Skip to main content

v3.9.6

LTS
Released Jun 15, 2026·Supported until Dec 31, 2026·Community 1.13.3·Community commit 18211c1·Enterprise 0.16.x·Helm chart·Docker Compose
Breaking
1 to verify
Security
Issues
Changes
2F · 3B
Downtime
Zero

Upgrade Impact

2 features · 3 fixes
Breaking:The default Enterprise API image no longer ships Weights & Biases tracing or ClickZetta vector DB; use the `-insecure` API image if you still need them.
API image: W&B tracing and ClickZetta vector DB removed from default buildFor a smaller attack surface, Weights & Biases (`wandb`) tracing and the ClickZetta vector database integration are no longer included in the default API image. If you still need those integrations, use the docker.io/langgenius/dify-ee-api-insecure:3.9.6 API image tag, which retains the previous behavior at the cost of additional known vulnerabilities.
CVEs for the opt-in api-insecure image is excluded from the aggregate counts above.

What Changed

5
New Features
Bug Fixes
Chatflow Service API: Hang When Conversation ID Does Not ExistFixed an issue where the Chatflow Service API would hang indefinitely when called with a non-existent conversation ID. The API now creates a new conversation instead of blocking the request.
Chatflow: Images Lost in History After Page RefreshFixed a bug where images embedded in Chatflow responses would disappear after refreshing or reopening a conversation. Images generated during the chat session are now correctly persisted and displayed in conversation history.
Password Reset: Internal Server Error Due to ORM DetachedInstanceErrorFixed an Internal Server Error that occurred when using the password reset feature. The error was caused by a SQLAlchemy DetachedInstanceError in the password reset flow, which has been resolved by correcting the ORM session handling.

Upgrade Guide

Pre-Upgrade Checklist
Back up PostgreSQL database and Redis data
Confirm Kubernetes cluster has sufficient resources for rolling update
Zero-downtime rolling upgrade supported
Upgrade Command

# Back up database first, then:

$ helm upgrade -i dify -f values.yaml dify-ee/dify --version 3.9.6

Rollback

$ helm rollback dify 0

Security & CVE

Full CVE report →
No security vulnerabilities fixed in this release.0 Critical · 28 High CVE across all container images
ScannerDocker Scout
Scanned
Jun 23, 2026
Data Source
Docker
TTFE – Time To First Event (ms)
AVG
139.58
MIN
113
MAX
467
P50
129
P90
138
P95
195.1
Connections
Max Concurrent
11
Avg Active
9.4
Empty Workflow QPS
Max QPS
25.8
Avg QPS
24.04
Avg Duration (ms)
191.51

License Compliance

Full license report →
All dependencies compliant - no copyleft issues detected
Apache-2.0MITBSD-3-ClauseMPL-2.0BSD-2-ClauseISCCC0-1.0
© 2026 Dify All rights reserved.Enterprise release information is confidential. Do not distribute externally.