Skip to content

server 0.1.8

Choose a tag to compare

View all tags
@Pangjiping Pangjiping released this 22 Mar 06:53
· 858 commits to main since this release
server/v0.1.8
fe55fe9

Warning

server 0.1.8 contains a lifecycle response compatibility regression and will be yanked.
In this release, some unset optional lifecycle response fields may be serialized as explicit JSON null values instead of being omitted. This can break older released SDKs, especially Python SDK versions that do not tolerate explicit null in lifecycle responses.

If you are affected, do not pin to opensandbox-server==0.1.8. Upgrade to 0.1.9 once available.

What's New

✨ Features

  • bump execd's image to v1.0.8 (#502)
  • Add [egress].mode (dns | dns+nft, default dns); wire to sidecar as OPENSANDBOX_EGRESS_MODE on both Docker and Kubernetes (#501)
  • add per-sandbox egress auth header generation and propagation through lifecycle endpoint responses (#492)
  • support no-timeout (manual cleanup) in Kubernetes sandbox service (#466)
  • support manual cleanup sandboxes (#446)
  • implement OSSFS storage for Docker service in sandbox lifecycle (#340)

🐛 Bug Fixes

  • Kubernetes egress: Run the sidecar privileged; use a startup command (sysctl for net.ipv6.conf.all.disable_ipv6, then /egress) instead of Pod securityContext.sysctls for IPv6; remove build_ipv6_disable_sysctls. (#501)
  • reuse a single volume per claim_name and add multiple volumeMounts instead of one volume per Volume object. (#458)
  • fix Docker server-proxy endpoint resolution for bridge sandboxes with egress sidecar by falling back to host-mapped endpoint resolution when internal IP resolution is not applicable (#492)
  • increase default pids_limit to 4096 for production use (#496)
  • increase default pids_limit to 4096 for production use (#495)
  • Fixes the issue where GET requests with query parameters fail through the sandbox proxy while POST requests succeed (#485)
  • fix: sanitize subprocess call in ossfs_mixin.py (#461)
  • treat the singular Trailer header as hop-by-hop in the sandbox proxy route (#479)
  • Remove duplicate sandbox_service instantiation in server lifespan (#468)
  • restore port allocation for user-defined Docker networks (#467)
  • fix(server): use asyncio.sleep instead of time.sleep in sandbox create (#489)
  • disable IPv6 in execd init for Kubernetes egress, fix #501 (#514)

👥 Contributors

Thanks to these contributors ❤️

  • PyPI: opensandbox-server==0.1.8
  • Docker Hub: opensandbox/server:v0.1.8
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server:v0.1.8

Contributors

hittyt, ctlaltlaltc, and 8 other contributors
Assets 2
Loading