v2.10.0-lts

New Features

• Homepage: Added workspace homepage statistics, enabling administrators to overview all workspace resources, operation monitoring trends and resource usage rankings.
• Knowledge Base: Added customizable terminology library; custom terms are prioritized during document word segmentation and retrieval (#5031).
• Agent: Full multimodal input support for AI Conversation nodes (#5276).
• Agent: User input parameters can be displayed inline directly within input boxes for configuration.
• Agent: Visibility condition configuration available for parameters of user input and form collection nodes to realize linkage between fields.
• System: Support for custom language packs; custom locale files can be placed under /opt/maxkb/local/locales inside MaxKB container, and custom languages become selectable after service restart (#5120).

Feature Optimizations

• Q&A Page: Hide user input parameters when starting a new conversation (#5298).
• Agent: Display the name of currently running node alongside AI responses on Q&A page (#5092).
• Agent: Added visibility toggle for parameters inside form collection nodes.
• Agent: Added output parameter Result List for Direct Reply for multi-recall nodes.
• Knowledge Base: Freeze operation buttons at top-right corner during document segmentation preview (#965).
• Knowledge Base: Render segmented content in Markdown format on segmentation preview.
• Models: MiniMax provider newly supports text-to-image, text-to-video and image-to-video models.
• Models: Alibaba Cloud Bailian added multimodal embedding model support (#5142).
• Models: Alibaba Cloud Bailian supports Wan2.7 image-to-video model (#5232).
• Models: Parameter configuration is available for reranking models of all providers.
• Role Management (X-Pack): Split agent creation permission and copy permission into independent permission bits (#5284).

Bug Fixes

• Security Vulnerability: Fixed post-authentication RCE vulnerability caused by MCP permission bypass in MaxKB.
• Knowledge Base: Fixed failure to upload documents in workflow knowledge base without corresponding workflow authorization (#5296).
• Agent: Fixed abnormal display for embedded mobile layout, floating window layout and shared page style (#6130).
• Agent: Fixed issue where all ECharts charts get overwritten by the first chart after page refresh when multiple charts are generated in one conversation.
• Agent: Fixed uploaded files disappearing after page refresh once conversation ends in advanced agent (#5253).
• Agent: Fixed exported conversation logs only showing username instead of full name, hindering user matching.
• Shared Knowledge Base (X-Pack): Fixed empty result after importing to create shared knowledge base (#5274).
• User Management: Fixed validation error when admin resets user passwords (#5301).
• System Login (X-Pack): Fixed missing operation logs upon third-party user login.

v2.9.2

Bug Fixes

• Agent: Fixed the issue where content was displayed repeatedly in the execution details of Image Understanding and Video Understanding nodes (#5269);
• Agent: Fixed the issue where an error was reported due to the long generation time when using the doubao-seedance-2-0-260128 model to generate videos (#5260);
• System: Fixed the error that occurred when switching internationalization languages.

v2.9.1

Security Vulnerability Fixes

• Security Vulnerability: Fixed a high‑risk vulnerability where passwords were transmitted in plaintext via the MaxKB reset_password interface (CVE‑2026‑45413).
• Security Vulnerability: Fixed authenticated SSRF risks caused by missing validation of callback URLs during workflow template import/update (CVE‑2026‑45412).

Bug Fixes

• Agent: Fixed the issue where reply messages were cleared and a network error appeared after the loop count exceeded the maximum limit in agents with infinite loops.
• Agent: Fixed the issue where the API returned no data and reported a read‑timeout error under stream=false when calling an agent containing infinite‑loop nodes via API.
• Agent: Fixed image generation failures after adding parameters for the Gemini image generation model (#5233).
• Agent: Fixed incorrect text descriptions for the Image Understanding node, and set the end‑frame image of the Image‑to‑Video node as non‑required.
• Agent: Fixed creation failures when importing agents from the Template Center (#5231).
• Agent: Fixed the issue where unselected knowledge bases were still retained after unchecking associated knowledge bases and saving with another selected knowledge base in knowledge base retrieval nodes.
• Agent: Fixed the issue where associated agents were not displayed in the dependent resource list of reranking models used for multi‑way recall (#5249).
• Agent: Fixed the issue where a new tab was not opened when accessing the agent page by holding Ctrl and clicking the agent panel.
• Tools: Fixed the issue that startup parameters of newly created tools required manual saving to use default values.
• Workspace: Fixed the issue that users not displayed could not be searched when adding members with a large user base.
• Resource Management: Fixed the inability to search resources by creator.
• Shared Resources: Fixed the inability to search resources by creator.

v2.9.0

New Features

• Agent: Added long-term memory capability. It supports generating memory by conversation rounds and time periods. Memories can be injected into prompts via variable references to improve conversation personalization and continuity.
• Agent: Nodes in advanced agent workflows support enable/disable, allowing debugging and temporary logic shielding without deleting nodes.
• Agent: Added associated resource viewing capability to check dependent and depended-on resources (#4859, #4872).
• Knowledge Base: Added associated resource viewing capability with bidirectional dependency tracing.
• Tools: Added associated resource viewing capability with bidirectional dependency tracing.
• Tools: Nodes in workflow tools support enable/disable, allowing debugging and temporary logic shielding without deleting nodes.
• Model: Added access support for MiniMax large language models and text-to-speech models (#4876).
• Model: Alibaba Cloud Bailian added support for MiniMax Speech voice model access (#4950).

Feature Optimizations

• Agent: User input and form collection nodes newly support the tree selector component (#4903).
• Agent: The variable assignment node supports explicitly assigning a variable to null (#4964, #5107).
• Agent: Added regular expression and wildcard matching modes for judge nodes in advanced agents (#4975).
• Agent: Batch copy and paste is supported for nodes on the orchestration canvas of advanced agents and workflows.
• Agent: Nodes inside loops support batch copy and paste across different loop bodies (#5128).
• Agent: The Publish permission of advanced agents is separated independently from edit permission and can be authorized separately.
• Agent: Added format guidelines for variable parameters of built-in nodes.
• Model: The model selection box only displays provider icons and model names for a cleaner interface.
• Model: All model providers support custom API Base URL to adapt to private deployment scenarios.
• Model: Model parameter changes are automatically synchronized to all associated referenced resources (#5134).
• Tools: ZIP installation packages uploaded for Skills tools support downloading.
• System: Optimized browser stuttering caused by excessive file directories.
• System: Optimized front-end stuttering when adding a large number of members to a role.

Bug Fixes

• Agent: Fixed the issue where subsequent nodes had no output after nesting a sub-agent node in a loop body (#5197).
• Agent: Fixed the issue that conversation records were lost after refreshing the page during streaming replies in simple agents (#5156).
• Agent: Fixed invalid search by creator in the agent list (#5177).
• Agent: Fixed the problem that triggers could be created for unpublished agents (#5146).
• Agent: Fixed abnormal icon display of workflow tools inside skill tools.
• Agent: Fixed the issue where unbinding the associated knowledge base in knowledge base retrieval nodes did not take effect (#5173).
• Model: Fixed abnormal parameter configuration of Volcano Engine image generation models (#5089).
• Model: Fixed errors of Volcano Engine multimodal vector models and supported custom model parameters.
• Model: Fixed the incorrect display position of the model Base URL.
• Model: Fixed occasional NaN errors in reranking models.

Security Vulnerability Fixes

• Security Vulnerability: Fixed the security vulnerability of missing authentication for Webhook trigger endpoints, which allowed unauthenticated requests to bypass authorization and trigger arbitrary tasks.

v2.8.1

Security Vulnerability Fixes

• Security: Fixed the permission bypass and SSRF security issues in the OSS file service URL acquisition interface. Improved application permission verification, DNS resolution verification, and URL resolution consistency to prevent unauthorized access and intranet request forgery.

Bug Fixes

• Models: Fixed an error when setting the end frame for text-to-video generation using the wan model from Alibaba Cloud Bailian provider (#5111).
• Models: Fixed the issue where the image count setting did not take effect in the parameter configuration of Volcano Engine image generation models (#5089).
• Knowledge Base: Fixed the issue where document order became disordered after adjusting document order following document segment migration (#5106).
• Knowledge Base: Fixed abnormal segmentation caused by the intelligent segmentation rule not excluding # comments inside code blocks.
• Agent: Fixed an error in model skill invocation during conversation when the thinking process was enabled in the AI Conversation node and an agent was configured in skills (#4988).
• API Documentation: Fixed the missing sync_type parameter in the Web knowledge base synchronization API documentation (#5081).

v2.8.0

New Features

• Tools: Added workflow-type tools;
• Tools: Supported automatic Python code generation;
• Knowledge Base: Supported importing and exporting all metadata of the knowledge base;
• Agent: Supported selecting models and knowledge bases during conversation;
• Agent: Supported batch selection to move to other folders or perform batch deletion;
• Agent: Added thinking process toggle settings for "Image Understanding" and "Video Understanding" nodes in advanced agents;
• Knowledge Base: Supported batch selection to move to other folders or perform batch deletion;
• Tools: Supported batch selection to move to other folders or perform batch deletion;
• Models: Added support for reranking models from the Baidu Qianfan provider (#4927);
• System: Unified all username display fields in the system to show the user's full name;
• Agent: The "Variable Aggregation" node in advanced agents now supports aggregating into dict-type variables (#4904);
• Agent: Optimized the split expression component of the "Variable Splitting" node in advanced agents (#4961).

Bug Fixes

• Agent: Fixed an error in user questions when using vLLM models with system prompts and Skills/MCP tools in the AI Conversation node;
• Agent: Fixed the incompatibility issue between vLLM models and the reasoning field;
• Agent: Fixed incorrect retrieval results when using the document tag retrieval node (#4942);
• Agent: Fixed the issue where the collapsed state of loop nodes in advanced orchestration was not saved (#4996);
• Agent: Fixed an error in the Image Understanding node during multi-turn conversations when images are not sent midway and then sent again (#4999);
• Agent: Fixed blank rendering issues when using ECharts (#4966);
• Agent (X-Pack): Fixed the issue where images sent via WeChat Work could not be opened after downloading from MaxKB conversation logs;
• Agent (X-Pack): Fixed the issue where authentication was not performed during conversations after enabling identity authentication for sub-agents in advanced agents;
• Knowledge Base: Fixed inaccurate description of "Allow preview in knowledge sources" in the Web Site knowledge base;
• Models: Fixed the missing error messages when token limit is exceeded or balance is insufficient for Alibaba Cloud Bailian reranking models (#4928);
• Models (X-Pack): Fixed the permission error when regular users click on shared models;
• Roles (X-Pack): Fixed the issue where other permissions were automatically checked when customizing the "About" permission for regular users (#4954);
• Resource Management (X-Pack): Fixed the issue where user roles were not displayed when authorizing resources in resource management.

Security Vulnerability Fixes

• Security: Fixed SSRF vulnerability bypassing sandbox connect() hook via socket.sendto()+MSG_FASTOPEN to prevent access to internal restricted services (#CVE-2026-39418);
• Security: Fixed remote code execution vulnerability for sandbox escape via env -i LD_PRELOAD to clear environment variables (#CVE-2026-39420);
• Security: Fixed sandbox bypass vulnerability for result spoofing via sys.exit(0) to bypass sandbox result verification (#CVE-2026-39419);
• Security: Fixed critical remote code execution vulnerability for sandbox escape via ctypes and unhooked SYS_pkey_mprotect (#CVE-2026-39421);
• Security: Fixed remote code execution vulnerability for Shell command injection via malicious configuration due to missing MCP server configuration validation (#CVE-2026-39417);
• Security: Fixed general stored cross-site scripting (XSS) vulnerability and strengthened user input security validation in all scenarios (#CVE-2026-39422);
• Security: Fixed stored XSS vulnerability in iframe_render caused by unfiltered user input (#CVE-2026-39426);
• Security: Fixed stored XSS vulnerability in Markdown rendering html_rander due to unfiltered HTML tags (#CVE-2026-39425);
• Security: Fixed stored XSS vulnerability in echarts_rander component via Eval malicious code injection (#CVE-2026-39423);
• Security: Fixed CSV injection vulnerability caused by unescaped special characters when exporting application chat logs to CSV (variant of CVE-2025-4546) (#CVE-2026-39424).

v2.7.1

Bug Fixes

• Models: Fixed the error that occurred when using Embedding models from the Ollama provider;
• Installation & Deployment: Fixed the upgrade error caused by incompatible dependency package versions on some older machines;
• Agent: Fixed the issue where the style of tool call data was not displayed in execution details.

v1.10.13-lts

Bug Fixes

• Models: Fixed the error when adding the image generation model of Douban (Doubao);
• Applications: Fixed the issue where the service restarted when exporting conversation logs due to a large volume of conversation log data;
• Applications: Fixed the issue where conversation records could not be exported when there was abnormal content in conversation logs;
• Applications: Fixed the issue where the judge node could not handle multiple conditions;
• Login: Fixed the login failure issue when the username contained Chinese characters (#4232);
• Internationalization: Fixed the incorrect description when adding the vision model of Xorbits Inference under Traditional Chinese/Simplified Chinese language settings.

v2.7.0

New Features

• Tools: Added Skills management capability to tools（#4682）;
• Agent: Supported agents to call Skills autonomously（#4682）;
• Q&A Page: Supported sharing conversation records on the Q&A page;
• Knowledge Base: Supported directly adding/removing document tags from the tag dimension;
• Login Authentication (X-Pack): Supported configuring the allowed login methods for system users.

Feature Optimizations

• Agent: Added the function to search/locate nodes on the workflow orchestration page of advanced agents;
• Agent: Added support for searching models in the model selection drop-down box (#4769);
• Agent: When hovering the mouse over resources in the dialog boxes for selecting knowledge bases, tools, and agents, more information about the resources can be displayed (#4657);
• Agent: Added support for the "Not Equal To" option for conditions in the judge node of advanced agents (#4885);
• Knowledge Base: Added a "Tags" column to the document list (displayed), and supported adding tags to documents in this column (#4616);
• Q&A Page: Optimized the UI style of tool calls;
• Triggers: Added support for setting scheduled triggers via Cron expressions (#4820);
• Models: Added support for image generation models from the Gemini provider (#4492);
• Models: Added support for vision models from the Silicon Flow (Guiji Liudong) provider (#4789).

Bug Fixes

• Knowledge Base: Fixed the issue where documents were not exported in segmentation order when exporting (#4818);
• Agent (X-Pack): Fixed the issue where output content was not formatted with Markdown during conversations in the Lark client;
• Agent: Fixed the issue where the pop-up window was not fully displayed when users gave thumbs-up/down feedback after AI reply content, when embedded in third-party platforms with full-screen embedding selected;
• Agent: Fixed the issue where AI nodes were displayed as completed in execution details even though they were not fully executed (#4845);
• Agent: Fixed the issue where conversations could still be conducted when calling the same application using API Keys of different applications (#4854);
• Agent: Fixed the issue where the question optimization node did not take effect (#4874);
• Agent: Fixed the issue where the AI model and associated knowledge base in settings were cleared after moving files in simple agents (#4890);
• Q&A Page: Fixed the incorrect style display when form collection content existed during conversations;
• Q&A Page: Fixed the issue where conversation content was not internationalized when users gave thumbs-up/down feedback after AI reply content;
• Q&A Page (X-Pack): Fixed the issue where conversation users created by third parties could not modify their passwords after logging into the application via account login;
• Models: Fixed the error when adding image generation models from the Volcano Engine provider.

v2.6.1

Bug Fixes

• Agent: Fixed the issue where tool execution failed under certain circumstances in the agent workflow; #4790
• Agent: Fixed the issue of incorrect acquisition of historical records in AI Conversation nodes when parallel nodes existed in the agent workflow; #4778
• Agent: Fixed the front-end error caused by excessively large data streams returned by the back-end when the AI responded to questions;
• Knowledge Base: Fixed the issue where segmentation markers (blank lines and carriage returns) did not take effect after selecting intelligent segmentation for document uploads; #4791.