Releases: alibaba/OpenSandbox
Releases · alibaba/OpenSandbox
server 0.1.8
What's New
✨ Features
- bump execd's image to v1.0.8 (#502)
- Add [egress].mode (dns | dns+nft, default dns); wire to sidecar as OPENSANDBOX_EGRESS_MODE on both Docker and Kubernetes (#501)
- add per-sandbox egress auth header generation and propagation through lifecycle endpoint responses (#492)
- support no-timeout (manual cleanup) in Kubernetes sandbox service (#466)
- support manual cleanup sandboxes (#446)
- implement OSSFS storage for Docker service in sandbox lifecycle (#340)
🐛 Bug Fixes
- Kubernetes egress: Run the sidecar privileged; use a startup command (sysctl for net.ipv6.conf.all.disable_ipv6, then /egress) instead of Pod securityContext.sysctls for IPv6; remove build_ipv6_disable_sysctls. (#501)
- reuse a single volume per claim_name and add multiple volumeMounts instead of one volume per Volume object. (#458)
- fix Docker server-proxy endpoint resolution for bridge sandboxes with egress sidecar by falling back to host-mapped endpoint resolution when internal IP resolution is not applicable (#492)
- increase default pids_limit to 4096 for production use (#496)
- increase default pids_limit to 4096 for production use (#495)
- Fixes the issue where GET requests with query parameters fail through the sandbox proxy while POST requests succeed (#485)
- fix: sanitize subprocess call in ossfs_mixin.py (#461)
- treat the singular Trailer header as hop-by-hop in the sandbox proxy route (#479)
- Remove duplicate sandbox_service instantiation in server lifespan (#468)
- restore port allocation for user-defined Docker networks (#467)
- fix(server): use asyncio.sleep instead of time.sleep in sandbox create (#489)
- disable IPv6 in execd init for Kubernetes egress, fix #501 (#514)
👥 Contributors
Thanks to these contributors ❤️
- @Pangjiping
- @ninan-nn
- @claw-mini-zz
- @joaquinescalante23
- @orbisai0security
- @Gujiassh
- @wishhyt
- @ctlaltlaltc
- @hittyt
- @skyler0513
- PyPI: opensandbox-server==0.1.8
- Docker Hub: opensandbox/server:v0.1.8
- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server:v0.1.8
Contributors
hittyt, ctlaltlaltc, and 8 other contributors
Assets 2
components/execd 1.0.8
What's New
✨ Features
- add Session API for pipe-based bash sessions in execd (#104)
🐛 Bug Fixes
- fix goroutine/fd leaks in runCommand when cmd.Start() fails; fix background command stdin still reading from real stdin instead of /dev/null; exit with non-zero code when execd server fails to start; fix panic on empty SQL query and missing
rows.Err()check (#468) - encode non-ASCII filenames in Content-Disposition header (#472)
👥 Contributors
Thanks to these contributors ❤️
- Docker Hub: opensandbox/execd:v1.0.8
- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.8
Contributors
csdbianhua, Pangjiping, and wishhyt
Assets 2
sandboxes/code-interpreter 1.0.2
What's New
🐛 Bug Fixes
- correct shell syntax typo in code-interpreter-env.sh (#457)
👥 Contributors
Thanks to these contributors ❤️
- Docker Hub: opensandbox/code-interpreter:v1.0.2
- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/code-interpreter:v1.0.2
Contributors
LavenderQAQ
Assets 2
components/execd 1.0.7
What's New
✨ Features
- add support env in run command request (#385)
- add fallback from bash to sh for Alpine-based images (#407)
- add uid and gid support for command execution (#332)
- extract version package to components/internal (#245)
- replace logger with internal package (#237)
🐛 Bug Fixes
- auto-recreate temp dir in stdLogDescriptor and combinedOutputDescriptor (#415)
- return 404 code for missing code context (#373)
📦 Misc
- refactor unit tests to testify require/assert (#385)
- sync latest image for v-prefixed TAG (#331)
- chore(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 in /components/execd (#251)
👥 Contributors
Thanks to these contributors ❤️
- Docker Hub: opensandbox/execd:v1.0.7
- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.7
Contributors
dependabot, zerone0x, and 4 other contributors
Assets 2
server 0.1.7
What's New
✨ Features
- refactor kubernetes client service and add rate limter (#429)
- add pvc support in agent-sandbox/batchsandbox runtime (#424)
- support user-defined Docker network stack (#426)
- add server rbac for secrets (#396)
- support image auth in batchsandbox provider (#395)
🐛 Bug Fixes
- clean up failed egress sidecar startup (#418)
- strip hop-by-hop proxy headers (#408)
- currect Kubernetes label key validation (#398)
- use internal endpoint resolution for server proxy mode (#404)
- clean up container when runtime prep fails (#394)
👥 Contributors
Thanks to these contributors ❤️
- PyPI: opensandbox-server==0.1.7
- Docker Hub: opensandbox/server:v0.1.7
- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server:v0.1.7
Contributors
Spground, ctlaltlaltc, and 5 other contributors
Assets 2
components/ingress 1.0.4
What's New
🐛 Bug Fixes
- set
CGO_ENABLED=0resolve ELF 64-bit LSB executable, x86-64, dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2 error (#436)
👥 Contributors
Thanks to these contributors ❤️
- Docker Hub: opensandbox/ingress:v1.0.4
- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/ingress:v1.0.4
Contributors
Pangjiping
Assets 2
components/egress 1.0.3
What's New
✨ Features
📦 Misc
👥 Contributors
Thanks to these contributors ❤️
- Docker Hub: opensandbox/egress:v1.0.3
- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.3
Contributors
Pangjiping
Assets 2
components/egress 1.0.2
What's New
✨ Features
- add patch policy updates and somke coverage (#392)
- add nameserver exempt for direct DNS forwarding (#356)
📦 Misc
- sync latest image for v-prefixed TAG (#331)
- Potential fix for code scanning alert no. 114: Workflow does not contain permissions (#278)
👥 Contributors
Thanks to these contributors ❤️
- Docker Hub: opensandbox/egress:v1.0.2
- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.2
Contributors
Pangjiping
Assets 2
server 0.1.6
What's New
✨ Features
- secure container e2e case & guide doc (#249)
- add configurable resources in execd init container (#349)
🐛 Bug Fixes
- reject websocket upgrades before proxying (#374)
- normalize sandbox resource names to DNS-1035 (#335)
- reject unsupported image.auth with actionable error (#364)
- fix create sandbox timeout in k8s service. No need to wait pod running when create sandbox (#349)
- fix file download path encoding and host volume validation errors (#257)
📦 Misc
- sync latest image for v-prefixed TAG (#331)
👥 Contributors
Thanks to these contributors ❤️
- PyPI: opensandbox-server==0.1.6
- Docker Hub: opensandbox/server:v0.1.6
- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server:v0.1.6
Contributors
fengcone, RonaldJEN, and 5 other contributors
Assets 2
components/ingress 1.0.3
What's New
✨ Features
- build linux/arm64 image (#330)
🐛 Bug Fixes
- Fixes inconsistent sandbox resource naming between creation and lookup paths when sandbox IDs begin with digits (e.g. UUID-like IDs), which can violate Kubernetes DNS-1035 naming rules. (#318)
📦 Misc
- sync latest image for v-prefixed TAG (#331)
👥 Contributors
Thanks to these contributors ❤️
- Docker Hub: opensandbox/ingress:v1.0.3
- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/ingress:v1.0.3
Contributors
Pangjiping and stablegenius49