🚀 Releases This Week
⭐ v0.24.0 (Pre-release) — May 14, 2026
Ollama released v0.24.0-rc0 on May 14, featuring the ollama launch codex-app --restore command and a reworked MLX sampler for improved generation quality on Apple Silicon.
✅ v0.23.4 (Latest Stable) — May 13, 2026
ollama launch opencode now supports vision models with image inputs, and there’s a fix for the formatting of Claude tool results when using local image paths.
v0.23.3 — May 12, 2026
Key fixes include:
- MLX runner stability improvements (status timeout fix during inference, macOS 26 Metal target fix)
A hardened update flow in the app
- MLX image generation runner thread affinity updates
v0.23.2 — May 7, 2026
/api/show responses are now cached, improving median latency by ~6.7x, which increases load speed for integrations like VS Code.
Claude Desktop was also removed from ollama launch due to its third-party integration being limited to Anthropic models only.
v0.23.1 — May 5, 2026
Gemma 4 MTP (Multi-token Processing) speculative decoding is now supported on Macs, giving over a 2x speed increase for the Gemma 4 31B model on coding tasks.
🏗️ Major Pre-release: v0.30.0 (Architecture Overhaul)
🔴 Flag: Breaking architectural change in preview
A major pre-release of v0.30.0 is under testing, which changes the architecture to directly support llama.cpp instead of building on top of GGML, and allows for compatibility with the GGUF file format. MLX is used to accelerate model inference on Apple Silicon.
Community feedback is being solicited on performance, memory utilization, and any new crashes.
🤖 OpenAI Codex App Integration
The OpenAI Codex App is now available on Ollama. Users can use any Ollama model — local or cloud — inside the desktop app to code, browse, and review. Codex can spin up local servers and sites in its built-in browser, allow annotation directly on the page, and review code inside the app.
🔒 Security Alerts
⚠️ Unpatched Windows Auto-Updater Vulnerabilities (CRITICAL)
Researchers at Striga have disclosed two vulnerabilities — CVE-2026-42248 and CVE-2026-42249 — in Ollama’s Windows auto-updater that, when chained together, may allow an attacker to covertly plant a persistent executable that runs on every login.
CVE-2026-42248: The auto-updater’s signature verification function exists and gets called, but does nothing — whatever is downloaded gets executed. (The macOS Ollama build performs proper code-signing checks.) CVE-2026-42249: A path traversal flaw where the Windows updater builds the local path for a staged installer directly from HTTP response headers without sanitizing them, allowing a malicious ETag header to write an arbitrary executable to the Windows Startup folder.
Striga reported the findings in late January 2026, but the documented security address never replied. After five weeks with no engagement, CERT Polska took over coordination, assigned the CVEs, and published a warning on April 29, confirming that Ollama for Windows versions 0.12.10 through 0.17.5 are vulnerable.
Mitigation: Turning off auto-updates short-circuits the background download check before any update response is fetched. Users should also remove any existing Ollama shortcut from %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup to disable the silent on-login execution route.
Out-of-Bounds Memory Leak (Patched in 0.17.1+)
A critical out-of-bounds read in Ollama before v0.17.1 can leak process memory including API keys from over 300,000 servers via crafted GGUF files.
Ensure you are on 0.17.1 or later.
🌟 New Models & Cloud
New models added to Ollama in May 2026 include Kimi K2.6 (MoE, MIT licensed, top-tier coding), Qwen 3.6 27B (77.2% SWE-bench), and GLM-5.1.
Ollama has also partnered with OpenAI and ROOST to bring gpt-oss-safeguard reasoning models for safety classification tasks (available in 20B and 120B sizes, Apache 2.0 licensed). MiniMax M2, built for coding and agentic workflows, is also now available on Ollama’s cloud.
📌 Summary Table
DateEventMay 14v0.24.0-rc0 released; Codex App integrationMay 14v0.30.0-rc15 pre-release; llama.cpp direct supportMay 13v0.23.4 stable; vision support in ollama launch opencodeMay 12v0.23.3; MLX stability fixesMay 7v0.23.2; 6.7x API latency improvementMay 5v0.23.1; Gemma 4 MTP 2x speed boostOngoingUnpatched Windows CVE-2026-42248/42249 — no official patch yet
Sources: GitHub Releases · Ollama Blog · The Hacker News · Help Net Security