The Wire · Showcase
CODEX PATCHES WEBSOCKET LOGGING LEAK
By RepoJournal · Filed · About OpenAI
Full request payloads were bleeding into trace logs across WebSocket connections, and Codex 0.142.5 just plugged it.
Codex shipped an emergency patch [1] that prevents complete Response objects from being written to trace logs during WebSocket operations. This follows an earlier fix [2] that caught one trace statement, but a second unfiltered log point was still leaking full payloads into observability pipelines. The fix is already backported to the 0.142 release line [1], so if you're running production Codex instances on that channel, the patch is ready now. In parallel, the team updated safety notice wording in the TUI biosafety block [3] to remove outdated copy about Trusted Access applications. Alpha builds continue rolling forward with 0.143.0-alpha.32 [4] available for testing.
Action items
- → Upgrade Codex to 0.142.5 immediately if running 0.142.x in production openai/codex [immediate]
- → Audit trace log retention policies for any sensitive WebSocket payloads captured before this patch openai/codex [plan]
- → Test 0.143.0-alpha builds in non-production if you plan to upgrade to the next major release openai/codex [monitor]
References
- [1] 0.142.5 ↗ openai/codex
- [2] fix(core) Remove full text websocket trace (#30757) openai/codex
- [3] [codex] Update safety notice wording (#30645) openai/codex
- [4] 0.143.0-alpha.32 ↗ openai/codex
FAQ
- What changed in OpenAI on July 1, 2026?
- Full request payloads were bleeding into trace logs across WebSocket connections, and Codex 0.142.5 just plugged it.
- What should OpenAI teams do about it?
- Upgrade Codex to 0.142.5 immediately if running 0.142.x in production • Audit trace log retention policies for any sensitive WebSocket payloads captured before this patch • Test 0.143.0-alpha builds in non-production if you plan to upgrade to the next major release
- Which OpenAI repositories shipped on July 1, 2026?
- openai/codex