dstack v0.5.6.1

What's Changed

• Add sysbox container runtime v0.6.7 — enables running system containers (containers with their own init system, systemd, Docker-in-Docker, etc.) inside TDX guest VMs using runtime: sysbox-runc in docker-compose.

Reproducible Build

git clone https://github.com/Dstack-TEE/meta-dstack.git
cd meta-dstack/
git checkout f1c68d35bd99c56193d88f4abbe3a923aa48a6b7
git submodule update --init --recursive
cd repro-build && ./repro-build.sh -n

dstack v0.5.6

Changes

Added

• guest-agent: Attest API for generating versioned attestations
• gateway: WaveKV backend with peer discovery, bootnode support, periodic persistence, and improved cluster orchestration
• gateway: multi-domain certificate management with SNI-based resolution, cert configuration UI, ACME account attestation, and configurable DNS TXT TTL/max wait
• gateway: multi-port TCP listening via port ranges and deployment script support for multi-port serving
• gateway: per-app connection rate limiting
• vmm: bridge networking support, DHCP lease PRPC API, and userspace port forwarding
• vmm: management APIs UpdateVm and ReloadVms, plus additional metadata in CLI output
• vmm-cli: config file support and new update subcommand
• vmm-ui: revamped UI (now default), improved layout, device/TEE state display, log follow, git rev display, and dedicated IP UI
• guest-agent: systemd socket activation and compatibility socket proxy
• kms: auth-simple configuration-based authorization server
• sdk: Verifiable Message Signing (Sign/Verify) with signature chain and public key fields
• docs: conntrack tuning guide for high-concurrency gateways
• docs: bridge networking guide updates and cluster deployment documentation
• vmm: OpenAPI documentation output

Changed

• gateway: deployment scripts refactored to externalize config and add bootstrap flow
• gateway: IP allocation scheme updated for larger address space
• gateway: DNS configuration defaults and UI settings refined (TTL, max wait, default port behaviors)
• toolchain: Rust pinned to 1.92 and additional no_std target added for CI
• attestation: refactored for multi-provider support
• vmm: default shared mode set to 9p
• dependencies: updated dcap-qvl to 0.3.10 and various dependency bumps (lodash, hono, go-ethereum, tracing-subscriber, etc.)
• docs: reorganized and consolidated (confidential AI, verification tutorial, GPU TEE guide, FAQ, SDK docs, main index)
• vmm-ui: regenerated and synchronized UI assets

Fixed

• vmm: VM config loading issues and multiple UI display bugs
• host-api: forbid listening on non-vsock addresses
• vmm: trigger port forward reconfiguration on update-ports
• runtime: Docker mount socket path compatibility (/run vs /var/run)
• runtime: create mount points before rbind mount
• sdk/js: isReachable behavior for v0.5.x
• gateway: improved error messages for client registration and cert flows
• ct_monitor: TLS certificate verification behavior
• tooling: clippy warnings, formatting, and CI stability fixes

Security

• upgraded dcap-qvl to 0.3.10 to address CVE-2026-22696

dstack v0.5.5

What's Changed

• Replace kvin.wang with dstack.org by @kvinwang in #22
• Enabled cgroups v2 by @kvinwang in #23
• mkimg: Allow running in non-git dir by @kvinwang in #24
• add package e2fsprogs by @kvinwang in #25
• Add cmd resize2fs by @kvinwang in #26
• Add vim to dev image by @kvinwang in #27
• dstack v0.5.5 by @kvinwang in #28
• Add dep conf dstack-guest-agent.conf for docker by @kvinwang in #29

In addition to changes in dstack repo

Full Changelog: v0.5.4.1...v0.5.5

GPU-enabled images are available here:
https://github.com/nearai/private-ml-sdk/releases/tag/v0.5.5

v0.5.4.1

What's Changed

• Add kernel module xt_mark by @kvinwang in #19
• Fix warnings for vconsole and autofs4 by @kvinwang in #20
• Don't make mr images by default by @kvinwang in #21

Full Changelog: v0.5.4...v0.5.4.1

GPU-enabled images are available here:
https://github.com/nearai/private-ml-sdk/releases/tag/v0.5.4.1

v0.5.4

dstack v0.5.4 Release Notes

Critical Security Update

• Fixed LUKS header validation vulnerability (GHSA-jxq2-hpw3-m5wf)

meta-dstack changes

• Support for up to 512 CPU cores by @kvinwang in #11
• kernel: Enable BTF by @kvinwang in #12
• Add perf in dev image by @kvinwang in #10
• docker: Pin to single-core and enable pigz by @kvinwang in #13
• docker: Fix runtime warning nf_netfilter not found by @kvinwang in #14
• Fix only one port map doesn't work in dstack.py by @kvinwang in #16
• Don't re-generate wg key in build.sh cfg by @kvinwang in #17
• Update pahole to 1.29 by @kvinwang in #18

dstack changes

https://github.com/Dstack-TEE/dstack/releases/tag/v0.5.4

⚠️ Upgrade Recommendation: This release contains critical security fixes. All users should upgrade immediately.

v0.5.3

What's Changed

• Fix error in dstack.py by @kvinwang in #8
• Security Enhancement for the production image by @kvinwang in #7

Full Changelog: v0.5.2...v0.5.3

v0.5.2

What's Changed

• fix(vmm-cli): compatible with custom kms-url and gateway-url by @Leechael in Dstack-TEE/dstack#179
• KMS: add factory deployment for AppAuth contracts with single-transaction optimization by @Leechael in Dstack-TEE/dstack#182
• supervisor: Fix bug in log span by @kvinwang in Dstack-TEE/dstack#192
• chore(sdk,rust): adds docstrings by @tuddman in Dstack-TEE/dstack#194
• feat(rust-sdk): Make all fields in Rust SDK structs public by @near-bookrock in Dstack-TEE/dstack#193
• vmm: Support for set kms/gw urls for individual CVM by @kvinwang in Dstack-TEE/dstack#177
• feat: enhance API metadata exposure by @Leechael in Dstack-TEE/dstack#181
• Implement mr_config_id v2 by @kvinwang in Dstack-TEE/dstack#195

New Contributors

• @tuddman made their first contribution in Dstack-TEE/dstack#194
• @near-bookrock made their first contribution in Dstack-TEE/dstack#193

Full Changelog: Dstack-TEE/dstack@v0.5.1...v0.5.2

Full Changelog: v0.5.1...v0.5.2

v0.5.1

What's Changed

• Fix reproducible issues for rootfs by @kvinwang in #6

Full Changelog: v0.5.0...v0.5.1

v0.5.0

The major change:

• Switched to dm-verity readonly rootfs. This is a breaking change if previous App tries write something in the ROOTFS other than the container FS.

What's Changed

• Add guest agent API: EmitEvent by @kvinwang in Dstack-TEE/dstack#160
• Enable dm-verity on rootfs by @kvinwang in #5
• Switch to dm-verity enabled readonly rootfs by @kvinwang in Dstack-TEE/dstack#159
• guest-agent: Remove command from the api by @kvinwang in Dstack-TEE/dstack#166
• cvm: Ensure agent starts before docker by @kvinwang in Dstack-TEE/dstack#164
• vmm: Fix disappeared [Upgrade] button by @kvinwang in Dstack-TEE/dstack#165
• Feat: Add rust crate for dstack client by @nlok5923 in Dstack-TEE/dstack#161
• rust-sdk: Fix incorrect args in get_tls_key by @kvinwang in Dstack-TEE/dstack#169
• Implement sodiumbox by @kvinwang in Dstack-TEE/dstack#173

New Contributors

• @nlok5923 made their first contribution in Dstack-TEE/dstack#161

Full Changelog: Dstack-TEE/dstack@v0.4.2...v0.5.0

v0.3.6

Fixes tappd start ordering.

Full Changelog: v0.3.5...v0.3.6