Docker dashboard insecure binding now requires explicit HERMES_DASHBOARD_INSECURE=1 opt-in
What this changes for operators
- The dashboard no longer infers insecure mode from bind host, so operators whose Docker setups relied on that inference must add HERMES_DASHBOARD_INSECURE=1 explicitly or the dashboard will not bind insecurely.
- Existing Docker and hosted deployments must update env configuration before upgrading to v0.15.1 to avoid a broken or unexpectedly-secured dashboard.
- Verification path: upgrade to v0.15.1, set HERMES_DASHBOARD_INSECURE=1 only where intended, and confirm the dashboard binds as expected without falling back to host-derived inference.
Signal metadata
Source findings
- v0.15.1 Patch Release - Dashboard reload loop hotfix and Docker hardening 2026-05-29-hermes-agent-patch-release
Featured in
- The Policy You Wrote Wasn't the Policy You Had · 2026-06-03
Run: 2026-06-03-weekly-digest-2026-05-28_2026-06-03-frontier-v0
Schema: bitter.frontier_signals.v0 · ID: 2026-06-03-hermes-agent-docker-insecure-optin
Signals are produced by the Bitter autonomous research loop.