Skip to content

docker-agent

v1.58.0 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 23d AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 2 known CVEs

Topics

agents ai

ReleasePort's take

Light signal
editorial:auto 13d

Release v1.58.0 adds external TUI control via --listen, send, and watch commands and hardens the http_post hook against SSRF.

Why it matters: If you use agent workflows that expose a TUI or rely on HTTP POST hooks, upgrade to v1.58.0 immediately; the new security hardening mitigates SSRF risks in http_post.

Summary

AI summary

Adds external TUI control via --listen, send, and watch commands with HTTP POST hook support.

Changes in this release

Security Medium

Hardens http_post hook with SSRF-safe client, scheme validation, and request logging

Hardens http_post hook with SSRF-safe client, scheme validation, and request logging

Source: llm_adapter@2026-05-21

Confidence: high
Security Medium

Adds security hardening for secrets provider, archive extraction, OAuth HTTP client, and shell tool

Adds security hardening for secrets provider, archive extraction, OAuth HTTP client, and shell tool

Source: llm_adapter@2026-05-21

Confidence: high
Feature Medium

Adds http_post builtin hook for HTTP POST requests from agent workflows

Adds http_post builtin hook for HTTP POST requests from agent workflows

Source: llm_adapter@2026-05-21

Confidence: high
Feature Medium

Adds --listen flag to run command to expose TUI for external control

Adds --listen flag to run command to expose TUI for external control

Source: llm_adapter@2026-05-21

Confidence: high
Feature Medium

Adds send subcommand to drive live TUI session from external processes

Adds send subcommand to drive live TUI session from external processes

Source: llm_adapter@2026-05-21

Confidence: high
Feature Medium

Adds watch subcommand to stream events from running TUI

Adds watch subcommand to stream events from running TUI

Source: llm_adapter@2026-05-21

Confidence: high
Feature Medium

Adds --on-event hooks to observe arbitrary events during runs

Adds --on-event hooks to observe arbitrary events during runs

Source: llm_adapter@2026-05-21

Confidence: high
Feature Medium

Adds --attach flag to serve mcp command to expose running TUI via MCP

Adds --attach flag to serve mcp command to expose running TUI via MCP

Source: llm_adapter@2026-05-21

Confidence: high
Feature Medium

Adds newline-delimited JSON protocol over stdio for external communication

Adds newline-delimited JSON protocol over stdio for external communication

Source: llm_adapter@2026-05-21

Confidence: high
Feature Medium

Adds discovery files for live runs in run registry

Adds discovery files for live runs in run registry

Source: llm_adapter@2026-05-21

Confidence: high
Feature Medium

Adds bump-config-version skill for configuration management

Adds bump-config-version skill for configuration management

Source: llm_adapter@2026-05-21

Confidence: high
Dependency Medium

Updates Go to version 1.26.3

Updates Go to version 1.26.3

Source: llm_adapter@2026-05-21

Confidence: high
Dependency Medium

Bumps direct go dependencies

Bumps direct go dependencies

Source: llm_adapter@2026-05-21

Confidence: high
Performance Medium

Makes max_iterations builtin stateless using runtime's existing iteration counter

Makes max_iterations builtin stateless using runtime's existing iteration counter

Source: llm_adapter@2026-05-21

Confidence: high
Bugfix Medium

Fixes filesystem tool path expansion for ~ (home directory) in file paths

Fixes filesystem tool path expansion for ~ (home directory) in file paths

Source: llm_adapter@2026-05-21

Confidence: high
Bugfix Medium

Fixes model ID handling to use fully-qualified provider/model identifiers

Fixes model ID handling to use fully-qualified provider/model identifiers

Source: llm_adapter@2026-05-21

Confidence: high
Bugfix Medium

Fixes Nebius example to use available Kimi-K2.5 model instead of deprecated Kimi-K2-Instruct

Fixes Nebius example to use available Kimi-K2.5 model instead of deprecated Kimi-K2-Instruct

Source: llm_adapter@2026-05-21

Confidence: high
Bugfix Medium

Fixes dry-run mode to work properly before contacting remote servers

Fixes dry-run mode to work properly before contacting remote servers

Source: llm_adapter@2026-05-21

Confidence: high
Bugfix Medium

Fixes request context propagation in echo logging

Fixes request context propagation in echo logging

Source: llm_adapter@2026-05-21

Confidence: high
Bugfix Medium

Fixes run registry permissions and session lifecycle cleanup

Fixes run registry permissions and session lifecycle cleanup

Source: llm_adapter@2026-05-21

Confidence: high
Refactor Medium

Refactors snapshot handling into dedicated SnapshotController separate from runtime

Refactors snapshot handling into dedicated SnapshotController separate from runtime

Source: llm_adapter@2026-05-21

Confidence: high
Refactor Medium

Refactors unload builtin to be pure and runtime-agnostic

Refactors unload builtin to be pure and runtime-agnostic

Source: llm_adapter@2026-05-21

Confidence: high
Refactor Medium

Promotes model switching and tools change subscription onto Runtime interface

Promotes model switching and tools change subscription onto Runtime interface

Source: llm_adapter@2026-05-21

Confidence: high
Full changelog

This release adds external TUI control capabilities, HTTP POST hooks, and several security hardening improvements.

What's New

  • Adds http_post builtin hook for making HTTP POST requests from agent workflows
  • Adds --listen flag to run command to expose the running TUI for external control
  • Adds send subcommand to drive a live TUI session from external processes
  • Adds watch subcommand to stream events from a running TUI
  • Adds --on-event hooks to observe arbitrary events during runs
  • Adds --attach flag to serve mcp command to expose running TUI via MCP
  • Adds newline-delimited JSON protocol over stdio for external communication
  • Adds discovery files for live runs in run registry
  • Adds bump-config-version skill for configuration management

Bug Fixes

  • Fixes filesystem tool path expansion for ~ (home directory) in file paths
  • Fixes model ID handling to use fully-qualified provider/model identifiers for capability lookups
  • Fixes Nebius example to use available Kimi-K2.5 model instead of deprecated Kimi-K2-Instruct
  • Fixes dry-run mode to work properly before contacting remote servers
  • Fixes request context propagation in echo logging
  • Fixes run registry permissions and session lifecycle cleanup

Improvements

  • Makes max_iterations builtin stateless by using runtime's existing iteration counter
  • Hardens http_post hook with SSRF-safe client, scheme validation, and request logging
  • Consolidates home directory path expansion across the codebase
  • Shows current git branch when working in a repository
  • Unifies local and remote run dispatch through shared backend interface

Technical Changes

  • Refactors snapshot handling into dedicated SnapshotController separate from runtime
  • Refactors unload builtin to be pure and runtime-agnostic
  • Promotes model switching and tools change subscription onto Runtime interface
  • Adds security hardening for secrets provider, archive extraction, OAuth HTTP client, and shell tool
  • Enables gosec linter for file permission validation
  • Updates Go to version 1.26.3
  • Adds migration content pinning to enforce append-only database schema changes

What's Changed

  • docs: update CHANGELOG.md for v1.57.0 by @docker-read-write[bot] in https://github.com/docker/docker-agent/pull/2703
  • fix: expand ~ in filesystem tool paths by @dgageot in https://github.com/docker/docker-agent/pull/2704
  • feat(hooks): add http_post builtin by @dgageot in https://github.com/docker/docker-agent/pull/2705
  • fix: use available Kimi-K2.5 model in nebius example by @dgageot in https://github.com/docker/docker-agent/pull/2711
  • fix: make max_iterations builtin stateless (#2698) by @dgageot in https://github.com/docker/docker-agent/pull/2708
  • update PR reviewer to 1.5.1 by @derekmisler in https://github.com/docker/docker-agent/pull/2717
  • Show the current git branch when in a repo by @rumpl in https://github.com/docker/docker-agent/pull/2721
  • Consolidate home directory path expansion by @rumpl in https://github.com/docker/docker-agent/pull/2720
  • Change the default models for the golang dev by @rumpl in https://github.com/docker/docker-agent/pull/2718
  • Change the app name in otel to docker-agent by @rumpl in https://github.com/docker/docker-agent/pull/2719
  • bump direct go dependencies by @dgageot in https://github.com/docker/docker-agent/pull/2709
  • bump go to 1.26.3 by @dgageot in https://github.com/docker/docker-agent/pull/2712
  • feat: let external processes drive a running TUI by @dgageot in https://github.com/docker/docker-agent/pull/2714
  • security: five defense-in-depth fixes (secrets, archives, oauth, shell tool, request logs) by @dgageot in https://github.com/docker/docker-agent/pull/2713
  • refactor(run): unify local/remote dispatch via Backend (10 baby steps) by @dgageot in https://github.com/docker/docker-agent/pull/2715
  • refactor: extract SnapshotController so the runtime no longer brokers /undo by @dgageot in https://github.com/docker/docker-agent/pull/2707
  • add bump-config-version skill by @dgageot in https://github.com/docker/docker-agent/pull/2729
  • ci: enable gosec linter by @dgageot in https://github.com/docker/docker-agent/pull/2730
  • test(session): pin migration catalogue content (append-only enforcement) by @dgageot in https://github.com/docker/docker-agent/pull/2727
  • fix(toolinstall): route the registry client through httpclient.NewSafeClient by @dgageot in https://github.com/docker/docker-agent/pull/2726
  • Fix broken test on main by @dgageot in https://github.com/docker/docker-agent/pull/2735
  • Add alias by @dgageot in https://github.com/docker/docker-agent/pull/2736
  • ci: lint workflow invariants actionlint misses (concurrency, SHA pinning, payload deny-list) by @dgageot in https://github.com/docker/docker-agent/pull/2725
  • refactor(run-control): unify target resolution and SSE handling by @dgageot in https://github.com/docker/docker-agent/pull/2731
  • refactor(hooks): make the unload on_agent_switch builtin pure by @dgageot in https://github.com/docker/docker-agent/pull/2706
  • chore: bump direct Go dependencies by @dgageot in https://github.com/docker/docker-agent/pull/2742
  • remote-runtime: close silent gaps, consolidate Runtime, scaffold wire (10 baby steps) by @dgageot in https://github.com/docker/docker-agent/pull/2723
  • fix: pass fully-qualified provider/model ID to modelcaps.Load by @simonferquel-clanker in https://github.com/docker/docker-agent/pull/2738

Full Changelog: https://github.com/docker/docker-agent/compare/v1.57.0...v1.58.0

Security Fixes

  • Hardens `http_post` hook with SSRF‑safe client, scheme validation, and request logging
  • Adds security hardening for secrets provider, archive extraction, OAuth HTTP client, and shell tool
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track docker-agent

Get notified when new releases ship.

Sign up free

About docker-agent

AI Agent Builder and Runtime by Docker Engineering

All releases →

Related context

Earlier breaking changes

  • v1.71.0 Freezes configuration schema v9 and starts v10 as latest version

Beta — feedback welcome: [email protected]