github alibaba/OpenSandbox docker/egress/v1.0.11
components/egress 1.0.11
on GitHub

latest release: cli/v0.1.1
8 hours ago

What's New

🐛 Bug Fixes

  • Decouple DNS-resolved nftables operations from the signal context. Previously onResolved captured the shutdown signal context, so every DNS-triggered AddResolvedIPs call would fail with "context canceled" after SIGTERM — even when the process was still alive. Now uses a detached 5-second timeout context for DNS-triggered nft ops, clears the callback before proxy shutdown, and uses a detached background context (30s timeout) for ApplyStatic so a disconnected HTTP client can't corrupt nftables state mid-script. (#871)

  • Add connection_strategy=lazy to mitmproxy, deferring upstream connection until the full request is received. Avoids establishing useless connections for requests that get intercepted or filtered. Also add OPENSANDBOX_EGRESS_MITMPROXY_SSL_INSECURE environment variable (default false, secure). When set to true, enables ssl_insecure=true to skip upstream TLS certificate verification — useful when clients connect to services by IP address directly and Go HTTP clients don't send SNI, causing mitmproxy upstream verification to fail with "Certificate verify failed: IP address mismatch". (#860)

👥 Contributors

Thanks to these contributors ❤️

  • Docker Hub: opensandbox/egress:v1.0.11
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.11
Check out latest releases or
releases around alibaba/OpenSandbox docker/egress/v1.0.11

Don't miss a new OpenSandbox release

NewReleases is sending notifications on new releases.

Get notifications