From 5329b44e082be3c8cb4fbb2f928bf3887c579437 Mon Sep 17 00:00:00 2001
From: liqiang-fit2cloud <liqiang@fit2cloud.com>
Date: Tue, 16 Dec 2025 16:48:48 +0800
Subject: [PATCH] fix: deny access to local services by IPv6 and IPv6-mapped
 IPv4 addresses for sandbox.

---
 installer/Dockerfile-base | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installer/Dockerfile-base b/installer/Dockerfile-base
index 750d6a424..ae9d644ed 100644
--- a/installer/Dockerfile-base
+++ b/installer/Dockerfile-base
@@ -46,7 +46,7 @@ ENV PATH=/opt/py3/bin:$PATH \
     MAXKB_SANDBOX=1 \
     MAXKB_SANDBOX_HOME=/opt/maxkb-app/sandbox \
     MAXKB_SANDBOX_PYTHON_PACKAGE_PATHS="/opt/py3/lib/python3.11/site-packages,/opt/maxkb-app/sandbox/python-packages,/opt/maxkb/python-packages" \
-    MAXKB_SANDBOX_PYTHON_BANNED_HOSTS="127.0.0.0/8,localhost,host.docker.internal,172.17.0.0/16,maxkb,pgsql,redis,172.31.250.192/26,0.0.0.0/32,::1/128" \
+    MAXKB_SANDBOX_PYTHON_BANNED_HOSTS="127.0.0.0/8,localhost,host.docker.internal,172.17.0.0/16,maxkb,pgsql,redis,172.31.250.192/26,0.0.0.0/32,::/0" \
     MAXKB_ADMIN_PATH=/admin
 
 EXPOSE 6379
\ No newline at end of file