docker-agent

v1.62.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 13d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

agents ai

Affected surfaces

rce_ssrf deps

ReleasePort's take

Light signal

editorial:auto 13d

v1.62.0 ships external coding harnesses for delegating tasks and slash command sub-sessions while fixing TUI deadlocks, MCP tool integration, and unbounded cache growth.

Why it matters: Test agent features before production. Patch now if using large session histories (TUI deadlocks, unbounded caches) or MCP tools (4 integration fixes). Test in dev otherwise.

Summary

AI summary

Broad release touches Technical Changes, Bug Fixes, What's New, and tui.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Uses SSRF-safe HTTP client for skills registry Uses SSRF-safe HTTP client for skills registry Source: llm_adapter@2026-05-21 Confidence: high	—
Feature
Feature	Medium	Adds external coding harness agents for delegating tasks Adds external coding harness agents for delegating tasks Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Adds context fork slash commands as sub-sessions Adds context fork slash commands as sub-sessions Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Adds docker-agent kit staging in sandbox Adds docker-agent kit staging in sandbox Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Classifies overflow errors by kind for specific messages Classifies overflow errors by kind for specific messages Source: llm_adapter@2026-05-21 Confidence: low	—
Dependency	Medium	Updates dependencies including Anthropic SDK and Docker CLI Updates dependencies including Anthropic SDK and Docker CLI Source: llm_adapter@2026-05-21 Confidence: low	—
Performance	Medium	Optimizes session browser rendering for large histories Optimizes session browser rendering for large histories Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix
Bugfix	Medium	Improves shutdown safety with deadline racing Improves shutdown safety with deadline racing Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Fixes URL clicks in TUI with proper mouse handling Fixes URL clicks in TUI with proper mouse handling Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Fixes TUI deadlock and shutdown race conditions Fixes TUI deadlock and shutdown race conditions Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Fixes auto-scroll blocking user scroll in dialogs Fixes auto-scroll blocking user scroll in dialogs Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Fixes MCP tool name prefix stripping in callTool Fixes MCP tool name prefix stripping in callTool Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Fixes OpenAI strict mode with Notion and Jira tools Fixes OpenAI strict mode with Notion and Jira tools Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Fixes test keychain prompts with in-memory tokens Fixes test keychain prompts with in-memory tokens Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Honors Cache-Control headers in skills caching Honors Cache-Control headers in skills caching Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Updates Grok example to use grok-4.3 model Updates Grok example to use grok-4.3 model Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Treats wezterm as terminal handling shift+enter Treats wezterm as terminal handling shift+enter Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Fixes Gemini adapter token counting with metadata Fixes Gemini adapter token counting with metadata Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Fixes crash by preventing unnecessary click notifications Fixes crash by preventing unnecessary click notifications Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Fixes user_prompt dialog scrolling behavior Fixes user_prompt dialog scrolling behavior Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Fixes MCP OAuth handler callback handling Fixes MCP OAuth handler callback handling Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Bounds three unbounded caches preventing memory growth Bounds three unbounded caches preventing memory growth Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Updates Gemini adapter to forward stream chunks carrying only UsageMetadata for accurate token counting Updates Gemini adapter to forward stream chunks carrying only UsageMetadata for accurate token counting Source: granite4.1:30b@2026-05-21-audit Confidence: low	—
Bugfix	Medium	Prevents crash‑preventing notifications on click when the agent did not change Prevents crash‑preventing notifications on click when the agent did not change Source: granite4.1:30b@2026-05-21-audit Confidence: low	—
Bugfix	Medium	Ensures user_prompt dialog opens scrolled to top and respects user scrolling Ensures user_prompt dialog opens scrolled to top and respects user scrolling Source: granite4.1:30b@2026-05-21-audit Confidence: low	—
Bugfix	Medium	Fixes MCP OAuth handler to drop stray callbacks and return proper HTTP status codes Fixes MCP OAuth handler to drop stray callbacks and return proper HTTP status codes Source: granite4.1:30b@2026-05-21-audit Confidence: low	—
Refactor
Refactor	Medium	Extracts lrucache package and bounds caches Extracts lrucache package and bounds caches Source: llm_adapter@2026-05-21 Confidence: high	—
Refactor	Medium	Refactors model override into runAgent request body Refactors model override into runAgent request body Source: llm_adapter@2026-05-21 Confidence: high	—
Refactor	Medium	Adds clean task for generated binary Adds clean task for generated binary Source: llm_adapter@2026-05-21 Confidence: low	—

Full changelog

This release improves error handling for model context overflow, adds external coding harness support, and includes numerous TUI fixes and performance optimizations.

What's New

Adds external coding harness agents that delegate coding tasks to external coding CLIs
Adds support for running context: fork slash commands as sub-sessions instead of inlining them
Adds docker-agent kit staging in sandbox with skills and prompt files

Improvements

Classifies overflow errors by kind to provide more specific error messages for different types of context window issues
Optimizes session browser rendering to only render visible window rows for better performance with large session histories
Improves shutdown safety by racing Wait() against deadline and calling ReleaseTerminal on timeout
Updates Gemini adapter to forward stream chunks that carry only UsageMetadata for accurate token counting

Bug Fixes

Fixes URL clicks in TUI by properly handling mouse events
Fixes crash prevention by not notifying on click if the agent didn't change
Fixes deadlock in TUI exit safety net and race conditions in shutdown handling
Fixes auto-scroll blocking user scroll in long elicitation dialogs
Fixes MCP tool name prefix stripping in callTool functionality
Fixes OpenAI strict mode support for Notion and Jira MCP tools with gpt-5
Fixes user_prompt dialog to open scrolled to top and respect user scrolling
Fixes keychain prompts in tests by using in-memory token store
Fixes MCP OAuth handler to drop stray callbacks and respond with proper HTTP status codes

Technical Changes

Bounds three previously-unbounded caches to prevent memory growth on long sessions
Uses SSRF-safe HTTP client for remote skills registry
Honors Cache-Control headers properly in skills caching
Extracts lrucache package and bounds unbounded caches
Refactors model override into runAgent request body for atomic model selection
Updates Grok example to use grok-4.3 model
Treats wezterm as a terminal that handles shift+enter properly
Adds clean task to remove generated binary
Updates various dependencies including Anthropic SDK, AWS Bedrock runtime, and Docker CLI

What's Changed

docs: update CHANGELOG.md for v1.61.0 by @docker-read-write[bot] in https://github.com/docker/docker-agent/pull/2822
modelerrors: make overflow errors more specific by @trungutt in https://github.com/docker/docker-agent/pull/2818
Add .cache to .gitignore by @rumpl in https://github.com/docker/docker-agent/pull/2827
Treat wezterm as a terminal that knows how to handle shift+enter by @rumpl in https://github.com/docker/docker-agent/pull/2825
Don't notify on click if the agent didn't change by @rumpl in https://github.com/docker/docker-agent/pull/2824
tui: Fix URL clicks by @vvoland in https://github.com/docker/docker-agent/pull/2823
feat: add external coding harness agents by @rumpl in https://github.com/docker/docker-agent/pull/2826
perf(tui): only render visible session rows in /sessions dialog by @dgageot in https://github.com/docker/docker-agent/pull/2830
docs: document allow_private_ips option and SSRF protection in fetch tool by @dgageot in https://github.com/docker/docker-agent/pull/2833
fix(tui): bound previously-unbounded caches to prevent OOM on long sessions by @dgageot in https://github.com/docker/docker-agent/pull/2831
Misc Security fixes by @dgageot in https://github.com/docker/docker-agent/pull/2820
fix: use in-memory token store in tests to avoid OS keychain prompt by @dgageot in https://github.com/docker/docker-agent/pull/2836
fix MCP tool name prefix stripping in callTool by @dgageot in https://github.com/docker/docker-agent/pull/2837
chore(examples): remove shebang lines and executable bits by @dgageot in https://github.com/docker/docker-agent/pull/2838
docs(memory): fix incorrect default database path placeholder by @kenijkawada in https://github.com/docker/docker-agent/pull/2835
fix(tui): user_prompt dialog opens scrolled to top and respects user scrolling by @dgageot in https://github.com/docker/docker-agent/pull/2843
feat(mcpcatalog): hide disable / reset_auth tools when no server is enabled by @dgageot in https://github.com/docker/docker-agent/pull/2840
fix(tui): restore terminal on Ctrl-C when bubbletea shutdown stalls by @dgageot in https://github.com/docker/docker-agent/pull/2842
fix(examples): update grok example to use grok-4.3 by @dgageot in https://github.com/docker/docker-agent/pull/2846
chore: add clean task to remove generated binary by @dgageot in https://github.com/docker/docker-agent/pull/2847
test(server): make TestAttachedServer_DeleteSessionStopsEventStream more robust by @dgageot in https://github.com/docker/docker-agent/pull/2845
chore: bump direct Go dependencies by @dgageot in https://github.com/docker/docker-agent/pull/2849
fix(openai): support Notion and Jira MCP tools with gpt-5 strict mode by @dgageot in https://github.com/docker/docker-agent/pull/2839
fix(gemini): forward stream chunks that carry only UsageMetadata by @kenijkawada in https://github.com/docker/docker-agent/pull/2848
docs+config: surface the two env-variable expansion syntaxes (#2615) by @dgageot in https://github.com/docker/docker-agent/pull/2851
feat(skills): run context: fork slash commands as sub-sessions by @dgageot in https://github.com/docker/docker-agent/pull/2850
refactor(api): fold model override into runAgent request body by @dgageot in https://github.com/docker/docker-agent/pull/2852
feat(sandbox): docker-agent kit, gateway allowlist, and assorted --sandbox fixes by @dgageot in https://github.com/docker/docker-agent/pull/2844

New Contributors

@kenijkawada made their first contribution in https://github.com/docker/docker-agent/pull/2835

Full Changelog: https://github.com/docker/docker-agent/compare/v1.61.0...v1.62.0

Security Fixes

Misc Security fixes

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track docker-agent

Get notified when new releases ship.

About docker-agent

AI Agent Builder and Runtime by Docker Engineering

All releases →

Related context

Related tools

Earlier breaking changes

v1.71.0 Freezes configuration schema v9 and starts v10 as latest version