v2.4.1

Bug Fixes

• Applications: Fixed the issue where the "Submit" button could not be clicked when the form collection node was executed;
• Applications: Fixed the issue of incorrect retrieval results when the tag value of the document tag retrieval node was None;
• Applications: Fixed the issue where Input parameters were incompletely output when the AI model called MCP;
• Knowledge Base: Fixed the execution error of image understanding in the knowledge base workflow;
• Knowledge Base: Fixed the issue where zip files containing images could not be written to the knowledge base when uploaded;
• Knowledge Base: Fixed the issue where custom input file formats in local files of data source nodes were case-sensitive;
• Tools: Fixed the issue of abnormal console errors in the tool editor under certain circumstances;
• Models: Fixed the cache_dir error that occurred when adding a local reranking model.

v2.4.0

Security Vulnerability Fixes

• Fixed the permission bypass issue caused by system file overwriting (CVE-2025-66446);
• Fixed the permission bypass issue caused under specific concurrent conditions (CVE-2025-66419).

Special thanks to GitHub users @yck99, @NikoCat233, and @Threonine for discovering and promptly reporting the above vulnerabilities to the MaxKB open-source community!

New Features

• Knowledge Base: Added workflow knowledge base;
• Tools: Added data source tools;
• Tools: Tools in the Tool Store support two types: "Tool" and "Data Source";
• Models: AWS provider added support for vision models and reranking models;
• Models: Vision models of OpenAI, Ollama, vLLM, Xinference, and Zhipu AI providers support video understanding functionality;
• Models: Added support for large language models, vector models, and reranking models from the Docker AI provider;
• Applications: Added "URL Address" as an upload method in the file upload settings;
• Applications: Added ranking statistics for "User Consumed Tokens" and "User Question Count" to the monitoring statistics on the overview page;
• Resource Authorization: Supported filtering users by role when authorizing applications, knowledge bases, tools, and models to users by resource;
• Login Authentication (X-Pack): Added SAML2 login authentication method.

Feature Optimizations

• Applications: The generated prompts of AI conversation nodes in advanced applications no longer carry application names and description information;
• Applications: Supported outputting request parameters when AI models call MCP tools;
• Applications: Supported using shortcut keys to copy nodes into loop bodies in advanced orchestration;
• Tools: Supported importing three types of resources: tools, MCPs, and data sources;
• Tools: Adjusted the Tool Store entry to the tool list;
• Tools: Removed system built-in tools and moved them to the Tool Store.

Bug Fixes

• Q&A Page: Fixed the issue where retrieval results of knowledge base retrieval nodes in loop bodies were not displayed in knowledge sources;
• Applications: Fixed the incorrect display of execution time for loop nodes in execution details;
• Applications: Fixed the incorrect retrieval results when the variable value was empty in the document tag retrieval node;
• Knowledge Base: Fixed the issue where the original document could not be opened after downloading it following replacement (#4397);
• Models: Fixed the generation error of the qwen-image model from the Alibaba Cloud BaiLian provider (#4376);
• Models: Fixed the error when adding the gpt-5-codex model from the Azure OpenAI provider;
• Models: Fixed the incorrect setting of some parameters for vLLM models (#4403);
• Roles: Fixed the issue where the "About" permission authorized to workspace administrators and ordinary users did not take effect;
• Conversation Users (X-Pack): Fixed the issue where non-essential information was displayed in the conversation user query interface;
• API Documentation (X-Pack): Revised several inaccurate descriptions in the API documentation.

v2.3.1

Security Vulnerability Fixes

• Security Vulnerability: Fixed the vulnerability where Python code in tools could access local services (CVE-2025-64511);
• Security Vulnerability: Fixed the vulnerability where Python code in tools could obtain system configuration information (CVE-2025-64703).

Special thanks to the XlabAI Team of Tencent Xuanwu Lab (@XlabAITeam) for discovering and promptly feeding back the above vulnerabilities to the MaxKB open-source community!

Feature Optimizations

• System: Through code refactoring and architecture optimization, significantly reduced CPU and memory usage, comprehensively improving system resource utilization, stability, and concurrent processing capabilities;
• System: Displayed the user's name in the upper right corner after the user logs in to the system (#4315);
• Applications: Users authorized with "View" permission can access the "Settings" page of the application;
• Folders: Folders in the application, knowledge base, and tool lists support movement and drag-and-drop movement;
• Folders: Removed the hierarchical limit for folders in the application, knowledge base, and tool lists;
• User Management: Adjusted the maximum length of usernames and full names to 64 characters;
• Conversation Users (X-Pack): Adjusted the maximum length of usernames and full names to 64 characters.

Bug Fixes

• Knowledge Base: Fixed the occasional failure of document vectorization;
• Knowledge Base: Fixed the issue where the association between segments and questions was not synchronously deleted when deleting a document;
• Applications: Fixed the issue where multiple forms were repeatedly displayed in the conversation when there was a form collection node in the loop body (#4326);
• Applications: Fixed the issue where the output content directly displayed the "context" abnormal information during the conversation when there was a form collection node in the loop body;
• Applications: Fixed the issue where the output parameters of the loop node would become "None" when there was a form collection node in the loop body;
• Applications: Fixed the issue where the last folder was not displayed when adding a tool node;
• Resource Authorization: Fixed the issue where the folder would automatically collapse when authorizing resources under the folder;
• Q&A Page: Fixed the issue where users could not log in via WeChat Work QR code on the Safari browser.

v2.3.0

New Features

• Knowledge Base: Added "Tag Management" function;
• Knowledge Base: Added "Tag Setting" function for documents in the knowledge base;
• Knowledge Base: Added "Replace Original Document" function for the general knowledge base;
• Applications: Added "Document Tag Retrieval" node to Advanced Orchestration Applications;
• Applications: Added "Video Understanding" node to Advanced Orchestration Applications;
• Applications: Added "Variable Splitting" node to Advanced Orchestration Applications;
• Applications: Added "Variable Aggregation" node to Advanced Orchestration Applications;
• Applications: Added "Parameter Extraction" node to Advanced Orchestration Applications;
• Applications: Added "Video" file type option to file upload settings;
• Applications: Added "startwith" and "endwith" judgment conditions to the Judge node;
• Applications: Added "Historical Chat Records {history}" parameter to the output parameters of the AI Conversation node;
• Applications: Added two retrieval scope options (manual selection of knowledge base and variable reference) to the Knowledge Base Retrieval node;
• Resource Authorization: Supported authorizing folder resources by user;
• Resource Authorization: Supported folder-based resource authorization for applications, knowledge bases, and tools in the workspace;
• System Management (X-Pack): Added cleaning policies to operation logs to help administrators manage log data efficiently.

Feature Optimizations

• Applications (X-Pack): Supported password-free login for users after the application is connected to WeChat Work, Lark, or DingTalk;
• Applications: Supported video file types for file uploads;
• Applications: Added URL address setting support for the "select file" parameter of Image Understanding, Image-to-Video, and Video Understanding nodes;
• Applications: Allowed Variable Assignment nodes to be used as end nodes;
• Applications: Supported batch selection of nodes on the workflow orchestration page;
• Applications: Added a description field to interface parameters;
• Applications: Adjusted the maximum value of the "Question Limit per Client" option in "Access Restrictions" to 10 million times per day;
• Applications: Added custom input support for multi-select box components in the Form Collection node;
• Applications: Displayed all applications in the current workspace in the root directory and supported global search;
• Tools: Displayed all tools in the current workspace in the root directory and supported global search;
• Tools: Added variable parsing support for custom-type parameters;
• Knowledge Base: Displayed all knowledge bases in the current workspace in the root directory and supported global search;
• Roles: Adjusted the "About" permission to the ordinary user role;
• Models: Added model parameter setting support for vector models.

Bug Fixes

• Applications: Fixed the issue where tool nodes in the loop body were not exported when exporting the application;
• Applications: Fixed the issue where nodes after the Form Collection node in the loop body could not output loop variables;
• Applications: Fixed the issue where the content of the first parameter was cleared when modifying the content of the second parameter in the MCP Call node;
• Applications: Fixed the issue where Tokens showed 0 during conversations when using the Zhipu large language model and enabling the tool function in the AI Conversation node;
• Applications (X-Pack): Fixed the issue where the history record setting option in display settings did not take effect (#4201);
• Q&A Page: Fixed the issue where uploaded files were lost when clicking the "Get Another Answer" button after uploading files and asking questions on the Q&A page (#4180);
• Q&A Page: Fixed the issue where conversation records were lost when adjusting the size of the conversation window while asking questions on the Q&A page (#4202).

v2.2.1

Feature Optimizations

• Tools: Added a "Parameter Prompt Description" field for input parameters;
• Tools: For tools added from the Tool Store, clicking the panel allows opening the tool details;
• Models: The visual models of the Alibaba Cloud BaiLian provider now support qwen-vl-ocr.

Bug Fixes

• Applications: Fixed the abnormal display issue when dragging the MCP Call node while adding components; #4152
• Applications: Fixed the issue where different branches of the judge could not connect to the same subsequent node; #4146
• Applications: Fixed the issue where adding multiple loop nodes might cause extra independent loop bodies to appear; #4142
• Applications: Fixed the incorrect display of the icon of the preceding node in the drop-down options of "Select Variable";
• Applications: Fixed the error issue when using the condition of "judging variable as empty" in the judge;
• Applications: Fixed the missing parameters when copying the knowledge base retrieval node after selecting a knowledge base for it;
• Tools: Fixed the issue where tools in the Tool Store did not display descriptions;
• Tools: Fixed the issue where clicking the "Create" button repeatedly when creating a tool would create multiple tools;
• System: Fixed the incorrect internationalization of the prompt message for wrong verification codes;
• System: Fixed the issue where built-in roles did not take effect after switching the language to English.

v2.2.0

Release Notes for MaxKB v2.2.0 Community Edition

In MaxKB v2.2.0 Community Edition, regarding Applications: Advanced Orchestration Applications have added Loop Nodes, Intent Recognition Nodes, Text-to-Video Nodes, and Image-to-Video Nodes. Simple Applications now support MCP and tool calling functions, and have newly added prompt generation capabilities. For Tools: MaxKB has launched a brand-new Tool Store, allowing users to select required tools directly without self-development. In terms of Models: MaxKB has added support for Text-to-Video and Image-to-Video models from Alibaba Cloud BaiLian and Volcano Engine.

For the X-Pack Enhancement Package: MaxKB supports default login method settings, enabling administrators to customize the system’s default login channels (e.g., account-password login, third-party login, etc.) based on enterprise needs; it also newly supports setting to enable captcha verification after N failed login attempts.

New Features

• Tools: Added Tool Store;
• Applications: Added Loop Node, Break Node, and Continue Node;
• Applications: Added Intent Recognition Node;
• Applications: Added Text-to-Video Node;
• Applications: Added Image-to-Video Node;
• Applications: Simple Applications now support MCP and tool calling functions;
• Applications: Added support for prompt generation;
• Applications: Added "Output MCP/Tool Execution Process" switch setting;
• Applications: Variable Assignment Nodes now support the bool data type when assigning values;
• Applications: MCP configuration information supports variable parsing;
• Applications: Conversation users support the setting to enable captcha verification after a specified number of failed account login attempts (X-Pack);
• Knowledge Base: Supports parameter settings for models that handle question generation tasks;
• Models: Alibaba Cloud BaiLian provider has added support for Text-to-Video and Image-to-Video models;
• Models: Volcano Engine provider has added support for Text-to-Video and Image-to-Video models;
• Models: Speech Recognition Models support model parameter settings;
• Login: Added default login method setting (X-Pack);
• Login: Added setting to enable captcha verification after a specified number of failed user login attempts (X-Pack);
• Login: Upgraded the login captcha to an authentication mechanism with user isolation functionality.

Feature Optimizations

• Q&A Page: Added a "Back to Bottom" shortcut operation;
• Knowledge Base: The question list supports the "Show 1000 Items" option setting;
• Applications: Optimized the display style of "Add Component" for Advanced Orchestration Applications;
• Applications: Optimized the descriptions of system prompts and user prompts;
• Resource Management: Added support for filtering by type in the resource list filter options (X-Pack).

Bug Fixes

• Knowledge Base: Fixed the issue where exporting a knowledge base would time out and report an error when the knowledge base contains a large amount of data (#3995);
• Applications: Fixed the issue where the thinking process was not returned when using the application API interface for conversations (#4084);
• Applications: Fixed the issue where the display order of login methods in Access Restrictions was not sorted by category (#4049);
• Applications: Fixed the issue where the "Question Limit per Client" option setting in Access Restrictions did not take effect (#4042);
• Q&A Page: Fixed the issue where the send button was not displayed on some browsers in the iOS system;
• Q&A Page: Fixed the issue where refreshing the browser on the Q&A page would open the application list page after setting the question interface parameters in the application settings (#4076);
• Q&A Page: Fixed the issue where the font style of the thinking process was incorrect (#2792);
• Models: Fixed the issue where the parameter settings for the speech synthesis model from the Silicon Flow provider did not take effect.

v1.10.11-lts

New Features

• Login: Optimized the login system to encrypt user passwords.

Bug Fixes

• Q&A Page: Fixed the issue where AI responses would throw errors when users ask questions after incomplete file uploads.
• Applications: Fixed the issue where the asker's questions were not displayed in the application's conversation logs when asking questions in the floating dialog box.
• Applications: Fixed the issue of incorrect styling for thinking processes.
• Applications: Fixed the issue where users without application permissions could still view application conversation records through API interfaces.
• Applications: Fixed the occasional issue of database connection closure during conversations.
• API Documentation: Fixed several display issues in the API documentation.

v2.1.2

Bug Fixes

• Applications: Fixed the issue where newly created "MCP Call" nodes would throw errors during execution.
• Knowledge Base: Fixed the problem where the "Maximum number of files per upload" setting in knowledge base settings did not take effect.

v2.1.1

Enhancements

• Application: The MCP settings function of the AI Conversation Node now supports selecting multiple MCP tools.

Bug Fixes

• Tools: Fixed the vulnerability that allowed arbitrary system commands to be executed via tool operation;
• Tools: Fixed the abnormal style display issue on the MCP editing page;
• Application: Fixed the issue where multiple session variables could not be added in the Basic Information Node;
• Application: Fixed the incorrect time zone issue of the global variable "Current Time";
• Application: Fixed the issue where pressing the Enter key in the user input title setting dialog would open a new web page;
• Knowledge Base: Fixed the issue where images in the knowledge base were not exported when exporting the knowledge base;
• Knowledge Base: Fixed the issue where the file name of the exported knowledge base did not match the name of the knowledge base itself;
• Role Management (X-Pack): Fixed the incorrect internationalization display issue of the Role Management function.

v2.1.0

Release Notes

New Features

• Tools: Added the MCP tool management function.
• Applications: Added tool settings for AI conversation nodes; after users select a custom tool, the model can independently decide whether to call the configured tool.
• Applications: Parameters of form collection nodes now support variable reference.
• Applications: Added multi-line text boxes, file upload, and single-line multi-select box components to form collection nodes.
• Applications (X-Pack): Application access now supports connection to WeChat Work intelligent robots, enabling users to achieve efficient linkage between AI capabilities and the WeChat Work office ecosystem.
• Applications (X-Pack): Added the "Show History Records" option in display settings.
• Q&A Page: Supported exporting current conversation records as PDF and PNG image formats on the Q&A page.
• Knowledge Base: Added the "Allow Download in Knowledge Sources" setting option for documents in the general knowledge base and Lark knowledge base.
• Resource Authorization: Added resource-level authorization function, supporting the authorization of core resources such as applications, knowledge bases, tools, and models to specified users.
• Resource Authorization: When authorizing resources by user in system management, different permissions can be set for each resource.
• Models: Added support for reranking models and speech recognition models to the vLLM provider.
• Models: Added support for speech recognition models to the Tencent Hunyuan provider.
• Models: Added support for Chinese speech large models to the speech recognition models of the iFlytek Spark provider.
• Models: Added support for qwen-omni-turbo, qwen2.5-omni-7b, and ASR models to the speech recognition models of the Alibaba Cloud BaiLian provider.
• Models: Added support for the API Version V2 connection method to the Baidu Qianfan Large Model provider.

Enhancements

• Applications: Added the function of querying by user in the conversation log list.
• Applications (X-Pack): After an application is connected to Lark, AI response content is displayed in Markdown format.
• Q&A Page: Automatically creates a new conversation by default when entering the Q&A page.
• Q&A Page: Optimized the issue where a default question is automatically generated when uploading files or images.
• Tools: Added a secondary confirmation prompt when clicking the "Close" or "Cancel" button while creating or editing a tool.
• Login: Users must change their default password before continuing to use the system after logging in with it.

Bug Fixes

• Applications: Fixed the issue where MCP nodes in advanced orchestration applications were not internationalized.
• Applications: Fixed the issue where session variables could not be read when used after form collection nodes.
• Q&A Page (X-Pack): Fixed the issue where the custom application Logo was not displayed in the browser tab.
• Q&A Page (X-Pack): Fixed the issue where existing authentication information remained valid when switching the application's identity authentication method in the "Access Restriction" function.
• Q&A Page: Fixed the issue where the content display style was messed up when clicking the "Collapse" button in the left navigation area.
• Q&A Page: Fixed the issue where a "missing parameter" prompt appeared when a conversation user asked a question after re-logging in.
• Q&A Page: Fixed the issue where conversation records were not displayed in the conversation record area when loading historical record data.
• Q&A Page: Fixed the issue where uploading an empty file caused extraction errors.
• Q&A Page: Fixed the issue where tags were displayed abnormally when the content of quick questions was too long.
• Knowledge Base: Fixed the issue where the input box on the hit test interface was displayed incompletely when the system had no License authorization.
• Knowledge Base: Fixed the issue where there was no secondary confirmation when clicking the "Back" button during document upload to the knowledge base.
• Knowledge Base: Fixed the issue where search results were incorrect when searching by segment content in the knowledge base segment details.
• Knowledge Base: Fixed the issue where the same segment could be associated with the same question multiple times.
• Knowledge Base: Fixed the issue where the "Number of Associated Segments" count was incorrect in the question list.
• Models: Fixed the issue where models in the "All Models" list were not displayed in descending order of creation time.
• Resource Authorization: Fixed the issue where users with only knowledge base view permission could add segments in conversation logs.
• Folders: Fixed the issue where clicking the "Back" button in the resource details of applications and knowledge bases always returned to the root directory.
• Conversation Users (X-Pack): Fixed the issue where user passwords were not synchronized when synchronizing system users.
• Conversation Users (X-Pack): Fixed the issue where a new conversation user could be created successfully even without setting a user group.