What's New
⚠️ Breaking Changes
- Migrate code-interpreter paths from
/opt/opensandboxto/opt/code-interpreter— all code-interpreter entrypoint, env script, and log paths have moved from/opt/opensandbox/to/opt/code-interpreter/. Consumers who hardcode the entrypoint/opt/opensandbox/code-interpreter.shmust update to/opt/code-interpreter/code-interpreter.sh. Users who pin a specific tag (e.g.,v1.0.2) are unaffected — existing tagged images remain immutable. See the full migration guide in (#1012)
✨ Features
- Sign and attest release artifacts — code-interpreter Docker images are now signed with Sigstore/cosign keyless signing and published with GitHub attestations. Supports verification of image authenticity and integrity. (#827)
- Add seccomp-based clone3 fallback in execd — inside the sandbox, execd now falls back from
clone3toclonewhen the seccomp profile blocksclone3, improving compatibility with older kernels and restrictive seccomp policies. (#518)
🐛 Bug Fixes
- Skip repeated tslab install on startup — the code-interpreter startup script now checks whether
tslaband its Jupyter kernelspecs are already installed before re-runningnpm install -g tslabandtslab install, reducing cold-start time for pre-built images. (#960)
📦 Misc
- Add Dockerfile.dockerignore to reduce build context — shrinks the Docker build context sent to the builder, speeding up image builds. (#718)
👥 Contributors
Thanks to these contributors ❤️
- Docker Hub: opensandbox/code-interpreter:v1.1.0
- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/code-interpreter:v1.1.0