Skip to content

fix(litellm): fix gen_ai.request.messages to be as expected #5255

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
constantinius wants to merge 13 commits into
base: master
Choose a base branch
from
Open

fix(litellm): fix gen_ai.request.messages to be as expected #5255

constantinius wants to merge 13 commits into from
+316 −1

Conversation

@constantinius
Copy link
Contributor

@constantinius constantinius commented Dec 17, 2025

@constantinius constantinius requested a review from a team as a code owner December 17, 2025 16:24
@linear
Copy link

linear bot commented Dec 17, 2025

TET-1635 Redact images: LiteLLM

cursor[bot]
cursor bot reviewed Dec 17, 2025
View reviewed changes
sentry[bot]
sentry bot reviewed Dec 17, 2025
View reviewed changes
sentry[bot]
sentry bot reviewed Dec 17, 2025
View reviewed changes
cursor[bot]
cursor bot reviewed Dec 17, 2025
View reviewed changes
@constantinius
fix(integrations): ensure _convert_message_parts does not mutate orig…
4a17806 
…inal messages and handle data URLs correctly
cursor[bot]
cursor bot reviewed Jan 8, 2026
View reviewed changes
Base automatically changed from constantinius/fix/redact-message-parts-type-blob to master January 13, 2026 09:56
@github-actions
Copy link
Contributor

github-actions bot commented Jan 13, 2026
edited
Loading

Semver Impact of This PR

🟢 Patch (bug fixes)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

New Features ✨

  • feat(ai): add parse_data_uri function to parse a data URI by constantinius in #5311
  • feat(asyncio): Add on-demand way to enable AsyncioIntegration by sentrivana in #5288

Bug Fixes 🐛

Litellm

  • fix(litellm): fix gen_ai.request.messages to be as expected by constantinius in #5255
  • fix(litellm): Guard against module shadowing by alexander-alderman-webb in #5249

Other

  • fix(ai): redact message parts content of type blob by constantinius in #5243
  • fix(clickhouse): Guard against module shadowing by alexander-alderman-webb in #5250
  • fix(gql): Revert signature change of patched gql.Client.execute by alexander-alderman-webb in #5289
  • fix(grpc): Derive interception state from channel fields by alexander-alderman-webb in #5302
  • fix(pure-eval): Guard against module shadowing by alexander-alderman-webb in #5252
  • fix(ray): Guard against module shadowing by alexander-alderman-webb in #5254
  • fix(threading): Handle channels shadowing by sentrivana in #5299
  • fix(typer): Guard against module shadowing by alexander-alderman-webb in #5253
  • fix: Send client reports for span recorder overflow by sentrivana in #5310

Documentation 📚

  • docs(metrics): Remove experimental notice by alexander-alderman-webb in #5304
  • docs: Update Python versions banner in README by sentrivana in #5287

Internal Changes 🔧

Release

  • ci(release): Bump Craft version to fix issues by BYK in #5305
  • ci(release): Switch from action-prepare-release to Craft by BYK in #5290

Other

  • chore(gen_ai): add auto-enablement for google genai by shellmayr in #5295
  • chore: Add type for metric units by sentrivana in #5312
  • ci: Update tox and handle generic classifiers by sentrivana in #5306

🤖 This preview updates automatically when you update the PR.

alexander-alderman-webb
alexander-alderman-webb reviewed Jan 14, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Jan 14, 2026
View reviewed changes
sentry[bot]
sentry bot reviewed Jan 15, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Jan 15, 2026
View reviewed changes
sentry_sdk/integrations/litellm.py
if item.get("type") == "image_url":
image_url = item.get("image_url") or {}
url = image_url.get("url", "")
if url.startswith("data:") and ";base64," in url:
Copy link

@cursor cursor bot Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Case-sensitive base64 check bypasses blob detection and redaction

Low Severity

The check ";base64," in url is case-sensitive, but per RFC 2397 the base64 token in data URIs is case-insensitive. Data URIs with uppercase variants like data:image/png;BASE64,... would not be recognized as base64 data URIs, causing them to be converted to type: "uri" instead of type: "blob". Since redact_blob_message_parts only redacts blob types, these inline base64 data URIs would not be redacted, potentially exposing sensitive image data in telemetry.

Fix in Cursor Fix in Web

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sentry sentry[bot] sentry[bot] left review comments

@cursor cursor[bot] cursor[bot] left review comments

@alexander-alderman-webb alexander-alderman-webb Awaiting requested review from alexander-alderman-webb

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@constantinius @alexander-alderman-webb