Blog | Dify

Security vulnerabilities found in this release.2 Critical · 16 High CVE across all container images

Image

plugin_build_base_py312

plugin_build_base_py313

plugin_build_base_py314

critical

high

medium

low

Status

FAIL

PASS

FAIL

PASS

FAIL

PASS

ScannerDocker Scout

Scanned

May 08, 2026

Data Source

Docker

Benchmark Report

TTFE – Time To First Event (ms)

Connections

Empty Workflow QPS

License Compliance

All dependencies compliant - no copyleft issues detected

Apache-2.0MITBSD-3-ClauseMPL-2.0BSD-2-ClauseISCCC0-1.0

Release v3.9.2

April 28, 2026 · 4 min read

What Changed

Bug Fixes

Security: Community CVE fixes on the LTS lineIntegrated upstream security work from the community LTS branch so Enterprise 3.9.2 ships the same CVE-related patches as the aligned community release line.

Security: Chainguard-based base imagesWhere applicable, Enterprise images now use Chainguard-based foundations to strengthen supply-chain provenance and reduce exposure to vulnerabilities typical of conventional distribution base layers.

OpenSearch vector store: Events import errorFixed an ImportError when OpenSearch was used as vector storage because the vector module shadowed the application events package. OpenSearch-backed deployments can run the standard API image without that startup failure.

Plugin daemon: Decode-plugin parameters sent as multipart formDecode-plugin calls now send parameters in multipart form data instead of a JSON body, matching current plugin daemon expectations and avoiding failed decode requests after the upstream API change.

Helm: Plugin daemon extraEnv indentationCorrected YAML indentation for plugin daemon extra environment variables in the chart so custom env entries render as valid manifests instead of breaking template apply.

Workflows: Faster graph initialization for repeated model nodesGraph initialization no longer repeats credential lookups for every LLM node that shares the same model. Workflows with many such nodes should see lower latency on first run after this caching improvement.

Enterprise Audit: tzdata in the audit imageAdded tzdata package to audit image so that audit logs can be exported correctly.

Go toolchain update for Go-based componentsUpdated the Go compiler and runtime to 1.26.2, bringing routine maintenance and security fixes from the Go release line.

Upgrade Guide

Pre-Upgrade Checklist

Back up PostgreSQL database and Redis data

Confirm Kubernetes cluster has sufficient resources for rolling update

Zero-downtime rolling upgrade supported

Upgrade Command

# Back up database first, then:

$ helm upgrade -i dify -f values.yaml dify-ee/dify --version 3.9.2

Rollback

$ helm rollback dify 0

Security & CVE

Security vulnerabilities found in this release.2 Critical · 22 High CVE across all container images

Image

plugin_build_base_py312

plugin_build_base_py313

plugin_build_base_py314

critical

high

medium

low

Status

FAIL

PASS

FAIL

PASS

FAIL

ScannerDocker Scout

Scanned

Apr 28, 2026

Data Source

Docker

Benchmark Report

TTFE – Time To First Event (ms)

AVG

338.32

MIN

165

MAX

901

P50

216

P90

650

P95

748.05

Connections

Max Concurrent

Avg Active

15.4

Empty Workflow QPS

Max QPS

17.8

Avg QPS

16.99

Avg Duration (ms)

199.38

License Compliance

All dependencies compliant - no copyleft issues detected

Apache-2.0MITBSD-3-ClauseMPL-2.0BSD-2-ClauseISCCC0-1.0

Release v3.9.1

April 13, 2026 · 4 min read

What Changed

New Features

Database Configuration: Per-Service External Database CredentialsEnterprise deployments can now configure separate usernames and passwords for individual external databases instead of sharing one credential set across all services. This makes it easier to align with stricter database access policies and service-level credential isolation.

Azure Blob Storage: Managed Identity SupportAzure Blob Storage integrations can now authenticate with Azure Managed Identity in OSS-backed deployments. The Helm chart also adds the pod labels and service account configuration needed for Enterprise Audit and Plugin Daemon workloads to use managed identity without storing static credentials.

Upgrade Guide

Back up PostgreSQL database and Redis data.
Confirm Kubernetes cluster has sufficient resources for rolling update.

Example Helm values for Azure managed identity:

global:
  podLabels:
    azure.workload.identity/use: "true"

plugin_daemon:
  # azure managed service account
  serviceAccountName: "plugin-daemon-mi"

enterpriseAudit:
  serviceAccountName: "enterprise-audit-mi"

azureBlob:
  useManagedIdentity: true

Example per-database credential environment variables:

# If not set, will fallback to externalDatabase.username, externalDatabase.password
databaseCredentials:
  dify:
      user: ""
      password: ""
  enterprise:
      user: ""
      password: ""
  audit:
      user: ""
      password: ""
  plugin_daemon:
      user: ""
      password: ""

Zero-downtime rolling upgrade supported

Upgrade Command

# Back up database first, then:

$ helm upgrade -i dify -f values.yaml dify-ee/dify --version 3.9.1

Rollback

$ helm rollback dify 0

Security & CVE

Security vulnerabilities found in this release.28 Critical · 112 High CVE across all container images

Image

plugin_build_base_py312

plugin_build_base_py313

plugin_build_base_py314

critical

high

medium

631

low

123

120

152

150

Status

FAIL

ScannerDocker Scout

Scanned

Apr 15, 2026

Data Source

Docker

Benchmark Report

TTFE – Time To First Event (ms)

AVG

315.09

MIN

264

MAX

738

P50

306

P90

340

P95

366.7

Connections

Max Concurrent

Avg Active

17.3

Empty Workflow QPS

Max QPS

40.6

Avg QPS

39.97

Avg Duration (ms)

100.83

License Compliance

All dependencies compliant - no copyleft issues detected

Apache-2.0MITBSD-3-ClauseMPL-2.0BSD-2-ClauseISCCC0-1.0

Release v3.9.0

March 31, 2026 · 8 min read

What Changed

New Features

Human-in-the-Loop (HITL): Human Input NodeWorkflows can now pause at any point and wait for human review before continuing. The new Human Input node lets you insert review steps directly into the workflow graph, where reviewers can inspect AI outputs, edit variables, and route the workflow via custom action buttons (e.g., Approve, Reject, Escalate). Forms are delivered via Webapp or Email, and paused runs resume automatically once a response is submitted.

Workflow Execution Now Runs in Celery WorkersWorkflow-based streaming executions and Advanced Chat executions have been moved out of the API process and into Celery workers. This architectural change improves scalability and is a prerequisite for HITL pause/resume. A new Celery queue workflow_based_app_execution is required — ensure your deployment configuration (Helm values or Docker Compose) includes workers consuming this queue, otherwise streaming executions will not be processed.

MCP Tool Usage Metadata ExtractionMCP tool integrations now extract and surface token and cost usage metadata from tool responses, making it possible to track and attribute resource consumption from MCP-connected services within workflow runs.

Service API: End-User Lookup EndpointA new Service API endpoint allows callers to look up end-users within the scope of a specific tenant and app, making it easier to build user management integrations and audit workflows programmatically.

Dutch (nl-NL) Language SupportDutch has been added as a supported interface language across both the backend language mapping and web localization resources.

Admin API: Bulk DSL Import & ExportNew Admin API endpoints support batch importing and exporting app DSL files, enabling faster app migration, backup, and provisioning across workspaces.

Helm: Celery Queue Splitting for Dedicated Embedding WorkersThe Helm chart now supports splitting Celery queues into dedicated workers with independent resource configuration. This allows administrators to allocate separate compute resources specifically for knowledge base embedding tasks, resolving extreme slowness when processing large documents.

Enterprise Telemetry ImprovementsEnterprise-specific telemetry enhancements have been integrated into the main codebase, providing better observability and usage tracking for Dify Enterprise deployments.

Bug Fixes

Security: Access Token Invalidation on LogoutFixed a security vulnerability where user access tokens remained valid after signing out. Tokens are now properly revoked upon logout, preventing unauthorized API access with stale credentials.

CVE RemediationAddressed multiple CVEs across API, enterprise collector, enterprise frontend, sandbox, and web container images. See the Security CVE section below for the full scan report.

Plugin Version Upgrade/Downgrade Returns 404Fixed a 404 error that occurred when switching a custom plugin to a different version (upgrade or downgrade) from the Enterprise admin panel when the plugin was already assigned to workspaces. The system now correctly follows an upgrade path instead of treating the operation as a fresh install.

Plugin Management Page Misses Unassigned PluginsFixed a bug where the Enterprise admin plugin management page did not display installed plugins that had no active workspace assignments. All installed plugins are now visible, improving operational visibility and cost management.

Credential Policy API PerformanceOptimized the credential policy API with concurrent database reads, resolving high latency that was degrading the user experience when fetching or updating model credential policies.

Credential Policy API Accepts Invalid Plugin IDsFixed a bug where the credential policy PUT API would persist invalid plugin identifier values (e.g., a malformed three-segment ID), causing all subsequent credential policy read and write operations to fail with a 500 error that required manual database intervention to recover.

Credentials Unselectable After Plugin Version ChangeFixed an issue where credentials assigned to workspaces became unselectable in the workflow editor after an admin updated the plugin version via the management panel. Users no longer need to reassign credentials as a workaround.

Group Creation Returns False "Already Exists" ErrorFixed a bug where creating a new user group triggered a "group already exists" error and a 500 response even though no such group existed, preventing successful group creation.

OTel Endpoint URL Validation Rejects Valid PathsFixed the OpenTelemetry endpoint URL validator to accept URLs that include a path component (e.g., https://api.smith.langchain.com/otel/v1/traces), enabling compatibility with LangSmith and other observability platforms that require path-based endpoints.

OpenAI New Model Credential Validation ErrorFixed a credential validation error for newer OpenAI models (e.g., GPT-5.2 and above) that have deprecated the max_tokens parameter in favor of max_completion_tokens. The Dify SDK now sends the correct parameter, eliminating the 400 "unsupported parameter" error.

Workspace List Loads Slowly After Helm UpgradeFixed a performance regression introduced in prior Helm-deployed versions where refreshing the workspace list took significantly longer than expected. The underlying query has been optimized to restore fast workspace list rendering.

Helm Custom CA Certificate Not Applied to CollectorFixed a Helm configuration issue where custom CA certificates configured for the deployment were not propagated to the collector component, causing TLS verification failures for outbound connections from the collector.

Go Runtime Upgrade for Enterprise ComponentsEnterprise backend components have been updated to a newer version of Go, improving runtime performance and closing known security issues in the Go standard library.

Upgrade Guide

Pre-Upgrade Checklist

Back up PostgreSQL database and Redis data
Confirm Kubernetes cluster has sufficient resources for rolling update

Configuring Additional Workers (Optional)

The default Celery worker is not affected by this feature. The trigger queue has been merged into the common worker, so upgrading does not require a separate trigger worker and existing trigger functionality continues to work without any configuration changes.

You may optionally deploy additional workers that consume specific queues, giving you fine-grained control over resource allocation and improved processing throughput.

Add an additionalWorkers list to your Helm values.yaml:

additionalWorkers:
  - name: workflow-worker
    enabled: false
    replicas: 1
    celeryQueues: "workflow,workflow_storage,workflow_based_app_execution"
    celeryWorkerAmount: 2
    resources: {}
    nodeSelector: {}
    affinity: {}
    tolerations: []
    extraEnv: []

Zero-downtime rolling upgrade supported

Upgrade Command

# Back up database first, then:

$ helm upgrade -i dify -f values.yaml dify-ee/dify --version 3.9.0

Rollback

$ helm rollback dify 0

Security & CVE

Security vulnerabilities found in this release.1 Critical · 30 High CVE across all container images

Image

api

enterprise

enterpriseAudit

enterpriseCollector

enterpriseFrontend

gateway

plugin_build_base_py312

plugin_build_base_py313

plugin_build_base_py314

plugin_connector

plugin_controller

plugin_daemon

plugin_daemon_local

plugin_manager

plugin_shader

sandbox

web

critical

high

medium

742

low

153

Status

FAIL

PASS

FAIL

PASS

FAIL

PASS

FAIL

PASS

FAIL

ScannerDocker Scout

Scanned

Mar 31, 2026

Data Source

Docker

Benchmark Report

TTFE – Time To First Event (ms)

AVG

94.55

MIN

MAX

2228

P50

P90

98.3

P95

169.45

Connections

Max Concurrent

Avg Active

13.6

Empty Workflow QPS

Max QPS

Avg QPS

36.37

Avg Duration (ms)

215.61

License Compliance