This release adds 3 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Affected surfaces
Summary
AI summaryAdded passwordless sudo support in run, improved postgres catalog parsing with COLLATE default, and fixed dashboard copy button behavior.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Medium |
Stop leaking resolv.conf bind‑mounts to the host via sudo path. Stop leaking resolv.conf bind‑mounts to the host via sudo path. Source: llm_adapter@2026-06-11 Confidence: high |
— |
| Feature | Low |
Use passwordless sudo for setup, allowing wrapped commands to execute with sudo. Use passwordless sudo for setup, allowing wrapped commands to execute with sudo. Source: llm_adapter@2026-06-11 Confidence: high |
— |
| Feature | Low |
Document the passwordless‑sudo path for clawpatrol run. Document the passwordless‑sudo path for clawpatrol run. Source: llm_adapter@2026-06-11 Confidence: high |
— |
| Bugfix | Medium |
Fix copy buttons in non-secure dashboard contexts. Fix copy buttons in non-secure dashboard contexts. Source: llm_adapter@2026-06-11 Confidence: high |
— |
| Bugfix | Medium |
Prevent --login hangs caused by unbounded requests and stale login URLs. Prevent --login hangs caused by unbounded requests and stale login URLs. Source: llm_adapter@2026-06-11 Confidence: high |
— |
| Bugfix | Medium |
Fix DNS resolution in passwordless‑sudo run path by correcting resolv.conf permissions. Fix DNS resolution in passwordless‑sudo run path by correcting resolv.conf permissions. Source: llm_adapter@2026-06-11 Confidence: high |
— |
| Bugfix | Medium |
Ensure stable runtime directory so only one daemon runs per identity. Ensure stable runtime directory so only one daemon runs per identity. Source: llm_adapter@2026-06-11 Confidence: high |
— |
| Bugfix | Low |
Parse PostgreSQL \d catalog queries with default COLLATE handling. Parse PostgreSQL \d catalog queries with default COLLATE handling. Source: llm_adapter@2026-06-11 Confidence: low |
— |
Full changelog
What's Changed
- run: use passwordless sudo for setup so the wrapped command can sudo by @piscisaureus in https://github.com/denoland/clawpatrol/pull/663
- postgres: parse psql \d catalog queries with COLLATE default by @piscisaureus in https://github.com/denoland/clawpatrol/pull/664
- dashboard: fix copy buttons in non-secure contexts by @piscisaureus in https://github.com/denoland/clawpatrol/pull/667
- join: prevent --login hangs (unbounded requests + stale login URL) by @piscisaureus in https://github.com/denoland/clawpatrol/pull/668
- run: fix DNS in passwordless-sudo path (resolv.conf perms) by @piscisaureus in https://github.com/denoland/clawpatrol/pull/669
- run: stop leaking resolv.conf bind-mounts to the host (sudo path) by @piscisaureus in https://github.com/denoland/clawpatrol/pull/671
- daemon: stable runtime dir so only one daemon runs per identity by @piscisaureus in https://github.com/denoland/clawpatrol/pull/670
- docs: describe the passwordless-sudo path for clawpatrol run by @piscisaureus in https://github.com/denoland/clawpatrol/pull/672
Full Changelog: https://github.com/denoland/clawpatrol/compare/v0.2.8...v0.2.9
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About Claw Patrol
All releases →Beta — feedback welcome: [email protected]