v2.3.1

Security Vulnerability Fixes

• Security Vulnerability: Fixed the vulnerability where Python code in tools could access local services (CVE-2025-64511);
• Security Vulnerability: Fixed the vulnerability where Python code in tools could obtain system configuration information (CVE-2025-64703).

Special thanks to the XlabAI Team of Tencent Xuanwu Lab (@XlabAITeam) for discovering and promptly feeding back the above vulnerabilities to the MaxKB open-source community!

Feature Optimizations

• System: Through code refactoring and architecture optimization, significantly reduced CPU and memory usage, comprehensively improving system resource utilization, stability, and concurrent processing capabilities;
• System: Displayed the user's name in the upper right corner after the user logs in to the system (#4315);
• Applications: Users authorized with "View" permission can access the "Settings" page of the application;
• Folders: Folders in the application, knowledge base, and tool lists support movement and drag-and-drop movement;
• Folders: Removed the hierarchical limit for folders in the application, knowledge base, and tool lists;
• User Management: Adjusted the maximum length of usernames and full names to 64 characters;
• Conversation Users (X-Pack): Adjusted the maximum length of usernames and full names to 64 characters.

Bug Fixes

• Knowledge Base: Fixed the occasional failure of document vectorization;
• Knowledge Base: Fixed the issue where the association between segments and questions was not synchronously deleted when deleting a document;
• Applications: Fixed the issue where multiple forms were repeatedly displayed in the conversation when there was a form collection node in the loop body (#4326);
• Applications: Fixed the issue where the output content directly displayed the "context" abnormal information during the conversation when there was a form collection node in the loop body;
• Applications: Fixed the issue where the output parameters of the loop node would become "None" when there was a form collection node in the loop body;
• Applications: Fixed the issue where the last folder was not displayed when adding a tool node;
• Resource Authorization: Fixed the issue where the folder would automatically collapse when authorizing resources under the folder;
• Q&A Page: Fixed the issue where users could not log in via WeChat Work QR code on the Safari browser.

v2.3.0

New Features

• Knowledge Base: Added "Tag Management" function;
• Knowledge Base: Added "Tag Setting" function for documents in the knowledge base;
• Knowledge Base: Added "Replace Original Document" function for the general knowledge base;
• Applications: Added "Document Tag Retrieval" node to Advanced Orchestration Applications;
• Applications: Added "Video Understanding" node to Advanced Orchestration Applications;
• Applications: Added "Variable Splitting" node to Advanced Orchestration Applications;
• Applications: Added "Variable Aggregation" node to Advanced Orchestration Applications;
• Applications: Added "Parameter Extraction" node to Advanced Orchestration Applications;
• Applications: Added "Video" file type option to file upload settings;
• Applications: Added "startwith" and "endwith" judgment conditions to the Judge node;
• Applications: Added "Historical Chat Records {history}" parameter to the output parameters of the AI Conversation node;
• Applications: Added two retrieval scope options (manual selection of knowledge base and variable reference) to the Knowledge Base Retrieval node;
• Resource Authorization: Supported authorizing folder resources by user;
• Resource Authorization: Supported folder-based resource authorization for applications, knowledge bases, and tools in the workspace;
• System Management (X-Pack): Added cleaning policies to operation logs to help administrators manage log data efficiently.

Feature Optimizations

• Applications (X-Pack): Supported password-free login for users after the application is connected to WeChat Work, Lark, or DingTalk;
• Applications: Supported video file types for file uploads;
• Applications: Added URL address setting support for the "select file" parameter of Image Understanding, Image-to-Video, and Video Understanding nodes;
• Applications: Allowed Variable Assignment nodes to be used as end nodes;
• Applications: Supported batch selection of nodes on the workflow orchestration page;
• Applications: Added a description field to interface parameters;
• Applications: Adjusted the maximum value of the "Question Limit per Client" option in "Access Restrictions" to 10 million times per day;
• Applications: Added custom input support for multi-select box components in the Form Collection node;
• Applications: Displayed all applications in the current workspace in the root directory and supported global search;
• Tools: Displayed all tools in the current workspace in the root directory and supported global search;
• Tools: Added variable parsing support for custom-type parameters;
• Knowledge Base: Displayed all knowledge bases in the current workspace in the root directory and supported global search;
• Roles: Adjusted the "About" permission to the ordinary user role;
• Models: Added model parameter setting support for vector models.

Bug Fixes

• Applications: Fixed the issue where tool nodes in the loop body were not exported when exporting the application;
• Applications: Fixed the issue where nodes after the Form Collection node in the loop body could not output loop variables;
• Applications: Fixed the issue where the content of the first parameter was cleared when modifying the content of the second parameter in the MCP Call node;
• Applications: Fixed the issue where Tokens showed 0 during conversations when using the Zhipu large language model and enabling the tool function in the AI Conversation node;
• Applications (X-Pack): Fixed the issue where the history record setting option in display settings did not take effect (#4201);
• Q&A Page: Fixed the issue where uploaded files were lost when clicking the "Get Another Answer" button after uploading files and asking questions on the Q&A page (#4180);
• Q&A Page: Fixed the issue where conversation records were lost when adjusting the size of the conversation window while asking questions on the Q&A page (#4202).

v2.2.1

Feature Optimizations

• Tools: Added a "Parameter Prompt Description" field for input parameters;
• Tools: For tools added from the Tool Store, clicking the panel allows opening the tool details;
• Models: The visual models of the Alibaba Cloud BaiLian provider now support qwen-vl-ocr.

Bug Fixes

• Applications: Fixed the abnormal display issue when dragging the MCP Call node while adding components; #4152
• Applications: Fixed the issue where different branches of the judge could not connect to the same subsequent node; #4146
• Applications: Fixed the issue where adding multiple loop nodes might cause extra independent loop bodies to appear; #4142
• Applications: Fixed the incorrect display of the icon of the preceding node in the drop-down options of "Select Variable";
• Applications: Fixed the error issue when using the condition of "judging variable as empty" in the judge;
• Applications: Fixed the missing parameters when copying the knowledge base retrieval node after selecting a knowledge base for it;
• Tools: Fixed the issue where tools in the Tool Store did not display descriptions;
• Tools: Fixed the issue where clicking the "Create" button repeatedly when creating a tool would create multiple tools;
• System: Fixed the incorrect internationalization of the prompt message for wrong verification codes;
• System: Fixed the issue where built-in roles did not take effect after switching the language to English.

v2.2.0

Release Notes for MaxKB v2.2.0 Community Edition

In MaxKB v2.2.0 Community Edition, regarding Applications: Advanced Orchestration Applications have added Loop Nodes, Intent Recognition Nodes, Text-to-Video Nodes, and Image-to-Video Nodes. Simple Applications now support MCP and tool calling functions, and have newly added prompt generation capabilities. For Tools: MaxKB has launched a brand-new Tool Store, allowing users to select required tools directly without self-development. In terms of Models: MaxKB has added support for Text-to-Video and Image-to-Video models from Alibaba Cloud BaiLian and Volcano Engine.

For the X-Pack Enhancement Package: MaxKB supports default login method settings, enabling administrators to customize the system’s default login channels (e.g., account-password login, third-party login, etc.) based on enterprise needs; it also newly supports setting to enable captcha verification after N failed login attempts.

New Features

• Tools: Added Tool Store;
• Applications: Added Loop Node, Break Node, and Continue Node;
• Applications: Added Intent Recognition Node;
• Applications: Added Text-to-Video Node;
• Applications: Added Image-to-Video Node;
• Applications: Simple Applications now support MCP and tool calling functions;
• Applications: Added support for prompt generation;
• Applications: Added "Output MCP/Tool Execution Process" switch setting;
• Applications: Variable Assignment Nodes now support the bool data type when assigning values;
• Applications: MCP configuration information supports variable parsing;
• Applications: Conversation users support the setting to enable captcha verification after a specified number of failed account login attempts (X-Pack);
• Knowledge Base: Supports parameter settings for models that handle question generation tasks;
• Models: Alibaba Cloud BaiLian provider has added support for Text-to-Video and Image-to-Video models;
• Models: Volcano Engine provider has added support for Text-to-Video and Image-to-Video models;
• Models: Speech Recognition Models support model parameter settings;
• Login: Added default login method setting (X-Pack);
• Login: Added setting to enable captcha verification after a specified number of failed user login attempts (X-Pack);
• Login: Upgraded the login captcha to an authentication mechanism with user isolation functionality.

Feature Optimizations

• Q&A Page: Added a "Back to Bottom" shortcut operation;
• Knowledge Base: The question list supports the "Show 1000 Items" option setting;
• Applications: Optimized the display style of "Add Component" for Advanced Orchestration Applications;
• Applications: Optimized the descriptions of system prompts and user prompts;
• Resource Management: Added support for filtering by type in the resource list filter options (X-Pack).

Bug Fixes

• Knowledge Base: Fixed the issue where exporting a knowledge base would time out and report an error when the knowledge base contains a large amount of data (#3995);
• Applications: Fixed the issue where the thinking process was not returned when using the application API interface for conversations (#4084);
• Applications: Fixed the issue where the display order of login methods in Access Restrictions was not sorted by category (#4049);
• Applications: Fixed the issue where the "Question Limit per Client" option setting in Access Restrictions did not take effect (#4042);
• Q&A Page: Fixed the issue where the send button was not displayed on some browsers in the iOS system;
• Q&A Page: Fixed the issue where refreshing the browser on the Q&A page would open the application list page after setting the question interface parameters in the application settings (#4076);
• Q&A Page: Fixed the issue where the font style of the thinking process was incorrect (#2792);
• Models: Fixed the issue where the parameter settings for the speech synthesis model from the Silicon Flow provider did not take effect.

v1.10.11-lts

New Features

• Login: Optimized the login system to encrypt user passwords.

Bug Fixes

• Q&A Page: Fixed the issue where AI responses would throw errors when users ask questions after incomplete file uploads.
• Applications: Fixed the issue where the asker's questions were not displayed in the application's conversation logs when asking questions in the floating dialog box.
• Applications: Fixed the issue of incorrect styling for thinking processes.
• Applications: Fixed the issue where users without application permissions could still view application conversation records through API interfaces.
• Applications: Fixed the occasional issue of database connection closure during conversations.
• API Documentation: Fixed several display issues in the API documentation.

v2.1.2

Bug Fixes

• Applications: Fixed the issue where newly created "MCP Call" nodes would throw errors during execution.
• Knowledge Base: Fixed the problem where the "Maximum number of files per upload" setting in knowledge base settings did not take effect.

v2.1.1

Enhancements

• Application: The MCP settings function of the AI Conversation Node now supports selecting multiple MCP tools.

Bug Fixes

• Tools: Fixed the vulnerability that allowed arbitrary system commands to be executed via tool operation;
• Tools: Fixed the abnormal style display issue on the MCP editing page;
• Application: Fixed the issue where multiple session variables could not be added in the Basic Information Node;
• Application: Fixed the incorrect time zone issue of the global variable "Current Time";
• Application: Fixed the issue where pressing the Enter key in the user input title setting dialog would open a new web page;
• Knowledge Base: Fixed the issue where images in the knowledge base were not exported when exporting the knowledge base;
• Knowledge Base: Fixed the issue where the file name of the exported knowledge base did not match the name of the knowledge base itself;
• Role Management (X-Pack): Fixed the incorrect internationalization display issue of the Role Management function.

v2.1.0

Release Notes

New Features

• Tools: Added the MCP tool management function.
• Applications: Added tool settings for AI conversation nodes; after users select a custom tool, the model can independently decide whether to call the configured tool.
• Applications: Parameters of form collection nodes now support variable reference.
• Applications: Added multi-line text boxes, file upload, and single-line multi-select box components to form collection nodes.
• Applications (X-Pack): Application access now supports connection to WeChat Work intelligent robots, enabling users to achieve efficient linkage between AI capabilities and the WeChat Work office ecosystem.
• Applications (X-Pack): Added the "Show History Records" option in display settings.
• Q&A Page: Supported exporting current conversation records as PDF and PNG image formats on the Q&A page.
• Knowledge Base: Added the "Allow Download in Knowledge Sources" setting option for documents in the general knowledge base and Lark knowledge base.
• Resource Authorization: Added resource-level authorization function, supporting the authorization of core resources such as applications, knowledge bases, tools, and models to specified users.
• Resource Authorization: When authorizing resources by user in system management, different permissions can be set for each resource.
• Models: Added support for reranking models and speech recognition models to the vLLM provider.
• Models: Added support for speech recognition models to the Tencent Hunyuan provider.
• Models: Added support for Chinese speech large models to the speech recognition models of the iFlytek Spark provider.
• Models: Added support for qwen-omni-turbo, qwen2.5-omni-7b, and ASR models to the speech recognition models of the Alibaba Cloud BaiLian provider.
• Models: Added support for the API Version V2 connection method to the Baidu Qianfan Large Model provider.

Enhancements

• Applications: Added the function of querying by user in the conversation log list.
• Applications (X-Pack): After an application is connected to Lark, AI response content is displayed in Markdown format.
• Q&A Page: Automatically creates a new conversation by default when entering the Q&A page.
• Q&A Page: Optimized the issue where a default question is automatically generated when uploading files or images.
• Tools: Added a secondary confirmation prompt when clicking the "Close" or "Cancel" button while creating or editing a tool.
• Login: Users must change their default password before continuing to use the system after logging in with it.

Bug Fixes

• Applications: Fixed the issue where MCP nodes in advanced orchestration applications were not internationalized.
• Applications: Fixed the issue where session variables could not be read when used after form collection nodes.
• Q&A Page (X-Pack): Fixed the issue where the custom application Logo was not displayed in the browser tab.
• Q&A Page (X-Pack): Fixed the issue where existing authentication information remained valid when switching the application's identity authentication method in the "Access Restriction" function.
• Q&A Page: Fixed the issue where the content display style was messed up when clicking the "Collapse" button in the left navigation area.
• Q&A Page: Fixed the issue where a "missing parameter" prompt appeared when a conversation user asked a question after re-logging in.
• Q&A Page: Fixed the issue where conversation records were not displayed in the conversation record area when loading historical record data.
• Q&A Page: Fixed the issue where uploading an empty file caused extraction errors.
• Q&A Page: Fixed the issue where tags were displayed abnormally when the content of quick questions was too long.
• Knowledge Base: Fixed the issue where the input box on the hit test interface was displayed incompletely when the system had no License authorization.
• Knowledge Base: Fixed the issue where there was no secondary confirmation when clicking the "Back" button during document upload to the knowledge base.
• Knowledge Base: Fixed the issue where search results were incorrect when searching by segment content in the knowledge base segment details.
• Knowledge Base: Fixed the issue where the same segment could be associated with the same question multiple times.
• Knowledge Base: Fixed the issue where the "Number of Associated Segments" count was incorrect in the question list.
• Models: Fixed the issue where models in the "All Models" list were not displayed in descending order of creation time.
• Resource Authorization: Fixed the issue where users with only knowledge base view permission could add segments in conversation logs.
• Folders: Fixed the issue where clicking the "Back" button in the resource details of applications and knowledge bases always returned to the root directory.
• Conversation Users (X-Pack): Fixed the issue where user passwords were not synchronized when synchronizing system users.
• Conversation Users (X-Pack): Fixed the issue where a new conversation user could be created successfully even without setting a user group.

v1.10.10-lts

New features

• Knowledge Base: Improved knowledge base search performance for complex scenarios with large amounts of data.
• Q&A Page: Users can directly submit files or images to ask questions.

Bug Fixes

• Knowledge Base: Fixed an issue where links in web knowledge base documents could not be accessed in some cases;
• Knowledge Base: Fixed an issue where search results were inaccurate when searching by segment content in the segment details of a document;
• Applications: Fixed an issue where parameters in function nodes in advanced orchestration applications were not echoed;
• Applications: Fixed an issue where node connections in advanced orchestration applications were incorrectly connected;
• Applications: Fixed an issue where AI responses were incorrectly included in the MCP execution results;
• Applications: Fixed an issue where dragging parameters multiple times in form collection nodes caused a console error;
• Applications: Fixed an issue where clicking a quick question set in the opening line in the conversation log would call the application's answer;
• Operation Logs: Fixed a vulnerability where user passwords could be seen in the operation log; (X-Pack)
• Installation and Deployment: Upgraded the PostgreSQL database version to v15.14;
• API Documentation: Fixed several known issues.

v2.0.2

New features

• Application: The advanced orchestration application has added a session variable function;
• Conversation User (X-Pack): Supports login via QR code for conversation users;
• Conversation User (X-Pack): Supports synchronization of LDAP and WeChat Work users;
• Resource Management (X-Pack): Supports unified management of workspace-related resources.

Enhancements

• Conversation User (X-Pack): Supports querying by user source and status;
• Knowledge Base: Improved knowledge base retrieval performance for complex scenarios with large amounts of data;
• Knowledge Base: Conversation users can query by user source;
• Application: Adjusted the file upload limit for advanced orchestration applications, allowing a maximum of 100 files to be uploaded in a single conversation, with a maximum size of 1000MB per file;
• Application: Supports querying by application release status;
• Application: Conversation users can query by user source;
• Q&A Page: Automatically populates the question field after uploading a file;
• Q&A Page: Optimized the login interaction experience in floating window mode and mobile mode;
• User Management: Supports querying by user source and status;
• System: Optimized the system UI style.

Bug Fixes

• Knowledge Base: Fixed the issue where an error is reported when hitting the test in full-text search mode;
• Knowledge Base: Fixed the problem of incorrect internationalization display for some content on the offline document upload page;
• Knowledge Base: Fixed the issue where the scroll range of the scrollbar on the segmentation rule page for uploading offline documents is incorrect;
• Application (X-Pack): Fixed the problem that AI responses were not displayed in Markdown style during conversations on the DingTalk platform connected to the application;
• Application: Fixed the error when MCP calls node execution in some cases;
• Application: Fixed the problem of repeated execution caused by multiple connections between two identical nodes;
• Application: Fixed the issue where parameters are displayed incorrectly when modifying model parameters;
• Application: Fixed the problem that unpublished applications were not filtered out when adding application sub-nodes;
• Q&A Page: Fixed the issue where the URL is not displayed when the uploaded file name contains the "&nbsp" character;
• Q&A Page: Fixed the problem that images in AI responses cannot be clicked to enlarge during user conversations;
• Q&A Page: Fixed the display misalignment issue when AI responses are table data;
• Q&A Page (X-Pack): Fixed the error when opening the Q&A page when the License is not authorized;
• Shared Model (X-Pack): Fixed the error when deleting a shared model.