feat: Add Workflow Research API for executing DSL workflows

Introduces a new API endpoint that allows researchers to execute workflows defined in DSL (YAML) format or by using an existing app ID. This feature facilitates testing and running workflows without authentication, using a temporary app setup. The changes include creating a new API resource, detailed documentation, and a test script for the API. Provides error handling and validation to ensure either a DSL or an app ID is provided for workflow execution. Signed-off-by: -LAN- <laipz8200@outlook.com>
docs(CHANGELOG.md): Update CHANGELOG.md
2025-12-07 03:45:27 +08:00 · 2025-05-13 19:30:47 +08:00 · 2025-05-13 10:31:40 +08:00 · 2025-05-13 10:28:13 +08:00 · 2025-05-13 10:19:08 +08:00 · 2025-05-12 23:21:57 +08:00
67 changed files with 4568 additions and 3864 deletions
--- a/.github/workflows/build-push.yml
+++ b/.github/workflows/build-push.yml
@@ -5,8 +5,8 @@ on:
    branches:
      - "main"
      - "deploy/dev"
-  release:
-    types: [published]
+    tags:
+      - "*"

 concurrency:
  group: build-push-${{ github.head_ref || github.run_id }}
--- a/.markdownlint.json
+++ b/.markdownlint.json
@@ -0,0 +1,4 @@
+{
+    "MD024": false,
+    "MD013": false
+}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -0,0 +1,42 @@
+# Changelog
+
+All notable changes to Dify will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+### Fixed
+
+- Fixed database configuration to allow DB_EXTRAS to set search_path via options (#16a4f77)
+
+### Changed
+
+- Updated dependencies: huggingface-hub (~0.16.4 to ~0.31.0), transformers (~4.35.0 to ~4.39.0), and resend (~0.7.0 to ~2.9.0) (#19563)
+
+## [0.15.7] - 2025-04-27
+
+### Added
+
+- Added support for GPT-4.1 in model providers (#18912)
+- Added support for Amazon Bedrock DeepSeek-R1 model (#18908)
+- Added support for Amazon Bedrock Claude Sonnet 3.7 model (#18788)
+- Refined version compatibility logic in app DSL service
+
+### Fixed
+
+- Fixed issue with creating apps from template categories (#18807, #18868)
+- Fixed DSL version check when creating apps from explore templates (#18872, #18878)
+
+## [0.15.6] - 2025-04-22
+
+### Security
+
+- Fixed clickjacking vulnerability (#18552)
+- Fixed reset password security issue (#18366)
+- Updated reset password token when email code verification succeeds (#18362)
+
+### Fixed
+
+- Fixed Vertex AI Gemini 2.0 Flash 001 schema (#18405)
--- a/api/.env.example
+++ b/api/.env.example
@@ -430,4 +430,7 @@ CREATE_TIDB_SERVICE_JOB_ENABLED=false
 # Maximum number of submitted thread count in a ThreadPool for parallel node execution
 MAX_SUBMIT_COUNT=100
 # Lockout duration in seconds
-LOGIN_LOCKOUT_DURATION=86400
+LOGIN_LOCKOUT_DURATION=86400
+
+# Prevent Clickjacking
+ALLOW_EMBED=false
--- a/api/configs/middleware/init.py
+++ b/api/configs/middleware/init.py
@@ -1,5 +1,5 @@
 from typing import Any, Literal, Optional
-from urllib.parse import quote_plus
+from urllib.parse import parse_qsl, quote_plus

 from pydantic import Field, NonNegativeInt, PositiveFloat, PositiveInt, computed_field
 from pydantic_settings import BaseSettings
@@ -166,14 +166,28 @@ class DatabaseConfig(BaseSettings):
        default=False,
    )

-    @computed_field
+    @computed_field  # type: ignore[misc]
+    @property
    def SQLALCHEMY_ENGINE_OPTIONS(self) -> dict[str, Any]:
+        # Parse DB_EXTRAS for 'options'
+        db_extras_dict = dict(parse_qsl(self.DB_EXTRAS))
+        options = db_extras_dict.get("options", "")
+        # Always include timezone
+        timezone_opt = "-c timezone=UTC"
+        if options:
+            # Merge user options and timezone
+            merged_options = f"{options} {timezone_opt}"
+        else:
+            merged_options = timezone_opt
+
+        connect_args = {"options": merged_options}
+
        return {
            "pool_size": self.SQLALCHEMY_POOL_SIZE,
            "max_overflow": self.SQLALCHEMY_MAX_OVERFLOW,
            "pool_recycle": self.SQLALCHEMY_POOL_RECYCLE,
            "pool_pre_ping": self.SQLALCHEMY_POOL_PRE_PING,
-            "connect_args": {"options": "-c timezone=UTC"},
+            "connect_args": connect_args,
        }


--- a/api/configs/packaging/init.py
+++ b/api/configs/packaging/init.py
@@ -9,7 +9,7 @@ class PackagingInfo(BaseSettings):

    CURRENT_VERSION: str = Field(
        description="Dify version",
-        default="0.15.3",
+        default="0.15.7",
    )

    COMMIT_SHA: str = Field(
--- a/api/controllers/console/auth/forgot_password.py
+++ b/api/controllers/console/auth/forgot_password.py
@@ -8,7 +8,7 @@ from constants.languages import languages
 from controllers.console import api
 from controllers.console.auth.error import EmailCodeError, InvalidEmailError, InvalidTokenError, PasswordMismatchError
 from controllers.console.error import AccountInFreezeError, AccountNotFound, EmailSendIpLimitError
-from controllers.console.wraps import setup_required
+from controllers.console.wraps import email_password_login_enabled, setup_required
 from events.tenant_event import tenant_was_created
 from extensions.ext_database import db
 from libs.helper import email, extract_remote_ip
@@ -22,6 +22,7 @@ from services.feature_service import FeatureService

 class ForgotPasswordSendEmailApi(Resource):
    @setup_required
+    @email_password_login_enabled
    def post(self):
        parser = reqparse.RequestParser()
        parser.add_argument("email", type=email, required=True, location="json")
@@ -53,6 +54,7 @@ class ForgotPasswordSendEmailApi(Resource):

 class ForgotPasswordCheckApi(Resource):
    @setup_required
+    @email_password_login_enabled
    def post(self):
        parser = reqparse.RequestParser()
        parser.add_argument("email", type=str, required=True, location="json")
@@ -72,11 +74,20 @@ class ForgotPasswordCheckApi(Resource):
        if args["code"] != token_data.get("code"):
            raise EmailCodeError()

-        return {"is_valid": True, "email": token_data.get("email")}
+        # Verified, revoke the first token
+        AccountService.revoke_reset_password_token(args["token"])
+
+        # Refresh token data by generating a new token
+        _, new_token = AccountService.generate_reset_password_token(
+            user_email, code=args["code"], additional_data={"phase": "reset"}
+        )
+
+        return {"is_valid": True, "email": token_data.get("email"), "token": new_token}


 class ForgotPasswordResetApi(Resource):
    @setup_required
+    @email_password_login_enabled
    def post(self):
        parser = reqparse.RequestParser()
        parser.add_argument("token", type=str, required=True, nullable=False, location="json")
@@ -95,6 +106,9 @@ class ForgotPasswordResetApi(Resource):

        if reset_data is None:
            raise InvalidTokenError()
+        # Must use token in reset phase
+        if reset_data.get("phase", "") != "reset":
+            raise InvalidTokenError()

        AccountService.revoke_reset_password_token(token)

--- a/api/controllers/console/auth/login.py
+++ b/api/controllers/console/auth/login.py
@@ -22,7 +22,7 @@ from controllers.console.error import (
    EmailSendIpLimitError,
    NotAllowedCreateWorkspace,
 )
-from controllers.console.wraps import setup_required
+from controllers.console.wraps import email_password_login_enabled, setup_required
 from events.tenant_event import tenant_was_created
 from libs.helper import email, extract_remote_ip
 from libs.password import valid_password
@@ -38,6 +38,7 @@ class LoginApi(Resource):
    """Resource for user login."""

    @setup_required
+    @email_password_login_enabled
    def post(self):
        """Authenticate user and login."""
        parser = reqparse.RequestParser()
@@ -110,6 +111,7 @@ class LogoutApi(Resource):

 class ResetPasswordSendEmailApi(Resource):
    @setup_required
+    @email_password_login_enabled
    def post(self):
        parser = reqparse.RequestParser()
        parser.add_argument("email", type=email, required=True, location="json")
--- a/api/controllers/console/wraps.py
+++ b/api/controllers/console/wraps.py
@@ -154,3 +154,16 @@ def enterprise_license_required(view):
        return view(*args, **kwargs)

    return decorated
+
+
+def email_password_login_enabled(view):
+    @wraps(view)
+    def decorated(*args, **kwargs):
+        features = FeatureService.get_system_features()
+        if features.enable_email_password_login:
+            return view(*args, **kwargs)
+
+        # otherwise, return 403
+        abort(403)
+
+    return decorated
--- a/api/controllers/service_api/init.py
+++ b/api/controllers/service_api/init.py
@@ -5,6 +5,6 @@ from libs.external_api import ExternalApi
 bp = Blueprint("service_api", __name__, url_prefix="/v1")
 api = ExternalApi(bp)

-from . import index
+from . import index, workflow_research
 from .app import app, audio, completion, conversation, file, message, workflow
 from .dataset import dataset, document, hit_testing, segment, upload_file
--- a/api/controllers/service_api/workflow_research.py
+++ b/api/controllers/service_api/workflow_research.py
@@ -0,0 +1,61 @@
+import logging
+import traceback
+
+from flask_restful import Resource, reqparse
+
+from controllers.service_api import api
+from services.workflow_research_service import WorkflowResearchService
+
+logger = logging.getLogger(__name__)
+
+
+class WorkflowResearchApi(Resource):
+    """
+    Workflow Research API
+    No authentication required
+
+    This API allows running workflows in two modes:
+    1. Create a new workflow from a DSL string
+    2. Use an existing workflow by providing its app_id
+
+    Either app_id or dsl must be provided, but not both.
+    """
+
+    def post(self):
+        """
+        Run workflow from DSL string or using an existing app
+
+        Args:
+            app_id (str, optional): ID of an existing app to use
+            dsl (str, optional): DSL string to create a new workflow
+            inputs (dict, required): Inputs for the workflow
+
+        Returns:
+            dict: Workflow execution results
+        """
+        parser = reqparse.RequestParser()
+        parser.add_argument("app_id", type=str, required=False, nullable=True, location="json")
+        parser.add_argument("dsl", type=str, required=False, nullable=True, location="json")
+        parser.add_argument("inputs", type=dict, required=True, nullable=False, location="json")
+        args = parser.parse_args()
+
+        # Validate that either app_id or dsl is provided
+        app_id = args.get("app_id")
+        dsl = args.get("dsl")
+
+        if not app_id and not dsl:
+            return {"status": "failed", "error": "Either app_id or dsl must be provided"}, 400
+
+        # Process workflow request
+        try:
+            service = WorkflowResearchService()
+            result = service.process_workflow_request(inputs=args["inputs"], dsl_string=dsl, app_id=app_id)
+        except Exception as e:
+            logger.exception(f"Error in workflow_research.py: {str(e)}")
+            return {"status": "failed", "error": str(e), "error_details": traceback.format_exc()}, 500
+
+        return result
+
+
+# Register API resources
+api.add_resource(WorkflowResearchApi, "/workflow-research/run")
--- a/api/core/agent/cot_agent_runner.py
+++ b/api/core/agent/cot_agent_runner.py
@@ -104,7 +104,6 @@ class CotAgentRunner(BaseAgentRunner, ABC):

            # recalc llm max tokens
            prompt_messages = self._organize_prompt_messages()
-            self.recalc_llm_max_tokens(self.model_config, prompt_messages)
            # invoke model
            chunks = model_instance.invoke_llm(
                prompt_messages=prompt_messages,
--- a/api/core/agent/fc_agent_runner.py
+++ b/api/core/agent/fc_agent_runner.py
@@ -84,7 +84,6 @@ class FunctionCallAgentRunner(BaseAgentRunner):

            # recalc llm max tokens
            prompt_messages = self._organize_prompt_messages()
-            self.recalc_llm_max_tokens(self.model_config, prompt_messages)
            # invoke model
            chunks: Union[Generator[LLMResultChunk, None, None], LLMResult] = model_instance.invoke_llm(
                prompt_messages=prompt_messages,
--- a/api/core/app/apps/agent_chat/app_runner.py
+++ b/api/core/app/apps/agent_chat/app_runner.py
@@ -55,20 +55,6 @@ class AgentChatAppRunner(AppRunner):
        query = application_generate_entity.query
        files = application_generate_entity.files

-        # Pre-calculate the number of tokens of the prompt messages,
-        # and return the rest number of tokens by model context token size limit and max token size limit.
-        # If the rest number of tokens is not enough, raise exception.
-        # Include: prompt template, inputs, query(optional), files(optional)
-        # Not Include: memory, external data, dataset context
-        self.get_pre_calculate_rest_tokens(
-            app_record=app_record,
-            model_config=application_generate_entity.model_conf,
-            prompt_template_entity=app_config.prompt_template,
-            inputs=inputs,
-            files=files,
-            query=query,
-        )
-
        memory = None
        if application_generate_entity.conversation_id:
            # get memory of conversation (read-only)
--- a/api/core/app/apps/base_app_runner.py
+++ b/api/core/app/apps/base_app_runner.py
@@ -15,10 +15,8 @@ from core.app.features.annotation_reply.annotation_reply import AnnotationReplyF
 from core.app.features.hosting_moderation.hosting_moderation import HostingModerationFeature
 from core.external_data_tool.external_data_fetch import ExternalDataFetch
 from core.memory.token_buffer_memory import TokenBufferMemory
-from core.model_manager import ModelInstance
 from core.model_runtime.entities.llm_entities import LLMResult, LLMResultChunk, LLMResultChunkDelta, LLMUsage
 from core.model_runtime.entities.message_entities import AssistantPromptMessage, PromptMessage
-from core.model_runtime.entities.model_entities import ModelPropertyKey
 from core.model_runtime.errors.invoke import InvokeBadRequestError
 from core.moderation.input_moderation import InputModeration
 from core.prompt.advanced_prompt_transform import AdvancedPromptTransform
@@ -31,106 +29,6 @@ if TYPE_CHECKING:


 class AppRunner:
-    def get_pre_calculate_rest_tokens(
-        self,
-        app_record: App,
-        model_config: ModelConfigWithCredentialsEntity,
-        prompt_template_entity: PromptTemplateEntity,
-        inputs: Mapping[str, str],
-        files: Sequence["File"],
-        query: Optional[str] = None,
-    ) -> int:
-        """
-        Get pre calculate rest tokens
-        :param app_record: app record
-        :param model_config: model config entity
-        :param prompt_template_entity: prompt template entity
-        :param inputs: inputs
-        :param files: files
-        :param query: query
-        :return:
-        """
-        # Invoke model
-        model_instance = ModelInstance(
-            provider_model_bundle=model_config.provider_model_bundle, model=model_config.model
-        )
-
-        model_context_tokens = model_config.model_schema.model_properties.get(ModelPropertyKey.CONTEXT_SIZE)
-
-        max_tokens = 0
-        for parameter_rule in model_config.model_schema.parameter_rules:
-            if parameter_rule.name == "max_tokens" or (
-                parameter_rule.use_template and parameter_rule.use_template == "max_tokens"
-            ):
-                max_tokens = (
-                    model_config.parameters.get(parameter_rule.name)
-                    or model_config.parameters.get(parameter_rule.use_template or "")
-                ) or 0
-
-        if model_context_tokens is None:
-            return -1
-
-        if max_tokens is None:
-            max_tokens = 0
-
-        # get prompt messages without memory and context
-        prompt_messages, stop = self.organize_prompt_messages(
-            app_record=app_record,
-            model_config=model_config,
-            prompt_template_entity=prompt_template_entity,
-            inputs=inputs,
-            files=files,
-            query=query,
-        )
-
-        prompt_tokens = model_instance.get_llm_num_tokens(prompt_messages)
-
-        rest_tokens: int = model_context_tokens - max_tokens - prompt_tokens
-        if rest_tokens < 0:
-            raise InvokeBadRequestError(
-                "Query or prefix prompt is too long, you can reduce the prefix prompt, "
-                "or shrink the max token, or switch to a llm with a larger token limit size."
-            )
-
-        return rest_tokens
-
-    def recalc_llm_max_tokens(
-        self, model_config: ModelConfigWithCredentialsEntity, prompt_messages: list[PromptMessage]
-    ):
-        # recalc max_tokens if sum(prompt_token +  max_tokens) over model token limit
-        model_instance = ModelInstance(
-            provider_model_bundle=model_config.provider_model_bundle, model=model_config.model
-        )
-
-        model_context_tokens = model_config.model_schema.model_properties.get(ModelPropertyKey.CONTEXT_SIZE)
-
-        max_tokens = 0
-        for parameter_rule in model_config.model_schema.parameter_rules:
-            if parameter_rule.name == "max_tokens" or (
-                parameter_rule.use_template and parameter_rule.use_template == "max_tokens"
-            ):
-                max_tokens = (
-                    model_config.parameters.get(parameter_rule.name)
-                    or model_config.parameters.get(parameter_rule.use_template or "")
-                ) or 0
-
-        if model_context_tokens is None:
-            return -1
-
-        if max_tokens is None:
-            max_tokens = 0
-
-        prompt_tokens = model_instance.get_llm_num_tokens(prompt_messages)
-
-        if prompt_tokens + max_tokens > model_context_tokens:
-            max_tokens = max(model_context_tokens - prompt_tokens, 16)
-
-            for parameter_rule in model_config.model_schema.parameter_rules:
-                if parameter_rule.name == "max_tokens" or (
-                    parameter_rule.use_template and parameter_rule.use_template == "max_tokens"
-                ):
-                    model_config.parameters[parameter_rule.name] = max_tokens
-
    def organize_prompt_messages(
        self,
        app_record: App,
--- a/api/core/app/apps/chat/app_runner.py
+++ b/api/core/app/apps/chat/app_runner.py
@@ -50,20 +50,6 @@ class ChatAppRunner(AppRunner):
        query = application_generate_entity.query
        files = application_generate_entity.files

-        # Pre-calculate the number of tokens of the prompt messages,
-        # and return the rest number of tokens by model context token size limit and max token size limit.
-        # If the rest number of tokens is not enough, raise exception.
-        # Include: prompt template, inputs, query(optional), files(optional)
-        # Not Include: memory, external data, dataset context
-        self.get_pre_calculate_rest_tokens(
-            app_record=app_record,
-            model_config=application_generate_entity.model_conf,
-            prompt_template_entity=app_config.prompt_template,
-            inputs=inputs,
-            files=files,
-            query=query,
-        )
-
        memory = None
        if application_generate_entity.conversation_id:
            # get memory of conversation (read-only)
@@ -194,9 +180,6 @@ class ChatAppRunner(AppRunner):
        if hosting_moderation_result:
            return

-        # Re-calculate the max tokens if sum(prompt_token +  max_tokens) over model token limit
-        self.recalc_llm_max_tokens(model_config=application_generate_entity.model_conf, prompt_messages=prompt_messages)
-
        # Invoke model
        model_instance = ModelInstance(
            provider_model_bundle=application_generate_entity.model_conf.provider_model_bundle,
--- a/api/core/app/apps/completion/app_runner.py
+++ b/api/core/app/apps/completion/app_runner.py
@@ -43,20 +43,6 @@ class CompletionAppRunner(AppRunner):
        query = application_generate_entity.query
        files = application_generate_entity.files

-        # Pre-calculate the number of tokens of the prompt messages,
-        # and return the rest number of tokens by model context token size limit and max token size limit.
-        # If the rest number of tokens is not enough, raise exception.
-        # Include: prompt template, inputs, query(optional), files(optional)
-        # Not Include: memory, external data, dataset context
-        self.get_pre_calculate_rest_tokens(
-            app_record=app_record,
-            model_config=application_generate_entity.model_conf,
-            prompt_template_entity=app_config.prompt_template,
-            inputs=inputs,
-            files=files,
-            query=query,
-        )
-
        # organize all inputs and template to prompt messages
        # Include: prompt template, inputs, query(optional), files(optional)
        prompt_messages, stop = self.organize_prompt_messages(
@@ -152,9 +138,6 @@ class CompletionAppRunner(AppRunner):
        if hosting_moderation_result:
            return

-        # Re-calculate the max tokens if sum(prompt_token +  max_tokens) over model token limit
-        self.recalc_llm_max_tokens(model_config=application_generate_entity.model_conf, prompt_messages=prompt_messages)
-
        # Invoke model
        model_instance = ModelInstance(
            provider_model_bundle=application_generate_entity.model_conf.provider_model_bundle,
--- a/api/core/memory/token_buffer_memory.py
+++ b/api/core/memory/token_buffer_memory.py
@@ -26,7 +26,7 @@ class TokenBufferMemory:
        self.model_instance = model_instance

    def get_history_prompt_messages(
-        self, max_token_limit: int = 2000, message_limit: Optional[int] = None
+        self, max_token_limit: int = 100000, message_limit: Optional[int] = None
    ) -> Sequence[PromptMessage]:
        """
        Get history prompt messages.
--- a/api/core/model_runtime/model_providers/bedrock/llm/eu.anthropic.claude-3.7-sonnet-v1.yaml
+++ b/api/core/model_runtime/model_providers/bedrock/llm/eu.anthropic.claude-3.7-sonnet-v1.yaml
@@ -0,0 +1,115 @@
+model: us.anthropic.claude-3-7-sonnet-20250219-v1:0
+label:
+  en_US: Claude 3.7 Sonnet(US.Cross Region Inference)
+icon: icon_s_en.svg
+model_type: llm
+features:
+  - agent-thought
+  - vision
+  - tool-call
+  - stream-tool-call
+model_properties:
+  mode: chat
+  context_size: 200000
+# docs: https://docs.aws.amazon.com/bedrock/latest/userguide/model-parameters-anthropic-claude-messages.html
+parameter_rules:
+  - name: enable_cache
+    label:
+      zh_Hans: 启用提示缓存
+      en_US: Enable Prompt Cache
+    type: boolean
+    required: false
+    default: true
+    help:
+      zh_Hans: 启用提示缓存可以提高性能并降低成本。Claude 3.7 Sonnet支持在system、messages和tools字段中使用缓存检查点。
+      en_US: Enable prompt caching to improve performance and reduce costs. Claude 3.7 Sonnet supports cache checkpoints in system, messages, and tools fields.
+  - name: reasoning_type
+    label:
+      zh_Hans: 推理配置
+      en_US: Reasoning Type
+    type: boolean
+    required: false
+    default: false
+    placeholder:
+      zh_Hans: 设置推理配置
+      en_US: Set reasoning configuration
+    help:
+      zh_Hans: 控制模型的推理能力。启用时，temperature将固定为1且top_p将被禁用。
+      en_US: Controls the model's reasoning capability. When enabled, temperature will be fixed to 1 and top_p will be disabled.
+  - name: reasoning_budget
+    show_on:
+      - variable: reasoning_type
+        value: true
+    label:
+      zh_Hans: 推理预算
+      en_US: Reasoning Budget
+    type: int
+    default: 1024
+    min: 0
+    max: 128000
+    help:
+      zh_Hans: 推理的预算限制（最小1024），必须小于max_tokens。仅在推理类型为enabled时可用。
+      en_US: Budget limit for reasoning (minimum 1024), must be less than max_tokens. Only available when reasoning type is enabled.
+
+  - name: max_tokens
+    use_template: max_tokens
+    required: true
+    label:
+      zh_Hans: 最大token数
+      en_US: Max Tokens
+    type: int
+    default: 8192
+    min: 1
+    max: 128000
+    help:
+      zh_Hans: 停止前生成的最大令牌数。请注意，Anthropic Claude 模型可能会在达到 max_tokens 的值之前停止生成令牌。不同的 Anthropic Claude 模型对此参数具有不同的最大值。
+      en_US: The maximum number of tokens to generate before stopping. Note that Anthropic Claude models might stop generating tokens before reaching the value of max_tokens. Different Anthropic Claude models have different maximum values for this parameter.
+  - name: temperature
+    use_template: temperature
+    required: false
+    label:
+      zh_Hans: 模型温度
+      en_US: Model Temperature
+    type: float
+    default: 1
+    min: 0.0
+    max: 1.0
+    help:
+      zh_Hans: 生成内容的随机性。当推理功能启用时，该值将被固定为1。
+      en_US: The amount of randomness injected into the response. When reasoning is enabled, this value will be fixed to 1.
+  - name: top_p
+    show_on:
+      - variable: reasoning_type
+        value: disabled
+    use_template: top_p
+    label:
+      zh_Hans: Top P
+      en_US: Top P
+    required: false
+    type: float
+    default: 0.999
+    min: 0.000
+    max: 1.000
+    help:
+      zh_Hans: 在核采样中的概率阈值。当推理功能启用时，该参数将被禁用。
+      en_US: The probability threshold in nucleus sampling. When reasoning is enabled, this parameter will be disabled.
+  - name: top_k
+    label:
+      zh_Hans: 取样数量
+      en_US: Top k
+    required: false
+    type: int
+    default: 0
+    min: 0
+    # tip docs from aws has error, max value is 500
+    max: 500
+    help:
+      zh_Hans: 对于每个后续标记，仅从前 K 个选项中进行采样。使用 top_k 删除长尾低概率响应。
+      en_US: Only sample from the top K options for each subsequent token. Use top_k to remove long tail low probability responses.
+  - name: response_format
+    use_template: response_format
+pricing:
+  input: '0.003'
+  output: '0.015'
+  unit: '0.001'
+  currency: USD
--- a/api/core/model_runtime/model_providers/bedrock/llm/llm.py
+++ b/api/core/model_runtime/model_providers/bedrock/llm/llm.py
@@ -58,6 +58,7 @@ class BedrockLargeLanguageModel(LargeLanguageModel):
    # TODO There is invoke issue: context limit on Cohere Model, will add them after fixed.
    CONVERSE_API_ENABLED_MODEL_INFO = [
        {"prefix": "anthropic.claude-v2", "support_system_prompts": True, "support_tool_use": False},
+        {"prefix": "us.deepseek", "support_system_prompts": True, "support_tool_use": False},
        {"prefix": "anthropic.claude-v1", "support_system_prompts": True, "support_tool_use": False},
        {"prefix": "us.anthropic.claude-3", "support_system_prompts": True, "support_tool_use": True},
        {"prefix": "eu.anthropic.claude-3", "support_system_prompts": True, "support_tool_use": True},
--- a/api/core/model_runtime/model_providers/bedrock/llm/us.deepseek-r1.yaml
+++ b/api/core/model_runtime/model_providers/bedrock/llm/us.deepseek-r1.yaml
@@ -0,0 +1,63 @@
+model: us.deepseek.r1-v1:0
+label:
+  en_US: DeepSeek-R1(US.Cross Region Inference)
+icon: icon_s_en.svg
+model_type: llm
+features:
+  - agent-thought
+  - vision
+  - tool-call
+  - stream-tool-call
+model_properties:
+  mode: chat
+  context_size: 32768
+parameter_rules:
+  - name: max_tokens
+    use_template: max_tokens
+    required: true
+    label:
+      zh_Hans: 最大token数
+      en_US: Max Tokens
+    type: int
+    default: 8192
+    min: 1
+    max: 128000
+    help:
+      zh_Hans: 停止前生成的最大令牌数。
+      en_US: The maximum number of tokens to generate before stopping.
+  - name: temperature
+    use_template: temperature
+    required: false
+    label:
+      zh_Hans: 模型温度
+      en_US: Model Temperature
+    type: float
+    default: 1
+    min: 0.0
+    max: 1.0
+    help:
+      zh_Hans: 生成内容的随机性。当推理功能启用时，该值将被固定为1。
+      en_US: The amount of randomness injected into the response. When reasoning is enabled, this value will be fixed to 1.
+  - name: top_p
+    show_on:
+      - variable: reasoning_type
+        value: disabled
+    use_template: top_p
+    label:
+      zh_Hans: Top P
+      en_US: Top P
+    required: false
+    type: float
+    default: 0.999
+    min: 0.000
+    max: 1.000
+    help:
+      zh_Hans: 在核采样中的概率阈值。当推理功能启用时，该参数将被禁用。
+      en_US: The probability threshold in nucleus sampling. When reasoning is enabled, this parameter will be disabled.
+  - name: response_format
+    use_template: response_format
+pricing:
+  input: '0.001'
+  output: '0.005'
+  unit: '0.001'
+  currency: USD
--- a/api/core/model_runtime/model_providers/google/google.py
+++ b/api/core/model_runtime/model_providers/google/google.py
@@ -19,8 +19,8 @@ class GoogleProvider(ModelProvider):
        try:
            model_instance = self.get_model_instance(ModelType.LLM)

-            # Use `gemini-pro` model for validate,
-            model_instance.validate_credentials(model="gemini-pro", credentials=credentials)
+            # Use `gemini-2.0-flash` model for validate,
+            model_instance.validate_credentials(model="gemini-2.0-flash", credentials=credentials)
        except CredentialsValidateFailedError as ex:
            raise ex
        except Exception as ex:
--- a/api/core/model_runtime/model_providers/google/llm/_position.yaml
+++ b/api/core/model_runtime/model_providers/google/llm/_position.yaml
@@ -19,5 +19,3 @@
 - gemini-exp-1206
 - gemini-exp-1121
 - gemini-exp-1114
- gemini-pro
- gemini-pro-vision
--- a/api/core/model_runtime/model_providers/google/llm/gemini-pro-vision.yaml
+++ b/api/core/model_runtime/model_providers/google/llm/gemini-pro-vision.yaml
@@ -1,35 +0,0 @@
-model: gemini-pro-vision
-label:
-  en_US: Gemini Pro Vision
-model_type: llm
-features:
-  - vision
-model_properties:
-  mode: chat
-  context_size: 12288
-parameter_rules:
-  - name: temperature
-    use_template: temperature
-  - name: top_p
-    use_template: top_p
-  - name: top_k
-    label:
-      zh_Hans: 取样数量
-      en_US: Top k
-    type: int
-    help:
-      zh_Hans: 仅从每个后续标记的前 K 个选项中采样。
-      en_US: Only sample from the top K options for each subsequent token.
-    required: false
-  - name: max_tokens_to_sample
-    use_template: max_tokens
-    required: true
-    default: 4096
-    min: 1
-    max: 4096
-pricing:
-  input: '0.00'
-  output: '0.00'
-  unit: '0.000001'
-  currency: USD
-deprecated: true
--- a/api/core/model_runtime/model_providers/google/llm/gemini-pro.yaml
+++ b/api/core/model_runtime/model_providers/google/llm/gemini-pro.yaml
@@ -1,39 +0,0 @@
-model: gemini-pro
-label:
-  en_US: Gemini Pro
-model_type: llm
-features:
-  - agent-thought
-  - tool-call
-  - stream-tool-call
-model_properties:
-  mode: chat
-  context_size: 30720
-parameter_rules:
-  - name: temperature
-    use_template: temperature
-  - name: top_p
-    use_template: top_p
-  - name: top_k
-    label:
-      zh_Hans: 取样数量
-      en_US: Top k
-    type: int
-    help:
-      zh_Hans: 仅从每个后续标记的前 K 个选项中采样。
-      en_US: Only sample from the top K options for each subsequent token.
-    required: false
-  - name: max_tokens_to_sample
-    use_template: max_tokens
-    required: true
-    default: 2048
-    min: 1
-    max: 2048
-  - name: response_format
-    use_template: response_format
-pricing:
-  input: '0.00'
-  output: '0.00'
-  unit: '0.000001'
-  currency: USD
-deprecated: true
--- a/api/core/model_runtime/model_providers/openai/llm/llm.py
+++ b/api/core/model_runtime/model_providers/openai/llm/llm.py
@@ -1057,7 +1057,7 @@ class OpenAILargeLanguageModel(_CommonOpenAI, LargeLanguageModel):
            model = "gpt-4o"

        try:
-            encoding = tiktoken.encoding_for_model(model)
+            encoding = tiktoken.get_encoding(model)
        except KeyError:
            logger.warning("Warning: model not found. Using cl100k_base encoding.")
            model = "cl100k_base"
--- a/api/core/model_runtime/model_providers/vertex_ai/llm/gemini-2.0-flash-001.yaml
+++ b/api/core/model_runtime/model_providers/vertex_ai/llm/gemini-2.0-flash-001.yaml
@@ -5,11 +5,6 @@ model_type: llm
 features:
  - agent-thought
  - vision
-  - tool-call
-  - stream-tool-call
-  - document
-  - video
-  - audio
 model_properties:
  mode: chat
  context_size: 1048576
@@ -20,20 +15,21 @@ parameter_rules:
    use_template: top_p
  - name: top_k
    label:
-      zh_Hans: 取样数量
      en_US: Top k
    type: int
    help:
-      zh_Hans: 仅从每个后续标记的前 K 个选项中采样。
      en_US: Only sample from the top K options for each subsequent token.
    required: false
+  - name: presence_penalty
+    use_template: presence_penalty
+  - name: frequency_penalty
+    use_template: frequency_penalty
  - name: max_output_tokens
    use_template: max_tokens
+    required: true
    default: 8192
    min: 1
    max: 8192
-  - name: json_schema
-    use_template: json_schema
 pricing:
  input: '0.00'
  output: '0.00'
--- a/api/core/tools/provider/_position.yaml
+++ b/api/core/tools/provider/_position.yaml
@@ -77,5 +77,4 @@
 - onebot
 - regex
 - trello
- vanna
 - fal
--- a/api/core/tools/provider/builtin/vanna/_assets/icon.png
+++ b/api/core/tools/provider/builtin/vanna/_assets/icon.png
--- a/api/core/tools/provider/builtin/vanna/tools/vanna.py
+++ b/api/core/tools/provider/builtin/vanna/tools/vanna.py
@@ -1,134 +0,0 @@
-from typing import Any, Union
-
-from vanna.remote import VannaDefault  # type: ignore
-
-from core.tools.entities.tool_entities import ToolInvokeMessage
-from core.tools.errors import ToolProviderCredentialValidationError
-from core.tools.tool.builtin_tool import BuiltinTool
-
-
-class VannaTool(BuiltinTool):
-    def _invoke(
-        self, user_id: str, tool_parameters: dict[str, Any]
-    ) -> Union[ToolInvokeMessage, list[ToolInvokeMessage]]:
-        """
-        invoke tools
-        """
-        # Ensure runtime and credentials
-        if not self.runtime or not self.runtime.credentials:
-            raise ToolProviderCredentialValidationError("Tool runtime or credentials are missing")
-        api_key = self.runtime.credentials.get("api_key", None)
-        if not api_key:
-            raise ToolProviderCredentialValidationError("Please input api key")
-
-        model = tool_parameters.get("model", "")
-        if not model:
-            return self.create_text_message("Please input RAG model")
-
-        prompt = tool_parameters.get("prompt", "")
-        if not prompt:
-            return self.create_text_message("Please input prompt")
-
-        url = tool_parameters.get("url", "")
-        if not url:
-            return self.create_text_message("Please input URL/Host/DSN")
-
-        db_name = tool_parameters.get("db_name", "")
-        username = tool_parameters.get("username", "")
-        password = tool_parameters.get("password", "")
-        port = tool_parameters.get("port", 0)
-
-        base_url = self.runtime.credentials.get("base_url", None)
-        vn = VannaDefault(model=model, api_key=api_key, config={"endpoint": base_url})
-
-        db_type = tool_parameters.get("db_type", "")
-        if db_type in {"Postgres", "MySQL", "Hive", "ClickHouse"}:
-            if not db_name:
-                return self.create_text_message("Please input database name")
-            if not username:
-                return self.create_text_message("Please input username")
-            if port < 1:
-                return self.create_text_message("Please input port")
-
-        schema_sql = "SELECT * FROM INFORMATION_SCHEMA.COLUMNS"
-        match db_type:
-            case "SQLite":
-                schema_sql = "SELECT type, sql FROM sqlite_master WHERE sql is not null"
-                vn.connect_to_sqlite(url)
-            case "Postgres":
-                vn.connect_to_postgres(host=url, dbname=db_name, user=username, password=password, port=port)
-            case "DuckDB":
-                vn.connect_to_duckdb(url=url)
-            case "SQLServer":
-                vn.connect_to_mssql(url)
-            case "MySQL":
-                vn.connect_to_mysql(host=url, dbname=db_name, user=username, password=password, port=port)
-            case "Oracle":
-                vn.connect_to_oracle(user=username, password=password, dsn=url)
-            case "Hive":
-                vn.connect_to_hive(host=url, dbname=db_name, user=username, password=password, port=port)
-            case "ClickHouse":
-                vn.connect_to_clickhouse(host=url, dbname=db_name, user=username, password=password, port=port)
-
-        enable_training = tool_parameters.get("enable_training", False)
-        reset_training_data = tool_parameters.get("reset_training_data", False)
-        if enable_training:
-            if reset_training_data:
-                existing_training_data = vn.get_training_data()
-                if len(existing_training_data) > 0:
-                    for _, training_data in existing_training_data.iterrows():
-                        vn.remove_training_data(training_data["id"])
-
-            ddl = tool_parameters.get("ddl", "")
-            question = tool_parameters.get("question", "")
-            sql = tool_parameters.get("sql", "")
-            memos = tool_parameters.get("memos", "")
-            training_metadata = tool_parameters.get("training_metadata", False)
-
-            if training_metadata:
-                if db_type == "SQLite":
-                    df_ddl = vn.run_sql(schema_sql)
-                    for ddl in df_ddl["sql"].to_list():
-                        vn.train(ddl=ddl)
-                else:
-                    df_information_schema = vn.run_sql(schema_sql)
-                    plan = vn.get_training_plan_generic(df_information_schema)
-                    vn.train(plan=plan)
-
-            if ddl:
-                vn.train(ddl=ddl)
-
-            if sql:
-                if question:
-                    vn.train(question=question, sql=sql)
-                else:
-                    vn.train(sql=sql)
-            if memos:
-                vn.train(documentation=memos)
-
-        #########################################################################################
-        # Due to CVE-2024-5565, we have to disable the chart generation feature
-        # The Vanna library uses a prompt function to present the user with visualized results,
-        # it is possible to alter the prompt using prompt injection and run arbitrary Python code
-        # instead of the intended visualization code.
-        # Specifically - allowing external input to the library’s “ask” method
-        # with "visualize" set to True (default behavior) leads to remote code execution.
-        # Affected versions: <= 0.5.5
-        #########################################################################################
-        allow_llm_to_see_data = tool_parameters.get("allow_llm_to_see_data", False)
-        res = vn.ask(
-            prompt, print_results=False, auto_train=True, visualize=False, allow_llm_to_see_data=allow_llm_to_see_data
-        )
-
-        result = []
-
-        if res is not None:
-            result.append(self.create_text_message(res[0]))
-            if len(res) > 1 and res[1] is not None:
-                result.append(self.create_text_message(res[1].to_markdown()))
-            if len(res) > 2 and res[2] is not None:
-                result.append(
-                    self.create_blob_message(blob=res[2].to_image(format="svg"), meta={"mime_type": "image/svg+xml"})
-                )
-
-        return result
--- a/api/core/tools/provider/builtin/vanna/tools/vanna.yaml
+++ b/api/core/tools/provider/builtin/vanna/tools/vanna.yaml
@@ -1,213 +0,0 @@
-identity:
-  name: vanna
-  author: QCTC
-  label:
-    en_US: Vanna.AI
-    zh_Hans: Vanna.AI
-description:
-  human:
-    en_US: The fastest way to get actionable insights from your database just by asking questions.
-    zh_Hans: 一个基于大模型和RAG的Text2SQL工具。
-  llm: A tool for converting text to SQL.
-parameters:
-  - name: prompt
-    type: string
-    required: true
-    label:
-      en_US: Prompt
-      zh_Hans: 提示词
-      pt_BR: Prompt
-    human_description:
-      en_US: used for generating SQL
-      zh_Hans: 用于生成SQL
-    llm_description: key words for generating SQL
-    form: llm
-  - name: model
-    type: string
-    required: true
-    label:
-      en_US: RAG Model
-      zh_Hans: RAG模型
-    human_description:
-      en_US: RAG Model for your database DDL
-      zh_Hans: 存储数据库训练数据的RAG模型
-    llm_description: RAG Model for generating SQL
-    form: llm
-  - name: db_type
-    type: select
-    required: true
-    options:
-      - value: SQLite
-        label:
-          en_US: SQLite
-          zh_Hans: SQLite
-      - value: Postgres
-        label:
-          en_US: Postgres
-          zh_Hans: Postgres
-      - value: DuckDB
-        label:
-          en_US: DuckDB
-          zh_Hans: DuckDB
-      - value: SQLServer
-        label:
-          en_US: Microsoft SQL Server
-          zh_Hans: 微软 SQL Server
-      - value: MySQL
-        label:
-          en_US: MySQL
-          zh_Hans: MySQL
-      - value: Oracle
-        label:
-          en_US: Oracle
-          zh_Hans: Oracle
-      - value: Hive
-        label:
-          en_US: Hive
-          zh_Hans: Hive
-      - value: ClickHouse
-        label:
-          en_US: ClickHouse
-          zh_Hans: ClickHouse
-    default: SQLite
-    label:
-      en_US: DB Type
-      zh_Hans: 数据库类型
-    human_description:
-      en_US: Database type.
-      zh_Hans: 选择要链接的数据库类型。
-    form: form
-  - name: url
-    type: string
-    required: true
-    label:
-      en_US: URL/Host/DSN
-      zh_Hans: URL/Host/DSN
-    human_description:
-      en_US: Please input depending on DB type, visit https://vanna.ai/docs/ for more specification
-      zh_Hans: 请根据数据库类型，填入对应值，详情参考https://vanna.ai/docs/
-    form: form
-  - name: db_name
-    type: string
-    required: false
-    label:
-      en_US: DB name
-      zh_Hans: 数据库名
-    human_description:
-      en_US: Database name
-      zh_Hans: 数据库名
-    form: form
-  - name: username
-    type: string
-    required: false
-    label:
-      en_US: Username
-      zh_Hans: 用户名
-    human_description:
-      en_US: Username
-      zh_Hans: 用户名
-    form: form
-  - name: password
-    type: secret-input
-    required: false
-    label:
-      en_US: Password
-      zh_Hans: 密码
-    human_description:
-      en_US: Password
-      zh_Hans: 密码
-    form: form
-  - name: port
-    type: number
-    required: false
-    label:
-      en_US: Port
-      zh_Hans: 端口
-    human_description:
-      en_US: Port
-      zh_Hans: 端口
-    form: form
-  - name: ddl
-    type: string
-    required: false
-    label:
-      en_US: Training DDL
-      zh_Hans: 训练DDL
-    human_description:
-      en_US: DDL statements for training data
-      zh_Hans: 用于训练RAG Model的建表语句
-    form: llm
-  - name: question
-    type: string
-    required: false
-    label:
-      en_US: Training Question
-      zh_Hans: 训练问题
-    human_description:
-      en_US: Question-SQL Pairs
-      zh_Hans: Question-SQL中的问题
-    form: llm
-  - name: sql
-    type: string
-    required: false
-    label:
-      en_US: Training SQL
-      zh_Hans: 训练SQL
-    human_description:
-      en_US: SQL queries to your training data
-      zh_Hans: 用于训练RAG Model的SQL语句
-    form: llm
-  - name: memos
-    type: string
-    required: false
-    label:
-      en_US: Training Memos
-      zh_Hans: 训练说明
-    human_description:
-      en_US: Sometimes you may want to add documentation about your business terminology or definitions
-      zh_Hans: 添加更多关于数据库的业务说明
-    form: llm
-  - name: enable_training
-    type: boolean
-    required: false
-    default: false
-    label:
-      en_US: Training Data
-      zh_Hans: 训练数据
-    human_description:
-      en_US: You only need to train once. Do not train again unless you want to add more training data
-      zh_Hans: 训练数据无更新时，训练一次即可
-    form: form
-  - name: reset_training_data
-    type: boolean
-    required: false
-    default: false
-    label:
-      en_US: Reset Training Data
-      zh_Hans: 重置训练数据
-    human_description:
-      en_US: Remove all training data in the current RAG Model
-      zh_Hans: 删除当前RAG Model中的所有训练数据
-    form: form
-  - name: training_metadata
-    type: boolean
-    required: false
-    default: false
-    label:
-      en_US: Training Metadata
-      zh_Hans: 训练元数据
-    human_description:
-      en_US: If enabled, it will attempt to train on the metadata of that database
-      zh_Hans: 是否自动从数据库获取元数据来训练
-    form: form
-  - name: allow_llm_to_see_data
-    type: boolean
-    required: false
-    default: false
-    label:
-      en_US: Whether to allow the LLM to see the data
-      zh_Hans: 是否允许LLM查看数据
-    human_description:
-      en_US: Whether to allow the LLM to see the data
-      zh_Hans: 是否允许LLM查看数据
-    form: form
--- a/api/core/tools/provider/builtin/vanna/vanna.py
+++ b/api/core/tools/provider/builtin/vanna/vanna.py
@@ -1,46 +0,0 @@
-import re
-from typing import Any
-from urllib.parse import urlparse
-
-from core.tools.errors import ToolProviderCredentialValidationError
-from core.tools.provider.builtin.vanna.tools.vanna import VannaTool
-from core.tools.provider.builtin_tool_provider import BuiltinToolProviderController
-
-
-class VannaProvider(BuiltinToolProviderController):
-    def _get_protocol_and_main_domain(self, url):
-        parsed_url = urlparse(url)
-        protocol = parsed_url.scheme
-        hostname = parsed_url.hostname
-        port = f":{parsed_url.port}" if parsed_url.port else ""
-
-        # Check if the hostname is an IP address
-        is_ip = re.match(r"^\d{1,3}(\.\d{1,3}){3}$", hostname) is not None
-
-        # Return the full hostname (with port if present) for IP addresses, otherwise return the main domain
-        main_domain = f"{hostname}{port}" if is_ip else ".".join(hostname.split(".")[-2:]) + port
-        return f"{protocol}://{main_domain}"
-
-    def _validate_credentials(self, credentials: dict[str, Any]) -> None:
-        base_url = credentials.get("base_url")
-        if not base_url:
-            base_url = "https://ask.vanna.ai/rpc"
-        else:
-            base_url = base_url.removesuffix("/")
-        credentials["base_url"] = base_url
-        try:
-            VannaTool().fork_tool_runtime(
-                runtime={
-                    "credentials": credentials,
-                }
-            ).invoke(
-                user_id="",
-                tool_parameters={
-                    "model": "chinook",
-                    "db_type": "SQLite",
-                    "url": f"{self._get_protocol_and_main_domain(credentials['base_url'])}/Chinook.sqlite",
-                    "query": "What are the top 10 customers by sales?",
-                },
-            )
-        except Exception as e:
-            raise ToolProviderCredentialValidationError(str(e))
--- a/api/core/tools/provider/builtin/vanna/vanna.yaml
+++ b/api/core/tools/provider/builtin/vanna/vanna.yaml
@@ -1,35 +0,0 @@
-identity:
-  author: QCTC
-  name: vanna
-  label:
-    en_US: Vanna.AI
-    zh_Hans: Vanna.AI
-  description:
-    en_US: The fastest way to get actionable insights from your database just by asking questions.
-    zh_Hans: 一个基于大模型和RAG的Text2SQL工具。
-  icon: icon.png
-  tags:
-    - utilities
-    - productivity
-credentials_for_provider:
-  api_key:
-    type: secret-input
-    required: true
-    label:
-      en_US: API key
-      zh_Hans: API key
-    placeholder:
-      en_US: Please input your API key
-      zh_Hans: 请输入你的 API key
-      pt_BR: Please input your API key
-    help:
-      en_US: Get your API key from Vanna.AI
-      zh_Hans: 从 Vanna.AI 获取你的 API key
-    url: https://vanna.ai/account/profile
-  base_url:
-    type: text-input
-    required: false
-    label:
-      en_US: Vanna.AI Endpoint Base URL
-    placeholder:
-      en_US: https://ask.vanna.ai/rpc
--- a/api/core/workflow/nodes/code/code_node.py
+++ b/api/core/workflow/nodes/code/code_node.py
@@ -195,7 +195,7 @@ class CodeNode(BaseNode[CodeNodeData]):
            if output_config.type == "object":
                # check if output is object
                if not isinstance(result.get(output_name), dict):
-                    if isinstance(result.get(output_name), type(None)):
+                    if result.get(output_name) is None:
                        transformed_result[output_name] = None
                    else:
                        raise OutputValidationError(
@@ -223,7 +223,7 @@ class CodeNode(BaseNode[CodeNodeData]):
            elif output_config.type == "array[number]":
                # check if array of number available
                if not isinstance(result[output_name], list):
-                    if isinstance(result[output_name], type(None)):
+                    if result[output_name] is None:
                        transformed_result[output_name] = None
                    else:
                        raise OutputValidationError(
@@ -244,7 +244,7 @@ class CodeNode(BaseNode[CodeNodeData]):
            elif output_config.type == "array[string]":
                # check if array of string available
                if not isinstance(result[output_name], list):
-                    if isinstance(result[output_name], type(None)):
+                    if result[output_name] is None:
                        transformed_result[output_name] = None
                    else:
                        raise OutputValidationError(
@@ -265,7 +265,7 @@ class CodeNode(BaseNode[CodeNodeData]):
            elif output_config.type == "array[object]":
                # check if array of object available
                if not isinstance(result[output_name], list):
-                    if isinstance(result[output_name], type(None)):
+                    if result[output_name] is None:
                        transformed_result[output_name] = None
                    else:
                        raise OutputValidationError(
--- a/api/core/workflow/nodes/llm/node.py
+++ b/api/core/workflow/nodes/llm/node.py
@@ -968,14 +968,12 @@ def _handle_memory_chat_mode(
    *,
    memory: TokenBufferMemory | None,
    memory_config: MemoryConfig | None,
-    model_config: ModelConfigWithCredentialsEntity,
+    model_config: ModelConfigWithCredentialsEntity,  # TODO(-LAN-): Needs to remove
 ) -> Sequence[PromptMessage]:
    memory_messages: Sequence[PromptMessage] = []
    # Get messages from memory for chat model
    if memory and memory_config:
-        rest_tokens = _calculate_rest_token(prompt_messages=[], model_config=model_config)
        memory_messages = memory.get_history_prompt_messages(
-            max_token_limit=rest_tokens,
            message_limit=memory_config.window.size if memory_config.window.enabled else None,
        )
    return memory_messages
--- a/api/docker/entrypoint.sh
+++ b/api/docker/entrypoint.sh
@@ -35,6 +35,7 @@ else
      --worker-class ${SERVER_WORKER_CLASS:-gevent} \
      --worker-connections ${SERVER_WORKER_CONNECTIONS:-10} \
      --timeout ${GUNICORN_TIMEOUT:-200} \
+      --keep-alive ${GUNICORN_KEEP_ALIVE:-2} \
      app:app
  fi
 fi
--- a/api/docs/workflow_research_api.md
+++ b/api/docs/workflow_research_api.md
@@ -0,0 +1,97 @@
+# Workflow Research API
+
+This API allows researchers to test workflow DSL without authentication. It provides a simple way to execute workflows defined in YAML format and get the results.
+
+## Endpoint
+
+```http
+POST /v1/workflow-research/run
+```
+
+## Request
+
+The request should be a JSON object with the following fields:
+
+- `dsl` (string, optional): The workflow DSL in YAML format (required if `app_id` is not provided)
+- `app_id` (string, optional): The ID of an existing app to use (required if `dsl` is not provided)
+- `inputs` (object, required): The inputs to the workflow
+
+Note: You must provide either `dsl` or `app_id`, but not both.
+
+Example request with DSL:
+
+```json
+{
+  "dsl": "version: 0.1.5\nkind: app\napp:\n  name: Echo Workflow\n  mode: workflow\n  icon: 🔬\n  icon_background: \"#FFEAD5\"\n  description: A simple workflow that echoes the input text\nworkflow:\n  graph:\n    nodes:\n      - id: \"start\"\n        type: \"start\"\n        position:\n          x: 100\n          y: 100\n        data:\n          title: \"Start\"\n          type: \"start\"\n          variables:\n            - variable: \"text\"\n              label: \"Text Input\"\n              type: \"text-input\"\n              required: true\n              default: \"\"\n      - id: \"end\"\n        type: \"end\"\n        position:\n          x: 400\n          y: 100\n        data:\n          title: \"End\"\n          type: \"end\"\n          outputs:\n            - variable: \"result\"\n              value_selector: [\"start\", \"text\"]\n    edges:\n      - source: \"start\"\n        target: \"end\"\n  features: {}",
+  "inputs": {
+    "text": "Hello World"
+  }
+}
+```
+
+Example request with app_id:
+
+```json
+{
+  "app_id": "09eba8ed-2485-4d98-8eb0-607aad09b447",
+  "inputs": {
+    "text": "Hello World"
+  }
+}
+```
+
+## Response
+
+The response will be a JSON object with the following fields:
+
+- `app_id` (string): The ID of the temporary app created for the workflow
+- `outputs` (object): The outputs of the workflow
+- `status` (string): The status of the workflow execution (`succeeded` or `failed`)
+- `error` (string, optional): The error message if the workflow execution failed
+
+Example response:
+
+```json
+{
+  "app_id": "29afe919-aa25-45b8-a480-de5b908f0721",
+  "outputs": {
+    "result": "Hello World"
+  },
+  "status": "succeeded"
+}
+```
+
+Example error response:
+
+```json
+{
+  "app_id": "7f24fef3-e52a-4a3d-a228-5c6081121b16",
+  "outputs": {},
+  "status": "failed",
+  "error": "Error message describing what went wrong"
+}
+```
+
+## Example
+
+You can find an example workflow DSL in the `examples/workflow_research_example.yml` file. This workflow simply echoes the input text.
+
+To test it, you can use curl:
+
+```bash
+curl -X POST http://localhost:5001/v1/workflow-research/run \
+  -H "Content-Type: application/json" \
+  -d '{
+    "dsl": "$(cat examples/workflow_research_example.yml)",
+    "inputs": {
+      "text": "Hello World"
+    }
+  }'
+```
+
+## Notes
+
+- This API is intended for research purposes only
+- It uses the default admin account to execute the workflow
+- The temporary app created for the workflow is not deleted after execution
+- The API only supports workflow functionality, not chat or completion
--- a/api/examples/workflow_research_example.yml
+++ b/api/examples/workflow_research_example.yml
@@ -0,0 +1,47 @@
+version: 0.1.5
+kind: app
+app:
+  name: Echo Workflow
+  mode: workflow
+  icon: 🔬
+  icon_background: "#FFEAD5"
+  description: A simple workflow that echoes the input text
+workflow:
+  graph:
+    nodes:
+      - id: "start"
+        type: "start"
+        position:
+          x: 100
+          y: 100
+        data:
+          title: "Start"
+          type: "start"
+          variables:
+            - variable: "text"
+              label: "Text Input"
+              type: "text-input"
+              required: true
+              default: ""
+            - variable: "query"
+              label: "Query"
+              type: "text-input"
+              required: true
+              default: ""
+      - id: "end"
+        type: "end"
+        position:
+          x: 400
+          y: 100
+        data:
+          title: "End"
+          type: "end"
+          outputs:
+            - variable: "result"
+              value_selector: ["start", "text"]
+            - variable: "query"
+              value_selector: ["start", "query"]
+    edges:
+      - source: "start"
+        target: "end"
+  features: {}
--- a/api/poetry.lock
+++ b/api/poetry.lock
--- a/api/pyproject.toml
+++ b/api/pyproject.toml
@@ -48,7 +48,7 @@ google-generativeai = "0.8.1"
 googleapis-common-protos = "1.63.0"
 gunicorn = "~23.0.0"
 httpx = { version = "~0.27.0", extras = ["socks"] }
-huggingface-hub = "~0.16.4"
+huggingface-hub = "~0.31.0"
 jieba = "0.42.1"
 langfuse = "~2.51.3"
 langsmith = "~0.1.77"
@@ -78,18 +78,18 @@ pyyaml = "~6.0.1"
 readabilipy = "0.2.0"
 redis = { version = "~5.0.3", extras = ["hiredis"] }
 replicate = "~0.22.0"
-resend = "~0.7.0"
+resend = "~2.9.0"
 sagemaker = "~2.231.0"
 scikit-learn = "~1.5.1"
 sentry-sdk = { version = "~1.44.1", extras = ["flask"] }
 sqlalchemy = "~2.0.29"
 starlette = "0.41.0"
 tencentcloud-sdk-python-hunyuan = "~3.0.1294"
-tiktoken = "~0.8.0"
+tiktoken = "^0.9.0"
 tokenizers = "~0.15.0"
-transformers = "~4.35.0"
+transformers = "~4.39.0"
 unstructured = { version = "~0.16.1", extras = ["docx", "epub", "md", "msg", "ppt", "pptx"] }
-validators = "0.21.0"
+validators = "0.22.0"
 volcengine-python-sdk = {extras = ["ark"], version = "~1.0.98"}
 websocket-client = "~1.7.0"
 xinference-client = "0.15.2"
@@ -112,7 +112,7 @@ safetensors = "~0.4.3"
 # [ Tools ] dependency group
 ############################################################
 [tool.poetry.group.tools.dependencies]
-arxiv = "2.1.0"
+arxiv = "2.2.0"
 cloudscraper = "1.2.71"
 duckduckgo-search = "~6.3.0"
 jsonpath-ng = "1.6.1"
@@ -166,7 +166,7 @@ tcvectordb = "1.3.2"
 tidb-vector = "0.0.9"
 upstash-vector = "0.6.0"
 volcengine-compat = "~1.0.156"
-weaviate-client = "~3.21.0"
+weaviate-client = "~3.26.0"

 ############################################################
 # [ Dev ] dependency group
--- a/api/scripts/test_workflow_research_api.py
+++ b/api/scripts/test_workflow_research_api.py
@@ -0,0 +1,78 @@
+#!/usr/bin/env python3
+"""
+Test script for the Workflow Research API
+"""
+
+import argparse
+import json
+import os
+import sys
+
+import requests
+
+# Add the parent directory to the path so we can import from the api directory
+sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+
+
+def read_file(file_path):
+    """Read a file and return its contents"""
+    with open(file_path) as f:
+        return f.read()
+
+
+def main():
+    parser = argparse.ArgumentParser(description="Test the Workflow Research API")
+    parser.add_argument("--host", default="http://localhost:5001", help="API host")
+    parser.add_argument("--dsl-file", default="examples/workflow_research_example.yml", help="Path to DSL file")
+    parser.add_argument("--app-id", help="App ID to use instead of DSL file")
+    parser.add_argument("--inputs", default='{"text": "Hello World", "query": "How are you?"}', help="JSON inputs")
+
+    args = parser.parse_args()
+
+    # Parse the inputs
+    try:
+        inputs = json.loads(args.inputs)
+    except json.JSONDecodeError:
+        print(f"Error: Invalid JSON inputs: {args.inputs}")
+        return 1
+
+    # Make the request
+    url = f"{args.host}/v1/workflow-research/run"
+    headers = {"Content-Type": "application/json"}
+    data = {"inputs": inputs}
+
+    # Add either app_id or dsl to the request
+    if args.app_id:
+        data["app_id"] = args.app_id
+    else:
+        # Read the DSL file
+        dsl = read_file(args.dsl_file)
+        data["dsl"] = dsl
+
+    print(f"Making request to {url}")
+    print(f"Inputs: {json.dumps(inputs, indent=2)}")
+
+    try:
+        response = requests.post(url, headers=headers, json=data)
+        response.raise_for_status()
+
+        # Print the response
+        print("\nResponse:")
+        response_json = response.json()
+        print(json.dumps(response_json, indent=2))
+
+        # Print error details if available
+        if response_json.get("error_details"):
+            print("\nError Details:")
+            print(response_json["error_details"])
+
+        return 0
+    except requests.exceptions.RequestException as e:
+        print(f"Error: {e}")
+        if hasattr(e, "response") and e.response is not None:
+            print(f"Response: {e.response.text}")
+        return 1
+
+
+if __name__ == "__main__":
+    sys.exit(main())
--- a/api/services/account_service.py
+++ b/api/services/account_service.py
@@ -406,10 +406,8 @@ class AccountService:

            raise PasswordResetRateLimitExceededError()

-        code = "".join([str(random.randint(0, 9)) for _ in range(6)])
-        token = TokenManager.generate_token(
-            account=account, email=email, token_type="reset_password", additional_data={"code": code}
-        )
+        code, token = cls.generate_reset_password_token(account_email, account)
+
        send_reset_password_mail_task.delay(
            language=language,
            to=account_email,
@@ -418,6 +416,22 @@ class AccountService:
        cls.reset_password_rate_limiter.increment_rate_limit(account_email)
        return token

+    @classmethod
+    def generate_reset_password_token(
+        cls,
+        email: str,
+        account: Optional[Account] = None,
+        code: Optional[str] = None,
+        additional_data: dict[str, Any] = {},
+    ):
+        if not code:
+            code = "".join([str(random.randint(0, 9)) for _ in range(6)])
+        additional_data["code"] = code
+        token = TokenManager.generate_token(
+            account=account, email=email, token_type="reset_password", additional_data=additional_data
+        )
+        return code, token
+
    @classmethod
    def revoke_reset_password_token(cls, token: str):
        TokenManager.revoke_token(token, "reset_password")
--- a/api/services/app_dsl_service.py
+++ b/api/services/app_dsl_service.py
@@ -55,13 +55,19 @@ def _check_version_compatibility(imported_version: str) -> ImportStatus:
    except version.InvalidVersion:
        return ImportStatus.FAILED

-    # Compare major version and minor version
-    if current_ver.major != imported_ver.major or current_ver.minor != imported_ver.minor:
+    # If imported version is newer than current, always return PENDING
+    if imported_ver > current_ver:
        return ImportStatus.PENDING

-    if current_ver.micro != imported_ver.micro:
+    # If imported version is older than current's major, return PENDING
+    if imported_ver.major < current_ver.major:
+        return ImportStatus.PENDING
+
+    # If imported version is older than current's minor, return COMPLETED_WITH_WARNINGS
+    if imported_ver.minor < current_ver.minor:
        return ImportStatus.COMPLETED_WITH_WARNINGS

+    # If imported version equals or is older than current's micro, return COMPLETED
    return ImportStatus.COMPLETED


--- a/api/services/workflow_research_service.py
+++ b/api/services/workflow_research_service.py
@@ -0,0 +1,248 @@
+import json
+import logging
+import traceback
+import uuid
+from typing import Any, Optional
+
+import yaml
+
+from core.app.apps.workflow.app_generator import WorkflowAppGenerator
+from core.app.entities.app_invoke_entities import InvokeFrom
+from extensions.ext_database import db
+from models.account import Account
+from models.model import App, AppMode
+from models.workflow import Workflow, WorkflowType
+
+logger = logging.getLogger(__name__)
+
+
+class WorkflowResearchService:
+    """
+    Service for workflow research without authentication
+    """
+
+    @staticmethod
+    def get_default_admin_account() -> tuple[Account, str]:
+        """
+        Get the default admin account and tenant ID
+        """
+        # Get the first admin account
+        account = db.session.query(Account).first()
+        if not account:
+            raise ValueError("No admin account found")
+
+        # Get the tenant for this account
+        from models.account import TenantAccountJoin
+
+        tenant_account_join = (
+            db.session.query(TenantAccountJoin).filter(TenantAccountJoin.account_id == account.id).first()
+        )
+
+        if not tenant_account_join:
+            raise ValueError("No tenant found for admin account")
+
+        # Return the account and tenant ID
+        return account, tenant_account_join.tenant_id
+
+    @staticmethod
+    def create_temporary_app(tenant_id: str, name: str = "Workflow Research") -> App:
+        """
+        Create a temporary app for workflow research
+        """
+        app = App()
+        app.id = str(uuid.uuid4())
+        app.tenant_id = tenant_id
+        app.name = name
+        app.mode = AppMode.WORKFLOW.value
+        app.icon = "🔬"
+        app.icon_type = "emoji"
+        app.icon_background = "#FFEAD5"
+        app.description = "Temporary app for workflow research"
+        app.status = "normal"
+        app.enable_site = False
+        app.enable_api = False
+        db.session.add(app)
+        db.session.commit()
+        return app
+
+    @staticmethod
+    def import_dsl_to_workflow(app: App, dsl_string: str, account: Account) -> Workflow:
+        """
+        Import DSL string to workflow
+        """
+        try:
+            # Parse YAML to validate format
+            data = yaml.safe_load(dsl_string)
+            if not isinstance(data, dict):
+                raise ValueError("Invalid YAML format: content must be a mapping")
+
+            # Extract workflow graph from DSL
+            if "workflow" not in data:
+                raise ValueError("No workflow definition found in DSL")
+
+            workflow_data = data.get("workflow", {})
+            graph = workflow_data.get("graph", {})
+            features = workflow_data.get("features", {})
+
+            # Log the graph and features for debugging
+            logger.debug("Graph: %s", json.dumps(graph))
+            logger.debug("Features: %s", json.dumps(features))
+
+            # Create workflow record
+            workflow = Workflow(
+                tenant_id=app.tenant_id,
+                app_id=app.id,
+                type=WorkflowType.WORKFLOW.value,
+                version="draft",
+                graph=json.dumps(graph),
+                features=json.dumps(features),
+                created_by=account.id,
+                environment_variables=[],
+                conversation_variables=[],
+            )
+
+            db.session.add(workflow)
+            db.session.commit()
+
+            # Update app with workflow_id
+            app.workflow_id = workflow.id
+            db.session.commit()
+
+            return workflow
+
+        except yaml.YAMLError as e:
+            raise ValueError(f"Invalid YAML format: {str(e)}")
+        except Exception as e:
+            logger.exception("Failed to import workflow from DSL")
+            raise ValueError(f"Failed to import workflow: {str(e)}")
+
+    @staticmethod
+    def execute_workflow(
+        app: App, workflow: Workflow, inputs: dict[str, Any], account: Account
+    ) -> tuple[dict[str, Any], Optional[str]]:
+        """
+        Execute workflow with inputs
+        """
+        try:
+            # Initialize workflow app generator
+            generator = WorkflowAppGenerator()
+
+            # Log inputs for debugging
+            logger.debug("Executing workflow with inputs: %s", json.dumps(inputs))
+            logger.debug("App ID: %s, Workflow ID: %s", app.id, workflow.id)
+
+            # Execute workflow
+            result = generator.generate(
+                app_model=app,
+                workflow=workflow,
+                user=account,
+                args={"inputs": inputs},
+                invoke_from=InvokeFrom.DEBUGGER,
+                streaming=False,
+            )
+
+            if not isinstance(result, dict):
+                raise ValueError(f"Unexpected result type: {type(result)}")
+
+            logger.debug("Workflow execution result: %s", json.dumps(result))
+            data = result.get("data", {})
+            error = data.get("error")
+
+            return data, error
+
+        except Exception as e:
+            logger.exception("Failed to execute workflow")
+            error_details = traceback.format_exc()
+            logger.error("Error details: %s", error_details)
+            return {}, str(e)
+
+    @staticmethod
+    def get_app_by_id(app_id: str) -> Optional[App]:
+        """
+        Get an app by ID
+        """
+        app = db.session.query(App).filter(App.id == app_id).first()
+        return app
+
+    @staticmethod
+    def get_workflow_for_app(app: App) -> Optional[Workflow]:
+        """
+        Get the workflow for an app
+        """
+        # First try to get the published workflow
+        if app.workflow_id:
+            workflow = db.session.query(Workflow).filter(Workflow.id == app.workflow_id).first()
+            if workflow:
+                return workflow
+
+        # If no published workflow, try to get the draft workflow
+        workflow = db.session.query(Workflow).filter(Workflow.app_id == app.id, Workflow.version == "draft").first()
+
+        return workflow
+
+    def process_workflow_request(
+        self, inputs: dict[str, Any], dsl_string: Optional[str] = None, app_id: Optional[str] = None
+    ) -> dict[str, Any]:
+        """
+        Process workflow request
+
+        Args:
+            inputs: The inputs for the workflow
+            dsl_string: The DSL string to create a workflow from (optional if app_id is provided)
+            app_id: The ID of an existing app to use (optional if dsl_string is provided)
+
+        Returns:
+            A dictionary with the workflow execution results
+        """
+        # Get default admin account and tenant ID
+        account, tenant_id = self.get_default_admin_account()
+
+        if app_id:
+            # Use existing app
+            app = self.get_app_by_id(app_id)
+            if not app:
+                return {"status": "failed", "error": f"App with ID {app_id} not found"}
+
+            # Get workflow for the app
+            workflow = self.get_workflow_for_app(app)
+            if not workflow:
+                return {"app_id": app.id, "status": "failed", "error": f"No workflow found for app with ID {app_id}"}
+        elif dsl_string:
+            # Create temporary app
+            app = self.create_temporary_app(tenant_id)
+
+            try:
+                # Import DSL to workflow
+                workflow = self.import_dsl_to_workflow(app, dsl_string, account)
+            except Exception as e:
+                logger.exception("Failed to import DSL to workflow")
+                error_details = traceback.format_exc()
+                return {
+                    "app_id": app.id,
+                    "status": "failed",
+                    "error": f"Failed to import DSL: {str(e)}",
+                    "error_details": error_details,
+                }
+        else:
+            # This should not happen as the API should validate this
+            return {"status": "failed", "error": "Either app_id or dsl must be provided"}
+
+        try:
+            # Execute workflow
+            data, error = self.execute_workflow(app, workflow, inputs, account)
+
+            response = {
+                "app_id": app.id,
+                "outputs": data.get("outputs", {}),
+                "status": "succeeded" if not error else "failed",
+            }
+
+            if error:
+                response["error"] = error
+
+            return response
+
+        except Exception as e:
+            logger.exception("Failed to process workflow request")
+            error_details = traceback.format_exc()
+            return {"app_id": app.id, "status": "failed", "error": str(e), "error_details": error_details}
--- a/docker/.env.example
+++ b/docker/.env.example
@@ -142,6 +142,9 @@ CELERY_WORKER_CLASS=
 # it is recommended to set it to 360 to support a longer sse connection time.
 GUNICORN_TIMEOUT=360

+# The number of seconds to wait for requests on a Keep-Alive connection, default to 2
+GUNICORN_KEEP_ALIVE=2
+
 # The number of Celery workers. The default is 1, and can be set as needed.
 CELERY_WORKER_AMOUNT=

@@ -932,3 +935,6 @@ MAX_SUBMIT_COUNT=100

 # The maximum number of top-k value for RAG.
 TOP_K_MAX_VALUE=10
+
+# Prevent Clickjacking
+ALLOW_EMBED=false
--- a/docker/docker-compose-template.yaml
+++ b/docker/docker-compose-template.yaml
@@ -1,8 +1,8 @@
-x-shared-env: &shared-api-worker-env
+x-shared-env: &shared-api-worker-env 
 services:
  # API service
  api:
-    image: langgenius/dify-api:0.15.3
+    image: langgenius/dify-api:0.15.7
    restart: always
    environment:
      # Use the shared environment variables.
@@ -25,7 +25,7 @@ services:
  # worker service
  # The Celery worker for processing the queue.
  worker:
-    image: langgenius/dify-api:0.15.3
+    image: langgenius/dify-api:0.15.7
    restart: always
    environment:
      # Use the shared environment variables.
@@ -47,7 +47,7 @@ services:

  # Frontend web application.
  web:
-    image: langgenius/dify-web:0.15.3
+    image: langgenius/dify-web:0.15.7
    restart: always
    environment:
      CONSOLE_API_URL: ${CONSOLE_API_URL:-}
@@ -56,6 +56,7 @@ services:
      NEXT_TELEMETRY_DISABLED: ${NEXT_TELEMETRY_DISABLED:-0}
      TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000}
      CSP_WHITELIST: ${CSP_WHITELIST:-}
+      ALLOW_EMBED: ${ALLOW_EMBED:-false}
      TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-}
      INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-}

@@ -98,7 +99,7 @@ services:

  # The DifySandbox
  sandbox:
-    image: langgenius/dify-sandbox:0.2.10
+    image: langgenius/dify-sandbox:0.2.11
    restart: always
    environment:
      # The DifySandbox configurations
--- a/docker/docker-compose.middleware.yaml
+++ b/docker/docker-compose.middleware.yaml
@@ -43,7 +43,7 @@ services:

  # The DifySandbox
  sandbox:
-    image: langgenius/dify-sandbox:0.2.10
+    image: langgenius/dify-sandbox:0.2.11
    restart: always
    environment:
      # The DifySandbox configurations
--- a/docker/docker-compose.yaml
+++ b/docker/docker-compose.yaml
@@ -37,6 +37,7 @@ x-shared-env: &shared-api-worker-env
  SERVER_WORKER_CONNECTIONS: ${SERVER_WORKER_CONNECTIONS:-10}
  CELERY_WORKER_CLASS: ${CELERY_WORKER_CLASS:-}
  GUNICORN_TIMEOUT: ${GUNICORN_TIMEOUT:-360}
+  GUNICORN_KEEP_ALIVE: ${GUNICORN_KEEP_ALIVE:-2}
  CELERY_WORKER_AMOUNT: ${CELERY_WORKER_AMOUNT:-}
  CELERY_AUTO_SCALE: ${CELERY_AUTO_SCALE:-false}
  CELERY_MAX_WORKERS: ${CELERY_MAX_WORKERS:-}
@@ -389,11 +390,12 @@ x-shared-env: &shared-api-worker-env
  CREATE_TIDB_SERVICE_JOB_ENABLED: ${CREATE_TIDB_SERVICE_JOB_ENABLED:-false}
  MAX_SUBMIT_COUNT: ${MAX_SUBMIT_COUNT:-100}
  TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-10}
+  ALLOW_EMBED: ${ALLOW_EMBED:-false}

 services:
  # API service
  api:
-    image: langgenius/dify-api:0.15.3
+    image: langgenius/dify-api:0.15.7
    restart: always
    environment:
      # Use the shared environment variables.
@@ -416,7 +418,7 @@ services:
  # worker service
  # The Celery worker for processing the queue.
  worker:
-    image: langgenius/dify-api:0.15.3
+    image: langgenius/dify-api:0.15.7
    restart: always
    environment:
      # Use the shared environment variables.
@@ -438,7 +440,7 @@ services:

  # Frontend web application.
  web:
-    image: langgenius/dify-web:0.15.3
+    image: langgenius/dify-web:0.15.7
    restart: always
    environment:
      CONSOLE_API_URL: ${CONSOLE_API_URL:-}
@@ -447,6 +449,7 @@ services:
      NEXT_TELEMETRY_DISABLED: ${NEXT_TELEMETRY_DISABLED:-0}
      TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000}
      CSP_WHITELIST: ${CSP_WHITELIST:-}
+      ALLOW_EMBED: ${ALLOW_EMBED:-false}
      TOP_K_MAX_VALUE: ${TOP_K_MAX_VALUE:-}
      INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-}

@@ -489,7 +492,7 @@ services:

  # The DifySandbox
  sandbox:
-    image: langgenius/dify-sandbox:0.2.10
+    image: langgenius/dify-sandbox:0.2.11
    restart: always
    environment:
      # The DifySandbox configurations
--- a/web/.env.example
+++ b/web/.env.example
@@ -31,3 +31,6 @@ NEXT_PUBLIC_TOP_K_MAX_VALUE=10

 # The maximum number of tokens for segmentation
 NEXT_PUBLIC_INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH=4000
+
+# Default is not allow to embed into iframe to prevent Clickjacking: https://owasp.org/www-community/attacks/Clickjacking
+NEXT_PUBLIC_ALLOW_EMBED=
--- a/web/app/components/app/create-app-dialog/app-list/index.tsx
+++ b/web/app/components/app/create-app-dialog/app-list/index.tsx
@@ -186,15 +186,17 @@ const Apps = ({
        <div className='w-[180px] h-8'></div>
      </div>
      <div className='relative flex flex-1 overflow-y-auto'>
-        {!searchKeywords && <div className='w-[200px] h-full p-4'>
-          <Sidebar current={currCategory as AppCategories} onClick={(category) => { setCurrCategory(category) }} onCreateFromBlank={onCreateFromBlank} />
+        {!searchKeywords && <div className='h-full w-[200px] p-4'>
+          <Sidebar current={currCategory as AppCategories} categories={categories} onClick={(category) => { setCurrCategory(category) }} onCreateFromBlank={onCreateFromBlank} />
        </div>}
        <div className='flex-1 h-full overflow-auto shrink-0 grow p-6 pt-2 border-l border-divider-burn'>
          {searchFilteredList && searchFilteredList.length > 0 && <>
            <div className='pt-4 pb-1'>
              {searchKeywords
                ? <p className='title-md-semi-bold text-text-tertiary'>{searchFilteredList.length > 1 ? t('app.newApp.foundResults', { count: searchFilteredList.length }) : t('app.newApp.foundResult', { count: searchFilteredList.length })}</p>
-                : <AppCategoryLabel category={currCategory as AppCategories} className='title-md-semi-bold text-text-primary' />}
+                : <div className='flex h-[22px] items-center'>
+                  <AppCategoryLabel category={currCategory as AppCategories} className='title-md-semi-bold text-text-primary' />
+                </div>}
            </div>
            <div
              className={cn(
--- a/web/app/components/app/create-app-dialog/app-list/sidebar.tsx
+++ b/web/app/components/app/create-app-dialog/app-list/sidebar.tsx
@@ -1,39 +1,29 @@
 'use client'
-import { RiAppsFill, RiChatSmileAiFill, RiExchange2Fill, RiPassPendingFill, RiQuillPenAiFill, RiSpeakAiFill, RiStickyNoteAddLine, RiTerminalBoxFill, RiThumbUpFill } from '@remixicon/react'
+import { RiStickyNoteAddLine, RiThumbUpLine } from '@remixicon/react'
 import { useTranslation } from 'react-i18next'
 import classNames from '@/utils/classnames'
 import Divider from '@/app/components/base/divider'

 export enum AppCategories {
  RECOMMENDED = 'Recommended',
-  ASSISTANT = 'Assistant',
-  AGENT = 'Agent',
-  HR = 'HR',
-  PROGRAMMING = 'Programming',
-  WORKFLOW = 'Workflow',
-  WRITING = 'Writing',
 }

 type SidebarProps = {
-  current: AppCategories
-  onClick?: (category: AppCategories) => void
+  current: AppCategories | string
+  categories: string[]
+  onClick?: (category: AppCategories | string) => void
  onCreateFromBlank?: () => void
 }

-export default function Sidebar({ current, onClick, onCreateFromBlank }: SidebarProps) {
+export default function Sidebar({ current, categories, onClick, onCreateFromBlank }: SidebarProps) {
  const { t } = useTranslation()
-  return <div className="w-full h-full flex flex-col">
-    <ul>
+  return <div className="flex h-full w-full flex-col">
+    <ul className='pt-0.5'>
      <CategoryItem category={AppCategories.RECOMMENDED} active={current === AppCategories.RECOMMENDED} onClick={onClick} />
    </ul>
-    <div className='px-3 pt-2 pb-1 system-xs-medium-uppercase text-text-tertiary'>{t('app.newAppFromTemplate.byCategories')}</div>
-    <ul className='flex-grow flex flex-col gap-0.5'>
-      <CategoryItem category={AppCategories.ASSISTANT} active={current === AppCategories.ASSISTANT} onClick={onClick} />
-      <CategoryItem category={AppCategories.AGENT} active={current === AppCategories.AGENT} onClick={onClick} />
-      <CategoryItem category={AppCategories.HR} active={current === AppCategories.HR} onClick={onClick} />
-      <CategoryItem category={AppCategories.PROGRAMMING} active={current === AppCategories.PROGRAMMING} onClick={onClick} />
-      <CategoryItem category={AppCategories.WORKFLOW} active={current === AppCategories.WORKFLOW} onClick={onClick} />
-      <CategoryItem category={AppCategories.WRITING} active={current === AppCategories.WRITING} onClick={onClick} />
+    <div className='system-xs-medium-uppercase mb-0.5 mt-3 px-3 pb-1 pt-2 text-text-tertiary'>{t('app.newAppFromTemplate.byCategories')}</div>
+    <ul className='flex grow flex-col gap-0.5'>
+      {categories.map(category => (<CategoryItem key={category} category={category} active={current === category} onClick={onClick} />))}
    </ul>
    <Divider bgStyle='gradient' />
    <div className='px-3 py-1 flex items-center gap-1 text-text-tertiary cursor-pointer' onClick={onCreateFromBlank}>
@@ -45,47 +35,26 @@ export default function Sidebar({ current, onClick, onCreateFromBlank }: Sidebar

 type CategoryItemProps = {
  active: boolean
-  category: AppCategories
-  onClick?: (category: AppCategories) => void
+  category: AppCategories | string
+  onClick?: (category: AppCategories | string) => void
 }
 function CategoryItem({ category, active, onClick }: CategoryItemProps) {
  return <li
-    className={classNames('p-1 pl-3 rounded-lg flex items-center gap-2 group cursor-pointer hover:bg-state-base-hover [&.active]:bg-state-base-active', active && 'active')}
+    className={classNames('p-1 pl-3 h-8 rounded-lg flex items-center gap-2 group cursor-pointer hover:bg-state-base-hover [&.active]:bg-state-base-active', active && 'active')}
    onClick={() => { onClick?.(category) }}>
-    <div className='w-5 h-5 inline-flex items-center justify-center rounded-md border border-divider-regular bg-components-icon-bg-midnight-solid group-[.active]:bg-components-icon-bg-blue-solid'>
-      <AppCategoryIcon category={category} />
-    </div>
+    {category === AppCategories.RECOMMENDED && <div className='inline-flex h-5 w-5 items-center justify-center rounded-md'>
+      <RiThumbUpLine className='h-4 w-4 text-components-menu-item-text group-[.active]:text-components-menu-item-text-active' />
+    </div>}
    <AppCategoryLabel category={category}
      className={classNames('system-sm-medium text-components-menu-item-text group-[.active]:text-components-menu-item-text-active group-hover:text-components-menu-item-text-hover', active && 'system-sm-semibold')} />
  </li >
 }

 type AppCategoryLabelProps = {
-  category: AppCategories
+  category: AppCategories | string
  className?: string
 }
 export function AppCategoryLabel({ category, className }: AppCategoryLabelProps) {
  const { t } = useTranslation()
-  return <span className={className}>{t(`app.newAppFromTemplate.sidebar.${category}`)}</span>
-}
-
-type AppCategoryIconProps = {
-  category: AppCategories
-}
-function AppCategoryIcon({ category }: AppCategoryIconProps) {
-  if (category === AppCategories.AGENT)
-    return <RiSpeakAiFill className='w-3.5 h-3.5 text-components-avatar-shape-fill-stop-100' />
-  if (category === AppCategories.ASSISTANT)
-    return <RiChatSmileAiFill className='w-3.5 h-3.5 text-components-avatar-shape-fill-stop-100' />
-  if (category === AppCategories.HR)
-    return <RiPassPendingFill className='w-3.5 h-3.5 text-components-avatar-shape-fill-stop-100' />
-  if (category === AppCategories.PROGRAMMING)
-    return <RiTerminalBoxFill className='w-3.5 h-3.5 text-components-avatar-shape-fill-stop-100' />
-  if (category === AppCategories.RECOMMENDED)
-    return <RiThumbUpFill className='w-3.5 h-3.5 text-components-avatar-shape-fill-stop-100' />
-  if (category === AppCategories.WRITING)
-    return <RiQuillPenAiFill className='w-3.5 h-3.5 text-components-avatar-shape-fill-stop-100' />
-  if (category === AppCategories.WORKFLOW)
-    return <RiExchange2Fill className='w-3.5 h-3.5 text-components-avatar-shape-fill-stop-100' />
-  return <RiAppsFill className='w-3.5 h-3.5 text-components-avatar-shape-fill-stop-100' />
+  return <span className={className}>{category === AppCategories.RECOMMENDED ? t('app.newAppFromTemplate.sidebar.Recommended') : category}</span>
 }
--- a/web/app/components/app/create-app-modal/index.tsx
+++ b/web/app/components/app/create-app-modal/index.tsx
@@ -312,7 +312,7 @@ function AppPreview({ mode }: { mode: AppMode }) {
    'chat': {
      title: t('app.types.chatbot'),
      description: t('app.newApp.chatbotUserDescription'),
-      link: 'https://docs.dify.ai/guides/application-orchestrate/conversation-application?fallback=true',
+      link: 'https://docs.dify.ai/guides/application-orchestrate#application_type',
    },
    'advanced-chat': {
      title: t('app.types.advanced'),
--- a/web/app/components/app/create-from-dsl-modal/dsl-confirm-modal.tsx
+++ b/web/app/components/app/create-from-dsl-modal/dsl-confirm-modal.tsx
@@ -0,0 +1,46 @@
+import { useTranslation } from 'react-i18next'
+import Modal from '@/app/components/base/modal'
+import Button from '@/app/components/base/button'
+
+type DSLConfirmModalProps = {
+  versions?: {
+    importedVersion: string
+    systemVersion: string
+  }
+  onCancel: () => void
+  onConfirm: () => void
+  confirmDisabled?: boolean
+}
+const DSLConfirmModal = ({
+  versions = { importedVersion: '', systemVersion: '' },
+  onCancel,
+  onConfirm,
+  confirmDisabled = false,
+}: DSLConfirmModalProps) => {
+  const { t } = useTranslation()
+
+  return (
+    <Modal
+      isShow
+      onClose={() => onCancel()}
+      className='w-[480px]'
+    >
+      <div className='flex flex-col items-start gap-2 self-stretch pb-4'>
+        <div className='title-2xl-semi-bold text-text-primary'>{t('app.newApp.appCreateDSLErrorTitle')}</div>
+        <div className='system-md-regular flex grow flex-col text-text-secondary'>
+          <div>{t('app.newApp.appCreateDSLErrorPart1')}</div>
+          <div>{t('app.newApp.appCreateDSLErrorPart2')}</div>
+          <br />
+          <div>{t('app.newApp.appCreateDSLErrorPart3')}<span className='system-md-medium'>{versions.importedVersion}</span></div>
+          <div>{t('app.newApp.appCreateDSLErrorPart4')}<span className='system-md-medium'>{versions.systemVersion}</span></div>
+        </div>
+      </div>
+      <div className='flex items-start justify-end gap-2 self-stretch pt-6'>
+        <Button variant='secondary' onClick={() => onCancel()}>{t('app.newApp.Cancel')}</Button>
+        <Button variant='primary' destructive onClick={onConfirm} disabled={confirmDisabled}>{t('app.newApp.Confirm')}</Button>
+      </div>
+    </Modal>
+  )
+}
+
+export default DSLConfirmModal
--- a/web/app/components/app/overview/embedded/index.tsx
+++ b/web/app/components/app/overview/embedded/index.tsx
@@ -24,7 +24,7 @@ const OPTION_MAP = {
  iframe: {
    getContent: (url: string, token: string) =>
      `<iframe
- src="${url}/chatbot/${token}"
+ src="${url}/chat/${token}"
 style="width: 100%; height: 100%; min-height: 700px"
 frameborder="0"
 allow="microphone">
@@ -35,12 +35,12 @@ const OPTION_MAP = {
      `<script>
 window.difyChatbotConfig = {
  token: '${token}'${isTestEnv
-  ? `,
+        ? `,
  isDev: true`
-  : ''}${IS_CE_EDITION
-  ? `,
+        : ''}${IS_CE_EDITION
+          ? `,
  baseUrl: '${url}'`
-  : ''}
+          : ''}
 }
 </script>
 <script
--- a/web/app/components/base/chat/embedded-chatbot/hooks.tsx
+++ b/web/app/components/base/chat/embedded-chatbot/hooks.tsx
@@ -11,10 +11,12 @@ import { useLocalStorageState } from 'ahooks'
 import produce from 'immer'
 import type {
  ChatConfig,
+  ChatItem,
  Feedback,
 } from '../types'
 import { CONVERSATION_ID_INFO } from '../constants'
-import { getPrevChatList, getProcessedInputsFromUrlParams } from '../utils'
+import { buildChatItemTree, getProcessedInputsFromUrlParams } from '../utils'
+import { getProcessedFilesFromResponse } from '../../file-uploader/utils'
 import {
  fetchAppInfo,
  fetchAppMeta,
@@ -32,6 +34,33 @@ import { useToastContext } from '@/app/components/base/toast'
 import { changeLanguage } from '@/i18n/i18next-config'
 import { InputVarType } from '@/app/components/workflow/types'
 import { TransferMethod } from '@/types/app'
+import { addFileInfos, sortAgentSorts } from '@/app/components/tools/utils'
+
+function getFormattedChatList(messages: any[]) {
+  const newChatList: ChatItem[] = []
+  messages.forEach((item) => {
+    const questionFiles = item.message_files?.filter((file: any) => file.belongs_to === 'user') || []
+    newChatList.push({
+      id: `question-${item.id}`,
+      content: item.query,
+      isAnswer: false,
+      message_files: getProcessedFilesFromResponse(questionFiles.map((item: any) => ({ ...item, related_id: item.id }))),
+      parentMessageId: item.parent_message_id || undefined,
+    })
+    const answerFiles = item.message_files?.filter((file: any) => file.belongs_to === 'assistant') || []
+    newChatList.push({
+      id: item.id,
+      content: item.answer,
+      agent_thoughts: addFileInfos(item.agent_thoughts ? sortAgentSorts(item.agent_thoughts) : item.agent_thoughts, item.message_files),
+      feedback: item.feedback,
+      isAnswer: true,
+      citation: item.retriever_resources,
+      message_files: getProcessedFilesFromResponse(answerFiles.map((item: any) => ({ ...item, related_id: item.id }))),
+      parentMessageId: `question-${item.id}`,
+    })
+  })
+  return newChatList
+}

 export const useEmbeddedChatbot = () => {
  const isInstalledApp = false
@@ -77,7 +106,7 @@ export const useEmbeddedChatbot = () => {

  const appPrevChatList = useMemo(
    () => (currentConversationId && appChatListData?.data.length)
-      ? getPrevChatList(appChatListData.data)
+      ? buildChatItemTree(getFormattedChatList(appChatListData.data))
      : [],
    [appChatListData, currentConversationId],
  )
--- a/web/app/components/base/chat/utils.ts
+++ b/web/app/components/base/chat/utils.ts
@@ -1,6 +1,8 @@
 import { UUID_NIL } from './constants'
 import type { IChatItem } from './chat/type'
 import type { ChatItem, ChatItemInTree } from './types'
+import { addFileInfos, sortAgentSorts } from '../../tools/utils'
+import { getProcessedFilesFromResponse } from '../file-uploader/utils'

 async function decodeBase64AndDecompress(base64String: string) {
  const binaryString = atob(base64String)
@@ -19,6 +21,60 @@ function getProcessedInputsFromUrlParams(): Record<string, any> {
  return inputs
 }

+function appendQAToChatList(chatList: ChatItem[], item: any) {
+  // we append answer first and then question since will reverse the whole chatList later
+  const answerFiles = item.message_files?.filter((file: any) => file.belongs_to === 'assistant') || []
+  chatList.push({
+    id: item.id,
+    content: item.answer,
+    agent_thoughts: addFileInfos(item.agent_thoughts ? sortAgentSorts(item.agent_thoughts) : item.agent_thoughts, item.message_files),
+    feedback: item.feedback,
+    isAnswer: true,
+    citation: item.retriever_resources,
+    message_files: getProcessedFilesFromResponse(answerFiles.map((item: any) => ({ ...item, related_id: item.id }))),
+  })
+  const questionFiles = item.message_files?.filter((file: any) => file.belongs_to === 'user') || []
+  chatList.push({
+    id: `question-${item.id}`,
+    content: item.query,
+    isAnswer: false,
+    message_files: getProcessedFilesFromResponse(questionFiles.map((item: any) => ({ ...item, related_id: item.id }))),
+  })
+}
+
+/**
+ * Computes the latest thread messages from all messages of the conversation.
+ * Same logic as backend codebase `api/core/prompt/utils/extract_thread_messages.py`
+ *
+ * @param fetchedMessages - The history chat list data from the backend, sorted by created_at in descending order. This includes all flattened history messages of the conversation.
+ * @returns An array of ChatItems representing the latest thread.
+ */
+
+
+function getPrevChatList(fetchedMessages: any[]) {
+  const ret: ChatItem[] = []
+  let nextMessageId = null
+
+  for (const item of fetchedMessages) {
+    if (!item.parent_message_id) {
+      appendQAToChatList(ret, item)
+      break
+    }
+
+    if (!nextMessageId) {
+      appendQAToChatList(ret, item)
+      nextMessageId = item.parent_message_id
+    }
+    else {
+      if (item.id === nextMessageId || nextMessageId === UUID_NIL) {
+        appendQAToChatList(ret, item)
+        nextMessageId = item.parent_message_id
+      }
+    }
+  }
+  return ret.reverse()
+}
+
 function isValidGeneratedAnswer(item?: ChatItem | ChatItemInTree): boolean {
  return !!item && item.isAnswer && !item.id.startsWith('answer-placeholder-') && !item.isOpeningStatement
 }
@@ -164,6 +220,7 @@ function getThreadMessages(tree: ChatItemInTree[], targetMessageId?: string): Ch
 export {
  getProcessedInputsFromUrlParams,
  isValidGeneratedAnswer,
+  getPrevChatList,
  getLastAnswer,
  buildChatItemTree,
  getThreadMessages,
--- a/web/app/components/base/markdown.tsx
+++ b/web/app/components/base/markdown.tsx
@@ -10,6 +10,7 @@ import SyntaxHighlighter from 'react-syntax-highlighter'
 import { atelierHeathLight } from 'react-syntax-highlighter/dist/esm/styles/hljs'
 import { Component, memo, useMemo, useRef, useState } from 'react'
 import type { CodeComponent } from 'react-markdown/lib/ast-to-react'
+import SVGRenderer from './svg-gallery'
 import cn from '@/utils/classnames'
 import CopyBtn from '@/app/components/base/copy-btn'
 import SVGBtn from '@/app/components/base/svg'
@@ -18,7 +19,7 @@ import ImageGallery from '@/app/components/base/image-gallery'
 import { useChatContext } from '@/app/components/base/chat/chat/context'
 import VideoGallery from '@/app/components/base/video-gallery'
 import AudioGallery from '@/app/components/base/audio-gallery'
-import SVGRenderer from '@/app/components/base/svg-gallery'
+// import SVGRenderer from '@/app/components/base/svg-gallery'
 import MarkdownButton from '@/app/components/base/markdown-blocks/button'
 import MarkdownForm from '@/app/components/base/markdown-blocks/form'

--- a/web/app/components/base/svg-gallery/index.tsx
+++ b/web/app/components/base/svg-gallery/index.tsx
@@ -1,5 +1,6 @@
 import { useEffect, useRef, useState } from 'react'
 import { SVG } from '@svgdotjs/svg.js'
+import DOMPurify from 'dompurify'
 import ImagePreview from '@/app/components/base/image-uploader/image-preview'

 export const SVGRenderer = ({ content }: { content: string }) => {
@@ -44,7 +45,7 @@ export const SVGRenderer = ({ content }: { content: string }) => {

        svgRef.current.style.width = `${Math.min(originalWidth, 298)}px`

-        const rootElement = draw.svg(content)
+        const rootElement = draw.svg(DOMPurify.sanitize(content))

        rootElement.click(() => {
          setImagePreview(svgToDataURL(svgElement as Element))
--- a/web/app/components/explore/app-list/index.tsx
+++ b/web/app/components/explore/app-list/index.tsx
@@ -1,12 +1,10 @@
 'use client'

-import React, { useMemo, useState } from 'react'
-import { useRouter } from 'next/navigation'
+import React, { useCallback, useMemo, useState } from 'react'
 import { useTranslation } from 'react-i18next'
 import { useContext } from 'use-context-selector'
 import useSWR from 'swr'
 import { useDebounceFn } from 'ahooks'
-import Toast from '../../base/toast'
 import s from './style.module.css'
 import cn from '@/utils/classnames'
 import ExploreContext from '@/context/explore-context'
@@ -14,17 +12,17 @@ import type { App } from '@/models/explore'
 import Category from '@/app/components/explore/category'
 import AppCard from '@/app/components/explore/app-card'
 import { fetchAppDetail, fetchAppList } from '@/service/explore'
-import { importDSL } from '@/service/apps'
 import { useTabSearchParams } from '@/hooks/use-tab-searchparams'
 import CreateAppModal from '@/app/components/explore/create-app-modal'
 import AppTypeSelector from '@/app/components/app/type-selector'
 import type { CreateAppModalProps } from '@/app/components/explore/create-app-modal'
 import Loading from '@/app/components/base/loading'
-import { NEED_REFRESH_APP_LIST_KEY } from '@/config'
-import { useAppContext } from '@/context/app-context'
-import { getRedirection } from '@/utils/app-redirection'
 import Input from '@/app/components/base/input'
-import { DSLImportMode } from '@/models/app'
+import {
+  DSLImportMode,
+} from '@/models/app'
+import { useImportDSL } from '@/hooks/use-import-dsl'
+import DSLConfirmModal from '@/app/components/app/create-from-dsl-modal/dsl-confirm-modal'

 type AppsProps = {
  pageType?: PageType
@@ -41,8 +39,6 @@ const Apps = ({
  onSuccess,
 }: AppsProps) => {
  const { t } = useTranslation()
-  const { isCurrentWorkspaceEditor } = useAppContext()
-  const { push } = useRouter()
  const { hasEditPermission } = useContext(ExploreContext)
  const allCategoriesEn = t('explore.apps.allCategories', { lng: 'en' })

@@ -117,6 +113,14 @@ const Apps = ({

  const [currApp, setCurrApp] = React.useState<App | null>(null)
  const [isShowCreateModal, setIsShowCreateModal] = React.useState(false)
+
+  const {
+    handleImportDSL,
+    handleImportDSLConfirm,
+    versions,
+    isFetching,
+  } = useImportDSL()
+  const [showDSLConfirmModal, setShowDSLConfirmModal] = useState(false)
  const onCreate: CreateAppModalProps['onConfirm'] = async ({
    name,
    icon_type,
@@ -127,31 +131,31 @@ const Apps = ({
    const { export_data } = await fetchAppDetail(
      currApp?.app.id as string,
    )
-    try {
-      const app = await importDSL({
-        mode: DSLImportMode.YAML_CONTENT,
-        yaml_content: export_data,
-        name,
-        icon_type,
-        icon,
-        icon_background,
-        description,
-      })
-      setIsShowCreateModal(false)
-      Toast.notify({
-        type: 'success',
-        message: t('app.newApp.appCreated'),
-      })
-      if (onSuccess)
-        onSuccess()
-      localStorage.setItem(NEED_REFRESH_APP_LIST_KEY, '1')
-      getRedirection(isCurrentWorkspaceEditor, { id: app.app_id }, push)
-    }
-    catch (e) {
-      Toast.notify({ type: 'error', message: t('app.newApp.appCreateFailed') })
+    const payload = {
+      mode: DSLImportMode.YAML_CONTENT,
+      yaml_content: export_data,
+      name,
+      icon_type,
+      icon,
+      icon_background,
+      description,
    }
+    await handleImportDSL(payload, {
+      onSuccess: () => {
+        setIsShowCreateModal(false)
+      },
+      onPending: () => {
+        setShowDSLConfirmModal(true)
+      },
+    })
  }

+  const onConfirmDSL = useCallback(async () => {
+    await handleImportDSLConfirm({
+      onSuccess,
+    })
+  }, [handleImportDSLConfirm, onSuccess])
+
  if (!categories || categories.length === 0) {
    return (
      <div className="flex h-full items-center">
@@ -234,9 +238,20 @@ const Apps = ({
          appDescription={currApp?.app.description || ''}
          show={isShowCreateModal}
          onConfirm={onCreate}
+          confirmDisabled={isFetching}
          onHide={() => setIsShowCreateModal(false)}
        />
      )}
+      {
+        showDSLConfirmModal && (
+          <DSLConfirmModal
+            versions={versions}
+            onCancel={() => setShowDSLConfirmModal(false)}
+            onConfirm={onConfirmDSL}
+            confirmDisabled={isFetching}
+          />
+        )
+      }
    </div>
  )
 }
--- a/web/app/components/explore/create-app-modal/index.tsx
+++ b/web/app/components/explore/create-app-modal/index.tsx
@@ -33,6 +33,7 @@ export type CreateAppModalProps = {
    description: string
    use_icon_as_answer_icon?: boolean
  }) => Promise<void>
+  confirmDisabled?: boolean
  onHide: () => void
 }

@@ -48,6 +49,7 @@ const CreateAppModal = ({
  appMode,
  appUseIconAsAnswerIcon,
  onConfirm,
+  confirmDisabled,
  onHide,
 }: CreateAppModalProps) => {
  const { t } = useTranslation()
@@ -145,7 +147,7 @@ const CreateAppModal = ({
          {!isEditModal && isAppsFull && <AppsFull loc='app-explore-create' />}
        </div>
        <div className='flex flex-row-reverse'>
-          <Button disabled={!isEditModal && isAppsFull} className='w-24 ml-2' variant='primary' onClick={submit}>{!isEditModal ? t('common.operation.create') : t('common.operation.save')}</Button>
+          <Button disabled={(!isEditModal && isAppsFull) || !name.trim() || confirmDisabled} className='w-24 ml-2' variant='primary' onClick={submit}>{!isEditModal ? t('common.operation.create') : t('common.operation.save')}</Button>
          <Button className='w-24' onClick={onHide}>{t('common.operation.cancel')}</Button>
        </div>
      </Modal>
--- a/web/app/reset-password/check-code/page.tsx
+++ b/web/app/reset-password/check-code/page.tsx
@@ -39,7 +39,11 @@ export default function CheckCode() {
      }
      setIsLoading(true)
      const ret = await verifyResetPasswordCode({ email, code, token })
-      ret.is_valid && router.push(`/reset-password/set-password?${searchParams.toString()}`)
+      if (ret.is_valid) {
+        const params = new URLSearchParams(searchParams)
+        params.set('token', encodeURIComponent(ret.token))
+        router.push(`/reset-password/set-password?${params.toString()}`)
+      }
    }
    catch (error) { console.error(error) }
    finally {
--- a/web/docker/entrypoint.sh
+++ b/web/docker/entrypoint.sh
@@ -23,6 +23,7 @@ export NEXT_TELEMETRY_DISABLED=${NEXT_TELEMETRY_DISABLED}

 export NEXT_PUBLIC_TEXT_GENERATION_TIMEOUT_MS=${TEXT_GENERATION_TIMEOUT_MS}
 export NEXT_PUBLIC_CSP_WHITELIST=${CSP_WHITELIST}
+export NEXT_PUBLIC_ALLOW_EMBED=${ALLOW_EMBED}
 export NEXT_PUBLIC_TOP_K_MAX_VALUE=${TOP_K_MAX_VALUE}
 export NEXT_PUBLIC_INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH=${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH}

--- a/web/hooks/use-import-dsl.ts
+++ b/web/hooks/use-import-dsl.ts
@@ -0,0 +1,158 @@
+import {
+  useCallback,
+  useRef,
+  useState,
+} from 'react'
+import { useTranslation } from 'react-i18next'
+import { useRouter } from 'next/navigation'
+import type {
+  DSLImportMode,
+  DSLImportResponse,
+} from '@/models/app'
+import { DSLImportStatus } from '@/models/app'
+import {
+  importDSL,
+  importDSLConfirm,
+} from '@/service/apps'
+import type { AppIconType } from '@/types/app'
+import { useToastContext } from '@/app/components/base/toast'
+import { getRedirection } from '@/utils/app-redirection'
+import { useSelector } from '@/context/app-context'
+import { NEED_REFRESH_APP_LIST_KEY } from '@/config'
+
+type DSLPayload = {
+  mode: DSLImportMode
+  yaml_content?: string
+  yaml_url?: string
+  name?: string
+  icon_type?: AppIconType
+  icon?: string
+  icon_background?: string
+  description?: string
+}
+type ResponseCallback = {
+  onSuccess?: () => void
+  onPending?: (payload: DSLImportResponse) => void
+  onFailed?: () => void
+}
+export const useImportDSL = () => {
+  const { t } = useTranslation()
+  const { notify } = useToastContext()
+  const [isFetching, setIsFetching] = useState(false)
+  const isCurrentWorkspaceEditor = useSelector(s => s.isCurrentWorkspaceEditor)
+  const { push } = useRouter()
+  const [versions, setVersions] = useState<{ importedVersion: string; systemVersion: string }>()
+  const importIdRef = useRef<string>('')
+
+  const handleImportDSL = useCallback(async (
+    payload: DSLPayload,
+    {
+      onSuccess,
+      onPending,
+      onFailed,
+    }: ResponseCallback,
+  ) => {
+    if (isFetching)
+      return
+    setIsFetching(true)
+
+    try {
+      const response = await importDSL(payload)
+
+      if (!response)
+        return
+
+      const {
+        id,
+        status,
+        app_id,
+        imported_dsl_version,
+        current_dsl_version,
+      } = response
+
+      if (status === DSLImportStatus.COMPLETED || status === DSLImportStatus.COMPLETED_WITH_WARNINGS) {
+        if (!app_id)
+          return
+
+        notify({
+          type: status === DSLImportStatus.COMPLETED ? 'success' : 'warning',
+          message: t(status === DSLImportStatus.COMPLETED ? 'app.newApp.appCreated' : 'app.newApp.caution'),
+          children: status === DSLImportStatus.COMPLETED_WITH_WARNINGS && t('app.newApp.appCreateDSLWarning'),
+        })
+        onSuccess?.()
+        localStorage.setItem(NEED_REFRESH_APP_LIST_KEY, '1')
+        getRedirection(isCurrentWorkspaceEditor, { id: app_id }, push)
+      }
+      else if (status === DSLImportStatus.PENDING) {
+        setVersions({
+          importedVersion: imported_dsl_version ?? '',
+          systemVersion: current_dsl_version ?? '',
+        })
+        importIdRef.current = id
+        onPending?.(response)
+      }
+      else {
+        notify({ type: 'error', message: t('app.newApp.appCreateFailed') })
+        onFailed?.()
+      }
+    }
+    catch {
+      notify({ type: 'error', message: t('app.newApp.appCreateFailed') })
+      onFailed?.()
+    }
+    finally {
+      setIsFetching(false)
+    }
+  }, [t, notify, isCurrentWorkspaceEditor, push, isFetching])
+
+  const handleImportDSLConfirm = useCallback(async (
+    {
+      onSuccess,
+      onFailed,
+    }: Pick<ResponseCallback, 'onSuccess' | 'onFailed'>,
+  ) => {
+    if (isFetching)
+      return
+    setIsFetching(true)
+    if (!importIdRef.current)
+      return
+
+    try {
+      const response = await importDSLConfirm({
+        import_id: importIdRef.current,
+      })
+
+      const { status, app_id } = response
+      if (!app_id)
+        return
+
+      if (status === DSLImportStatus.COMPLETED) {
+        onSuccess?.()
+        notify({
+          type: 'success',
+          message: t('app.newApp.appCreated'),
+        })
+        localStorage.setItem(NEED_REFRESH_APP_LIST_KEY, '1')
+        getRedirection(isCurrentWorkspaceEditor, { id: app_id! }, push)
+      }
+      else if (status === DSLImportStatus.FAILED) {
+        notify({ type: 'error', message: t('app.newApp.appCreateFailed') })
+        onFailed?.()
+      }
+    }
+    catch {
+      notify({ type: 'error', message: t('app.newApp.appCreateFailed') })
+      onFailed?.()
+    }
+    finally {
+      setIsFetching(false)
+    }
+  }, [t, notify, isCurrentWorkspaceEditor, push, isFetching])
+
+  return {
+    handleImportDSL,
+    handleImportDSLConfirm,
+    versions,
+    isFetching,
+  }
+}
--- a/web/middleware.ts
+++ b/web/middleware.ts
@@ -3,10 +3,26 @@ import { NextResponse } from 'next/server'

 const NECESSARY_DOMAIN = '*.sentry.io http://localhost:* http://127.0.0.1:* https://analytics.google.com googletagmanager.com *.googletagmanager.com https://www.google-analytics.com https://api.github.com'

+const wrapResponseWithXFrameOptions = (response: NextResponse, pathname: string) => {
+  // prevent clickjacking: https://owasp.org/www-community/attacks/Clickjacking
+  // Chatbot page should be allowed to be embedded in iframe. It's a feature
+  if (process.env.NEXT_PUBLIC_ALLOW_EMBED !== 'true' && !pathname.startsWith('/chat'))
+    response.headers.set('X-Frame-Options', 'DENY')
+
+  return response
+}
 export function middleware(request: NextRequest) {
+  const { pathname } = request.nextUrl
+  const requestHeaders = new Headers(request.headers)
+  const response = NextResponse.next({
+    request: {
+      headers: requestHeaders,
+    },
+  })
+
  const isWhiteListEnabled = !!process.env.NEXT_PUBLIC_CSP_WHITELIST && process.env.NODE_ENV === 'production'
  if (!isWhiteListEnabled)
-    return NextResponse.next()
+    return wrapResponseWithXFrameOptions(response, pathname)

  const whiteList = `${process.env.NEXT_PUBLIC_CSP_WHITELIST} ${NECESSARY_DOMAIN}`
  const nonce = Buffer.from(crypto.randomUUID()).toString('base64')
@@ -33,7 +49,6 @@ export function middleware(request: NextRequest) {
    .replace(/\s{2,}/g, ' ')
    .trim()

-  const requestHeaders = new Headers(request.headers)
  requestHeaders.set('x-nonce', nonce)

  requestHeaders.set(
@@ -41,17 +56,12 @@ export function middleware(request: NextRequest) {
    contentSecurityPolicyHeaderValue,
  )

-  const response = NextResponse.next({
-    request: {
-      headers: requestHeaders,
-    },
-  })
  response.headers.set(
    'Content-Security-Policy',
    contentSecurityPolicyHeaderValue,
  )

-  return response
+  return wrapResponseWithXFrameOptions(response, pathname)
 }

 export const config = {
@@ -73,4 +83,4 @@ export const config = {
      // ],
    },
  ],
-}
+}
--- a/web/package.json
+++ b/web/package.json
@@ -1,6 +1,6 @@
 {
  "name": "dify-web",
-  "version": "0.15.3",
+  "version": "0.15.7",
  "private": true,
  "engines": {
    "node": ">=18.17.0"
@@ -51,6 +51,7 @@
    "crypto-js": "^4.2.0",
    "dayjs": "^1.11.7",
    "decimal.js": "^10.4.3",
+    "dompurify": "^3.2.4",
    "echarts": "^5.5.1",
    "echarts-for-react": "^3.0.2",
    "elkjs": "^0.9.3",
@@ -70,7 +71,7 @@
    "mermaid": "11.4.1",
    "mime": "^4.0.4",
    "negotiator": "^0.6.3",
-    "next": "^14.2.10",
+    "next": "^14.2.25",
    "pinyin-pro": "^3.23.0",
    "qrcode.react": "^3.1.0",
    "qs": "^6.11.1",
--- a/web/service/common.ts
+++ b/web/service/common.ts
@@ -40,7 +40,7 @@ import type { SystemFeatures } from '@/types/feature'

 type LoginSuccess = {
  result: 'success'
-  data: { access_token: string;refresh_token: string }
+  data: { access_token: string; refresh_token: string }
 }
 type LoginFail = {
  result: 'fail'
@@ -331,20 +331,20 @@ export const uploadRemoteFileInfo = (url: string, isPublic?: boolean) => {
 export const sendEMailLoginCode = (email: string, language = 'en-US') =>
  post<CommonResponse & { data: string }>('/email-code-login', { body: { email, language } })

-export const emailLoginWithCode = (data: { email: string;code: string;token: string }) =>
+export const emailLoginWithCode = (data: { email: string; code: string; token: string }) =>
  post<LoginResponse>('/email-code-login/validity', { body: data })

 export const sendResetPasswordCode = (email: string, language = 'en-US') =>
-  post<CommonResponse & { data: string;message?: string ;code?: string }>('/forgot-password', { body: { email, language } })
+  post<CommonResponse & { data: string; message?: string; code?: string }>('/forgot-password', { body: { email, language } })

-export const verifyResetPasswordCode = (body: { email: string;code: string;token: string }) =>
-  post<CommonResponse & { is_valid: boolean }>('/forgot-password/validity', { body })
+export const verifyResetPasswordCode = (body: { email: string; code: string; token: string }) =>
+  post<CommonResponse & { is_valid: boolean; token: string }>('/forgot-password/validity', { body })

 export const sendDeleteAccountCode = () =>
  get<CommonResponse & { data: string }>('/account/delete/verify')

-export const verifyDeleteAccountCode = (body: { code: string;token: string }) =>
+export const verifyDeleteAccountCode = (body: { code: string; token: string }) =>
  post<CommonResponse & { is_valid: boolean }>('/account/delete', { body })

-export const submitDeleteAccountFeedback = (body: { feedback: string;email: string }) =>
+export const submitDeleteAccountFeedback = (body: { feedback: string; email: string }) =>
  post<CommonResponse>('/account/delete/feedback', { body })
--- a/web/yarn.lock
+++ b/web/yarn.lock
@@ -2066,10 +2066,10 @@
  dependencies:
    "@monaco-editor/loader" "^1.4.0"

-"@next/env@14.2.17":
-  version "14.2.17"
-  resolved "https://registry.npmjs.org/@next/env/-/env-14.2.17.tgz"
-  integrity sha512-MCgO7VHxXo8sYR/0z+sk9fGyJJU636JyRmkjc7ZJY8Hurl8df35qG5hoAh5KMs75FLjhlEo9bb2LGe89Y/scDA==
+"@next/env@14.2.25":
+  version "14.2.25"
+  resolved "https://registry.yarnpkg.com/@next/env/-/env-14.2.25.tgz#936d10b967e103e49a4bcea1e97292d5605278dd"
+  integrity sha512-JnzQ2cExDeG7FxJwqAksZ3aqVJrHjFwZQAEJ9gQZSoEhIow7SNoKZzju/AwQ+PLIR4NY8V0rhcVozx/2izDO0w==

 "@next/eslint-plugin-next@14.0.4":
  version "14.0.4"
@@ -2085,50 +2085,50 @@
  dependencies:
    source-map "^0.7.0"

-"@next/swc-darwin-arm64@14.2.17":
-  version "14.2.17"
-  resolved "https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-14.2.17.tgz"
-  integrity sha512-WiOf5nElPknrhRMTipXYTJcUz7+8IAjOYw3vXzj3BYRcVY0hRHKWgTgQ5439EvzQyHEko77XK+yN9x9OJ0oOog==
+"@next/swc-darwin-arm64@14.2.25":
+  version "14.2.25"
+  resolved "https://registry.yarnpkg.com/@next/swc-darwin-arm64/-/swc-darwin-arm64-14.2.25.tgz#7bcccfda0c0ff045c45fbe34c491b7368e373e3d"
+  integrity sha512-09clWInF1YRd6le00vt750s3m7SEYNehz9C4PUcSu3bAdCTpjIV4aTYQZ25Ehrr83VR1rZeqtKUPWSI7GfuKZQ==

-"@next/swc-darwin-x64@14.2.17":
-  version "14.2.17"
-  resolved "https://registry.yarnpkg.com/@next/swc-darwin-x64/-/swc-darwin-x64-14.2.17.tgz#e29a17ef28d97c347c7d021f391e13b6c8e4c813"
-  integrity sha512-29y425wYnL17cvtxrDQWC3CkXe/oRrdt8ie61S03VrpwpPRI0XsnTvtKO06XCisK4alaMnZlf8riwZIbJTaSHQ==
+"@next/swc-darwin-x64@14.2.25":
+  version "14.2.25"
+  resolved "https://registry.yarnpkg.com/@next/swc-darwin-x64/-/swc-darwin-x64-14.2.25.tgz#b489e209d7b405260b73f69a38186ed150fb7a08"
+  integrity sha512-V+iYM/QR+aYeJl3/FWWU/7Ix4b07ovsQ5IbkwgUK29pTHmq+5UxeDr7/dphvtXEq5pLB/PucfcBNh9KZ8vWbug==

-"@next/swc-linux-arm64-gnu@14.2.17":
-  version "14.2.17"
-  resolved "https://registry.yarnpkg.com/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-14.2.17.tgz#10e99c7aa60cc33f8b7633e045f74be9a43e7b0c"
-  integrity sha512-SSHLZls3ZwNEHsc+d0ynKS+7Af0Nr8+KTUBAy9pm6xz9SHkJ/TeuEg6W3cbbcMSh6j4ITvrjv3Oi8n27VR+IPw==
+"@next/swc-linux-arm64-gnu@14.2.25":
+  version "14.2.25"
+  resolved "https://registry.yarnpkg.com/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-14.2.25.tgz#ba064fabfdce0190d9859493d8232fffa84ef2e2"
+  integrity sha512-LFnV2899PJZAIEHQ4IMmZIgL0FBieh5keMnriMY1cK7ompR+JUd24xeTtKkcaw8QmxmEdhoE5Mu9dPSuDBgtTg==

-"@next/swc-linux-arm64-musl@14.2.17":
-  version "14.2.17"
-  resolved "https://registry.yarnpkg.com/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-14.2.17.tgz#9a5bb809d3c6aef96c409959aedae28b4e5db53d"
-  integrity sha512-VFge37us5LNPatB4F7iYeuGs9Dprqe4ZkW7lOEJM91r+Wf8EIdViWHLpIwfdDXinvCdLl6b4VyLpEBwpkctJHA==
+"@next/swc-linux-arm64-musl@14.2.25":
+  version "14.2.25"
+  resolved "https://registry.yarnpkg.com/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-14.2.25.tgz#bf0018267e4e0fbfa1524750321f8cae855144a3"
+  integrity sha512-QC5y5PPTmtqFExcKWKYgUNkHeHE/z3lUsu83di488nyP0ZzQ3Yse2G6TCxz6nNsQwgAx1BehAJTZez+UQxzLfw==

-"@next/swc-linux-x64-gnu@14.2.17":
-  version "14.2.17"
-  resolved "https://registry.yarnpkg.com/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-14.2.17.tgz#64e0ce01870e6dc45ae48f676d7cce82aedcdc62"
-  integrity sha512-aaQlpxUVb9RZ41adlTYVQ3xvYEfBPUC8+6rDgmQ/0l7SvK8S1YNJzPmDPX6a4t0jLtIoNk7j+nroS/pB4nx7vQ==
+"@next/swc-linux-x64-gnu@14.2.25":
+  version "14.2.25"
+  resolved "https://registry.yarnpkg.com/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-14.2.25.tgz#64f5a6016a7148297ee80542e0fd788418a32472"
+  integrity sha512-y6/ML4b9eQ2D/56wqatTJN5/JR8/xdObU2Fb1RBidnrr450HLCKr6IJZbPqbv7NXmje61UyxjF5kvSajvjye5w==

-"@next/swc-linux-x64-musl@14.2.17":
-  version "14.2.17"
-  resolved "https://registry.yarnpkg.com/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-14.2.17.tgz#93114164b6ccfc533908193ab9065f0c3970abc3"
-  integrity sha512-HSyEiFaEY3ay5iATDqEup5WAfrhMATNJm8dYx3ZxL+e9eKv10XKZCwtZByDoLST7CyBmyDz+OFJL1wigyXeaoA==
+"@next/swc-linux-x64-musl@14.2.25":
+  version "14.2.25"
+  resolved "https://registry.yarnpkg.com/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-14.2.25.tgz#58dc636d7c55828478159546f7b95ab1e902301c"
+  integrity sha512-sPX0TSXHGUOZFvv96GoBXpB3w4emMqKeMgemrSxI7A6l55VBJp/RKYLwZIB9JxSqYPApqiREaIIap+wWq0RU8w==

-"@next/swc-win32-arm64-msvc@14.2.17":
-  version "14.2.17"
-  resolved "https://registry.yarnpkg.com/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-14.2.17.tgz#4b99dea02178c112e5c33c742f9ff2a49b3b2939"
-  integrity sha512-h5qM9Btqv87eYH8ArrnLoAHLyi79oPTP2vlGNSg4CDvUiXgi7l0+5KuEGp5pJoMhjuv9ChRdm7mRlUUACeBt4w==
+"@next/swc-win32-arm64-msvc@14.2.25":
+  version "14.2.25"
+  resolved "https://registry.yarnpkg.com/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-14.2.25.tgz#93562d447c799bded1e89c1a62d5195a2a8c6c0d"
+  integrity sha512-ReO9S5hkA1DU2cFCsGoOEp7WJkhFzNbU/3VUF6XxNGUCQChyug6hZdYL/istQgfT/GWE6PNIg9cm784OI4ddxQ==

-"@next/swc-win32-ia32-msvc@14.2.17":
-  version "14.2.17"
-  resolved "https://registry.yarnpkg.com/@next/swc-win32-ia32-msvc/-/swc-win32-ia32-msvc-14.2.17.tgz#f1c23955405a259b6d45c65f918575b01bcf0106"
-  integrity sha512-BD/G++GKSLexQjdyoEUgyo5nClU7er5rK0sE+HlEqnldJSm96CIr/+YOTT063LVTT/dUOeQsNgp5DXr86/K7/A==
+"@next/swc-win32-ia32-msvc@14.2.25":
+  version "14.2.25"
+  resolved "https://registry.yarnpkg.com/@next/swc-win32-ia32-msvc/-/swc-win32-ia32-msvc-14.2.25.tgz#ad85a33466be1f41d083211ea21adc0d2c6e6554"
+  integrity sha512-DZ/gc0o9neuCDyD5IumyTGHVun2dCox5TfPQI/BJTYwpSNYM3CZDI4i6TOdjeq1JMo+Ug4kPSMuZdwsycwFbAw==

-"@next/swc-win32-x64-msvc@14.2.17":
-  version "14.2.17"
-  resolved "https://registry.yarnpkg.com/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-14.2.17.tgz#44f5a4fcd8df1396a8d4326510ca2d92fb809cb3"
-  integrity sha512-vkQfN1+4V4KqDibkW2q0sJ6CxQuXq5l2ma3z0BRcfIqkAMZiiW67T9yCpwqJKP68QghBtPEFjPAlaqe38O6frw==
+"@next/swc-win32-x64-msvc@14.2.25":
+  version "14.2.25"
+  resolved "https://registry.yarnpkg.com/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-14.2.25.tgz#3969c66609e683ec63a6a9f320a855f7be686a08"
+  integrity sha512-KSznmS6eFjQ9RJ1nEc66kJvtGIL1iZMYmGEXsZPh2YtnLtqrgdVvKXJY2ScjjoFnG6nGLyPFR0UiEvDwVah4Tw==

 "@nodelib/fs.scandir@2.1.5":
  version "2.1.5"
@@ -5864,6 +5864,13 @@ dompurify@^3.2.1:
  optionalDependencies:
    "@types/trusted-types" "^2.0.7"

+dompurify@^3.2.4:
+  version "3.2.4"
+  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.2.4.tgz#af5a5a11407524431456cf18836c55d13441cd8e"
+  integrity sha512-ysFSFEDVduQpyhzAob/kkuJjf5zWkZD8/A9ywSp1byueyuCfHamrCBa14/Oc2iiB0e51B+NpxSl5gmzn+Ms/mg==
+  optionalDependencies:
+    "@types/trusted-types" "^2.0.7"
+
 domutils@^2.5.2, domutils@^2.8.0:
  version "2.8.0"
  resolved "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz"
@@ -9911,12 +9918,12 @@ neo-async@^2.6.2:
  resolved "https://registry.npmjs.org/neo-async/-/neo-async-2.6.2.tgz"
  integrity sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==

-next@^14.2.10:
-  version "14.2.17"
-  resolved "https://registry.npmjs.org/next/-/next-14.2.17.tgz"
-  integrity sha512-hNo/Zy701DDO3nzKkPmsLRlDfNCtb1OJxFUvjGEl04u7SFa3zwC6hqsOUzMajcaEOEV8ey1GjvByvrg0Qr5AiQ==
+next@^14.2.25:
+  version "14.2.25"
+  resolved "https://registry.yarnpkg.com/next/-/next-14.2.25.tgz#0657551fde6a97f697cf9870e9ccbdaa465c6008"
+  integrity sha512-N5M7xMc4wSb4IkPvEV5X2BRRXUmhVHNyaXwEM86+voXthSZz8ZiRyQW4p9mwAoAPIm6OzuVZtn7idgEJeAJN3Q==
  dependencies:
-    "@next/env" "14.2.17"
+    "@next/env" "14.2.25"
    "@swc/helpers" "0.5.5"
    busboy "1.6.0"
    caniuse-lite "^1.0.30001579"
@@ -9924,15 +9931,15 @@ next@^14.2.10:
    postcss "8.4.31"
    styled-jsx "5.1.1"
  optionalDependencies:
-    "@next/swc-darwin-arm64" "14.2.17"
-    "@next/swc-darwin-x64" "14.2.17"
-    "@next/swc-linux-arm64-gnu" "14.2.17"
-    "@next/swc-linux-arm64-musl" "14.2.17"
-    "@next/swc-linux-x64-gnu" "14.2.17"
-    "@next/swc-linux-x64-musl" "14.2.17"
-    "@next/swc-win32-arm64-msvc" "14.2.17"
-    "@next/swc-win32-ia32-msvc" "14.2.17"
-    "@next/swc-win32-x64-msvc" "14.2.17"
+    "@next/swc-darwin-arm64" "14.2.25"
+    "@next/swc-darwin-x64" "14.2.25"
+    "@next/swc-linux-arm64-gnu" "14.2.25"
+    "@next/swc-linux-arm64-musl" "14.2.25"
+    "@next/swc-linux-x64-gnu" "14.2.25"
+    "@next/swc-linux-x64-musl" "14.2.25"
+    "@next/swc-win32-arm64-msvc" "14.2.25"
+    "@next/swc-win32-ia32-msvc" "14.2.25"
+    "@next/swc-win32-x64-msvc" "14.2.25"

 no-case@^3.0.4:
  version "3.0.4"
Author	SHA1	Message	Date
-LAN-	5be9cc57a4	feat: Add Workflow Research API for executing DSL workflows Introduces a new API endpoint that allows researchers to execute workflows defined in DSL (YAML) format or by using an existing app ID. This feature facilitates testing and running workflows without authentication, using a temporary app setup. The changes include creating a new API resource, detailed documentation, and a test script for the API. Provides error handling and validation to ensure either a DSL or an app ID is provided for workflow execution. Signed-off-by: -LAN- <laipz8200@outlook.com>	2025-05-13 19:30:47 +08:00
-LAN-	c919074e06	docs(CHANGELOG.md): Update CHANGELOG.md Signed-off-by: -LAN- <laipz8200@outlook.com>	2025-05-13 10:31:40 +08:00
kelvintsim	88cd9aedb7	add gunicorn keepalive setting (#19537 ) Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com> Co-authored-by: Bowen Liang <liang.bowen.123@qq.com>	2025-05-13 10:28:13 +08:00
-LAN-	16a4f77fb4	fix(config): Allow DB_EXTRAS to set search_path via options Signed-off-by: -LAN- <laipz8200@outlook.com>	2025-05-13 10:19:08 +08:00
-LAN-	3401c52665	chore(pyproject.toml): Upgrade huggingface-hub, transformers and resend (#19563 ) Signed-off-by: -LAN- <laipz8200@outlook.com>	2025-05-12 23:21:57 +08:00
Zixuan Cheng	4fa3d78ed8	Revert "feat : add GPT4.1 in the model providers" (#19002 )	2025-04-28 18:15:24 +08:00
-LAN-	5f7f851b17	fix: Refines None checks in result transformation Simplifies the code by replacing type checks for None with direct comparisons, improving readability and consistency in handling None values during output validation. Signed-off-by: -LAN- <laipz8200@outlook.com>	2025-04-28 15:40:14 +08:00
-LAN-	559ab46ee1	fix: Removes redundant token calculations and updates dependencies Eliminates unnecessary pre-calculation of token limits and recalculation of max tokens across multiple app runners, simplifying the logic for prompt handling. Updates tiktoken library from version 0.8.0 to 0.9.0 for improved tokenization performance. Increases default token limit in TokenBufferMemory to accommodate larger prompt messages. These changes streamline the token management process and leverage the latest improvements in the tiktoken library. Fixes potential token overflow issues and prepares the system for handling larger inputs more efficiently. Relates to internal optimization tasks. Signed-off-by: -LAN- <laipz8200@outlook.com>	2025-04-28 15:39:12 +08:00
-LAN-	df98223c8c	chore: Updates to version 0.15.7 with new model support Adds support for GPT-4.1 and Amazon Bedrock DeepSeek-R1 models. Fixes issues with app creation from template categories and DSL version checks. Updates version numbers in configuration files and Docker setup to 0.15.7 for consistency. Addresses issues #18807, #18868, #18872, #18878, and #18912. Signed-off-by: -LAN- <laipz8200@outlook.com>	2025-04-28 14:19:07 +08:00
Zixuan Cheng	144f9507f8	feat : add GPT4.1 in the model providers (#18912 )	2025-04-27 19:31:20 +08:00
kelvintsim	2e097a1ac0	add bedrock deepseek-r1 (#18908 )	2025-04-27 19:30:42 +08:00
NFish	9f7d8a981f	Patch: hotfix/create from template category (#18807 ) (#18868 )	2025-04-27 14:47:18 +08:00
zxhlyh	40b31bafd5	fix: check dsl version when create app from explore template (#18872 ) (#18878 )	2025-04-27 14:21:45 +08:00
-LAN-	d38a2c95fb	docs(CHANGELOG): Update CHANGELOG.md Signed-off-by: -LAN- <laipz8200@outlook.com>	2025-04-25 18:31:08 +08:00
-LAN-	7d18e2a0ef	feat(app_dsl_service): Refines version compatibility logic Updates logic to handle various version comparisons, ensuring more precise status returns based on version differences. Improves handling of older and newer versions to prevent mismatches and ensure appropriate compatibility status. Signed-off-by: -LAN- <laipz8200@outlook.com>	2025-04-25 18:27:31 +08:00
kelvintsim	024f242251	add bedrock claude-sonnet-3.7 (#18788 )	2025-04-25 17:35:12 +08:00
-LAN-	bfdce78ca5	chore(*): Bump up to 0.15.6 Signed-off-by: -LAN- <laipz8200@outlook.com>	2025-04-23 14:06:46 +08:00
-LAN-	00c2258352	CHANGELOG): Adds initial changelog for version 0.15.6 Signed-off-by: -LAN- <laipz8200@outlook.com>	2025-04-23 13:55:33 +08:00
Joel	a1b3d41712	fix: clickjacking (#18552 )	2025-04-22 17:08:52 +08:00
kautsar_masuara	b26e20fe34	fix: fix vertex gemini 2.0 flash 001 schema (#18405 ) Co-authored-by: achmad-kautsar <achmad.kautsar@insignia.co.id>	2025-04-19 22:04:13 +08:00
NFish	161ff432f1	fix: update reset password token when email code verify success (#18362 )	2025-04-18 17:15:15 +08:00
Xiyuan Chen	99a9def623	fix: reset_password security issue (#18366 )	2025-04-18 05:04:44 -04:00
Alexi.F	fe1846c437	fix: change gemini-2.0-flash to validate google api #17082 (#17115 )	2025-03-30 13:04:12 +08:00
-LAN-	8e75eb5c63	fix: update version to 0.15.5 in packaging and docker-compose files Sgned-off-by: -LAN- <lapz8200@outlook.com>	2025-03-24 16:47:06 +08:00
-LAN-	970508fcb6	fix: update GitHub Actions workflow to trigger on tags Signed-off-by: -LAN- <laipz8200@outlook.com>	2025-03-24 16:45:29 +08:00
NFish	9283a5414f	fix: update yarn.lock	2025-03-24 16:41:07 +08:00
-LAN-	2a2a0e9be9	fix: update DifySandbox image version to 0.2.11 in docker-compose files Sgned-off-by: -LAN- <laipz8200@outlook.com>	2025-03-24 15:37:55 +08:00
Joel	061a765b7d	fix: sanitizer svg to avoid xss (#16608 )	2025-03-24 14:48:40 +08:00
-LAN-	acd7fead87	feat: remove Vanna provider and associated assets from the project Signed-off-by: -LAN- <laipz8200@outlook.com>	2025-03-24 14:34:03 +08:00
NFish	bbb080d5b2	fix: update chatbot help doc link on the create app form	2025-03-24 11:28:35 +08:00
NFish	c01d8a70f3	fix: upgrade nextjs to v14.2.25. a security patch for CVE-2025-29927.	2025-03-24 10:32:18 +08:00
-LAN-	1ca15989e0	chore: update version to 0.15.4 in configuration and docker files Signed-off-by: -LAN- <laipz8200@outlook.com>	2025-03-21 16:39:06 +08:00
-LAN-	8b5a3a9424	Merge branch 'release/0.15.4' of github.com:langgenius/dify into release/0.15.4	2025-03-21 16:31:06 +08:00
-LAN-	42ddcf1edd	chore: remove 0.15.3 branch config in the build action Signed-off-by: -LAN- <laipz8200@outlook.com>	2025-03-21 16:30:33 +08:00
Joel	21561df10f	fix: xss in render svg (#16437 )	2025-03-21 15:24:58 +08:00
crazywoola	0e33a3aa5f	chore: add ci	2025-02-19 14:34:36 +08:00
Hash Brown	d3895bcd6b	revert	2025-02-19 14:32:28 +08:00
Hash Brown	eeb390650b	fix: build failed	2025-02-19 14:32:28 +08:00