v3.9.6
LTS
Released Jun 15, 2026·Supported until Dec 31, 2026·Community 1.13.3·Community commit 18211c1·Enterprise 0.16.x·Helm chart·Docker Compose
Breaking
1 to verify
Security
Issues
Changes
2F · 3B
Downtime
Zero
Upgrade Impact
Breaking:The default Enterprise API image no longer ships Weights & Biases tracing or ClickZetta vector DB; use the `-insecure` API image if you still need them.
API image: W&B tracing and ClickZetta vector DB removed from default buildFor a smaller attack surface, Weights & Biases (`wandb`) tracing and the ClickZetta vector database integration are no longer included in the default API image. If you still need those integrations, use the
docker.io/langgenius/dify-ee-api-insecure:3.9.6 API image tag, which retains the previous behavior at the cost of additional known vulnerabilities.CVEs for the opt-in
api-insecure image is excluded from the aggregate counts above.What Changed
5New Features
Markdown Rendering: ALLOW_INLINE_STYLES Environment VariableAdded a new
ALLOW_INLINE_STYLES environment variable that allows inline CSS styles in Markdown rendering. When enabled, HTML elements with inline style attributes in Markdown content are preserved instead of being stripped, enabling richer formatting in chat responses and knowledge base documents.Observability: OpenTelemetry Tracing for Knowledge RetrievalAdded OpenTelemetry tracing spans to the RAG (Retrieval-Augmented Generation) knowledge retrieval pipeline. This provides visibility into retrieval performance, helping operators diagnose knowledge recall latency issues and compare performance across versions.
Bug Fixes
Chatflow Service API: Hang When Conversation ID Does Not ExistFixed an issue where the Chatflow Service API would hang indefinitely when called with a non-existent conversation ID. The API now creates a new conversation instead of blocking the request.
Chatflow: Images Lost in History After Page RefreshFixed a bug where images embedded in Chatflow responses would disappear after refreshing or reopening a conversation. Images generated during the chat session are now correctly persisted and displayed in conversation history.
Password Reset: Internal Server Error Due to ORM DetachedInstanceErrorFixed an Internal Server Error that occurred when using the password reset feature. The error was caused by a SQLAlchemy
DetachedInstanceError in the password reset flow, which has been resolved by correcting the ORM session handling.Upgrade Guide
Pre-Upgrade Checklist
Back up PostgreSQL database and Redis data
Confirm Kubernetes cluster has sufficient resources for rolling update
Zero-downtime rolling upgrade supported
Upgrade Command
# Back up database first, then:
$ helm upgrade -i dify -f values.yaml dify-ee/dify --version 3.9.6
Rollback
$ helm rollback dify 0
Security & CVE
No security vulnerabilities fixed in this release.0 Critical · 28 High CVE across all container images
Image
critical
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
low
6
0
0
1
2
0
0
0
0
0
0
0
0
0
0
0
2
Status
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
ScannerDocker Scout
Scanned
Jun 23, 2026
Data Source
Docker
Benchmark Report
TTFE – Time To First Event (ms)
AVG
139.58
MIN
113
MAX
467
P50
129
P90
138
P95
195.1
Connections
Max Concurrent
11
Avg Active
9.4
Empty Workflow QPS
Max QPS
25.8
Avg QPS
24.04
Avg Duration (ms)
191.51
License Compliance
All dependencies compliant - no copyleft issues detected
Apache-2.0MITBSD-3-ClauseMPL-2.0BSD-2-ClauseISCCC0-1.0