Skip to content

v0.7.20

Choose a tag to compare

View all tags
@ggoodman ggoodman released this 11 Jun 02:52
v0.7.20
54ea087
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Sandbox now routes host-side network egress through a shared HostEgress path. Raw TCP, UDP relays, DNS upstreams, synthesized DNS answers, and intercepted HTTP/HTTPS forwarding use the same admission and dialing boundary, which makes host VPN, enterprise DNS, and future proxy-aware behavior easier to reason about.

HTTP interception also builds upstream TLS from the host native root store so enterprise-installed certificate authorities can be honored by the host side of the connection.

Idle network-service memory has been reduced by shrinking listener and relay buffer reservations while keeping a separate TCP DNS listener pool for concurrent DNS-over-TCP accepts.

Assets 2
Loading