wagmios

v2.6.0 Security

This release includes 7 security fixes for security teams reviewing exposed deployments.

Published 4d Productivity & Wikis

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 7 known CVEs

Topics

api docker docker-management self-hosted openclaw

Affected surfaces

auth rbac deps

ReleasePort's take

Moderate signal

editorial:auto 4d

The release enforces stricter API access controls and hardens host‑mount behavior.

Why it matters: Requires first‑boot setup before any non‑public route, enforces read scopes on many endpoints, blocks dangerous host mounts such as /, and adds constant‑time API key hash comparison – mitigating unauthorized access risks.

Summary

AI summary

Updates Security fixes, Verification Validated before release, and Frontend and build fixes across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Security
Security	Critical	Require first-boot setup before any non-public API route can be used. Require first-boot setup before any non-public API route can be used. Source: llm_adapter@2026-05-30 Confidence: high	—
Security	High	Enforce read scopes across container, image, system, template, activity, and marketplace endpoints. Enforce read scopes across container, image, system, template, activity, and marketplace endpoints. Source: llm_adapter@2026-05-30 Confidence: high	—
Security	High	Require `keys:write` for key management routes. Require `keys:write` for key management routes. Source: llm_adapter@2026-05-30 Confidence: high	—
Security	High	Fix wildcard scope grant logic so non-wildcard admins cannot mint `` keys. Fix wildcard scope grant logic so non-wildcard admins cannot mint `` keys. Source: llm_adapter@2026-05-30 Confidence: high	—
Security	High	Stop returning API key verifier material (`key_hash`) in setup/key-management responses. Stop returning API key verifier material (`key_hash`) in setup/key-management responses. Source: llm_adapter@2026-05-30 Confidence: high	—
Security	High	Compare API key hashes with constant-time comparison. Compare API key hashes with constant-time comparison. Source: llm_adapter@2026-05-30 Confidence: high	—
Security	High	Replace host-volume denylist with an allowlist model: Docker named volumes or WAGMIOS‑managed paths only. Replace host-volume denylist with an allowlist model: Docker named volumes or WAGMIOS‑managed paths only. Source: llm_adapter@2026-05-30 Confidence: high	—
Security	High	Block dangerous host mounts such as `/` and arbitrary system paths. Block dangerous host mounts such as `/` and arbitrary system paths. Source: llm_adapter@2026-05-30 Confidence: high	—
Security	Medium	Capture real HTTP status codes in activity/audit logs instead of always recording `200`. Capture real HTTP status codes in activity/audit logs instead of always recording `200`. Source: llm_adapter@2026-05-30 Confidence: high	—
Security	Medium	Add unauthenticated/IP-based rate limiting fallback and request body size limits. Add unauthenticated/IP-based rate limiting fallback and request body size limits. Source: llm_adapter@2026-05-30 Confidence: high	—
Security	Medium	Add safe path containment helpers for template files, proxied logo images, marketplace install directories, and compose paths. Add safe path containment helpers for template files, proxied logo images, marketplace install directories, and compose paths. Source: granite4.1:30b@2026-05-30-audit Confidence: high	—
Security	Medium	Cap and validate `docker logs --tail` input. Cap and validate `docker logs --tail` input. Source: granite4.1:30b@2026-05-30-audit Confidence: high	—
Security	Medium	Add bounded timeouts for Docker CLI operations and HTTP server reads/writes. Add bounded timeouts for Docker CLI operations and HTTP server reads/writes. Source: granite4.1:30b@2026-05-30-audit Confidence: high	—
Security	Low	Generate compose YAML from typed structs with `yaml.v3` instead of string concatenation. Generate compose YAML from typed structs with `yaml.v3` instead of string concatenation. Source: granite4.1:30b@2026-05-30-audit Confidence: high	—
Security	Low	Validate app IDs, custom names, env keys, ports, and scalar values before compose generation. Validate app IDs, custom names, env keys, ports, and scalar values before compose generation. Source: granite4.1:30b@2026-05-30-audit Confidence: high	—
Security	Low	Enforce `marketplace:read` on installed/app-detail routes. Enforce `marketplace:read` on installed/app-detail routes. Source: granite4.1:30b@2026-05-30-audit Confidence: high	—
Security	Low	Fix fresh-data behavior for `/api/marketplace/installed` to create containers directory and return cleanly. Fix fresh-data behavior for `/api/marketplace/installed` to create containers directory and return cleanly. Source: granite4.1:30b@2026-05-30-audit Confidence: high	—
Feature
Feature	Medium	Key entry now validates keys through `/api/auth/verify` instead of public auth status. Key entry now validates keys through `/api/auth/verify` instead of public auth status. Source: granite4.1:30b@2026-05-30-audit Confidence: high	—
Feature	Low	Settings now uses authenticated `/api/settings` metadata. Settings now uses authenticated `/api/settings` metadata. Source: granite4.1:30b@2026-05-30-audit Confidence: high	—
Feature	Low	Respect `VITE_API_URL`, `VITE_WS_URL`, and `VITE_BACKEND_PORT` environment variables. Respect `VITE_API_URL`, `VITE_WS_URL`, and `VITE_BACKEND_PORT` environment variables. Source: granite4.1:30b@2026-05-30-audit Confidence: high	—
Feature	Low	Add `noopener/noreferrer` for external windows. Add `noopener/noreferrer` for external windows. Source: granite4.1:30b@2026-05-30-audit Confidence: high	—
Dependency	Low	Add backend `go.mod` / `go.sum` for reproducible Go builds. Add backend `go.mod` / `go.sum` for reproducible Go builds. Source: granite4.1:30b@2026-05-30-audit Confidence: high	—
Bugfix	Low	Fix activity WebSocket reconnect after component unmount. Fix activity WebSocket reconnect after component unmount. Source: granite4.1:30b@2026-05-30-audit Confidence: high	—
Refactor	Low	Update Dockerfiles and compose build configuration. Update Dockerfiles and compose build configuration. Source: granite4.1:30b@2026-05-30-audit Confidence: high	—

Full changelog

WAGMIOS v2.6.0 — Security hardening release

This release focuses on tightening WAGMIOS as a scoped Docker control plane. The main goal is to make the API match the permission model documented in the product: scope means permission, and Docker socket access is treated as root-equivalent.

Security fixes

Require first-boot setup before any non-public API route can be used.
Enforce read scopes across container, image, system, template, activity, and marketplace endpoints.
Require keys:write for key management routes.
Fix wildcard scope grant logic so non-wildcard admins cannot mint * keys.
Stop returning API key verifier material (key_hash) in setup/key-management responses.
Compare API key hashes with constant-time comparison.
Capture real HTTP status codes in activity/audit logs instead of always recording 200.
Add unauthenticated/IP-based rate limiting fallback and request body size limits.

Docker and filesystem safety

Replace host-volume denylist with an allowlist model: Docker named volumes or WAGMIOS-managed paths only.
Block dangerous host mounts such as / and arbitrary system paths.
Add safe path containment helpers for template files, proxied logo images, marketplace install directories, and compose paths.
Cap and validate docker logs --tail input.
Add bounded timeouts for Docker CLI operations and HTTP server reads/writes.

Marketplace hardening

Generate compose YAML from typed structs with yaml.v3 instead of string concatenation.
Validate app IDs, custom names, env keys, ports, and scalar values before compose generation.
Enforce marketplace:read on installed/app-detail routes.
Fix fresh-data behavior for /api/marketplace/installed so it creates the containers directory and returns cleanly.

Frontend and build fixes

Key entry now validates keys through /api/auth/verify instead of public auth status.
Settings now uses authenticated /api/settings metadata.
Respect VITE_API_URL, VITE_WS_URL, and VITE_BACKEND_PORT.
Fix activity WebSocket reconnect after component unmount.
Add noopener/noreferrer for external windows.
Add backend go.mod / go.sum for reproducible Go builds.
Update Dockerfiles and compose build configuration.

Verification

Validated before release:

gofmt clean
go test ./...
go vet ./...
pnpm install --frozen-lockfile
pnpm build
Backend image runtime health check
Frontend image runtime smoke check
Security smoke tests for first-boot auth, scope denial, key-hash non-disclosure, traversal rejection, root-volume blocking, log-tail validation, and marketplace compose creation

Docker images

Published tags:

itzmizzle/wagmi:backend
itzmizzle/wagmi:backend-latest
itzmizzle/wagmi:backend-v2.6.0
itzmizzle/wagmi:frontend
itzmizzle/wagmi:frontend-latest
itzmizzle/wagmi:frontend-v2.6.0

Breaking Changes

Require first‑boot setup before any non‑public API route can be used.
Enforce read scopes across container, image, system, template, activity, and marketplace endpoints.
Require `keys:write` scope for key management routes.

Security Fixes

Require first‑boot setup before any non‑public API route can be used (prevents unauthorized access).
Enforce read scopes across multiple endpoints to match documented permission model.
Fix wildcard scope grant logic so non‑wildcard admins cannot mint `*` keys.
Stop returning API key verifier material (`key_hash`) in responses.
Compare API key hashes with constant‑time comparison to prevent timing attacks.
Capture real HTTP status codes in activity/audit logs instead of always recording `200`.
Block dangerous host mounts such as `/` and arbitrary system paths via allowlist model.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track wagmios

Get notified when new releases ship.

About wagmios

Your AI command Center

All releases →