v0.5.9

Highlights

• Attestation v1 rewired: msgpack wire format replaces CBOR, report_data is now payload-driven, and SCALE size hints are fixed. Bridges to v2 canonical JSON are in place (#629, #637, #638, #639).
• gateway PROXY protocol: opt-in per-instance via app-compose.port_attrs, with server-side control, port-policy, lazy/retry/prewarm fetch, and admin RPC override (#361).
• VMM multi-instance discovery: cross-user / XDG_RUNTIME_DIR aware local discovery, vmm-cli subcommands, orphan-workdir preservation on restart (#584, #593, #594).
• KMS self-authorization togglable: enforcement is now configurable; the dev-mode default still warns at startup (#651, #498, #573, #579).

Features

• vmm: preserve serial logs across VM restarts (#548)
• kms: optional TCB UpToDate requirement for apps (#498)
• gateway: implement PROXY protocol with per-instance port_attrs control (#361)
• vmm: local VMM instance discovery + vmm-cli subcommands (#584, #593)
• vmm: OCI registry image discovery and pull (#589)
• kms: make self-authorization enforcement configurable (#651)
• sdk/go: refresh Go SDK; add RA-TLS certificate verification package (#308, #512)

Security

• Require attestation for all KMS flows (#579) and enforce authorization during bootstrap/onboard (#573)
• Fix path traversal in KMS remove_cache (#601)
• Redact cf_api_token in gateway ListDnsCredentials response (#578)
• Restrict runtime event log permissions (#602)
• Enforce 20-byte app_id length in CVM setup (#604)
• Cap VecOf pre-allocation to prevent OOM on malformed input (#570)
• Limit RA-TLS cert extension decompression size (#595)

Fixes

• gateway: enable cluster sync without requiring BOOTNODE_URL (#574)
• gateway: hide app URL until instance id is ready (#628)
• vmm: preserve orphan VM workdir on restart (#594)
• ra-tls: unify cert format and fix onboard os_image_hash (#585)
• ra-tls: stabilize derive_dh_secret encoding (#603)
• tdx-attest: fix infinite loop in ConfigFS generation wait (#596)
• NTS time sync: 5s retry interval for faster NTS-KE handshake (#590)

Attestation rework

• Redesign AttestationV1 with msgpack wire format and report_data payload (#629)
• Replace CBOR with msgpack in the wire format (#637)
• Avoid double serialization in VersionedAttestation SCALE size_hint (#638)
• Extract AttestationV1::with_report_data to deduplicate patching (#639)

Refactoring

• guest-agent: isolate simulator from production paths (#582)
• KMS: deduplicate auth helpers (#581)
• ra-rpc: populate Unix peer creds for UDS endpoints (#627)
• mod-tdx-guest: validate RTMR index and remove dead code (#569)

Build / CI / Docs

• Consolidate reproducible-builder scripts (#583)
• Add prek pre-commit hooks + CI (#587)
• VMM: build console UI from build.rs (#591)
• Gateway: cluster deployment guide (#577)
• SDK/go: SPDX license headers (#575)

Defaults

• vmm.cvm.networking.forward_service_enabled now defaults to false (#588)

Dependencies

Notable: rustls-webpki 0.103.9→0.103.10 (#598). Plus security bumps for axios, fastify, hono, follow-redirects, lodash, brace-expansion, handlebars, yaml, picomatch, fast-xml-parser, protobufjs, cryptography.

Reproducible build

Guest images are reproducible. Grab reproduce.sh from the companion meta-dstack v0.5.9 release and run it in a clean Docker-enabled environment — the produced dstack-*.tar.gz SHA-256s should match the release assets.

Component Docker images

• dstacktee/dstack-kms:0.5.9
• dstacktee/dstack-gateway:0.5.9
• dstacktee/dstack-verifier:0.5.9

Full Changelog: v0.5.8...v0.5.9

Verifier Release v0.5.9

Docker Image Information

Image: docker.io/dstacktee/dstack-verifier:0.5.9

Digest (SHA256): sha256:cfc06d5bdaa71a8a942c8bfa04d2d17dc30f13d92f26386c5d45d454606e8b70

Verification: Verify on Sigstore

KMS Release v0.5.9

Docker Image Information

Image: docker.io/dstacktee/dstack-kms:0.5.9

Digest (SHA256): sha256:e959bc5b4c7664d26543801073cc445d806fcea49a240881f707d1998e2d871c

Verification: Verify on Sigstore

Contract ABIs

This release includes the compiled contract ABIs:

• DstackKms.json - Main KMS contract ABI
• DstackApp.json - Application contract ABI

Gateway Release v0.5.9

Docker Image Information

Image: docker.io/dstacktee/dstack-gateway:0.5.9

Digest (SHA256): sha256:822d5f75a068f25c86dae29104916d74befd9652d5dc0dc0b282a49e177c2898

Verification: Verify on Sigstore

Gateway Release v0.5.8

Docker Image Information

Image: docker.io/dstacktee/dstack-gateway:0.5.8

Digest (SHA256): sha256:6eb1dc1a5000f37cc5b0322d3fdb71e7f2e31859b5e3a611634919278cee2411

Verification: Verify on Sigstore

v0.5.8

Changes since v0.5.7

Features

• Support wildcard custom domains in gateway TXT resolution (#545)

Fixes

• Include SNI in gateway TLS passthrough error messages (#547)
• Allow wildcard fallback in non-compat mode (#545)
• Patch report_data in simulator RA-TLS certificates to bind to actual TLS key (#541)
• Set user-agent for KMS auth API requests and improve error logging (#525)
• Pin apt package versions in key-provider Dockerfile (#533)

Refactoring

• Extract TDX quote report_data offset as a named constant (#542)
• Extract generic http_get/http_post helpers in KMS (#525)
• Switch key-provider to upstream repo and update deps (#533)

Documentation

• Add self-host tutorial series (#540)
• Add encrypted environment variables technical spec (#506)
• Add security considerations for encrypted env authenticity (#506)
• Clarify normalized app_id input and runtime file path contract (#506)

Dependencies

• Update Rust dependencies for security fixes
• Bump quinn-proto, hono, fastify, minimatch, immutable, serialize-javascript, hardhat, fast-xml-parser

Verifier Release v0.5.8

Docker Image Information

Image: docker.io/dstacktee/dstack-verifier:0.5.8

Digest (SHA256): sha256:038e6b828528fbfecccfc8f95381a83fa8be8c18ec5fee9aaee7df03c4990ac9

Verification: Verify on Sigstore

KMS Release v0.5.8

Docker Image Information

Image: docker.io/dstacktee/dstack-kms:0.5.8

Digest (SHA256): sha256:9650dcb47dad0065470f432f00e78e012912214ef1a5b1d7272918817e61a26d

Verification: Verify on Sigstore

Contract ABIs

This release includes the compiled contract ABIs:

• DstackKms.json - Main KMS contract ABI
• DstackApp.json - Application contract ABI

v0.5.7

What's Changed

Features

• feat(guest-agent): add Version() RPC to DstackGuest and Tappd services
• feat(sdk): add version() API to all SDKs (Rust, Go, Python, JS)
• feat(sdk): validate algorithm in getKey by checking OS version
• feat(kms): add GetAttestationInfo RPC to onboard service
• feat: add sysbox persistent storage mount alongside docker/containerd
• Add supervisor process manager UI
• Add VM removing state for reliable lifecycle cleanup

Bug Fixes

• fix: wait for RPC nonce sync between multi-step deployments
• fix: correct kms:add-device success message
• fix(auth-eth): retry verifyDeployment for public RPC latency
• fix(kms): auto-append /prpc to onboard source_url if missing
• fix(guest-agent): normalize algorithm before passing to GetKey in Sign
• fix(guest-agent): accept "k256" as alias for "secp256k1" algorithm
• fix: remove secp256k1_prehashed from GetKey (meaningless for key derivation)
• fix(vmm): display network addresses on separate lines in UI

Other

• refactor: rename hardhat network "test" to "custom"
• Remove passt networking mode support

Full Changelog: v0.5.6...v0.5.7

dstack v0.5.6

Added

• guest-agent: Attest API for generating versioned attestations
• gateway: WaveKV backend with peer discovery, bootnode support, periodic persistence, and improved cluster orchestration
• gateway: multi-domain certificate management with SNI-based resolution, cert configuration UI, ACME account attestation, and configurable DNS TXT TTL/max wait
• gateway: multi-port TCP listening via port ranges and deployment script support for multi-port serving
• gateway: per-app connection rate limiting
• vmm: bridge networking support, DHCP lease PRPC API, and userspace port forwarding
• vmm: management APIs UpdateVm and ReloadVms, plus additional metadata in CLI output
• vmm-cli: config file support and new update subcommand
• vmm-ui: revamped UI (now default), improved layout, device/TEE state display, log follow, git rev display, and dedicated IP UI
• guest-agent: systemd socket activation and compatibility socket proxy
• kms: auth-simple configuration-based authorization server
• sdk: Verifiable Message Signing (Sign/Verify) with signature chain and public key fields
• docs: conntrack tuning guide for high-concurrency gateways
• docs: bridge networking guide updates and cluster deployment documentation
• vmm: OpenAPI documentation output

Changed

• gateway: deployment scripts refactored to externalize config and add bootstrap flow
• gateway: IP allocation scheme updated for larger address space
• gateway: DNS configuration defaults and UI settings refined (TTL, max wait, default port behaviors)
• toolchain: Rust pinned to 1.92 and additional no_std target added for CI
• attestation: refactored for multi-provider support
• vmm: default shared mode set to 9p
• dependencies: updated dcap-qvl to 0.3.10 and various dependency bumps (lodash, hono, go-ethereum, tracing-subscriber, etc.)
• docs: reorganized and consolidated (confidential AI, verification tutorial, GPU TEE guide, FAQ, SDK docs, main index)
• vmm-ui: regenerated and synchronized UI assets

Fixed

• vmm: VM config loading issues and multiple UI display bugs
• host-api: forbid listening on non-vsock addresses
• vmm: trigger port forward reconfiguration on update-ports
• runtime: Docker mount socket path compatibility (/run vs /var/run)
• runtime: create mount points before rbind mount
• sdk/js: isReachable behavior for v0.5.x
• gateway: improved error messages for client registration and cert flows
• ct_monitor: TLS certificate verification behavior
• tooling: clippy warnings, formatting, and CI stability fixes

Security

• upgraded dcap-qvl to 0.3.10 to address CVE-2026-22696