OpenSandbox

vdocker/execd/v1.0.16 Bugfix

This release fixes issues for SREs watching stability and regressions.

Published 20d Containers & Orchestration

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai ai-agent ai-infra kubernetes sandbox

Affected surfaces

crypto_tls

ReleasePort's take

Light signal

editorial:auto 13d

execd v1.0.16 merges system roots with mitmproxy CA, resolving certificate verification failures for Python requests and OpenSSL clients.

Why it matters: Update to execd v1.0.16 immediately if your workflows rely on Python requests or OpenSSL; the merged CA bundle eliminates prior verification errors.

Summary

AI summary

Fixed certificate verification failures for Python and OpenSSL clients by merging system roots with mitmproxy CA.

Changes in this release

Type	Severity	Summary	CVE
Bugfix	Medium	execd's mitmproxy now exports REQUESTS_CA_BUNDLE so Python requests-based tools trust intercepted HTTPS traffic. execd's mitmproxy now exports REQUESTS_CA_BUNDLE so Python requests-based tools trust intercepted HTTPS traffic. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	REQUESTS_CA_BUNDLE and SSL_CERT_FILE now contain merged CA bundle (system roots + mitmproxy CA). REQUESTS_CA_BUNDLE and SSL_CERT_FILE now contain merged CA bundle (system roots + mitmproxy CA). Source: llm_adapter@2026-05-21 Confidence: high	—

Full changelog

What's New

🐛 Bug Fixes

execd's mitmproxy now exports REQUESTS_CA_BUNDLE so Python requests-based tools trust the intercepted HTTPS traffic. Previously the CA env var was missing, causing certificate verification failures for Python workloads routed through the proxy (#868)
REQUESTS_CA_BUNDLE and SSL_CERT_FILE now contain a merged CA bundle (system roots + mitmproxy CA) instead of the mitmproxy CA alone. The previous behavior replaced system trust stores, breaking direct HTTPS connections from Python requests and OpenSSL-based clients. The merged bundle is tracked via the new OPENSANDBOX_MERGED_CA env var. NODE_EXTRA_CA_CERTS is unaffected since Node.js appends rather than replaces (#884)

👥 Contributors

Thanks to these contributors ❤️

@Pangjiping

Docker Hub: opensandbox/execd:v1.0.16
Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.16

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track OpenSandbox

Get notified when new releases ship.

About OpenSandbox

Secure, Fast, and Extensible Sandbox runtime for AI agents.

All releases →