chore(release): backport #29612 (session-token budget-ceiling exemption) into stable/1.87.x and cut 1.87.2#29636
Conversation
…ng for team keys (#29612) Non-admin users creating a team key through the UI were rejected with "max_budget cannot exceed the caller's own max_budget (0.25)". The request is authenticated by a UI/CLI session token whose max_budget is the per-session chat spend cap (max_ui_session_budget, default $0.25), and the delegated-authority budget ceiling (GHSA-q775-qw9r-2r4g) treated that cap as a delegation limit. Skip the ceiling only when a session token creates a team key (data.team_id set); that key's spend is bounded by the team budget at request time. Personal keys and every other non-admin caller keep the ceiling, so a session token cannot mint an arbitrary-budget personal key. (cherry picked from commit 97ba7e1)
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
Greptile SummaryThis backport cherry-picks the GHSA-q775 session-token exemption fix (#29612) onto the
Confidence Score: 5/5Safe to merge — the exemption logic is correct, and the prior concern about post-defaults The fix is minimal and targeted: No files require special attention.
|
| Filename | Overview |
|---|---|
| litellm/proxy/management_endpoints/key_management_endpoints.py | Adds _requested_team_id capture before the defaults loop, then gates the is_ui_session_team_key exemption on it; addresses the prior review concern about post-defaults data.team_id leaking into the check. |
| tests/test_litellm/proxy/management_endpoints/test_key_management_endpoints.py | Adds three targeted regression tests: team-key exemption succeeds, personal-key ceiling still fires, and default-injected team_id does not bypass the ceiling. |
| pyproject.toml | Version bump 1.87.1 → 1.87.2 in both [project] and [tool.commitizen] blocks; no other changes. |
Reviews (2): Last reviewed commit: "fix(key_generate): harden GHSA-q775 sess..." | Re-trigger Greptile
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
…efault_key_generate_params Capture _requested_team_id before the default_key_generate_params loop runs and key the UI/CLI session-token budget-ceiling exemption off it, instead of the post-defaults data.team_id. On an install that sets default_key_generate_params.team_id, a session token requesting a personal key (no explicit team_id) would otherwise have data.team_id auto-filled, flipping is_ui_session_team_key on and bypassing the delegated-authority ceiling -- the exact escalation GHSA-q775 closed. Mirrors the existing pre-defaults capture of _requested_max_budget. Adds a regression test. https://claude.ai/code/session_01RT583b1khYC3wjLrQ5hT5h
The latest 1.87.x GitHub release is v1.87.0, so the branch should sit one patch ahead at 1.87.1 as the patch-to-be. The GHSA-q775 backport (BerriAI#29636) additionally bumped 1.87.1 -> 1.87.2, cutting a version ahead of release. This reverts just the version bump and its uv.lock refresh, keeping the backported fix and hardening
2 participants
Relevant issues
Backports #29612 (fixes #29073) onto the 1.87.x line, which already received the earlier batch (#29631). Cherry-picked from the squashed commit that landed on
litellm_internal_staging(97ba7e1a30). Cuts 1.87.2What is included
The last two commits are the version bump (1.87.1 → 1.87.2) and the matching uv.lock refresh
#29612 applies cleanly here: 1.87.x carries the GHSA-q775 delegated-authority budget ceiling (introduced by #27897) that this fix adds an exemption to. The cherry-pick is byte-identical to upstream (
2 files changed, 93 insertions(+), no conflicts)Pre-Submission checklist
make test-unitType
Bug Fix
Infrastructure
Changes
See the commit list. No new code beyond the cherry-pick, the version bump, and the lockfile refresh