This release adds 3 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Summary
AI summaryUpdates gateway, refactor, and fix across a mixed release.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Feature | Medium |
Adds profile-scoped endpoint and credential discovery endpoint. Adds profile-scoped endpoint and credential discovery endpoint. Source: llm_adapter@2026-06-10 Confidence: high |
— |
| Feature | Medium |
Enables Tailscale tunnel OAuth‑client authentication using oauth_client_secret. Enables Tailscale tunnel OAuth‑client authentication using oauth_client_secret. Source: llm_adapter@2026-06-10 Confidence: high |
— |
| Feature | Medium |
Handles tsnet exit‑node UDP traffic via GetUDPHandlerForFlow. Handles tsnet exit‑node UDP traffic via GetUDPHandlerForFlow. Source: llm_adapter@2026-06-10 Confidence: high |
— |
| Feature | Medium |
Advertises dnsvip CIDRs as Tailscale subnet routes. Advertises dnsvip CIDRs as Tailscale subnet routes. Source: llm_adapter@2026-06-10 Confidence: high |
— |
| Bugfix | Medium |
Honors wireguard.listen_port configuration instead of ignoring it. Honors wireguard.listen_port configuration instead of ignoring it. Source: llm_adapter@2026-06-10 Confidence: high |
— |
| Bugfix | Medium |
Re‑signs non‑EKS proxied AWS requests and injects placeholder AWS environment variables. Re‑signs non‑EKS proxied AWS requests and injects placeholder AWS environment variables. Source: llm_adapter@2026-06-10 Confidence: high |
— |
Full changelog
What's Changed
- [WIP] Landing page refresh by @josh-collinsworth in https://github.com/denoland/clawpatrol/pull/635
- Another LP pass by @josh-collinsworth in https://github.com/denoland/clawpatrol/pull/636
- refactor: decouple llm approver summaries by @magurotuna in https://github.com/denoland/clawpatrol/pull/638
- Pre-launch checkup by @josh-collinsworth in https://github.com/denoland/clawpatrol/pull/639
- tailscale tunnel: OAuth-client auth via oauth_client_secret by @piscisaureus in https://github.com/denoland/clawpatrol/pull/641
- fix: honor wireguard.listen_port instead of silently ignoring it (cl-94cf) by @arnauorriols in https://github.com/denoland/clawpatrol/pull/646
- aws_credential: re-sign non-EKS proxied requests + inject placeholder AWS env vars by @arnauorriols in https://github.com/denoland/clawpatrol/pull/644
- feat: profile-scoped endpoint/credential discovery endpoint by @arnauorriols in https://github.com/denoland/clawpatrol/pull/645
- gateway: handle tsnet exit-node UDP via GetUDPHandlerForFlow by @piscisaureus in https://github.com/denoland/clawpatrol/pull/643
- gateway: advertise dnsvip CIDRs as Tailscale subnet routes by @piscisaureus in https://github.com/denoland/clawpatrol/pull/654
Full Changelog: https://github.com/denoland/clawpatrol/compare/v0.2.5...v0.2.6
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About Claw Patrol
All releases →Beta — feedback welcome: [email protected]