chore(release): patch v1.88.0-rc.1 with #29612 (session-token budget-ceiling exemption)#29637
Conversation
…ng for team keys (#29612) Non-admin users creating a team key through the UI were rejected with "max_budget cannot exceed the caller's own max_budget (0.25)". The request is authenticated by a UI/CLI session token whose max_budget is the per-session chat spend cap (max_ui_session_budget, default $0.25), and the delegated-authority budget ceiling (GHSA-q775-qw9r-2r4g) treated that cap as a delegation limit. Skip the ceiling only when a session token creates a team key (data.team_id set); that key's spend is bounded by the team budget at request time. Personal keys and every other non-admin caller keep the ceiling, so a session token cannot mint an arbitrary-budget personal key. (cherry picked from commit 97ba7e1)
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
Greptile SummaryThis PR cherry-picks #29612 onto the
Confidence Score: 4/5The change is tightly scoped — two conditions must both hold for the exemption to fire, and the security test explicitly guards the personal-key regression case. The logic is straightforward and well-commented: the The test file's
|
| Filename | Overview |
|---|---|
| litellm/proxy/management_endpoints/key_management_endpoints.py | Adds is_ui_session_team_key exemption to the GHSA-q775 delegated-authority budget ceiling; scoped to session tokens creating team keys, personal key creation keeps the ceiling. |
| tests/test_litellm/proxy/management_endpoints/test_key_management_endpoints.py | Adds two new async tests: one verifying the exemption fires for team-key creation, one confirming the ceiling still applies for personal keys. |
Reviews (1): Last reviewed commit: "fix(key_generate): exempt UI/CLI session..." | Re-trigger Greptile
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| try: | ||
| await _common_key_generation_helper( | ||
| data=data, | ||
| user_api_key_dict=user_api_key_dict, | ||
| litellm_changed_by=None, | ||
| team_table=MagicMock(), | ||
| ) | ||
| except (HTTPException, ProxyException) as err: | ||
| msg = str(getattr(err, "detail", "")) + str(getattr(err, "message", "")) | ||
| assert ( | ||
| "cannot exceed" not in msg.lower() | ||
| ), "UI/CLI session token creating a team key must be exempt from the ceiling" |
There was a problem hiding this comment.
The try/except structure here checks that the "cannot exceed" error does not appear, but it silently passes whenever the function raises any other HTTPException/ProxyException (e.g., a downstream mock returning an unexpected value and triggering a 500). That means the test can green without proving that the exemption path actually let execution flow past the ceiling check. A stronger approach would add an else branch or track whether the exception was caught at all, so a success path (no exception) is explicitly distinguished from a masked failure path.
![veria-ai[bot]](https://avatars.githubusercontent.com/in/1723776?s=60&v=4){kind=small}
| # at request time. Personal keys keep the ceiling; nothing else bounds them. | ||
| is_ui_session_team_key = ( | ||
| user_api_key_dict.team_id == UI_SESSION_TOKEN_TEAM_ID | ||
| and data.team_id is not None |
There was a problem hiding this comment.
Medium: Budget ceiling bypass through default team assignment
data.team_id can be populated by litellm.default_key_generate_params just above this check, after generate_key_fn has already decided whether to run team-key membership and limit checks. A UI session caller can omit team_id and request a large max_budget; in deployments with a default team_id, this exemption then mints a high-budget team key instead of enforcing the caller's session budget ceiling.
| and data.team_id is not None | |
| and data.team_id is not None | |
| and team_table is not None |
PR overviewThis PR patches the v1.88.0-rc.1 release by updating key management behavior around the session-token budget-ceiling exemption. The touched code is in the proxy key generation endpoint, where request defaults and team/session parameters are applied. There is one open security issue remaining. A UI session caller may be able to omit a team ID and rely on a configured default team assignment to generate a team key with a higher budget than their session ceiling should allow. No issues have been addressed yet, so the PR still needs a targeted fix before the budget-ceiling change is safe to merge. Open issues (1)
Fixed/addressed: 0 · PR risk: 5/10 |
3 participants
Relevant issues
Adds #29612 (fixes #29073) to the
patch/v1.88.0-rc.1line, which already carries the earlier batch (#29632). Cherry-picked from the squashed commit that landed onlitellm_internal_staging(97ba7e1a30)What is included
No version bump: the 1.88 line keeps
pyproject.tomlat 1.88.0 and the rc number is a git tag, matching how the prior rc patch was cut#29612 applies cleanly here: the rc carries the GHSA-q775 delegated-authority budget ceiling (introduced by #27897) that this fix adds an exemption to. The cherry-pick is byte-identical to upstream (
2 files changed, 93 insertions(+), no conflicts)Pre-Submission checklist
make test-unitType
Bug Fix
Changes
See the commit list. No new code beyond the cherry-pick
Generated by Claude Code