internal ip filter when parse tool schema by @​zyssyz123 in #​29548
• fix: csv injection in annotations export by @​zyssyz123 in #​29462
• fix: all upload files are disabled if upload file feature disabled by @​iamjoel in #​29681
• fix: webhook node output file as file variable by @​fatelei in #​29621
• chore: skip upload_file_id is missing by @​fatelei in #​29666
• chore: add online drive metadata source enum by @​quicksandznzn in #​29674
• fix: update chat wrapper components to use min-h instead of h for better responsiveness by @​hangboss1761 in #​29687
• test: enhance DebugWithMultipleModel component test coverage by @​lyzno1 in #​29657
• chore: some tests for configuration components by @​iamjoel in #​29653
• test: enhance workflow-log component tests with comprehensive coverage by @​lyzno1 in #​29616
• test: add comprehensive frontend tests for billing plan assets by @​lyzno1 in #​29615
• test: try to use Anthropic Skills to add tests for web/app/components/apps/ by @​lyzno1 in #​29607
• feat: VECTOR_STORE supports seekdb by @​longbingljw in #​29658
• refactor: create shared react-i18next mock to reduce duplication by @​lyzno1 in #​29711
• test: add comprehensive Jest test for CreateAppTemplateDialog component by @​lyzno1 in #​29713
• test: add unit tests for DocumentPicker, PreviewDocumentPicker, and R… by @​CodingOnStar in #​29695
• feat: add GraphEngine layer node execution hooks by @​hieheihei in #​28583
• chore: webhook with bin file should guess mimetype by @​hjlarry in #​29704
• test: add comprehensive Jest tests for CustomPage and WorkflowOnboardingModal components by @​lyzno1 in #​29714
• revert: "security/fix-swagger-info-leak-m02" by @​crazywoola in #​29721
• test: add comprehensive tests for CustomizeModal component by @​lyzno1 in #​29709
• chore: Disable Swagger UI by default in docker samples by @​laipz8200 in #​29723
• chore: tests for billings by @​iamjoel in #​29720
• test: add comprehensive unit tests for APIKeyInfoPanel component by @​lyzno1 in #​29719
• feat: Remove TLS 1.1 from default NGINX protocols by @​laipz8200 in #​29728
• test: Add comprehensive Jest test for AppCard component by @​lyzno1 in #​29667
• test: Stabilize sharded Redis broadcast multi-subscriber test by @​laipz8200 in #​29733
• chore: tests for components in config by @​iamjoel in #​29739
• Feat/update notion preview by @​JohnJyong in #​29345
• fix: Login secret text transmission by @​zyssyz123 in #​29659
• fix: oxlint no unused expressions by @​Angel98518 in #​29675
• feat: _truncate_json_primitives support file by @​fatelei in #​29760
• fix: add Slovenian and Tunisian Arabic translations across multiple language files by @​ZeroZ-lab in #​29759
• ci: show missing lines in coverage report summary by @​laipz8200 in #​29717
• chore: add tests for config string and dataset card item by @​lyzno1 in #​29743
• chore(web): add some jest tests by @​lyzno1 in #​29754
• feat: add automated tests for pipeline setting by @​CodingOnStar in #​29478
• feat: add datasource_parameters handling for API requests by @​r-hashi01 in #​29757
• feat: Add "type" field to PipelineRecommendedPlugin model; Add query param "type" to recommended-plugins api. by @​FFXN in #​29736
• chore: tests form add annotation by @​iamjoel in #​29770
• chore: tests for webapp run batch by @​iamjoel in #​29767
• feat: Add Aliyun SLS (Simple Log Service) integration for workflow execution logging by @​adongfan in #​28986
• feat: update RAG recommended plugins hook to accept type parameter by @​WTW0313 in #​29735
• fix: detect_file_encodings TypeError: tuple indices must be integers or slices, not str by @​zhaobingshuang in #​29595
• test(api): add a test for detect_file_encodings by @​fatelei in #​29778
• chore: tests for app agent configures by @​iamjoel in #​29789
• fix: Correct French grammar by @​ttaylorr1 in #​29793
• fix(deps): restore charset_normalizer, revert accidental chardet reintroduction by @​adongfan in #​29782
• chore: scope docs CODEOWNERS by @​laipz8200 in #​29813
• chore: add some jest tests by @​lyzno1 in #​29800
• chore: compatiable opendal modify by @​fatelei in #​29794
• test: add comprehensive unit tests for JinaReader and WaterCrawl comp… by @​CodingOnStar in #​29768
• chore(web): add some tests by @​lyzno1 in #​29772
• test: add unit tests for DatasetConfig component with comprehensive coverage of rendering, dataset management, context variables, and metadata filtering by @​lyzno1 in #​29779
• chore: add AppTypeSelector tests and improve clear button accessibility by @​lyzno1 in #​29791
• fix: remove unnecessary min-width css style from AllTools and Blocks components by @​wcc0077 in #​29810
• fix: mermaid graph xss problem by @​laipz8200 in #​29811
• fix: drop some dead links by @​yihong0618 in #​29827
• fix: TypeError: outputParameters is not iterable by @​crazywoola in #​29833
• feat: add billing subscription plan api by @​hj24 in #​29829
• chore: tests for goto anything by @​iamjoel in #​29831
• feat: sandbox retention basic settings by @​hj24 in #​29842
• fix: fix json object validate by @​fatelei in #​29840
• fix(theme): make sticky headers opaque in dark mode (Monaco sticky sc… by @​nourzakhama2003 in #​29826
• ci: add detailed test coverage report for web by @​lyzno1 in #​29803
• fix: plugin execution timeout not respecting PLUGIN_MAX_EXECUTION_TIMEOUT by @​hukurou0 in #​29785
• feat: show generate speed in chatbot by @​leslie2046 in #​29602
• chore: tests for annotation by @​iamjoel in #​29851
• perf: decrease db query by @​fatelei in #​29837
• chore(codeowners): add migrations code owner by @​laipz8200 in #​29864
• chore(web): enhance frontend tests by @​lyzno1 in #​29859
• fix: fix fixed_separator by @​fatelei in #​29861
• refactor: part of remove all reqparser by @​asukaminato0721 in #​29848
• chore(web): enhance tests follow the testing.md and skills by @​lyzno1 in #​29841
• fix(api): resolve errors when setting visibility to partial members by @​quicksandznzn in #​29830
• refactor: implement SettingsModal with retrieval settings and add tests for RetrievalChangeTip component by @​lyzno1 in #​29786
• chore: enhance Jest setup and add new tests for dataset creation components by @​CodingOnStar in #​29825
• fix 29184 by @​leslie2046 in #​29188
• chore: tests for configuration by @​iamjoel in #​29870
• refactor: split changes for api/controllers/web/audio.py by @​asukaminato0721 in #​29856
• chore(web): enhance frontend tests by @​lyzno1 in #​29869
• chore(deps-dev): bump storybook from 9.1.13 to 9.1.17 in /web by @​dependabot[bot] in #​29906
• refactor: split changes for api/libs/helper.py by @​asukaminato0721 in #​29875
• perf: improve Jest caching and configuration in web tests by @​lyzno1 in #​29881
• refactor: unified cn utils by @​hyoban in #​29916
• refactor: split changes for api/controllers/web/completion.py by @​asukaminato0721 in #​29855
• chore: update packageManager version in package.json to pnpm@​10.26.1 by @​lyzno1 in #​29918
• feat(tests): add comprehensive tests for Processing and EmbeddingProcess components by @​CodingOnStar in #​29873
• fix: workflow log search input controlled state by @​lyzno1 in #​29930
• chore: add some tests case code by @​iamjoel in #​29927
• refactor: migrate common service toward TanStack Query by @​lyzno1 in #​29009
• test: Adding missing tests or correcting existing tests by @​CodingOnStar in #​29937
• refactor: split changes for api/tests/test_containers_integration_tes… by @​asukaminato0721 in #​29897
• refactor: split changes for api/controllers/console/explore/completio… by @​asukaminato0721 in #​29894
• chore: Add codeowner for web test, vdb and docker by @​laipz8200 in #​29948
• chore: add symlink for skills directory and update autofix workflow exclusion pattern by @​lyzno1 in #​29953
• fix: add RFC 9728 compliant well-known URL discovery with path insertion fallback by @​Nov1c444 in #​29960
• fix: update Notion credential retrieval in document indexing sync task by @​nht1206 in #​29933
• feat: first use INTERNAL_FILES_URL first, then FILES_URL by @​fatelei in #​29962
• fix: validate API key is not empty in HTTPRequest node by @​AziizBg in #​29950
• fix: clear uploaded files when clicking clear button in workflow by @​GuangjingYan in #​29884
• refactor: split changes for api/controllers/console/explore/installed… by @​asukaminato0721 in #​29891
• refactor: split changes for api/controllers/console/explore/conversat… by @​asukaminato0721 in #​29893
• fix: invalidate tool provider cache after MCP authentication by @​Nov1c444 in #​29972
• chore(deps): bump immer from 10.2.0 to 11.1.0 in /web by @​dependabot[bot] in #​29969
• refactor(web): migrate to Vitest and esm by @​hyoban in #​29974
• fix: CODEOWNERS web path scope by @​laipz8200 in #​29995
• chore: bump plugin daemon image tag to 0.5.2-local by @​laipz8200 in #​29993
• feat: Configure devcontainer with /tmp volume mount, vscode remote user, and post-start script updates. by @​ZeroZ-lab in #​29986
• perf: optimize DatasetRetrieval.retrieve、RetrievalService._deduplicat… by @​fatelei in #​29981
• refactor: split changes for api/controllers/web/app.py by @​asukaminato0721 in #​29857
• fix: adjust padding in entry node container for better alignment by @​ZeroZ-lab in #​29999
• fix: preserve empty list for FILE_LIST type in base_app_generator by @​majiayu000 in #​29618
• chore(deps): bump pypdfium2 from 4.30.0 to 5.2.0 in /api by @​dependabot[bot] in #​29639
• refactor: split changes for api/controllers/web/message.py by @​asukaminato0721 in #​29874
• feat: support var filer in conversation service by @​fatelei in #​29245
• feat: Add OSS-specific parameters for HW and ALI private deployment by @​myg133 in #​29705
• chore: anchor CODEOWNERS paths to root by @​laipz8200 in #​29998
• fix(chat): reset scroll state when switching conversations by @​majiayu000 in #​29984
• fix: invite team member display issue by @​hjlarry in #​30011
• chore: remove unused login call from activation flow by @​hjlarry in #​30017
• chore: Translate stray Chinese comment to English by @​hjlarry in #​30024
• chore(web): new lint setup by @​hyoban in #​30020
• feat: Add polyfill for Array.prototype.toSpliced method by @​CodingOnStar in #​30031
• chore: lint require and how to import react by @​hyoban in #​30041
• fix: YAML URL import rewrite for GitHub attachments by @​laipz8200 in #​30003
• chore: enable ts/no-explicit-any, remove no-unused-vars by @​hyoban in #​30042
• feat: grace ful close the connection by @​fatelei in #​30039
• fix(ops): correct LangSmith dotted_order timestamp format by @​ericko-being in #​30022
• fix: when use forward proxy with httpx, httpx will overwrite the use … by @​fatelei in #​30029
• feat: allow user close the tab to sync the draft by @​fatelei in #​30034
• refactor: split changes for api/controllers/web/remote_files.py by @​asukaminato0721 in #​29853
• refactor: nodejs sdk by @​lyzno1 in #​30036
• fix: fix firecrawl url concat by @​fatelei in #​30008
• refactor: split changes for api/controllers/console/extension.py by @​asukaminato0721 in #​29888
• refactor: split changes for api/controllers/web/forgot_password.py by @​asukaminato0721 in #​29858
• feat(docker): add environment variables synchronization tool by @​sattosan in #​29845
• fix: handle missing credential_id by @​nht1206 in #​30051
• fix: loop streaming by clearing stale subgraph variables by @​Nov1c444 in #​30059
• chore: some tests by @​iamjoel in #​30078
• refactor(web): migrate log service to TanStack Query by @​lyzno1 in #​30065
• chore: some tests by @​iamjoel in #​30084
• chore: fix type check for i18n by @​hyoban in #​30058
• refactor(web): migrate explore app lists from useSWR to TanStack Query by @​lyzno1 in #​30076
• chore: no template string in translation by @​hyoban in #​30101
• fix: fix use build_request lead unexpect param by @​fatelei in #​30095
• fix(web): remove incorrect placeholderData usage in useExploreAppList by @​lyzno1 in #​30102
• refactor(web): migrate workflow run history from useSWR to TanStack Query by @​lyzno1 in #​30077
• feat: add editing support for trigger subscriptions by @​Mairuis in #​29957
• fix: trigger subscription delete not working for non-auto-created credentials by @​Mairuis in #​30122
• chore(web): migrate lodash-es to es-toolkit compat by @​lyzno1 in #​30126
• fix: handle list content type in Parameter Extraction node by @​krap730 in #​30070
• fix: allow None values in VariableMessage validation by @​krap730 in #​30082
• test: Add comprehensive test suite for Chip component by @​SherlockShemol in #​30119
• ci: generate docker compose in autofix by @​laipz8200 in #​30105
• feat(web): add unit tests for Badge component by @​SherlockShemol in #​30096
• fix(api): force download for HTML previews by @​laipz8200 in #​30090
• fix: workflow past version data sync by @​zxhlyh in #​30139
• chore: some test by @​iamjoel in #​30144
• feat: make the SegmentService.get_segments sort stable by @​fatelei in #​30152
• chore: bump version to 1.11.2 by @​laipz8200 in #​30088
• fix(api): move cache invalidation outside redis lock to prevent timeout by @​Mairuis in #​30150
• fix: prioritize copying selected text by @​JeeekXY in #​30141
• fix(web): disable cache for trigger dynamic select options by @​Mairuis in #​30161

New Contributors

• @​nourzakhama2003 made their first contribution in #​29306
• @​aplulu made their first contribution in #​29611
• @​Rickon-dev made their first contribution in #​28673
• @​TomoOkuyama made their first contribution in #​29480
• @​lin-snow made their first contribution in #​29283
• @​Chenyl-Sai made their first contribution in #​29520
• @​Angel98518 made their first contribution in #​29675
• @​r-hashi01 made their first contribution in #​29757
• @​adongfan made their first contribution in #​28986
• @​ttaylorr1 made their first contribution in #​29793
• @​wcc0077 made their first contribution in #​29810
• @​hukurou0 made their first contribution in #​29785
• @​AziizBg made their first contribution in #​29950
• @​GuangjingYan made their first contribution in #​29884
• @​majiayu000 made their first contribution in #​29618
• @​myg133 made their first contribution in #​29705
• @​ericko-being made their first contribution in #​30022
• @​sattosan made their first contribution in #​29845
• @​krap730 made their first contribution in #​30070

Full Changelog: langgenius/dify@1.11.1...1.11.2

v1.11.1

Compare Source

[!IMPORTANT]

This version contains very important security updates, and we recommend that all users upgrade to this version as soon as possible.

This release is all about tightening up security, boosting performance, and squashing those pesky bugs. Let's dive into what's changed:

🛠️ Fixes and Improvements

• React and Next.js Security Upgrades: We've bumped up react and react-dom to 19.2.3 to fix some CVE vulnerabilities. Next.js also got a security update, courtesy of @​douxc (PRs #​29532 and #​29545).

• Credential Management: If you've been seeing empty available_credentials, that's sorted out now (thanks to @​fatelei in #​29521).

• Description Length Limitation: Autogenerated descriptions will now be truncated to avoid the 400-character limit error, ensuring smoother submissions by @​shua-chen in #​28681.

• Content Type Charset: Response content types now include charsets to keep your data formats consistent, by @​Pleasurecruise in #​29534.

• Flask-Restx Attribute Error: The pesky AttributeError caused by validate=True in flask-restx is no more (fixed by @​Mairuis in #​29552).

• Document Handling: Optimized the save_document_with_dataset_id function for better performance by @​fatelei in #​29550. Plus, we fixed an issue where external images in DOCX files were causing extraction failures (@​JohnJyong in #​29558).

• Token Retrieval: No more errors when access_token is empty; it now gracefully returns None by @​kashira2339 in #​29516.

• Hit-Test Failures: Resolved the hit-test failure when an attachment ID doesn’t exist by @​JohnJyong in #​29563.

🚀 New Features

• Amplitude Integration: We’ve integrated the Amplitude API key into our layout and provider components for enhanced analytics. Big thanks to @​CodingOnStar in #​29546.

🧪 Testing

• Container Integration Tests: Added integration tests for triggers to make sure everything runs smoothly in container environments by @​Stream29 in #​29527.

⚡ Performance Enhancements

• Excel Extractor: We've optimized the performance and memory usage of the Excel extractor, making it faster and more efficient, by @​NieRonghua in #​29551.

Thanks to everyone who contributed to this release! Your feedback and contributions make all the difference. As always, happy coding! 🌟

---

Upgrade Guide

Docker Compose Deployments

1. Back up your customized docker-compose YAML file (optional)

   cd docker
   cp docker-compose.yaml docker-compose.yaml.$(date +%s).bak

2. Get the latest code from the main branch

   git checkout main
   git pull origin main

3. Stop the service. Please execute in the docker directory

   docker compose down

4. Back up data

   tar -cvf volumes-$(date +%s).tgz volumes

5. Upgrade services

   docker compose up -d

[!NOTE]

If you encounter errors like below

2025/11/26 11:37:57 /app/internal/db/pg/pg.go:30
[error] failed to initialize database, got error failed to connect to `host=db_postgres user=postgres database=dify_plugin`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)

2025/11/26 11:37:57 /app/internal/db/pg/pg.go:34
[error] failed to initialize database, got error failed to connect to `host=db_postgres user=postgres database=postgres`: hostname > resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)
2025/11/26 11:37:57 init.go:99: [PANIC]failed to init dify plugin db: failed to connect to `host=db_postgres user=postgres database=postgres`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)
panic: [PANIC]failed to init dify plugin db: failed to connect to `host=db_postgres user=postgres database=postgres`: hostname resolving error (lookup db_postgres on 127.0.0.11:53: server misbehaving)

Please use the following command instead. For details, please read this #​28706

docker compose --profile postgresql up -d

Source Code Deployments

1. Stop the API server, Worker, and Web frontend Server.

2. Get the latest code from the release branch:

   git checkout 1.11.1

3. Update Python dependencies:

   cd api
   uv sync

4. Then, let's run the migration script:

   uv run flask db upgrade

5. Finally, run the API server, Worker, and Web frontend Server again.

---

What's Changed

• fix: upgrade react and react-dom to 19.2.3,fix cve errors by @​douxc in #​29532
• fix: fix available_credentials is empty by @​fatelei in #​29521
• fix: nextjs security update by @​douxc in #​29545
• fix: truncate auto-populated description to prevent 400-char limit error by @​shua-chen in #​28681
• test(trigger): add container integration tests for trigger by @​Stream29 in #​29527
• feat: integrate Amplitude API key into layout and provider components by @​CodingOnStar in #​29546
• fix: set response content type with charset in helper by @​Pleasurecruise in #​29534
• fix: remove validate=True to fix fla

---

Configuration

📅 Schedule: Branch creation - "on saturday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

--- kubernetes/apps/ai/dify/app Kustomization: flux-system/cluster-apps-ai-dify-app HelmRelease: ai-apps/dify-app

+++ kubernetes/apps/ai/dify/app Kustomization: flux-system/cluster-apps-ai-dify-app HelmRelease: ai-apps/dify-app

@@ -43,13 +43,13 @@

                 name: dify-env-configs
             - secretRef:
                 name: dify-env-secrets
             image:
               pullPolicy: Always
               repository: langgenius/dify-api
-              tag: 0.6.11
+              tag: 1.9.0
         replicas: 1
         strategy: Recreate
       web:
         containers:
           web:
             env:
@@ -74,13 +74,13 @@

                 name: dify-env-configs
             - secretRef:
                 name: dify-env-secrets
             image:
               pullPolicy: Always
               repository: langgenius/dify-api
-              tag: 0.6.11
+              tag: 1.9.0
         replicas: 1
         strategy: Recreate
     ingress:
       main:
         annotations:
           external-dns.alpha.kubernetes.io/target: external.

[github-actions]

--- HelmRelease: ai-apps/dify-app Deployment: ai-apps/dify-app

+++ HelmRelease: ai-apps/dify-app Deployment: ai-apps/dify-app

@@ -40,13 +40,13 @@

           value: api
         envFrom:
         - configMapRef:
             name: dify-env-configs
         - secretRef:
             name: dify-env-secrets
-        image: langgenius/dify-api:0.6.11
+        image: langgenius/dify-api:1.9.0
         imagePullPolicy: Always
         livenessProbe:
           failureThreshold: 3
           initialDelaySeconds: 0
           periodSeconds: 10
           tcpSocket:
--- HelmRelease: ai-apps/dify-app Deployment: ai-apps/dify-app-worker

+++ HelmRelease: ai-apps/dify-app Deployment: ai-apps/dify-app-worker

@@ -40,13 +40,13 @@

           value: worker
         envFrom:
         - configMapRef:
             name: dify-env-configs
         - secretRef:
             name: dify-env-secrets
-        image: langgenius/dify-api:0.6.11
+        image: langgenius/dify-api:1.9.0
         imagePullPolicy: Always
         name: main
         volumeMounts:
         - mountPath: /app/api/storage
           name: data
       volumes: