vArmor v0.10.1: AI Agent Traffic Inspection, Key Injection, and CVE-2026-31431 Mitigation
In vArmor v0.10.0, we introduced the NetworkProxy enforcer — a sidecar-based transparent proxy that brings L4/L7 network access control to Kubernetes workloads. While v0.10.0 could already enforce allow/deny policies on plaintext HTTP and TLS SNI, HTTPS encrypted traffic remained a black box: the proxy could see the destination domain via SNI, but could not inspect request paths, headers, or response bodies.
vArmor v0.10.1 completes the Phase 2 of the NetworkProxy enforcer by adding TLS Man-in-the-Middle (MITM) capabilities, unlocking deep HTTPS inspection, automatic header injection, and anti-Domain-Fronting protection. This release also introduces IPv6 dual-stack support, configurable sidecar resource quotas, a ConfigMap-to-Secret migration for improved security, and demonstrates rapid CVE response capabilities through the CVE-2026-31431 mitigation case study.