Releases · Dstack-TEE/meta-dstack
v0.5.7
What's Changed
dstack (submodule)
Features
- feat(guest-agent): add Version() RPC to DstackGuest and Tappd services
Bug Fixes
- fix(guest-agent): normalize algorithm before passing to GetKey in Sign
- fix(guest-agent): accept "k256" as alias for "secp256k1" algorithm
- fix: remove secp256k1_prehashed from GetKey (meaningless for key derivation)
meta-dstack
- Add
partedpackage to rootfs image to fix disk partition auto-grow after QEMU disk expansion - Add sysbox container runtime v0.6.7
Full dstack changelog: Dstack-TEE/dstack@v0.5.6...v0.5.7
dstack v0.5.6.1
What's Changed
- Add sysbox container runtime v0.6.7 — enables running system containers (containers with their own init system, systemd, Docker-in-Docker, etc.) inside TDX guest VMs using
runtime: sysbox-runcin docker-compose.
Reproducible Build
git clone https://github.com/Dstack-TEE/meta-dstack.git cd meta-dstack/ git checkout f1c68d35bd99c56193d88f4abbe3a923aa48a6b7 git submodule update --init --recursive cd repro-build && ./repro-build.sh -n
dstack v0.5.6
Changes
Added
- guest-agent: Attest API for generating versioned attestations
- gateway: WaveKV backend with peer discovery, bootnode support, periodic persistence, and improved cluster orchestration
- gateway: multi-domain certificate management with SNI-based resolution, cert configuration UI, ACME account attestation, and configurable DNS TXT TTL/max wait
- gateway: multi-port TCP listening via port ranges and deployment script support for multi-port serving
- gateway: per-app connection rate limiting
- vmm: bridge networking support, DHCP lease PRPC API, and userspace port forwarding
- vmm: management APIs UpdateVm and ReloadVms, plus additional metadata in CLI output
- vmm-cli: config file support and new update subcommand
- vmm-ui: revamped UI (now default), improved layout, device/TEE state display, log follow, git rev display, and dedicated IP UI
- guest-agent: systemd socket activation and compatibility socket proxy
- kms: auth-simple configuration-based authorization server
- sdk: Verifiable Message Signing (Sign/Verify) with signature chain and public key fields
- docs: conntrack tuning guide for high-concurrency gateways
- docs: bridge networking guide updates and cluster deployment documentation
- vmm: OpenAPI documentation output
Changed
- gateway: deployment scripts refactored to externalize config and add bootstrap flow
- gateway: IP allocation scheme updated for larger address space
- gateway: DNS configuration defaults and UI settings refined (TTL, max wait, default port behaviors)
- toolchain: Rust pinned to 1.92 and additional no_std target added for CI
- attestation: refactored for multi-provider support
- vmm: default shared mode set to 9p
- dependencies: updated dcap-qvl to 0.3.10 and various dependency bumps (lodash, hono, go-ethereum, tracing-subscriber, etc.)
- docs: reorganized and consolidated (confidential AI, verification tutorial, GPU TEE guide, FAQ, SDK docs, main index)
- vmm-ui: regenerated and synchronized UI assets
Fixed
- vmm: VM config loading issues and multiple UI display bugs
- host-api: forbid listening on non-vsock addresses
- vmm: trigger port forward reconfiguration on update-ports
- runtime: Docker mount socket path compatibility (/run vs /var/run)
- runtime: create mount points before rbind mount
- sdk/js: isReachable behavior for v0.5.x
- gateway: improved error messages for client registration and cert flows
- ct_monitor: TLS certificate verification behavior
- tooling: clippy warnings, formatting, and CI stability fixes
Security
- upgraded dcap-qvl to 0.3.10 to address CVE-2026-22696