OliveTin

v3000.14.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 3d Automation & Workflows

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

api container homeautomation linux maturity-prod self-hosted

+2 more

service sysadmin

Affected surfaces

rce_ssrf

ReleasePort's take

Moderate signal

editorial:auto 3d

All ot_ system arguments are now reserved to block remote code execution vulnerabilities.

Why it matters: Reserving ot_ arguments prevents RCE (GHSA-prj9-97mp-mwh2) – critical for any deployment using these flags.

Summary

AI summary

Updates Others, Container images, and Bug fixes across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Security	Critical	Treat all ot_ system arguments as reserved, preventing RCE (GHSA-prj9-97mp-mwh2) Treat all ot_ system arguments as reserved, preventing RCE (GHSA-prj9-97mp-mwh2) Source: llm_adapter@2026-06-01 Confidence: high	—
Feature	Low	Default icon is now a CLI HugeIcon instead of a smiley face Default icon is now a CLI HugeIcon instead of a smiley face Source: llm_adapter@2026-06-01 Confidence: high	—
Feature	Low	Show execution conditions in the UI and allow right‑clicking buttons for action details Show execution conditions in the UI and allow right‑clicking buttons for action details Source: llm_adapter@2026-06-01 Confidence: high	—
Bugfix	Medium	Fixes regression in emoji names and webhook execution helper info Fixes regression in emoji names and webhook execution helper info Source: llm_adapter@2026-06-01 Confidence: high	—
Bugfix	Medium	Fixes v‑html usage in icon rendering Fixes v‑html usage in icon rendering Source: llm_adapter@2026-06-01 Confidence: high	—

Full changelog

Changelog

Security

ebffd9f040f791208aee1db2e5a8aecd1e3e603d security: GHSA-prj9-97mp-mwh2 (HIGH) Treat all ot_ system arguments as reserved, preventing RCE

Features

82f749a9cefb564f5ed0fde98a235756a7465b1a feat: Default icon is now a CLI HugeIcon instead of a smiley face
cbed6d68c2b208550bac798f676c1c90dfd622d8 feat: Show exec conditions in the UI, and allow right clicking buttons for action details
2327197034c1586077b11de5a0542a734e731bb0 feat: Show exec conditions in the UI, and allow right clicking buttons for action details (#1034)

Bug fixes

3e414564e544dbef358849ad6d0ec3af18dddece fix: Dont rely on icon DOM text for ExecutionView
9ac6acefd063f3c88f4ac7dfa308a89f3d25d089 fix: emoji names regression, and webhook execution helper info
3ba10621d4ea8eea4894ed50c30c73897970a626 fix: v-html in icon

Others

41b364388c36f473a322f73884cd19528033aa89 Correct capitalization of 'Discord' in documentation
e487f8c4267a2d8ceb3ae20a41a0cf4b4255ceb9 Fix typos in themes documentation
3260fe3f9298b73de0ec1208e3b58bdfebf98733 Fix typos in themes documentation (#1038)
6ca25bbdb4c0aae616e3ac47747ef3950cd3b943 Merge commit from fork
b2096d4a8d598e862be793e7c58b0e869f4ab23b Next (#1039)
e0eea9bc9089f45303d2a0afe386c93e0db28606 feat default icon cli hugeicon (#1036)
b1c74c9e040e146795544c470d6505102c688944 fmt: Cleanup coderabbit issues from action details change

Container images (from GitHub)

docker pull ghcr.io/olivetin/olivetin:3000.14.0

Container images (on Docker Hub)

docker pull docker.io/jamesread/olivetin:3000.14.0

Upgrade warnings, or breaking changes

No such issues between the last release and this version.

Useful links

Thanks for your interest in OliveTin!

Security Fixes

GHSA-prj9-97mp-mwh2 (HIGH) — treat all ot_ system arguments as reserved, preventing RCE

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track OliveTin

Get notified when new releases ship.

About OliveTin

OliveTin gives safe and simple access to predefined shell commands from a web interface.

All releases →