github opensandbox-group/OpenSandbox docker/egress/v1.1.0
components/egress 1.1.0
on GitHub

9 hours ago

What's New

⚠️ Breaking Changes

  • Mitmproxy static options moved from hardcoded flags to config.yaml — all static mitmproxy options (mode, listen_host, stream_large_bodies, ssl_verify_upstream_trusted_confdir, ignore_hosts) are now declared in a baked-in config.yaml under the standard mitm confdir layout. launch.go retains only per-deployment dynamic flags (--set driven by env vars). This change fixes two latent bugs: stream_large_bodies was set to 1m in launch.go but overridden to 10m by custom.py (the launch.go value was dead code), and ignore_hosts with multiple entries was silently truncated to only the last value because each --set on a list option replaces the entire list. Two environment variables have been removed:

    • OPENSANDBOX_EGRESS_MITMPROXY_CONFDIR — removed because it would break config.yaml discovery.
    • OPENSANDBOX_EGRESS_MITMPROXY_IGNORE_HOSTS — replaced by the yaml-native list in config.yaml (the env-based path was the root cause of the silent-overwrite bug).

    Migration: if you relied on OPENSANDBOX_EGRESS_MITMPROXY_IGNORE_HOSTS, add entries directly to the ignore_hosts list in config.yaml. Override paths: (1) downstream image COPY over the baked-in path, (2) K8s ConfigMap subPath mount, or (3) single-option --set via the documented dynamic env vars. A /egress symlink → /opt/opensandbox-egress/egress is preserved for tooling that references the pre-#951 path. (#975)

✨ Features

  • Credential vault support — egress now participates in the new credential vault injection pipeline. Sandboxes can receive injected credentials (API keys, tokens, OAuth) via the vault system, with egress handling the network-policy side of credential-bearing outbound requests. Part of a cross-cutting feature spanning server, egress, SDKs, and Kubernetes. (#1009)

📝 Documentation

  • Supervisor and API documentation overhaul — added a dedicated opensandbox-supervisor README covering all flags, backoff behavior, crashloop breaker, hooks, and event log schema. Egress README updated with correct Go version (1.24 → 1.25), added PUT/DELETE/healthz endpoint docs, always-rules file reference, DNS upstream env vars, and SSL_INSECURE documentation. Supervisor section now links to the internal supervisor docs. (#984)

👥 Contributors

Thanks to these contributors ❤️

  • Docker Hub: opensandbox/egress:v1.1.0
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.1.0
Check out latest releases or
releases around opensandbox-group/OpenSandbox docker/egress/v1.1.0

Don't miss a new OpenSandbox release

NewReleases is sending notifications on new releases.

Get notifications