This release fixes issues for SREs watching stability and regressions.
✓ No known CVEs patched in this version
Topics
Summary
AI summaryKill the entire process group on command cancel, fixing orphan processes.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Bugfix | Medium |
Kill entire process group on command cancel, preventing orphaned child processes. Kill entire process group on command cancel, preventing orphaned child processes. Source: llm_adapter@2026-05-25 Confidence: high |
— |
| Bugfix | Medium |
Extend mitmproxy CA wait from 30s to 300s and log the actual wait duration. Extend mitmproxy CA wait from 30s to 300s and log the actual wait duration. Source: llm_adapter@2026-05-25 Confidence: high |
— |
Full changelog
What's New
🐛 Bug Fixes
- Kill the entire process group on command cancel. Previously cancellation (client disconnect, timeout,
DELETE /command) sent SIGKILL only to the bash group leader, so children spawned via&or pipelines kept running as orphans.runCommandandkillPidnow signal-pid(Setpgid group), matchingrunBackgroundCommand;kill(-pid, 0)is used for liveness probing. Fixes #922 (#924) - Extend mitmproxy CA wait from 30s to 300s and log the actual wait duration. The bootstrap script previously gave up after 30s and started the sandbox without system CA trust, silently breaking HTTPS for system libraries when the egress sidecar was recovering from a transient failure (e.g. mitmproxy OOM restart with backoff) (#943)
👥 Contributors
Thanks to these contributors ❤️
- @Pangjiping
- Docker Hub: opensandbox/execd:v1.0.18
- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.18
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Related tools
Beta — feedback welcome: [email protected]