furyhawk/deer-flow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[security] fix(sandbox): bind local Docker ports to loopback (#2633)

Browse Source 
* fix(sandbox): bind local Docker ports to loopback

* fix(sandbox): preserve IPv6 loopback Docker binds

* fix(sandbox): log Docker bind host selection
This commit is contained in:
Hinotobi
2026-04-30 11:40:28 +08:00
committed by GitHub
parent 24a5a00679
commit 74081a85a6
3 changed files with 169 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/docs/CONFIGURATION.md
+2
View File
@@ -259,6 +259,8 @@ sandbox:
When you configure `sandbox.mounts`, DeerFlow exposes those `container_path` values in the agent prompt so the agent can discover and operate on mounted directories directly instead of assuming everything must live under `/mnt/user-data`.
For bare-metal Docker sandbox runs that use localhost, DeerFlow binds the sandbox HTTP port to `127.0.0.1` by default so it is not exposed on every host interface. Docker-outside-of-Docker deployments that connect through `host.docker.internal` keep the broad legacy bind for compatibility. Set `DEER_FLOW_SANDBOX_BIND_HOST` explicitly if your deployment needs a different bind address.
### Skills
Configure the skills directory for specialized workflows: