Download Latest Version 1.15.0 source code.tar.gz (30.4 MB)
Email in envelope

Get an email when there's a new version of Dify

Home / 1.15.0
Name Modified Size InfoDownloads / Week
Parent folder
difyctl-v0.1.0-alpha-checksums.txt 2026-06-25 497 Bytes
difyctl-v0.1.0-alpha-darwin-arm64 2026-06-25 62.2 MB
difyctl-v0.1.0-alpha-darwin-x64 2026-06-25 67.3 MB
difyctl-v0.1.0-alpha-linux-arm64 2026-06-25 102.1 MB
difyctl-v0.1.0-alpha-linux-x64 2026-06-25 102.2 MB
difyctl-v0.1.0-alpha-windows-x64.exe 2026-06-25 117.3 MB
1.15.0 source code.tar.gz 2026-06-25 30.4 MB
1.15.0 source code.zip 2026-06-25 38.3 MB
README.md 2026-06-25 93.8 kB
Totals: 9 Items   519.9 MB 20

Dify 1.15.0 Release Note

What's Changed

UX & UI Enhancements

录屏2026-06-25 21 12 33

  • Redesigned landing / onboarding for an easier first-run experience (#37433, [#37844], [#37800])
  • Faster navigation — improved "go to anything" palette and autofocused search inputs (#32130, [#37175])
  • Safer deletes — one-click confirmation before removing an app (#37263)
  • Cleaner workflow editor with collapsible panels (#37276)
  • Clearer notifications — consistent toasts that show long errors in full (#37382, [#37581])
  • More accessible — plugin permission hints, restored contact-us menu, skip-nav link, and keyboard focus polish (#37310, [#37774], [#37644])

New Features

difyctl — drive Dify from the command line

  • difyctl is a command-line client for Dify: you can now run apps and workflows straight from your terminal, so personal agents, scripts, and CI pipelines can invoke Dify workflows without opening the web UI (#37036)
  • Install it on any platform (macOS, Linux, Windows) with a single command and no access token — binaries are published as public releases with checksum verification (#37036, [#37454])
  • Pass scoped environment variables to CLI tool runs, and get clearer, consistent error messages (including friendly rate-limit handling) across both difyctl and the /openapi/v1 API (#37324, [#37285], [#37313], [#36896])

See CoT in Workflow & Chatflow & CLI

  • Chat Flow / Workflow can now stream the model's reasoning into a dedicated live "thinking" panel while keeping the final answer clean and readable. The reasoning is preserved so it's still there after a page refresh, and the same reasoning is visible in CLI and workflow run previews (#37460, [#37828])

Richer Human-in-the-Loop forms

  • When a workflow pauses to ask a person for input, the form can now include dropdown selects and file / multi-file uploads — not just free text — so people can answer with structured choices and attachments (#36322)

Support for slow, long-running models

  • Workflows can now use generation models that take a long time to respond (such as image or video generation) via a polling mechanism: the node patiently waits for the final result instead of timing out (#37462)

Knowledge from richer spreadsheets

  • Images embedded inside Excel files are now extracted during knowledge import, so spreadsheet content that relies on pictures (diagrams, screenshots, charts) is no longer lost (#37104)

Deeper observability

  • Set your own trace session id for Phoenix so traces line up with your application's sessions, and follow document-retrieval steps in traces to understand how RAG results were produced (#37056, [#37283])

Workflow authoring polish

  • A refreshed start node makes it clearer how a workflow begins, and a smarter output node gives you more control over what a workflow returns (#37348, [#35511])
  • Friendlier errors when an app or workspace ID is malformed, instead of confusing failures (#37212)

Faster plugin installs in certain regions

  • The plugin daemon now auto-detects your region at startup and, where network connectivity to PyPI is poor, automatically picks a nearby package mirror — so installing plugins is faster and more reliable without any manual setup. You can still pin a specific mirror if you prefer (dify-plugin-daemon#750)

Security Updates

This release fixes a path traversal issue in plugin-daemon forwarding (cve-2026-41948).

Bug Fixes

  • Hardened outbound HTTP with bounded timeouts for Firecrawl, Jina, Watercrawl, Nacos, and Marketplace requests, and hardened default SSRF proxy egress (#37638, [#37637], [#37515], [#37444], [#37424], [#36332])
  • Fixed Lindorm vector store errors caused by the opensearch-py update (#37862) and Tongyi credential compatibility (#37942)
  • Invalidated credential cache after OAuth refresh (#37630)
  • Improved workflow execution error handling, eagerly validated conversations to prevent hanging, and prevented legacy stop from interrupting GraphEngine runs (#37919, [#37224], [#37129])
  • Resolved DetachedInstanceError via session management refactoring (#37847) and stabilized deployment state hydration (#37818)
  • Fixed conversation variable description length validation to prevent varchar(255) truncation (#33038) and stored Chinese as unicode so search works (#37446)
  • Numerous web UI and accessibility/focus-ring polish fixes

Improvements

  • Refactored session management across services to accept db.session explicitly via dependency injection for consistency (#37639, [#37832], [#37695], [#37694], and related)
  • Modernized typing (removed redundant type: ignore/cast, converted ABCs to Protocol, replaced isinstance chains with match-case)
  • Reduced workflow startup latency for Chatflow (#36773) and lowered workflow termination latency so stopping a run takes effect faster (#37106, [#37129])
  • Upgraded dependencies for CVE fixes (Bleach, PyJWT, starlette, storage group) (#37860, [#37008], [#37076], [#37861])

Environment Variable Changes

Added

  • DEVICE_FLOW_APPROVE_RATE_LIMIT_PER_HOUR (docker/envs/core-services/shared.env.example)
  • DIFY_ENV_NACOS_CONNECT_TIMEOUT, DIFY_ENV_NACOS_REQUEST_TIMEOUT (api/.env.example)
  • ENABLE_LEARN_APP (api/.env.example)
  • ENABLE_OAUTH_BEARER (docker/envs/core-services/shared.env.example)
  • MILVUS_SECURE, MILVUS_SERVER_NAME, MILVUS_SERVER_PEM_PATH (docker/envs/vectorstores/milvus.env.example)
  • NEXT_PUBLIC_ENABLE_FEATURE_PREVIEW (docker/envs/core-services/web.env.example)
  • OPENAPI_CORS_ALLOW_ORIGINS, OPENAPI_ENABLED, OPENAPI_KNOWN_CLIENT_IDS, OPENAPI_RATE_LIMIT_PER_TOKEN (docker/envs/core-services/shared.env.example)
  • PLUGIN_MODEL_PROVIDERS_CACHE_TTL (api/.env.example)
  • SERVER_CONSOLE_API_URL (docker/.env.example)
  • SSRF_PROXY_ALLOW_PRIVATE_DOMAINS, SSRF_PROXY_ALLOW_PRIVATE_IPS, SSRF_SANDBOX_PROXY_HOST, SSRF_SANDBOX_PROXY_PORT (docker/envs/middleware.env.example)
  • PIP_MIRROR_AUTO_DETECT (plugin daemon; default true) — auto-select a nearby PyPI mirror at startup for regions with poor connectivity
  • PIP_MIRROR_URL (plugin daemon; default empty) — manually pin the PyPI mirror; takes precedence over auto-detection

Removed

  • SSRF_REVERSE_PROXY_PORT, SSRF_SANDBOX_HOST (docker/envs/middleware.env.example)

Modified

  • UV_CACHE_DIR: /tmp/.uv-cache/tmp/uv_cache

Docker Compose Files

  • docker/docker-compose.yaml (modified)
  • docker/docker-compose.middleware.yaml (modified)
  • docker/docker-compose.pytest.ports.yaml (added)

Database Migrations

This release includes new database migrations. Run flask db upgrade (or uv run --project api flask db upgrade) after updating the code. Notable schema additions:

  • OAuth access tokens (ENABLE_OAUTH_BEARER)
  • Credential visibility
  • Human Input upload tables and conversation linkage
  • Category-scoped plugin auto-upgrade strategy (add_plugin_auto_upgrade_category)
  • App stars, learn-dify / cloud-only flags on recommended apps
  • Normalized legacy end-user type

Upgrade Guide

[!IMPORTANT]

  • This release includes new database migrations. Run them as part of the upgrade.
  • Plugin auto-upgrade is now configured per plugin category. After running flask db upgrade, you MUST also run flask backfill-plugin-auto-upgrade to migrate existing tenants' auto-upgrade settings into the new category-scoped model. If you skip this step, plugin auto-upgrade settings users previously configured may stop taking effect.
  • Environment variables changed (19 added, 2 removed, 1 modified). Review the Environment Variable Changes section and update your .env accordingly.
  • Docker Compose configuration files changed. If you maintain a customized docker-compose.yaml, review the changes and re-apply local customizations carefully.

Docker Compose Deployments

  1. Back up your customized docker-compose YAML and env files. bash cd docker cp docker-compose.yaml docker-compose.yaml.$(date +%s).bak cp .env .env.$(date +%s).bak 2>/dev/null || true
  2. Get the latest code for the 1.15.0 release. bash git fetch --tags git checkout 1.15.0
  3. Stop the services (run inside the docker directory). bash docker compose down
  4. Back up data. bash tar -cvf volumes-$(date +%s).tgz volumes
  5. Review any env file changes and re-apply local customizations.
  6. Upgrade services. bash docker compose up -d
  7. Backfill category-scoped plugin auto-upgrade strategies (required). bash docker compose exec api flask backfill-plugin-auto-upgrade

Source Code Deployments

  1. Stop the API server, Worker, and Web frontend server.
  2. Get the latest code for the 1.15.0 release. bash git fetch --tags git checkout 1.15.0
  3. Update Python dependencies. bash cd api uv sync
  4. Run database migrations. bash uv run flask db upgrade
  5. Backfill category-scoped plugin auto-upgrade strategies (required). bash uv run flask backfill-plugin-auto-upgrade
  6. Restart the API server, Worker, and Web frontend server.

Full Change List

New Contributors

Full Changelog: https://github.com/langgenius/dify/compare/1.14.2...1.15.0

Source: README.md, updated 2026-06-25