[INCIDENT UPDATES]
- Compromised LiteLLM packages have been deleted.
- Proxy docker image users were not impacted - All dependencies are pinned on requirements.txt.
- Compromise came from Trivvy security scan dependency, looking into it with Googleβs Mandiant Security
The comprised packages were 1.82.7 and 1.82.8, they were quarantined and deleted, thanks to @pypi team
No LiteLLM releases will out until we have scanned our chain and make sure itβs safe
We are actively investigating, reach out to support@berri.ai with any questions/concerns
No LiteLLM releases will out until we have scanned our chain and make sure itβs safe
We are actively investigating, reach out to support@berri.ai with any questions/concerns
@pypi Active incident thread: github.com/berriAi/litellβ¦
Generated by Thread Navigator
Press β + S to quick-export
