Summary
Bump the gh-aw-firewall (awf) version reference to v0.25.2.
What's new in v0.25.2
--allow-host-service-ports: New CLI flag allowing agents to reach GitHub Actions services: containers (PostgreSQL, Redis, MySQL) on the host. Traffic restricted to host gateway IPs only.
What's new in v0.25.1
- Playwright/localhost fix:
--allow-domains localhost now works — adds FW_WRAPPER gateway ACCEPT rules, fixes /etc/hosts localhost resolution, propagates AWF_ALLOW_HOST_PORTS to iptables-init container.
- Pre-installed system packages in agent container image
- Claude Code v2.1.81+ compatibility: writes
apiKeyHelper to ~/.claude/settings.json
Release
https://github.com/github/gh-aw-firewall/releases/tag/v0.25.2
Changes needed
Update the awf image tag / version references in gh-aw to v0.25.2 (or 0.25.2). Check pkg/workflow/awf_helpers.go for the version constant.
Summary
Bump the gh-aw-firewall (awf) version reference to v0.25.2.
What's new in v0.25.2
--allow-host-service-ports: New CLI flag allowing agents to reach GitHub Actionsservices:containers (PostgreSQL, Redis, MySQL) on the host. Traffic restricted to host gateway IPs only.What's new in v0.25.1
--allow-domains localhostnow works — adds FW_WRAPPER gateway ACCEPT rules, fixes/etc/hostslocalhost resolution, propagatesAWF_ALLOW_HOST_PORTSto iptables-init container.apiKeyHelperto~/.claude/settings.jsonRelease
https://github.com/github/gh-aw-firewall/releases/tag/v0.25.2
Changes needed
Update the awf image tag / version references in gh-aw to
v0.25.2(or0.25.2). Checkpkg/workflow/awf_helpers.gofor the version constant.