opensandbox-group/OpenSandbox docker/egress/v1.1.1

components/egress 1.1.1

on GitHub

What's New

✨ Features

• Credential vault TLS transport check configurable — new OPENSANDBOX_EGRESS_CREDENTIAL_VAULT_REQUIRE_TLS env var controls whether vault writes require TLS/loopback. When enabled, also trusts X-Forwarded-Proto: https for TLS-terminating proxies. Default off. (#1063)

🐛 Bug Fixes

• DNS race on crash restart eliminated — pre-start hook now cleans up stale iptables rules that survived crashes. Replaced 200ms blind wait with NotifyStartedFunc to confirm socket bind before installing redirects. (#1061)

• Credential vault works with defaultAction: allow — vault bindings no longer require explicit egress allow rules when default policy is allow. Explicit deny rules still enforced. (#1066)

📝 Documentation

• README synced with current code — added credential vault docs, missing env vars, IP/CIDR support, and corrected "Graceful Degradation" → "Fail-Closed Enforcement". (#1080)

👥 Contributors

Thanks to these contributors ❤️

• @Pangjiping

• Docker Hub: opensandbox/egress:v1.1.1
• Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.1.1