github alibaba/OpenSandbox server/v0.1.13
server 0.1.13
on GitHub

latest release: docker/execd/v1.0.15
4 hours ago

What's New

✨ Features

  • Snapshot lifecycle management — create/get/list/delete APIs with async background commit, SQLite metadata store, and startup recovery for unfinished snapshots. Sandbox restore via snapshotId. SDK support across all 5 languages.

    • Docker: image commit/delete/inspect runtime (#764)
    • Kubernetes: SandboxSnapshot CRD with server-side watching (#837)
    • Deletion durability: records persisted as Deleting before runtime cleanup, so interrupted deletes recover via existing startup path instead of leaving stale Ready metadata (#842)

  • OSEP-0011: Signed endpoints for secure route accessGET /sandboxes/{sandboxId}/endpoints/{port}?expires=<unix_seconds> returns SHA256-signed time-limited route tokens. Ingress gateway verifies signature before proxying. SDK support across all 5 languages. (#787)

  • OSEP-0008: Pause/resume with rootfs snapshot (Kubernetes)/pause and /resume endpoints, SandboxSnapshot CRD + controller, nerdctl-based image-committer Job. Supports pausePolicy in pool-based BatchSandbox. (#668)

  • API key env overrideOPENSANDBOX_SERVER_API_KEY env var overrides server.api_key from TOML config. Helm chart updated with env support. (#830)

🐛 Bug Fixes

  • K8s: event loop blocked during sandbox creationtime.sleep in _wait_for_sandbox_ready blocked the asyncio event loop, causing liveness probe timeouts. Replaced with await asyncio.sleep. (#841)

  • Host path validation bypass via symlinks — host paths and allowed prefixes now resolved with os.path.realpath() before validation. Closes #814. (#816)

  • CodeQL static analysis fixes — fixed integer conversion, stack trace exposure, clear-text logging, regex backtracking, JS string escaping, missing workflow permissions. OSSFS temp files now owner-only. (#795)

  • CodeQL false positive documentation — documented suppressions for sandbox-local SQL execution, Docker port probe, and startup-guard logging. (#797)

📦 Misc

  • Docker runtime modularization — split 2698-line docker.py into mixin modules (orchestration, container ops, networking, volumes, runtime). No behavior changes. (#832)

  • Coverage enforcement — CI enforces 80% statement coverage with pytest-cov --cov-fail-under=80. (#828)

👥 Contributors

Thanks to these contributors ❤️

  • PyPI: opensandbox-server==0.1.13
  • Docker Hub: opensandbox/server:v0.1.13
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/server:v0.1.13
Check out latest releases or
releases around alibaba/OpenSandbox server/v0.1.13

Don't miss a new OpenSandbox release

NewReleases is sending notifications on new releases.

Get notifications