From 52ee16d3056ae540e50c8147f18f77668171a79b Mon Sep 17 00:00:00 2001 From: Narendranath Gogineni Date: Wed, 10 Jun 2026 21:21:44 +0530 Subject: [PATCH 1/3] docs for 2.11.0 --- changelog/enterprise.mdx | 84 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 83 insertions(+), 1 deletion(-) diff --git a/changelog/enterprise.mdx b/changelog/enterprise.mdx index 6185aca2..be44ef1c 100644 --- a/changelog/enterprise.mdx +++ b/changelog/enterprise.mdx @@ -1,6 +1,6 @@ --- title: "Enterprise Gateway" -sidebarTitle: "Enterprise Gateway [2.10.0]" +sidebarTitle: "Enterprise Gateway [2.11.0]" rss: true --- @@ -8,6 +8,88 @@ rss: true Discuss how Portkey's AI Gateway can enhance your organization's AI infrastructure + + +## v2.11.0 +--- + +### MiniMax Provider + +New `minimax` provider for chat completions with MiniMax's hosted models. + +[Providers Documentation](/integrations/llms) + +### Modal: Embeddings + +The Modal integration now supports `/v1/embeddings` alongside chat completions, so embedding workloads on Modal-hosted models route through the unified gateway. + +[Modal Documentation](/integrations/llms/modal) + +### Anthropic: Context Management + +Anthropic chat completions now pass `context_management` through to the upstream API, enabling memory tools and managed-context workflows on Claude models. + +[Anthropic Documentation](/integrations/llms/anthropic) + +### Anthropic Skills: File Download Fix + +`GET /v1/files/{file_id}` and `GET /v1/files/{file_id}/content` now route correctly for Anthropic, and binary responses (e.g., PPTX generated via Skills + Code Execution) pass through untouched. Previously these requests fell back to list-route behavior and corrupted binary downloads. + +[Anthropic Files Documentation](/integrations/llms/anthropic/files) + +### Claude Code OAuth + +When a request from Claude Code/CLI uses an OAuth bearer token, the gateway now forwards `Authorization` to Anthropic instead of injecting `x-api-key`. This unblocks Claude Code's OAuth login flow through Portkey. + +[Claude Code Documentation](/integrations/libraries/claude-code-anthropic) + +### Responses API: Anthropic Thinking Blocks in Streaming + +Streaming Responses API responses for Anthropic models now include reasoning summary blocks. The streaming transform was dropping `thinking` content blocks, so reasoning never reached clients on streamed requests. + +[Responses API Documentation](/product/ai-gateway/responses-api) + +### Enforce Inline Config + +A new flag rejects requests that pass an inline `config` JSON object instead of a saved config slug. Use it to require all routing decisions to flow through governed, named configs. + +[Enforce Default Config Documentation](/product/administration/enforce-default-config) + +### SSRF Hardening (continued) + +Builds on the v2.10.0 SSRF work with broader coverage of edge cases. + +- `TRUSTED_CUSTOM_HOSTS` now matches subdomains of allowlisted hosts, so a single entry covers regional or sharded variants +- Provider URL header validation (custom host headers, forward headers) and per-request URL validation extended to Fireworks and Cohere +- Batch output URLs validated before download; concurrency on outbound URL validation capped at 5 +- `customHost` header lookup is case-insensitive (handles both camelCase and snake_case) +- DNS lookup skipped for the Redis discovery URL on hostnames already known to be internal +- Known blocked hosts list updated; `bull-board` is no longer treated as a proxy target and now requires service auth + +[Custom Hosts Documentation](/product/ai-gateway/custom-hosts) + +### MCP Gateway + +- **JWT auth**: Control plane requests for MCP now forward the actual JWT instead of the gateway's effective auth token, fixing MCP gateway failures behind JWT auth +- **Local JWT scopes**: Locally injected JWT scopes are honored for upstream MCP authorization decisions + +[MCP JWT Authentication Documentation](/product/mcp-gateway/authentication/jwt) + +### Provider Updates + +- **Amazon Bedrock**: Image URL handling refactored to support S3 URIs for image, video, and document inputs on Amazon Nova models +- **Amazon Bedrock**: Assumed-role cache key now incorporates source-role credentials (hashed), so two assumed-role flows that share a target role but differ on source credentials no longer collide +- **Azure OpenAI**: `POST /v1/videos` proxy calls preserve the real model name instead of forcing a fallback, restoring cost attribution for Azure video create requests + +[Providers Documentation](/integrations/llms) + +### Fixes and Improvements + +- **`notNull` guardrail**: Skip the null-content check when the response carries tool calls, so tool-only assistant turns no longer trip the guardrail +- Updated dependencies to patch security vulnerabilities + + + ## v2.10.0 From 1ed3b771f9cc8008944b8786b58776eb447259fe Mon Sep 17 00:00:00 2001 From: Narendranath Gogineni Date: Thu, 11 Jun 2026 09:24:43 +0530 Subject: [PATCH 2/3] updates --- changelog/enterprise.mdx | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/changelog/enterprise.mdx b/changelog/enterprise.mdx index be44ef1c..c310735a 100644 --- a/changelog/enterprise.mdx +++ b/changelog/enterprise.mdx @@ -39,7 +39,7 @@ Anthropic chat completions now pass `context_management` through to the upstream ### Claude Code OAuth -When a request from Claude Code/CLI uses an OAuth bearer token, the gateway now forwards `Authorization` to Anthropic instead of injecting `x-api-key`. This unblocks Claude Code's OAuth login flow through Portkey. +When a request from Claude Code/CLI uses an OAuth bearer token, the gateway now forwards `Authorization` to Anthropic instead of injecting `x-api-key`. This unblocks Claude Code's in the newer versions of Claude Code. [Claude Code Documentation](/integrations/libraries/claude-code-anthropic) @@ -68,18 +68,19 @@ Builds on the v2.10.0 SSRF work with broader coverage of edge cases. [Custom Hosts Documentation](/product/ai-gateway/custom-hosts) -### MCP Gateway +### JWT Authentication -- **JWT auth**: Control plane requests for MCP now forward the actual JWT instead of the gateway's effective auth token, fixing MCP gateway failures behind JWT auth +- **JWT auth**: Control plane requests now forward the actual JWT instead of the gateway's effective auth token, fixing MCP gateway failures behind JWT auth - **Local JWT scopes**: Locally injected JWT scopes are honored for upstream MCP authorization decisions [MCP JWT Authentication Documentation](/product/mcp-gateway/authentication/jwt) +[JWT Authentication Documentation](/product/enterprise-offering/org-management/jwt) ### Provider Updates - **Amazon Bedrock**: Image URL handling refactored to support S3 URIs for image, video, and document inputs on Amazon Nova models -- **Amazon Bedrock**: Assumed-role cache key now incorporates source-role credentials (hashed), so two assumed-role flows that share a target role but differ on source credentials no longer collide -- **Azure OpenAI**: `POST /v1/videos` proxy calls preserve the real model name instead of forcing a fallback, restoring cost attribution for Azure video create requests +- **Amazon Bedrock**: Fixes to assumed-role authentication for Bedrock models. +- **Azure OpenAI**: Fixes to cost attribution for Azure video create requests. [Providers Documentation](/integrations/llms) From 4f836775284bd192caf677a1f8af4dddcd39d44a Mon Sep 17 00:00:00 2001 From: Narendranath Gogineni Date: Thu, 11 Jun 2026 09:29:02 +0530 Subject: [PATCH 3/3] updates --- changelog/enterprise.mdx | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/changelog/enterprise.mdx b/changelog/enterprise.mdx index c310735a..f456b24f 100644 --- a/changelog/enterprise.mdx +++ b/changelog/enterprise.mdx @@ -59,12 +59,11 @@ A new flag rejects requests that pass an inline `config` JSON object instead of Builds on the v2.10.0 SSRF work with broader coverage of edge cases. -- `TRUSTED_CUSTOM_HOSTS` now matches subdomains of allowlisted hosts, so a single entry covers regional or sharded variants +- `TRUSTED_CUSTOM_HOSTS` now matches subdomains of allowlisted hosts - Provider URL header validation (custom host headers, forward headers) and per-request URL validation extended to Fireworks and Cohere - Batch output URLs validated before download; concurrency on outbound URL validation capped at 5 -- `customHost` header lookup is case-insensitive (handles both camelCase and snake_case) -- DNS lookup skipped for the Redis discovery URL on hostnames already known to be internal -- Known blocked hosts list updated; `bull-board` is no longer treated as a proxy target and now requires service auth +- improvements to`customHost` header lookup +- SSRF hardening improvements [Custom Hosts Documentation](/product/ai-gateway/custom-hosts)