OpenSandbox

vdocker/execd/v1.0.15 Feature

This release adds 1 notable feature for engineering teams evaluating rollout.

Published 27d Containers & Orchestration

✓ No known CVEs patched

✓ No known CVEs patched in this version

Topics

ai ai-agent ai-infra kubernetes sandbox

Summary

AI summary

Sensitive data in user command logs is now masked.

Full changelog

ServerAccessToken can now be set via EXECD_ACCESS_TOKEN environment variable as an alternative to the --access-token CLI flag. When both are provided, the CLI flag takes precedence (#846)

sanitize sensitive data before logging user commands: masks passwords, tokens, API keys (including LTAI/AKIA/AKID cloud access keys), Authorization headers, and URL credentials. Also masks the Jupyter auth token logged at startup (#815)

refresh architecture documentation: update docs/architecture.md and architecture overview SVG to reflect current OpenSandbox design; update components/execd/DEVELOPMENT.md examples from Beego-era guidance to current Gin/package-logger setup (#833)
document coding standards enforcement across all components (Ruff, ESLint, Spotless/ktlint, .NET analyzers, go vet, golangci-lint, gofmt); add C# SDK .editorconfig; make native Go binary builds repeatable with -trimpath, -buildvcs=false, fixed SOURCE_DATE_EPOCH metadata (#808)

Thanks to these contributors ❤️

Docker Hub: opensandbox/execd:v1.0.15
Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.15

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track OpenSandbox

Get notified when new releases ship.

About OpenSandbox

Secure, Fast, and Extensible Sandbox runtime for AI agents.