This release includes 2 security fixes for security teams reviewing exposed deployments.
Topics
Affected surfaces
Summary
AI summaryUpdates feat, fix, and secrets across a mixed release.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | High |
Redacts registry credentials from agent request logs. Redacts registry credentials from agent request logs. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Feature | Medium |
Adds seccomp support on arm64 architectures. Adds seccomp support on arm64 architectures. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Feature | Medium |
Implements graceful VM drain on shutdown. Implements graceful VM drain on shutdown. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Feature | Medium |
Accepts a registry identity token on machine creation. Accepts a registry identity token on machine creation. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Feature | Medium |
Introduces host‑side secret store with refs‑only persistence. Introduces host‑side secret store with refs‑only persistence. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Dependency | Medium |
Makes bundled libkrun's virglrenderer dependency optional in releases. Makes bundled libkrun's virglrenderer dependency optional in releases. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Bugfix | Medium |
Builds Linux distributions for glibc 2.35 to support Ubuntu 22.04+. Builds Linux distributions for glibc 2.35 to support Ubuntu 22.04+. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Bugfix | Medium |
Injects secrets into background and detached exec processes. Injects secrets into background and detached exec processes. Source: llm_adapter@2026-06-03 Confidence: high |
— |
Full changelog
What's Changed
- feat: seccomp on arm64 by @BinSquare in https://github.com/smol-machines/smolvm/pull/342
- feat: graceful VM drain on shutdown by @BinSquare in https://github.com/smol-machines/smolvm/pull/343
- fix: redact registry credentials from agent request logs by @BinSquare in https://github.com/smol-machines/smolvm/pull/337
- feat: accept a registry identity token on machine create by @BinSquare in https://github.com/smol-machines/smolvm/pull/338
- fix: build linux dists on glibc 2.35 for Ubuntu 22.04+ compatibility by @BinSquare in https://github.com/smol-machines/smolvm/pull/345
- fix: make bundled libkrun's virglrenderer dependency optional in releases by @BinSquare in https://github.com/smol-machines/smolvm/pull/346
- feat: host-side secret store with refs-only persistence by @BinSquare in https://github.com/smol-machines/smolvm/pull/330
- fix(secrets): inject secrets into background/detached exec by @BinSquare in https://github.com/smol-machines/smolvm/pull/347
- chore: bump workspace to 0.9.0 by @BinSquare in https://github.com/smol-machines/smolvm/pull/348
Full Changelog: https://github.com/smol-machines/smolvm/compare/v0.8.2...v0.9.0
Security Fixes
- Registry credentials now redacted from agent request logs
- Secrets are injected into background/detached exec processes
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About smolvm
Tool to build & run portable, lightweight, self-contained virtual machines.
Related context
Related tools
Beta — feedback welcome: [email protected]