v3.9.5
LTSRecommended
Released Jun 4, 2026·Supported until Dec 31, 2026·Community 1.13.3·Community commit 8be9c5f·Enterprise 0.16.x·Helm chart·Docker Compose
Breaking
4 to verify
Security
Clean
Changes
0F · 2B
Downtime
Zero
Upgrade Impact
Breaking:The default Enterprise API image no longer ships Weights & Biases tracing or ClickZetta vector DB; use the `-insecure` API image if you still need them. Sandbox upgraded to 0.2.15 with Chainguard base image; configuration parameter renamed.
API image: W&B tracing and ClickZetta vector DB removed from default buildFor a smaller attack surface, Weights & Biases (`wandb`) tracing and the ClickZetta vector database integration are no longer included in the default API image. If you still need those integrations, use the
docker.io/langgenius/dify-ee-api-insecure:3.9.5 API image tag, which retains the previous behavior at the cost of additional known vulnerabilities.Sandbox: PYTHON_LIB_PATH → SYSTEM_LIB_REQUIREMENTSThe sandbox environment variable
PYTHON_LIB_PATH has been renamed to SYSTEM_LIB_REQUIREMENTS. If you have custom sandbox configuration using this parameter, update your Helm values or Docker Compose configuration to use the new variable name before upgrading.
Sandbox: Linux Kernel 4.18+ RequiredThe sandbox image now uses a Chainguard base image that requires Linux kernel 4.18 or higher. If your deployment runs on an older kernel and cannot be upgraded, you can rollback the sandbox to version 3.9.4 by pinning the sandbox image tag to
langgenius/dify-ee-sandbox:3.9.4 in your Helm values or Docker Compose configuration.
Hotfix: CVE-2026-41948 Plugin Daemon Path TraversalThe initial 3.9.5 release did not fully address CVE-2026-41948. Use the hotfix image
langgenius/dify-ee-api:3.9.5-hotfix-20260609 to ensure complete protection against the Plugin Daemon internal API path traversal vulnerability.
CVEs for the opt-in
api-insecure image is excluded from the aggregate counts above.What Changed
2Security
CVE-2026-41947: Trace-Config Endpoint Tenant IsolationBackported the tenant isolation fix for the trace-config endpoint from Community v1.14.2. This prevents authenticated Editor users from bypassing tenant boundaries to modify arbitrary application trace configurations, which could lead to data leakage.
Sandbox Vulnerability RemediationUpgraded sandbox to version 0.2.15 with Chainguard base image to address multiple CVEs. The new base image provides improved security posture and reduced attack surface.
Upgrade Guide
Pre-Upgrade Checklist
Back up PostgreSQL database and Redis data
Confirm Kubernetes cluster has sufficient resources for rolling update
Zero-downtime rolling upgrade supported
Upgrade Command
# Back up database first, then:
$ helm upgrade -i dify -f values.yaml dify-ee/dify --version 3.9.5
Rollback
$ helm rollback dify 0
Security & CVE
Security vulnerabilities found in this release.0 Critical · 0 High CVE across all container images
Image
critical
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
high
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
low
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
Status
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
ScannerDocker Scout
Scanned
Jun 04, 2026
Data Source
Docker
Benchmark Report
TTFE – Time To First Event (ms)
AVG
143.63
MIN
120
MAX
524
P50
132
P90
146.6
P95
152.4
Connections
Max Concurrent
12
Avg Active
10.5
Empty Workflow QPS
Max QPS
29.2
Avg QPS
26.86
Avg Duration (ms)
289.88
License Compliance
All dependencies compliant - no copyleft issues detected
Apache-2.0MITBSD-3-ClauseMPL-2.0BSD-2-ClauseISCCC0-1.0