v1.8.6.1-ce — Docker OOB EMBED + AGENT_RUN restored¶
Released: 2026-06-18 · Tag: v1.8.6.1-ce · Docker: synapcores/community:v1.8.6.1-ce
Single-fix release. Engine binary is unchanged from v1.8.6-ce. Only the runtime Docker image is rebuilt with a Dockerfile.community-runtime correction that restores out-of-box EMBED and AGENT_RUN model auto-pull.
This release also carries forward the v1.8.6-ce planner fix for negative-value array literals in SQL (#388) — so if you skipped v1.8.6, both fixes land at once.
The bug¶
Every v1.8.x Docker image since v1.8.1-ce shipped with /var/lib/synapcores/models/ owned by root:root instead of synapcores:synapcores. The Dockerfile had:
install -d sets ownership on the final path component only. Intermediate directories created on-the-fly (models/) inherit the RUN step's effective uid (root) and the default umask. So blobs/ ended up correct (synapcores:synapcores 755) while its parent models/ ended up root:root 755.
The engine runs as the unprivileged synapcores user. On first boot it tries to mkdir -p models/manifests/ to bootstrap the native model registry, hits EACCES (os error 13), and every subsequent auto-pull of all-minilm:latest (for EMBED) and qwen2.5-coder:7b (for AGENT_RUN / GENERATE) fails with the same error.
Net effect on the documented docker run recipe (with or without a -v synapcores-data:/var/lib/synapcores volume): the first SELECT EMBED(...) call errors. The homepage "Download" page recipe, the "Launch Control" snippet, and the install.sh Docker fallbacks all hit it.
Affected tags
v1.8.1-ce, v1.8.2-ce, v1.8.3-ce, v1.8.4-ce, v1.8.5-ce, v1.8.6-ce. If you've been on any of these via Docker and worked around with synapcores pull <model> inside the container, you no longer need to.
The fix¶
Explicitly create each level of the registry blob tree with synapcores ownership, instead of relying on install -d to auto-create intermediates correctly:
RUN install -d -m 0755 -o synapcores -g synapcores \
/opt/synapcores/aidb_data/models \
&& install -d -m 0755 -o synapcores -g synapcores \
/opt/synapcores/aidb_data/models/blobs \
&& install -d -m 0755 -o synapcores -g synapcores \
/opt/synapcores/aidb_data/models/manifests
One commit on top of v1.8.6-ce:
| Commit | Subject |
|---|---|
7208c5e8 |
fix(docker): #390 chown intermediate models/ dir — restores OOB EMBED |
Closes #390.
Validation¶
End-to-end on the i5-10400F no-AVX-512 canary box, against the actually published Docker image, using the exact homepage docker run recipe:
docker run -d --name synapcores \
-p 8080:8080 \
-e AIDB_ACCEPT_LICENSE=1 \
-v synapcores-data:/var/lib/synapcores \
synapcores/community:v1.8.6.1-ce
| Probe | Result |
|---|---|
Image /var/lib/synapcores/models/ ownership |
✅ synapcores:synapcores 755 |
Image /var/lib/synapcores/models/blobs ownership |
✅ synapcores:synapcores 755 |
Image /var/lib/synapcores/models/manifests ownership |
✅ synapcores:synapcores 755 |
SELECT EMBED('hello world') OOB |
✅ dim=384 returned (all-minilm) |
qwen2.5-coder:7b auto-pull |
✅ layers actively fetching (no EACCES) |
SELECT [-0.1, 0.2, -0.3, 0.4] (#388 carry-forward) |
✅ vector returned |
INSERT … VECTOR(8) VALUES ([-0.1, …, 0.8]) |
✅ stored |
| Round-trip read | ✅ signs preserved |
SELECT [id, 0.2] FROM t (column ref) |
✅ still rejected — no regression |
INSERT … EMBED('wireless headphones') → COSINE_SIMILARITY |
✅ end-to-end (score 0.47 vs "earbuds for jogging") |
| Binary ZMM hits (AVX-512 portability) | ✅ 0 |
Install / upgrade¶
Download from the GitHub release page. Tarballs available for linux-x86_64, linux-x86_64-ubuntu24, linux-aarch64, linux-aarch64-ubuntu24, darwin-aarch64. Each ships with a SHA-256 sidecar.
Compatibility¶
- Engine surface and behavior are identical to
v1.8.6-ce. - Pre-v1.8.1 servers are unaffected (the regression landed in v1.8.1-ce).
- Upgrade is in-place — no data migration required.
- If you previously worked around the bug by pre-pulling models with
synapcores pull all-minilm:latestinside the container, that recipe still works and the data dir remains compatible.