[3.3.2]
Update open-webui to 0.9.2
Full Changelog
PaddleOCR-vl document extraction. Administrators can now use PaddleOCR-vl as a content extraction engine for document processing, with configurable API URL and token settings in document retrieval configuration. #23945
Firecrawl v2 API. Firecrawl web loading now uses the v2 API directly with proper retry logic, exponential backoff on rate limits, and configurable timeout handling, improving reliability for both cloud and self-hosted Firecrawl setups. #23934
Custom API key header. Administrators can now configure a custom header name for API key authentication via the CUSTOM_API_KEY_HEADER environment variable, enabling compatibility with reverse proxies that use the Authorization header for their own authentication.
Source overflow indicator. The Sources button now shows a +N badge when more than three sources are available, so hidden sources are clearly indicated in chat responses. #23918
Async database driver migration. The async database backend now uses psycopg (v3) instead of asyncpg, eliminating brittle SSL parameter translation and supporting native libpq connection strings including sslmode, options, and target_session_attrs without any stripping or conversion.
Throttle request handling. Request handling no longer fails when user activity status updates are throttled with a non-zero interval. #23979
Rich text extension conflicts. Rich text editing no longer triggers duplicate extension conflicts for lists and code blocks, improving editor stability. #24009
Browser-native message virtualization. The custom JavaScript-based message culling system (spacers, height caching, scroll listeners) was replaced with CSS content-visibility: auto, letting the browser natively skip rendering of off-screen messages without destroying component trees. This eliminates scroll jump artifacts and mount/destroy thrashing while preserving memory efficiency in long conversations.
psycopg v3 async driver. The async database driver has been migrated from asyncpg to psycopg (v3). This is a transparent change for most deployments, but custom connection strings with asyncpg-specific parameters may need adjustment.
Brotli dependency update. Brotli has been updated to address CVE-2025-6176.
