2026.05.18 Release v0.2.2

🛡️ Security Fixes

• hypervisor: vmm-sys-util bumped 0.11.x → 0.12.1 (CVE-2023-50711, GHSA-875g-mfp6-g7f9): FamStructWrapper::deserialize previously failed to verify that the header length matched the flexible-array length, allowing out-of-bounds memory access from safe Rust code. Pinned to the workspace version already used by every other hypervisor crate.
• agent / hypervisor: bytes and env_logger security bumps — additional dependency refreshes from the same CVE-fix pass (#267).
• Reverted time crate bump (CVE-2026-25727 / GHSA-r6v5-fh4h-64xc) (#286): Analysis confirmed that CubeSandbox only uses time::format_description::well_known::Rfc3339 for outbound timestamp formatting and never invokes Rfc2822 parsing on untrusted input — the affected attack vector is not reachable. The upgrade was rolled back because it requires an MSRV bump and will be addressed separately when the project is ready.

🚀 Critical Fixes

• Fixed duplicate template-image job creation (CubeMaster) (#227): A new request_id column with a unique index on (request_id, operation) makes job submissions idempotent. Migration logic handles existing records with legacy IDs. Eliminates the race where concurrent or retried API calls could enqueue the same build twice.
• Fixed cubecli exec nil-deref panic on stdin EOF (#188): StdinCloser.Read previously triggered a nil-pointer dereference when stdin reached EOF, silently aborting the exec lifecycle. The fix correctly handles EOF and switches to errors.Is(err, io.EOF) for proper error-wrapping compatibility. Shim logs now emit the expected paired exec req / wait container … exit code entries.
• Fixed ext4 artifact runtime file materialization for PVM templates (#282): RefreshArtifactRuntimeFiles, validateArtifactRuntimeFilesPresent, and ensureArtifactRuntimeFiles are simplified to handle only kernel files; copyKernelFileAtomically is renamed to CopyFileAtomically for reuse outside the package. Unit tests are updated and pruned accordingly.

✨ Enhancements

• E2B-compatible default exposed port (#207): The default sandbox exposed port is changed from 8080/32000 to 49983 to match the E2B sandbox protocol. CubeMaster is now the single authoritative source of default exposed ports — hardcoded defaults and port-seeding logic are removed from Cubelet and network-agent, preventing silent divergence.
• cubelet: cmdTimeout configurable via storage plugin config (#236): A new optional cmd_timeout field in the storage plugin TOML config replaces the hardcoded 3 s default. Multi-GiB ext4 operations on the live-create slow path under concurrent load can exceed 3 s; operators can now raise the limit without recompiling. Default behavior is unchanged when the field is absent.
• cubelet: richer diagnostics on newExt4RawByReflinkCopy failures (#237): Error messages now include elapsed time, target/base file stats, and free space in the format [step=N/4 cmd="…" elapsed=…ms target=size=… base=size=… free=…B]. Stat/statfs errors are reported inline. Unit tests are added for describeStorageFailure / describeFile / describeFreeBytes.
• Deploy: sync CubeMaster custom ports with .env config (#210): cubemaster.yaml now uses __CUBE_SANDBOX_MYSQL_PORT__ and __CUBE_SANDBOX_REDIS_PORT__ placeholders; install.sh substitutes them from the .env file, enabling non-default MySQL/Redis ports without manual YAML edits.

⚙️ Engineering Improvements

• cubecli: removed dead listmd command (#181): The unreachable listmd subcommand and its 128-line implementation (metadata.go) are deleted, reducing dead-code surface.

🤖 CI / DevOps

• Claude-powered code review and issue triage automation (#255): Five AI reviewer agents are introduced under .agents/agents/ (code quality, performance, security, test coverage, documentation accuracy). Automated workflows handle PR code review, duplicate issue detection, and issue label triage. A secure GitHub App token flow is wired up for CI actions, and helper scripts gh.sh and edit-issue-labels.sh are added under scripts/.
• gh.sh: issue comment support (#262): gh.sh gains comment-issue to post comments via stdin heredoc, and workflow tool paths are restricted to the new scripts directory for consistency.
• CI model configuration update (#259): Model name and show_full_output option updated for the AI review workflow.

📚 Documentation

• Chinese translation of CONTRIBUTING.md (#276): CONTRIBUTING_zh.md added as a full Chinese translation of the contribution guide.
• Community doc PR requirements relaxed (#279, #280): Both CONTRIBUTING.md and CONTRIBUTING_zh.md now allow single-language submissions; bilingual docs are encouraged but optional, with clear nested requirements.
• Network port allocation ranges documented (#205): docs/architecture/network.md (EN & ZH) now explicitly documents the three port-range buckets on compute nodes: 10000–19999 (network-agent ip_local_port_range), 20000–29999 (CubeProxy sandbox access), 30000–65535 (CubeVS SNAT).
• Community docs: troubleshooting / use-cases / integrations sections (#238): New bilingual doc sections added to VitePress with template files and index pages; a GitHub Actions workflow enforces bilingual parity for community docs. CONTRIBUTING.md and READMEs updated with contribution links.
• Domain update: CNAME switched from docs.cubesandbox.ai to cubesandbox.com (#271).
• Fixed browser-sandbox example: Added missing load_dotenv() call and python-dotenv dependency so .env variables are loaded before the script runs.
• WeChat group QR code refreshed (#208): Updated to a valid group code.
• v0.2.1 changelog entries (#281): EN and ZH changelog pages updated with the v0.2.1 release notes.

🙏 Contributors

Thanks to everyone who contributed to v0.2.2: @fslongjin, @foxywang, @cocovs, @WaylandYang, @chenggui53, @luzhixing12345, @turtlemoji, @QingqLin, @chenhengqi, @Dafeigy.

Full Changelog: v0.2.1...v0.2.2