This release includes 2 breaking changes for platform teams planning a safe upgrade.
Published 28d
Containers & Orchestration
✓ No known CVEs patched
✓ No known CVEs patched in this version
Topics
ai
ai-agent
ai-infra
kubernetes
sandbox
Summary
AI summaryIngress now watches sandbox CRs across all namespaces, deprecating the --namespace flag and rejecting ambiguous IDs.
Full changelog
What's New
✨ Features
- Multi-namespace support: Ingress watches sandbox CRs across all namespaces instead of a single one.
--namespaceflag deprecated. Ambiguous sandbox IDs across namespaces are rejected. (#699) - Secure access routing (OSEP-0011): Added
--secure-access-keysflag for signed URL verification. Sandboxes withopensandbox.io/secure-accessrequire valid signatures; sandboxes without it continue to work with unsigned routes. (#761) - Log rotation: File log outputs auto-rotate via lumberjack (100MB, 30d, 10 backups default). (#791)
🐛 Bug Fixes
- Proxy panic log now includes
uri,host,methodfields for debugging. (#802) - CodeQL static analysis fixes (integer conversion hardening in signature package). (#795)
📦 Misc
- Bumped OpenTelemetry Go deps for security alerts (#799)
- Repeatable builds:
-trimpath,-buildvcs=false, fixed metadata (#808) - Added
.dockerignoreto shrink build context (#718)
👥 Contributors
Thanks to these contributors ❤️
- @Pangjiping
- @hittyt
- Docker Hub: opensandbox/ingress:v1.0.7
- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/ingress:v1.0.7
Breaking Changes
- --namespace flag deprecated and removed
- Ambiguous sandbox IDs across namespaces are now rejected
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Related tools
Beta — feedback welcome: [email protected]