v26.5.2 — privacy and reliability for self-hosted Docker

[fran-olivares]

usulnet v26.5.2 lands the 14-session development plan that earns the
"ciberseguridad + privacidad + self-host" tagline beyond container management.
Zero breaking changes against v26.5.1; no new external port, no new bind
mount, no new container capability, no call-home.

Highlights

Reliability gates

• Smoke E2E in CI boots the actual compose stack against a freshly built
  image, logs in as admin, walks the sidebar, fails the build on any 5xx.
• govulncheck with empirically-pinned allowlist — every allowlist entry
  is enforced by a CI script that fails the build if a future commit silently
  invalidates its "not exploitable" justification.
• Coverage threshold bumped 15% → 16% with new tests on the panic-prone
  routers and the recon wiring.
• Tag-driven release workflow publishes multi-arch images
  (linux/amd64 + linux/arm64) to GHCR and Docker Hub on every v* tag.

Privacy and security tier

• Shodan recon connector (BYO key) joins HIBP as the second external
  integration. Full-cycle secrecy test pins that the key never leaks to logs
  or errors.
• L7 egress filter — in-process forward proxy with per-host allow/deny
  policies, default-deny, audit log of denials. No TLS interception.
• YARA scanner — one-shot scans against host files and container paths
  via the recon-toolkit sandbox. Ships the linux-elf-suspicious ruleset.
• Container forensics snapshot — one-click memory dump, process tree,
  open FDs, network connections, packaged as a verifiable tarball.
• Marketplace honeypots — Cowrie (SSH/Telnet), Dionaea (multi-protocol
  malware-catcher), Endlessh (SSH tarpit), one-click deployable.
• Tor SOCKS5 proxy marketplace app for routing individual workloads
  through Tor.

Operator UX

• Host-side usulnet CLI (contexts, login, containers ls,
  stack deploy, recon scan, ...) shipped as a static binary alongside
  the server.
• Sidebar regrouped from 9 to 7 sections (Compute / Operations /
  Security / Privacy / Platform / Admin / Help).
• First-run onboarding wizard for password change + host attach.
• Uniform empty-states across 12 modules — the bare "NPM Not Connected"
  card from v26.5.1 is gone.
• a11y landmarks on header, sidebar, modal, and flash regions.
• Shell tab-completion install script and Makefile target, baked into
  both production Docker images.

Recon sandbox

• recon-toolkit rebased on Arch (mat2, exiftool, yara,
  holehe, h8mail, oletools, pdfid). Weekly rebuild via cron so the
  toolset stays current. amd64-only.

Performance pass

• Route-scoped frontend gzip (~70% off vendor JS/CSS bundles); the
  authenticated route group stays uncompressed to close the BREACH-class
  risk on CSRF-bearing pages.
• Host summary fan-out across a goroutine pool capped at 16:
  max(T) latency instead of N × T for N-host installs.
• Container reconciliation fan-out across a goroutine pool capped at 8.
• Shared WebSocket JSON encoder pool — ~36% less wall time, ~99% less
  garbage per message on the editor and SSH terminal hot paths.

Upgrade

docker pull usulnet/usulnet:v26.5.2
docker pull usulnet/usulnet-agent:v26.5.2
# or via GHCR
docker pull ghcr.io/fran-olivares/usulnet:v26.5.2
docker pull ghcr.io/fran-olivares/usulnet-agent:v26.5.2

<hr /><em>This discussion was created from the release <a href='https://github.com/fran-olivares/usulnet/releases/tag/v26.5.2'>v26.5.2 — privacy and reliability for self-hosted Docker</a>.</em>