openrundev/openrun](https:

Changelog

Added

• Added security.trusted_proxies server config to control which reverse proxies or load balancers are allowed to supply forwarded client IP headers.
• Added system.fallback_unknown_domains server config to optionally preserve legacy routing of unknown hostnames to the default domain.
• Added system.builder_auth_token server config for delegated container builds, using a shared bearer token between the main OpenRun install and builder node(s).
• Added security.allowed_mounts server config to allow administrators to approve host directories that apps may use as container bind-mount sources.

Changed

• req.RemoteIP now ignores X-Forwarded-For and X-Real-IP unless the direct peer is listed in security.trusted_proxies.
• Reverse proxied requests now strip inbound forwarding headers and rebuild a clean X-Forwarded-* / X-Real-IP set before sending the request upstream.
• Requests for unknown Host values no longer route to the default domain unless system.fallback_unknown_domains is explicitly enabled.
• Delegated builds now require a valid bearer token on /_openrun/delegate_build. Builder nodes should run with builder.mode = "delegate_server" and no longer require security.admin_over_tcp = true for delegated-build ingress. Existing delegated-build setups must set the same system.builder_auth_token value on the main install and every builder node before upgrading.
• CORS is disabled by default for apps. The default app_config.cors.allow_origin is now empty and app_config.cors.allow_credentials is now "false". Apps that need browser cross-origin access must opt in with an app config override such as cors.allow_origin="https://frontend.example.com" or cors.allow_origin="origin".
• The default server-level container.config(...) permission no longer allows access to all secrets. Containerized apps that pass secrets through params, build args or generated secret volumes now need an explicitly approved container.config permission with the required secrets=[...] allowlist, unless the server config is intentionally changed to allow those secrets globally.
• Container runtime options now only pass raw Docker/Podman flags from app metadata when the flag is explicitly listed in security.allowed_container_args. Built-in cpus and memory options continue to be parsed by OpenRun and do not require this raw flag allowlist.
• Container bind-mount sources are now restricted to the app source directory, the app runtime directory, or directories listed in security.allowed_mounts. Relative bind sources must stay inside the app source tree.

Commits

• 2ba842f4a188966feca072360df8dddc72baf3b5: Add mounts to .gitignore (@akclace)
• 8106d6d67517324ff8dc15416ce66a1f07620515: Add security.allowed_mounts configuration to restrict bind-mount sources (@akclace)
• 6ac0e7908d80e51b61ccd614a84921c93c414455: Added CSRF for logout call (@akclace)
• d8e5c33b6a6516ea08601a54c0b0d506af7c9134: Added builder token for delegated builds (@akclace)
• 6be0676c08421e85363dd4eb488e59e15b5d7878: Added max size for webhook body (@akclace)
• 67f3de8c3492ece8ae85e7decd53d02a23d353b1: Added validation for table name (@akclace)
• bc9e778a3818dd3b49d880f4277c85ed5ad0d6f0: Bump github.com/go-git/go-git/v5 from 5.17.1 to 5.18.0 (#89) (@dependabot[bot])
• 14d739b89dcb32d49af92db727e9e4a2640d4000: Bump github.com/jackc/pgx/v5 from 5.7.5 to 5.9.0 (#88) (@dependabot[bot])
• 8e8379decdd8769a99779aa40ebc6b3ce4bed7c4: Bump github.com/moby/spdystream from 0.5.0 to 0.5.1 (#87) (@dependabot[bot])
• ab223f4dc0763ae4112d952b65cda68119202d3a: Bump go.opentelemetry.io/otel/sdk from 1.41.0 to 1.43.0 (#86) (@dependabot[bot])
• a842656190e37094307a2b613239fc2d6e46a949: Changed default CORS settings (@akclace)
• 6a30c5eb121d4aebce2b2fa60b694a9f0f96fe33: Changed default for secrets access permission (@akclace)
• 693e182e5661eb01be94c33e8b21b49968def26d: Disallow symlinks in source path (@akclace)
• 1241d5ff5a79acec60af7f786380c668b13382d2: Fix IPv6 host name parsing (@akclace)
• 989872159539f5ef7896090d208d3791eb3c2693: Fix auth header and session validation (@akclace)
• 245832676213304840991cab3efbd0ab12e7d36f: Fix checks for path traversal (@akclace)
• babc00ea32edd444b24f64a9c6c3ac0c1dd7ec92: Fix client IP handling, add config for setting trusted proxies (@akclace)
• 810f30fa8c018d0f5de4f9a597f0f5c277ea204d: Fix file path checks (@akclace)
• 636a72eb0275405bc675583063ffb031dc365055: Fix path traversal during external commands (@akclace)
• ae3d685c76777a5b338e40186e01cb7259fd1229: Fix quick start link in docs (@akclace)
• a793329de30b5c06a8e86042a0618af6fecacebf: Fix test case (@akclace)
• 4c147d87e4695a9c71fdd6378a4125afa5b7a4c3: Harden github actions (@akclace)
• 47756489be0bcbe8cd876dade571b3a181b632fd: Harden referrer path handling (@akclace)
• a73316b533422ec21129029994e31838d4091443: Limit container options which can be specified (@akclace)
• bd4cc7ff258d3ad1810f0024951020902d14f2af: Remove config file read in CLI parser and fix test (@akclace)
• 3a32d6babbba49b8a421ccd8a26c6a485a50b405: Remove test API endpoint (@akclace)
• 4148c01c2a4ac7d77c8d3e389aab866583cd2649: Requests for unknown Host no longer route to the default domain (@akclace)
• 148f1eb2767c4f572ef8d401982566327b845765: Skip fetching tags during checkout (@akclace)
• 01e26bb2673786ef19382339285f25eff11df67b: Update go version to 1.26.2 (@akclace)
• cfa6c3670d63399ef4459c6cfcb13ad2cd608197: Updated delegated build to add max size limit (@akclace)
• 8611215a57a4ee6684d06b1934af0b33847ca6c8: Verify Host header during HTTPS redirect (@akclace)