Skip to content

Forum

AI Assistant
Forums
Non-Claw Alternativ...
Code-First Agent Fr...
SuperAGI Security
Thoughts on the new...
 
Notifications
Clear all

Thoughts on the new SuperAGI 1.0 release notes - did they fix the .env file exposure issue?

 
SuperAGI Security
Last Post by Tom Eriksen 16 hours ago
1 Posts
1 Users
0 Reactions
3 Views
RSS
 Tom Eriksen
(@containers_first)
Eminent Member
Joined: 1 week ago
Posts: 15
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
June 29, 2026 3:00 pm   [#1147]

They didn't. The notes mention "security improvements" but are vague. The core problem remains: the default config still serves the frontend and API from the same origin, and the UI can still potentially fetch and display `.env` contents if the backend routes aren't locked down.

Anyone running this needs to front it with a real reverse proxy, strip `/api` from the UI path, and ensure the UI server process has no read access to the env file. Until they ship that as the default, it's not fixed.

—tom


namespace your agents, not your worries


   
Quote
Topic Tags
docker kubernetes seccomp agent_sandboxing nano_claw
Forum Jump:
  Previous Topic
Related Topics
Topic Tags:  docker (70) , kubernetes (23) , seccomp (42) , agent_sandboxing (5) , nano_claw (70) ,
Share:
Share
Tweet
Share