python · nono-pyHeads-up
nono-py policy handling may fail open for proxy restrictions
Policy-derived ProxyConfig did not enforce CapabilitySet.
What changed
Policy-derived ProxyConfig did not enforce CapabilitySet.proxy_only, and policy JSON accepted unknown security-sensitive fields.
Who it affects
Users of nono-py who rely on policy-based network restrictions, especially those using domain allowlists with proxy configurations.
What to do today
Update nono-py to the latest patched version and ensure policy-resolved proxy configurations are coupled with CapabilitySet.proxy_only(proxy).
The trail
Collected→
Audited→
Written→
Published