This issue is based on this discussion, which I posted March 24, 2026.
This project uses LiteLLM and unfortunately, a major security vulnerability was introduced in 1.82.6 and 1.82.7, probably by a rogue actor who compromised a committers GitHub account somehow.
https://www.xda-developers.com/popular-python-library-backdoor-machine/
I updated pyproject.toml to pin the version to 1.82.0. It used to say "litellm>=1.82.0"; now it says "litellm==1.82.0". (It should be safe to use 1.82.5, but 1.82.0 seems fine, so I'm playing it safe...)
Once this problem is safely patched in a new, forthcoming release, update to it.
This issue is based on this discussion, which I posted March 24, 2026.
This project uses LiteLLM and unfortunately, a major security vulnerability was introduced in 1.82.6 and 1.82.7, probably by a rogue actor who compromised a committers GitHub account somehow.
https://www.xda-developers.com/popular-python-library-backdoor-machine/
I updated
pyproject.tomlto pin the version to 1.82.0. It used to say"litellm>=1.82.0"; now it says"litellm==1.82.0". (It should be safe to use 1.82.5, but 1.82.0 seems fine, so I'm playing it safe...)Once this problem is safely patched in a new, forthcoming release, update to it.