v3.9.7
LTSRecommended
Released Jul 1, 2026·Supported until Dec 31, 2026·Community 1.13.x·Community commit 89fb932·Enterprise 0.16.x·Helm chart·Docker Compose
Breaking
None
Security
Issues
Changes
1F · 4B
Downtime
Zero
Upgrade Impact
Non-breaking:Bug fixes and Redis HA improvements. No breaking changes.
What Changed
5New Features
Redis: High Availability Retry LogicAdded shared retry/backoff and connection health policies to all Redis client construction paths (standalone, Sentinel, Cluster, pub/sub). This improves resilience during master failovers and transient network blips without requiring application-level retry at each call site.
Bug Fixes
HTTP Request Node: SSL Verification Ignored with SSRF ProxyFixed a regression where disabling "Verify SSL certificate" on the HTTP Request node had no effect when SSRF proxy transports were configured. The verify setting now correctly propagates to per-scheme proxy transports.
Web App: User Avatar Displays Incorrect Black ColorFixed a bug where web app end-user avatars rendered as solid black instead of the correct color or image.
Chatflow: Form Fields with Chinese/Unicode Names DroppedFixed a regression from the streamdown refactor where the form field name validation regex silently discarded fields with Chinese or Unicode names, breaking existing workflows that relied on non-ASCII field names.
SSO/SCIM: Login Fails When Auto-Create Workspace Disabled but Default Workspace ExistsFixed an issue where SSO and SCIM users could not log in when automatic workspace creation was disabled, even if a default workspace was configured. Users can now authenticate as long as a default workspace is available.
Upgrade Guide
Pre-Upgrade Checklist
Back up PostgreSQL database and Redis data
Confirm Kubernetes cluster has sufficient resources for rolling update
Zero-downtime rolling upgrade supported
Upgrade Command
# Back up database first, then:
$ helm upgrade -i dify -f values.yaml dify-ee/dify --version 3.9.7
Rollback
$ helm rollback dify 0
Security & CVE
Security vulnerabilities found in this release.0 Critical · 1 High CVE across all container images
Image
critical
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
low
3
0
0
1
0
0
2
2
2
0
0
0
2
0
0
2
0
Status
FAIL
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
ScannerDocker Scout
Scanned
Jul 01, 2026
Data Source
Docker
Benchmark Report
TTFE – Time To First Event (ms)
AVG
139.89
MIN
115
MAX
565
P50
130
P90
141.4
P95
145.85
Connections
Max Concurrent
11
Avg Active
9.7
Empty Workflow QPS
Max QPS
26
Avg QPS
24.96
Avg Duration (ms)
202.3
License Compliance
All dependencies compliant - no copyleft issues detected
Apache-2.0MITBSD-3-ClauseMPL-2.0BSD-2-ClauseISCCC0-1.0