This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
ReleasePort's take
Moderate signalosb CLI v0.1.1 stabilizes diagnostics commands with new `osb diagnostics logs` and `osb diagnostics events`, deprecating the old `osb devops` variants. Includes security patch for CVE-2025-71176 in test dependencies.
Why it matters: Migrate from `osb devops logs/events` to stable diagnostics commands. Update test infrastructure to patch CVE-2025-71176.
Summary
AI summaryAdded stable diagnostics commands osb diagnostics logs and osb diagnostics events with output formatting options.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Medium |
Updated pytest test lockfile, addressing CVE-2025-71176. Updated pytest test lockfile, addressing CVE-2025-71176. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Feature | Medium |
Added stable diagnostics commands: osb diagnostics logs and osb diagnostics events. Added stable diagnostics commands: osb diagnostics logs and osb diagnostics events. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Dependency | Medium |
Bumped CLI release metadata to 0.1.1 for the diagnostics release train. Bumped CLI release metadata to 0.1.1 for the diagnostics release train. Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Deprecation | Medium |
`osb devops logs` and `osb devops events` deprecated as compatibility wrappers. `osb devops logs` and `osb devops events` deprecated as compatibility wrappers. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Bugfix | Medium |
Tightened CLI table-output test coverage to address static-analysis findings. Tightened CLI table-output test coverage to address static-analysis findings. Source: llm_adapter@2026-05-21 Confidence: low |
— |
Full changelog
What's new
✨ Features
-
Added stable diagnostics commands to the CLI:
osb diagnostics logsandosb diagnostics events. These commands use the Python SDK diagnostics manager APIs, require an explicit diagnosticscope, and supporttable,json,yaml, andrawoutput modes. The current open-source server returns a clearDIAGNOSTICS_NOT_IMPLEMENTEDresponse for scoped stable diagnostics until the backend implementation lands, while legacy unscoped DevOps behavior remains available. https://github.com/alibaba/OpenSandbox/pull/869 -
Kept
osb devops logsandosb devops eventsas deprecated compatibility wrappers over the legacy plain-text flow, preserving existing--tail,--since, and--limitbehavior with migration warnings. Bundled troubleshooting guidance now prefers the stable diagnostics API and stops relying on legacydevops inspect/devops summaryflows. https://github.com/alibaba/OpenSandbox/pull/869
🐛 Bug Fixes
- Tightened CLI table-output test coverage while addressing cross-repository static-analysis findings. This does not change the public CLI surface, but helps protect output rendering behavior from regressions. https://github.com/alibaba/OpenSandbox/pull/795
📦 Misc
-
Bumped CLI release metadata to
0.1.1as part of the diagnostics release train. https://github.com/alibaba/OpenSandbox/pull/869 -
Updated the CLI development test lockfile for
pytest9.0.3, including upstream pytest fixes such as CVE-2025-71176. This is a test dependency update and does not affect runtime CLI behavior. https://github.com/alibaba/OpenSandbox/pull/719
👥 Contributors
- @hittyt
- @ninan-nn
Security Fixes
- dep: pytest updated to 9.0.3 fixing CVE-2025-71176 (test‑dependency only).
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Beta — feedback welcome: [email protected]