The interactive file manager requires Javascript. Please enable it or use sftp or scp.
You may still browse the files here.

Name	Modified	Size	InfoDownloads / Week
Parent folder
DeepTutor-v1.3.10 source code.tar.gz	2026-05-10	8.4 MB	0
DeepTutor-v1.3.10 source code.zip	2026-05-10	9.0 MB	0
README.md	2026-05-10	4.7 kB	0
Totals: 3 Items		17.5 MB	0

DeepTutor v1.3.10 Release Notes

Release Date: 2026.05.10

v1.3.10 is a focused reliability release for the issues reported after v1.3.9. It restores smoother remote Docker access, makes self-signed LLM endpoints work consistently across SDK-backed providers, protects code snippets from citation rewrites, and splits Matrix E2EE into an explicit opt-in dependency.

Highlights

Remote Docker and CORS Recovery

Remote single-user Docker works out of the box again - when AUTH_ENABLED=false, DeepTutor now accepts browser origins over HTTP/HTTPS so LAN or remote-server frontends no longer hit the v1.3.8/v1.3.9 CORS regression reported in [#463].
Authenticated deployments stay explicit - when AUTH_ENABLED=true, CORS still requires a concrete allowlist through CORS_ORIGIN or CORS_ORIGINS, preserving the credentialed-auth safety boundary.
Multiple deployment origins are supported - CORS_ORIGINS accepts comma or newline separated values, and both Docker Compose files pass the setting through to the backend container.
Settings no longer drop network flags - CORS_ORIGIN, CORS_ORIGINS, and DISABLE_SSL_VERIFY are part of the canonical .env write order.

Provider TLS and Rendering Fixes

DISABLE_SSL_VERIFY now reaches OpenAI SDK paths - OpenAI-compatible, Azure OpenAI, executor, TutorBot, and legacy embedding SDK clients all receive a shared httpx.AsyncClient(verify=False) when the flag is enabled, fixing self-signed HTTPS LLM endpoints reported in [#464].
Production still blocks unsafe TLS bypasses - ENVIRONMENT=prod or ENVIRONMENT=production rejects DISABLE_SSL_VERIFY, with a single warning logged in non-production use.
Code blocks keep array indexes intact - Markdown citation linkification now masks fenced and inline code before rewriting references, so values[0] stays code instead of becoming a #references citation link (#468).

Matrix Install Compatibility

Matrix no longer installs E2EE by default - the standard matrix extra and requirements/matrix.txt now use plain matrix-nio, avoiding the python-olm / libolm build failures seen on macOS Python 3.14 and Apple Clang 21 (#462).
Encrypted rooms are an explicit add-on - install deeptutor[matrix-e2e] or requirements/matrix-e2e.txt when E2EE support is needed and libolm is available.
Runtime failures are clearer - Matrix defaults to non-E2EE mode, and enabling E2EE without crypto dependencies now raises an actionable install message instead of failing at import time.

Multi-User Runtime Compatibility

Default workspace paths stay stable outside user scope - when no current multi-user context is active, path resolution falls back to the default data workspace rather than forcing an admin scope.
Legacy test and monkeypatch hooks remain available - session and settings routers keep compatibility shims used by tests and older integrations.
Local agent artifacts are ignored - .claude/ is now excluded from Git so local worktrees and agent metadata do not accidentally enter releases.

Tests

Added CORS setting tests for unauthenticated remote origins and authenticated explicit allowlists.
Added shared OpenAI SDK HTTP-client tests across provider-core, Azure, executors, TutorBot, and embedding adapters.
Added Markdown display tests for prose citations, fenced code, inline code, and explicit backticked citations.
Added Matrix dependency split tests to keep default installs free of matrix-nio[e2e].
Re-ran targeted Python tests, web node tests, Ruff checks, and diff whitespace validation for the release patch.

Upgrade Notes

If you run remote Docker with AUTH_ENABLED=false, no extra CORS setting is required for normal HTTP/HTTPS browser origins.
If you run a shared or authenticated deployment with AUTH_ENABLED=true, set CORS_ORIGIN or CORS_ORIGINS to the exact frontend origin(s), for example https://learn.example.com.
Use DISABLE_SSL_VERIFY=true only for local, self-signed, or air-gapped test LLM endpoints. It remains blocked in ENVIRONMENT=prod and ENVIRONMENT=production.
Matrix installs are now non-E2EE by default. For encrypted Matrix rooms, install .[matrix-e2e] or requirements/matrix-e2e.txt, ensure libolm is present, and set e2ee_enabled=true in the Matrix channel config.
If you previously installed .[matrix] only to get non-encrypted Matrix messaging, reinstalling after this release should no longer require native libolm build tooling.