v3.9.2

LTS

Released Apr 28, 2026·Supported until Dec 31, 2026·Community 1.13.3·Community commit d666fb1·Enterprise 0.16.x·Helm chart·Docker Compose

Breaking

1 to verify

Security

Issues

Changes

0F · 8B

Downtime

Zero

Upgrade Impact

0 features · 8 fixes

Breaking:The default Enterprise API image no longer ships Weights & Biases tracing or ClickZetta vector DB; use the `-insecure` API image if you still need them.

API image: W&B tracing and ClickZetta vector DB removed from default buildFor a smaller attack surface, Weights & Biases (`wandb`) tracing and the ClickZetta vector database integration are no longer included in the default API image. If you still need those integrations, use the docker.io/langgenius/dify-ee-api-insecure:3.9.2 API image tag, which retains the previous behavior at the cost of additional known vulnerabilities.

What Changed

Bug Fixes

Security: Community CVE fixes on the LTS lineIntegrated upstream security work from the community LTS branch so Enterprise 3.9.2 ships the same CVE-related patches as the aligned community release line.

Security: Chainguard-based base imagesWhere applicable, Enterprise images now use Chainguard-based foundations to strengthen supply-chain provenance and reduce exposure to vulnerabilities typical of conventional distribution base layers.

OpenSearch vector store: Events import errorFixed an ImportError when OpenSearch was used as vector storage because the vector module shadowed the application events package. OpenSearch-backed deployments can run the standard API image without that startup failure.

Plugin daemon: Decode-plugin parameters sent as multipart formDecode-plugin calls now send parameters in multipart form data instead of a JSON body, matching current plugin daemon expectations and avoiding failed decode requests after the upstream API change.

Helm: Plugin daemon extraEnv indentationCorrected YAML indentation for plugin daemon extra environment variables in the chart so custom env entries render as valid manifests instead of breaking template apply.

Workflows: Faster graph initialization for repeated model nodesGraph initialization no longer repeats credential lookups for every LLM node that shares the same model. Workflows with many such nodes should see lower latency on first run after this caching improvement.

Enterprise Audit: tzdata in the audit imageAdded tzdata package to audit image so that audit logs can be exported correctly.

Go toolchain update for Go-based componentsUpdated the Go compiler and runtime to 1.26.2, bringing routine maintenance and security fixes from the Go release line.