Skip to content

v0.9.0

Choose a tag to compare

View all tags
@clemlesne clemlesne released this 12 Feb 16:41
· 358 commits to main since this release
v0.9.0
1ee89c6

What's New

3-Layer Outbound Filtering

Network filtering rewritten from DNS-only sinkholing to defense-in-depth:

  1. DNS — non-allowed domains fail resolution (v0.8.0 returned fake 0.0.0.0 instead)
  2. TLS SNI — only HTTPS on port 443, plain HTTP and raw TCP blocked even for allowed domains
  3. Anti-spoofing — destination IP must match the SNI domain's DNS records
result = await scheduler.run(
    code="import requests; requests.get('https://pypi.org')",
    language=Language.PYTHON,
    allowed_domains=["pypi.org"],  # 3-layer enforcement
)

Before (v0.8.0): guest could bypass by resolving an allowed domain, grabbing the IP, then connecting directly without DNS. The old code only sinkholed DNS to 0.0.0.0 — no TLS or IP validation.

Now: connecting by IP without TLS? Blocked. With TLS but wrong SNI? Blocked. Correct SNI but IP doesn't match DNS? Blocked.

Breaking Changes

  • create_dns_records, create_dns_zone, generate_dns_zones_json replaced by create_outbound_patterns and generate_outbound_allow_json
  • gvproxy-wrapper -dns-zones flag replaced by -outbound-allow (JSON array of regex patterns)

Dependencies

  • gvisor-tap-vsock v0.8.7-dualeai.3 → v0.8.8-dualeai.1 (new OutboundAllow + BlockAllOutbound)
  • miekg/dns v1.1.69 → v1.1.72, logrus v1.9.3 → v1.9.4

Full Changelog: v0.8.0...v0.9.0

Assets 25
Loading