Releases: alibaba/OpenSandbox
Releases · alibaba/OpenSandbox
components/egress 1.0.10
What's New
✨ Features
- Log rotation via lumberjack for file-based log outputs. Auto-enabled with defaults (100 MB max size, 30-day retention, 10 backups) when log path is a file. stdout/stderr unaffected. (#791)
🐛 Bug Fixes
- Fix mitmproxy OOM kill by streaming large response bodies (>1 MB) to disk instead of buffering them in memory. Adds automatic mitmdump restart on unexpected exit, so transient failures no longer take down the egress proxy. (#819)
- Address CodeQL static analysis findings in egress Go code — integer conversion safety, clear-text logging fixes, and other hardening. (#795)
📦 Misc
- Bump OpenTelemetry Go dependencies to v1.43.0 to resolve Dependabot security alerts. (#799)
- Document coding standards and add build reproducibility flags (
-trimpath,-buildvcs=false, fixed metadata) to egress native binary builds. (#808) - Rebalance code comments in enforcement path. No functional change. (#786)
👥 Contributors
Thanks to these contributors ❤️
- Docker Hub: opensandbox/egress:v1.0.10
- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.10
Contributors
hittyt and Pangjiping
Assets 2
components/execd 1.0.14
What's New
✨ Features
- add lumberjack-backed log rotation, auto-enabled for file outputs with defaults (100MB max size, 30-day retention, 10 backups, no compression). stdout/stderr outputs unaffected (#791)
🐛 Bug Fixes
- default execd listener to IPv4-only (
tcp4) to avoid unintended IPv6 dual-stack socket binding (#801) - forward
SIGTERMto entrypoint process so sandbox workloads receive the signal and can shut down gracefully (#793) - import mitmproxy CA into NSS DB (
$HOME/.pki/nssdb) so Chrome trusts intercepted TLS in transparent egress mode; exportNODE_EXTRA_CA_CERTSfor Node.js/npm TLS trust behind interception; install nss-tools in execd image (#776)
🔒 Security
- fix medium/high CodeQL static analysis findings in execd: document and suppress sandbox-local SQL execution false positives, tighten OSSFS temp file creation to owner-only mode (#795, #797)
- bump OpenTelemetry Go dependencies to v1.43.0, addressing Dependabot security alerts across execd, egress, and shared internal telemetry modules (#799)
👥 Contributors
Thanks to these contributors ❤️
- Docker Hub: opensandbox/execd:v1.0.14
- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.14
Contributors
hittyt and Pangjiping
Assets 8
components/egress 1.0.9
What's New
✨ Features
- precompile domain rule index for fast Evaluate while preserving first-match semantics (#722)
- refactor egress's system CPU and memory collector by gopsutil (#697)
🐛 Bug Fixes
- check uid/gid fit in int before ParseUint cast (#756)
📦 Misc
- mitmproxy docs and benchmark update (#753)
👥 Contributors
Thanks to these contributors ❤️
- Docker Hub: opensandbox/egress:v1.0.9
- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.9
Contributors
Pangjiping
Assets 2
server 0.1.12
What's New
⚠️ Breaking Changes
allowed_host_pathsdefaults to deny-all — Previously, when[storage].allowed_host_pathswas empty or unset, the server allowed all host path mounts into sandboxes, creating a sandbox escape vulnerability (closes #750). This release flips the default to deny all host mounts. Users who need the legacy behavior must explicitly setallowed_host_paths = ["/"]as a temporary compatibility measure. Additionally, the server now requires explicit startup confirmation whenapi_keyis unset. (#751)
✨ Features
- Windows Sandbox
- propagate opensandbox.extensions. to Pod annotations — Extensions with the
opensandbox.extensions.prefix are now automatically copied to Kubernetes Pod annotations with theopensandbox.io/extensions.(#772) - GPU resource limits now honored across both runtimes
🐛 Bug Fixes
- Inject X-Forwarded-* headers for proxied HTTP requests — When proxying HTTP requests to a user sandbox via
use_server_proxy, the server now injectsX-Forwarded-Proto,X-Forwarded-Host, andX-Forwarded-Forheaders. Previously, web apps inside the sandbox (VS Code, Jupyter, OAuth callbacks) had no way to determine the original scheme, host, or client IP, causing broken HTTPS redirects and incorrect absolute URL generation. Usessetdefaultsemantics for upstream proxy chain safety. (#777) - Honor
server.eipfor proxied endpoint URLs — Whenuse_server_proxy=true, the server now uses the configuredserver.eipto generate externally reachable proxy endpoints instead of returning internalbase_urladdresses. Falls back to existing behavior wheneipis unset. (#747)
📦 Misc
- bump
execdto v1.0.13 with config template, documentation, and test updates (#763) - chore(deps): bump python-dotenv from 1.2.1 to 1.2.2 in /server (#784)
👥 Contributors
Thanks to these contributors ❤️
- PyPI: opensandbox-server==0.1.12
- Docker Hub: opensandbox/server:v0.1.12
- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server:v0.1.12
Contributors
wangdengshan, 504097723, and 3 other contributors
Assets 2
components/execd 1.0.13
What's New
✨ Features
- basic runtime OTEL metrics for execd (#697)
- pre-build
execd.exeandinstall.batto execd release image for windows distribution (#712)
🐛 Bug Fixes
- fix permission error when sync mitmproxy certs (#734)
- enlarge mitmproxy certs wait time to 30s (#762)
👥 Contributors
Thanks to these contributors ❤️
- Docker Hub: opensandbox/execd:v1.0.13
- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.13
Contributors
Pangjiping
Assets 8
server 0.1.11
What's New
✨ Features
- auto-create PVC/Docker volumes on sandbox creation (#661)
🐛 Bug Fixes
- fix incorrect metadata error message (#703)
- use
[log].levelinstead of[server].log_level(#737) - relax ingress gateway address validation for URI route mode (#740)
📦 Misc
- simply example configuration (#741)
- refactor large file kubernetes_service.py (#694)
- add Dockerfile.dockerignore to reduce build context (#718)
- chore(deps-dev): bump pytest from 9.0.1 to 9.0.3 in /server (#716)
- remove useless comments under server/tests (#693)
👥 Contributors
Thanks to these contributors ❤️
- PyPI: opensandbox-server==0.1.11
- Docker Hub: opensandbox/server:v0.1.11
- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server:v0.1.11
Contributors
xfgong, dependabot, and 2 other contributors
Assets 2
components/egress 1.0.8
What's New
✨ Features
- [beta] built-in mitmproxy support (#615)
- reload deny.always and allow.always every minute using mtime/size checks, treat file deletion as rule removal, and apply updates to both DNS evaluation and nft static policy (#698)
🐛 Bug Fixes
- relax dns upstream failover and change dynamic nftables log to debug (#739)
📦 Misc
- add Dockerfile.dockerignore to reduce build context (#718)
👥 Contributors
Thanks to these contributors ❤️
- Docker Hub: opensandbox/egress:v1.0.8
- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.8
Contributors
Pangjiping
Assets 2
components/execd 1.0.12
What's New
✨ Features
- trust mitm proxy if
OPENSANDBOX_EGRESS_MITMPROXY_TRANSPARENTset (#630)
🐛 Bug Fixes
- normalize traceback for command start errors (#701)
- resolved issue which execd cannot process file like
$HOME/abc,~/abcor$MY_WORKSPACE/abc(#726)
📦 Misc
- optimize Makefile for multi-build release (#695)
- add Dockerfile.dockerignore to reduce build context (#718)
👥 Contributors
Thanks to these contributors ❤️
- Docker Hub: opensandbox/execd:v1.0.12
- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.12
Contributors
Aboysky and Pangjiping
Assets 8
java/sandbox 1.0.9
Contributors
ninan-nn
Assets 2
java/code-interpreter 1.0.9
What's New
📦 Misc
- update open-sandbox dependency version 1.0.9