Pull Request Explorer

Summary

Health Assessment

Summary

Health Assessment

Summary

Health Assessment

Summary

Health Assessment

Summary

Fix orphaned Qdrant vector deletions

Ensures memory deletions correctly remove associated vectors, preventing stale data from affecting retrieval quality.

Health Assessment

• • Quick merge with minimal changes indicates low complexity and risk.

Summary

Update CHANGELOG

Updates the changelog to reflect recent changes, keeping release notes current.

Health Assessment

• • Quick documentation update merged within minutes, indicating minimal review effort and low risk.

Summary

Polyfill ReadableStream async iteration for Safari

Adds a polyfill for ReadableStream async iteration to support PDF extraction on Safari, ensuring consistent functionality across browsers.

Health Assessment

• • Quick fix with minimal changes, resolved within hours, indicating low complexity and high confidence in the patch.

Summary

Update CHANGELOG.md

Updates the changelog to reflect recent changes, ensuring accurate release notes for users.

Health Assessment

• • Rapid, low‑impact documentation updates with minimal code changes led to a quick merge, indicating low complexity and minimal review friction.

Summary

Fix memory search query prefix usage

Ensures memory search returns relevant results for instruction-tuned embedding models, improving user search accuracy.

Health Assessment

• • Long cycle time likely due to extended testing or external dependencies, but the change is minimal and low risk.

Summary

Add skills toggle to chat integrations menu

Allows users to enable or disable skills per chat without editing model presets, improving flexibility and reducing friction.

Health Assessment

• • The PR introduced a new UI feature for skill toggling, required moderate changes across multiple Svelte components, and took over 8 days to merge, indicating a moderate level of review friction and a large scope.

Summary

Update Kagi API endpoint and request method

The change updates the Kagi web search integration to use the latest API endpoint and request method. This ensures reliable search results for users and maintains compatibility with Kagi's API v1.

Health Assessment

• • The PR took over 10 days to merge, indicating a slow review process, but the change is small and low risk.

Summary

Fix IDOR in prompt history operations

Removes insecure access to prompt history and version endpoints, ensuring only authorized prompts can be modified, improving security.

Health Assessment

• • Small security fix merged quickly without review, minimal impact on codebase.

Summary

Reject unsafe collection names in RAG ACL

Prevents injection attacks by validating collection names before they are used in Milvus expressions, enhancing security for multi-tenant data access.

Health Assessment

• • The PR fixed a critical security flaw but required a lengthy review process, indicating potential communication gaps or complexity in the codebase.

Summary

Fix content revert on chat save

Prevents unintended loss of user edits to chat content, ensuring that manual changes persist across saves.

Health Assessment

• • Quick merge within minutes with only a single file change indicates a low‑complexity bug fix with minimal risk.

Summary

Remove premature drag‑and‑drop upload toast

Fixes misleading toast notifications during file uploads in Knowledge Base, ensuring toasts only appear after upload completion.

Health Assessment

• • Quick merge with minimal changes indicates low complexity and risk.

Summary

Fix startup crash on non-UTF-8 stdout

Prevents startup failures on Windows consoles by gracefully handling Unicode banner printing, ensuring open-webui can run headless.

Health Assessment

• • Quick patch with minimal changes, merged immediately without review.

Summary

Guard JSON.parse calls with try/catch to prevent UI crashes

Adds defensive error handling around localStorage JSON parsing in the Navbar and layout components, preventing UI crashes caused by corrupted data.

Health Assessment

• • Quick fix with minimal changes, no review needed, merged immediately.

Summary

Persist outlet filter changes to message output

Ensures that changes to message output filters are correctly persisted, improving reliability of message processing.

Health Assessment

• • The PR made a small, straightforward change but took over two weeks to merge, indicating potential review bottlenecks or scheduling delays.

Summary

Fix cache path traversal bypass

Prevents authenticated users from reading arbitrary sibling files via cache path traversal, enhancing security.

Health Assessment

• • Single small commit fixed a critical security issue; minimal review and quick merge after approval.

Summary

Fix terminal proxy hang on pump exit

This fix prevents terminal proxy from hanging and leaking resources when one direction closes, improving stability and user experience. By ensuring timely cleanup, it reduces potential memory leaks and improves reliability for users interacting with terminal features.

Health Assessment

• • Quick resolution with minimal changes indicates low complexity and high confidence in the fix.

Summary

Cap profile image data URI size to bound bloat

Limits the size of inline profile images to prevent database bloat and improve performance. This reduces storage costs and speeds up model list loading.

Health Assessment

• • Merged within 8 minutes with minimal review, indicating a straightforward change with low risk.

Summary

Fix usage interval leak on send failure

Prevents orphaned intervals that inflate server usage and degrade performance, ensuring accurate usage accounting.

Health Assessment

• • Quick fix with minimal scope and no review friction.

Summary

Fix inverted high-contrast timestamp colors

Corrects invisible timestamps in high-contrast mode, improving readability for users.

Health Assessment

• • Quick fix with minimal changes, resolved in under 6 hours, no regressions expected.

Summary

Fix incorrect blur event name in window listeners

Ensures UI shift-key state resets correctly after tabbing away, preventing stuck UI and improving user experience.

Health Assessment

• • Quick single-commit fix with minimal code changes and no regressions.

Summary

Fix undefined session in chats model

Corrects a NameError that caused chat deletion failures, ensuring shared chat snapshots are removed cleanly.

Health Assessment

• • Quick, single-commit fix with minimal code changes and no review rework.

Summary

Fix terminal proxy path double-encoded traversal

Removes a security flaw that could allow attackers to traverse directories through double-encoded terminal proxy paths, strengthening application security.

Health Assessment

• • Single commit resolved a critical security issue with minimal changes, indicating efficient review and low complexity.

Summary

Fix Malay translation errors and standardize terminology

Improves user experience for Malay-speaking users by correcting translation errors and ensuring consistent terminology.

Health Assessment

• • The PR addressed a single large translation file, requiring significant edits but completed within a few days, indicating efficient review and low friction.

Summary

Enable custom parameters in user and admin settings

Allows admins and users to add custom model parameters, improving flexibility and control over AI behavior.

Health Assessment

• • Quick fix with minimal changes, no major rework, merged within 41 hours.

Summary

Health Assessment

Summary

Add null guards to channel components

Fixes potential TypeErrors in channel UI by adding null checks, improving stability during rapid thread switches and API failures.

Health Assessment

• • Minimal code changes, quick review, low risk to production

Summary

Gracefully handle legacy SVG profile image URLs

Fixes a crash that hid all user models when legacy SVG data URIs were stored, restoring visibility and preventing UI failures for existing users.

Health Assessment

• • Single commit, quick review, minimal code change; low risk and fast turnaround.

Summary

Add missing Polish translations

Completes Polish language coverage, improving user experience for Polish-speaking users.

Health Assessment

• • Single commit, quick turnaround, minimal review friction, straightforward translation update.

Summary

Move bypass_system_prompt to request.state

Fixes a security flaw by preventing users from bypassing system prompts via query parameters, ensuring admin-defined messages are always applied.

Health Assessment

• • Quick patch with minimal code changes, resolved a potential security flaw.

Summary

Remove dead code from env.py

Eliminates insecure hardcoded secret key fallback, enforcing explicit key requirement for secure token signing.

Health Assessment

• • Quick, single-commit PR that removed a security vulnerability by eliminating a hardcoded secret key fallback.

Summary

Complete Turkish translation for Open WebUI

Adds full Turkish language support, enabling Turkish-speaking users to fully interact with the UI without fallback to English.

Health Assessment

• • Single commit, quick turnaround, minimal risk, straightforward translation update.

Summary

Add missing markdown rendering settings

Adds missing markdown rendering settings to the Settings type, ensuring type safety and preventing potential runtime errors in the UI.

Health Assessment

• • Quick, single-commit fix with minimal scope and no rework.

Summary

Add voice mode mute shortcut to keyboard shortcuts modal

Registers the Voice Mode mute toggle shortcut in the centralized shortcuts registry for visibility in the Keyboard Shortcuts modal.

Health Assessment

• • The PR was thoroughly reviewed and manually tested by the author, and no behavioral changes were introduced.

Summary

Fix overflow of long usernames in UI

Prevents UI layout breakage caused by long usernames and emails in admin components, ensuring consistent user experience.

Health Assessment

• • The PR was merged within 53 hours with only a single commit and minimal code changes, indicating a straightforward review process and low risk to the codebase.

Summary

Fix missing reasoning_tags in settings save

Ensures user-selected reasoning tags are persisted when saving advanced settings, preventing silent loss of configuration and improving user control over AI behavior.

Health Assessment

• • Quick fix with minimal changes, no rework, merged within 1.5 days.

Summary

Preserve parent_id on chat_message upsert

Ensures conversation context is maintained by correctly linking messages, improving LLM response relevance and preventing broken chat flows.

Health Assessment

• • Quick, single-commit fix with minimal code churn and no review iterations, indicating low complexity and risk.

Summary

Sanitize Mermaid SVG to prevent XSS

This fix sanitizes Mermaid-generated SVG output to eliminate stored XSS vulnerabilities in file previews, enhancing security for users.

Health Assessment

• • Single commit with minimal changes, merged quickly, indicating low complexity and low risk.

Summary

Add missing Korean plural keys

Ensures Korean translations display correctly for singular counts, preventing fallback to English and improving user experience.

Health Assessment

• • Quick fix with minimal changes, merged within a day, indicating smooth review and low risk.

Summary

Fix Socket.IO disconnect reason handling

Fixes server disconnect handling to accept optional reason argument, preventing TypeError during websocket disconnects.

Health Assessment

• • Quick fix with minimal changes, merged within 9 hours, indicating low complexity and low risk.

Summary

Update Finnish translation strings

Adds missing Finnish translations and improves existing ones, enhancing user experience for Finnish-speaking users.

Health Assessment

• • Single file change with minimal review, straightforward merge.

Summary

Fix chat-file access gating and insert_chat_files bug

This patch prevents users from attaching files they don't own to chats, protecting data privacy and ensuring only authorized file access. It also resolves a critical error that prevented chat-file persistence, restoring functionality.

Health Assessment

• • The PR addressed a critical security flaw by restricting file access and fixed a runtime error, but the review process took over three days, indicating moderate review friction.

Summary

Fix XSS in model profile image handling

Prevents cross‑site scripting attacks by rejecting SVG data URIs for model profile images, enhancing security for users and webhooks.

Health Assessment

• • Security fix with moderate review effort; small code changes; merged after ~3 days.

Summary

Improve Chinese translation

Enhances Chinese language translations for a better user experience.

Health Assessment

• • Merged within a day with minimal changes, indicating low complexity and risk.

Summary

Fix API key bypass via Host header injection

This patch prevents attackers from bypassing API key restrictions by injecting paths into the Host header, securing the authentication flow.

Health Assessment

• • Single atomic commit resolved within 18.5 hours with minimal risk and no major rework.

Summary

Add access check to search knowledge files

Prevents users from enumerating files in other knowledge bases by enforcing ownership checks.

Health Assessment

• • Single commit, minimal changes, merged within a day, indicating a straightforward bug fix with low complexity.

Summary

Fix undefined session variable in prompt helpers

Restores prompt editing functionality by correcting a NameError that caused silent redirects, improving user experience in the workspace.

Health Assessment

• • Quick, single-file fix with minimal code changes and no new dependencies, resulting in a fast merge cycle and low risk to the codebase.