rune/oai-web
0
1
Fork 0
Code Issues Pull Requests Releases 3 Wiki Activity

3 Releases 3 Tags

RSS Feed
  • v1.2.6 c951185cdc
    Compare

    oAI-Web v1.2.6 Stable

    rune released this 2026-04-28 09:44:53 +02:00 | 0 commits to main since this release

    Released 2026-04-28

    SSH Key Generation

    Users can now generate a personal ed25519 SSH key pair directly from Settings → Profile. The public key is displayed for easy copying to remote servers. The private key is stored in the user's personal data folder ({base}/{username}/.ssh/), making it available to agent scripts that use scp or ssh. The known_hosts file can be uploaded via the Files section.

    The Docker image now includes openssh-client, and the docker-compose.yml.example no longer requires mounting the host ~/.ssh directory — SSH credentials are managed entirely within the app.

    File Upload

    A file upload button is now available in the Files section. Files are validated client- and server-side against a configurable policy:

    • Allowed file extensions (configurable in Settings → Security → File Upload Policy)
    • Maximum file size (default 50 MB per file)
    • Maximum number of files per upload (default 20)

    Extensionless files (e.g. known_hosts, authorized_keys) are accepted only when the filename matches a named allowlist. Rejected files are listed in a flash notification.

    Chat - Markdown Renderer Improvements

    The markdown renderer gains support for headings (#, ##, ###), GFM tables, unordered and ordered lists, and italic text. <br> tags are passed through for explicit line breaks.

    Settings - Tab Renames

    Two settings tabs have been renamed for clarity:

    • Email AccountsEmail
    • MCP ServersMCP

    Tab IDs are unchanged, so any saved links or JS references remain valid.

    Mobile Fixes

    • Audit log date filter inputs are correctly sized on mobile
    • Chat list row buttons are properly spaced and tappable
    • Agent detail page header and fullscreen prompt editor display correctly on small screens

    Help Page - Smarter Search

    The help page search now filters TOC sub-items based on whether the corresponding content block contains the search term, giving more precise results when searching for specific topics.

    Security

    • IDOR fix: GET /api/agent-runs/{run_id} now verifies the requesting user owns the parent agent before returning the run. Previously any authenticated user could fetch any run by ID (CWE-862).
    • File upload: extensionless files are restricted to a named allowlist (known_hosts, authorized_keys, etc.) — arbitrary extensionless uploads are rejected.

    Docker Images

    Four pre-built images are available. Choose the one that matches your architecture and whether you need the browser tool.

    Image Architecture Browser tool
    image.gitlab.pm/rune/oai-web:latest amd64 Yes
    image.gitlab.pm/rune/oai-web:latest-no-browser amd64 No
    image.gitlab.pm/rune/oai-web:latest_arm64 arm64 Yes
    image.gitlab.pm/rune/oai-web:latest-no-browser_arm64 arm64 No

    Full image includes Playwright and a Chromium installation. This adds roughly 350 MB to the image size but enables the browser tool - the agent can fetch pages, take screenshots, click elements, fill forms, and navigate web UIs on your behalf.

    No-browser image is leaner and faster to pull. All other tools and features are identical. Choose this if you don't need the agent to interact with web pages directly, or if you are constrained on disk space.

    Downloads