Adds cache control injection support and Docker image signature
LiteLLM adds cache control injection support and signs Docker images with cosign for verification.
Verify Docker Image Signature All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit `0112e53`. Verify using the pinned commit hash (recommended): A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key: ```bash cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \ ghcr.io/berriai/litellm:v1.92.0-dev.2 ``` Verify using the release tag (convenience): Tags are protected in this repository and resolve to the same key.
This option is easier to read but relies on tag protection rules: ```bash cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/v1.92.0-dev.2/cosign.pub \ ghcr.io/berriai/litellm:v1.92.0-dev.2 ``` Expected output: ``` The following checks were performed on each of these signatures: The cosign claims were validated The signatures were verified against the specified public key ``` --- What's Changed ci(codspeed): pin benchmark runner to ubuntu-24.04 by @yuneng-berri in https://github.com/BerriAI/litellm/pull/31746 test(pass-through): de-flake vertex spend-log…
- github.comLiteLLM v1.92.0-dev.2primary
- github.comLiteLLM v1.90.3
§ how this story moved
- primary — LiteLLM — Releases publishes the launch post.
- LiteLLM — Releases picks up coverage.