Search results

secure_time: true can never sync — guest chrony is built without NTS

bugSomething isn't workingSomething isn't working

securitySecurity-related issue, report, or hardening workSecurity-related issue, report, or hardening work

Status: Open.

#745 In Dstack-TEE/dstack;

· h4x3rotab opened on Jun 27, 2026

gateway: custom-domain app lookup does an uncached DNS query on every connection, adding ~0.8–3s to the TLS handshake

Status: Open.

#736 In Dstack-TEE/dstack;

· h4x3rotab opened on Jun 21, 2026

AMD SEV-SNP support (tracking)

documentationImprovements or additions to documentationImprovements or additions to documentation

Status: Open.

#713 In Dstack-TEE/dstack;

· h4x3rotab opened on Jun 5, 2026

vmm-cli update --compose with --env-file silently drops compose changes when allowed_envs differs

Status: Open.

#707 In Dstack-TEE/dstack;

· lloydmak99 opened on Jun 3, 2026

Onboarding audit: cut 'time to first dstack app' from ~22 steps to a single script

Status: Open.

#699 In Dstack-TEE/dstack;

· h4x3rotab opened on May 28, 2026

Security: App keys and decrypted env vars written with world-readable permissions

securitySecurity-related issue, report, or hardening workSecurity-related issue, report, or hardening work

security: hardeningSecurity defense-in-depth or hardening workSecurity defense-in-depth or hardening work

security: reportPublic security report or already-public security findingPublic security report or already-public security finding

Status: Open.

#606 In Dstack-TEE/dstack;

· kvinwang opened on Mar 27, 2026

Disk encryption key and WireGuard key visible in /proc/PID/cmdline

securitySecurity-related issue, report, or hardening workSecurity-related issue, report, or hardening work

security: hardeningSecurity defense-in-depth or hardening workSecurity defense-in-depth or hardening work

security: reportPublic security report or already-public security findingPublic security report or already-public security finding

Status: Open.

#556 In Dstack-TEE/dstack;

· pbeza opened on Mar 17, 2026

Static HKDF salt "RATLS" with no key versioning

securitySecurity-related issue, report, or hardening workSecurity-related issue, report, or hardening work

security: reportPublic security report or already-public security findingPublic security report or already-public security finding

security: roadmapSecurity-related roadmap or compatibility design workSecurity-related roadmap or compatibility design work

Status: Open.

#552 In Dstack-TEE/dstack;

· pbeza opened on Mar 17, 2026

bootstrap_keys() auto-bootstrap path does not write bootstrap-info.json

Status: Open.

#539 In Dstack-TEE/dstack;

· dmvt opened on Mar 12, 2026

Simplify deployment: unify dstack and meta-dstack workflows

Status: Open.

#422 In Dstack-TEE/dstack;

· h4x3rotab opened on Dec 27, 2025

Adopt RFC 8785 (JCS) for canonical compose hash calculation

securitySecurity-related issue, report, or hardening workSecurity-related issue, report, or hardening work

security: roadmapSecurity-related roadmap or compatibility design workSecurity-related roadmap or compatibility design work

Status: Open.

#411 In Dstack-TEE/dstack;

· Leechael opened on Nov 27, 2025

docker run --cpus 2 ... doesn't work

help wantedExtra attention is neededExtra attention is needed

Status: Open.

#410 In Dstack-TEE/dstack;

· kvinwang opened on Nov 26, 2025