github opensandbox-group/OpenSandbox docker/egress/v1.1.4
components/egress 1.1.4

pre-release2 hours ago

What's New

⚠️ Breaking Changes

  • Credential Vault requires dns+nft enforcement. Credential-bound destinations can no longer be reached via direct-IP connections that bypass DNS. Deployments using DNS-only enforcement must migrate to mode = "dns+nft" in the [egress] config. defaultAction: allow still works but is deprecated for Credential Vault (emits a security warning); defaultAction: deny with explicit allow rules is recommended. (#1136)

  • X-Forwarded-Proto no longer trusted from arbitrary peers. Only trusted from IPs/CIDRs listed in OPENSANDBOX_EGRESS_CREDENTIAL_VAULT_TRUSTED_PROXY_CIDRS. Client-supplied forwarded headers are stripped and rebuilt from the observed connection. Deployments that terminate TLS in front of the egress sidecar must configure the trusted proxy CIDRs, otherwise Credential Vault will reject requests as non-HTTPS. (#1138)

  • Match.Ports removed from Credential Vault bindings. Port is now derived from scheme (http→80, https→443) — the only ports the intercept layer redirects. Remove the ports field from existing binding configs; SDK models regenerated. (#1189)

🔒 Security

  • Path traversal rejected before credential injection. When a vault is active, requests with raw ../, percent-encoded dot-segments (%2e%2e, mixed-case), or encoded path separators (%2f) now return 403 before binding match, preventing credential-scope escape via ambiguous paths. Legitimate clients resolve dot-segments before sending, so this is a strong evasion signal. When no vault is active, requests pass through unchanged. (#1192)

✨ Features

  • Credential Vault placeholder substitutions. Opt-in placeholder substitution for path, query, header, and body surfaces (including passthrough auth bindings), with request-side encoding rules and placeholder/value redaction. API contract, SDK models, docs, and e2e coverage updated. (#1251)

🐛 Bug Fixes

  • Fallback to native nft for DNS redirect. In some K8s pod netns, iptables-nft can list the nat table but fails on nat OUTPUT append (RULE_APPEND failed), causing the egress sidecar to crashloop. Now falls back to native nft DNS redirect rules, retries setup without dropping the table when it doesn't exist yet, and uses a plain drop for the default-deny fallback. (#1146)

🔧 Improvements

  • OTel metrics normalized. Attribute keys ._ (http_method, http_status_code, routing_result) and OTLP export switched to delta temporality. Update dashboards/alerts accordingly. (#1209)

  • CredentialSource provider interface. Credential source resolution now goes through a CredentialSource interface + SourceRegistry, enabling future secret manager integrations (HashiCorp Vault, AWS SM, etc.) without touching wire format or SDK models. (#1186)

📦 Misc

  • GHCR image publishing. egress images now also published to ghcr.io. (#1161)

👥 Contributors

Thanks to these contributors ❤️


  • Docker Hub: opensandbox/egress:v1.1.4
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.1.4
  • GHCR: ghcr.io/opensandbox-group/opensandbox/egress:v1.1.4

Don't miss a new OpenSandbox release

NewReleases is sending notifications on new releases.