Releases: CheckPointSW/charts
2.25.0: IA 2.27.0 containerd fix; AC enforcer 2.10.0 GSL fix
Image Assurance 2.27.0
- Fix “Internal error” image scan errors: on nodes with containerd Container runtime configured to discard compressed image layers once they were unpacked. Affects GKE 1.27+ and all EKS with AMIs released after July 28 2023
Admission Control Enforcer 2.10.0
- Fix escaping in GSL if regular expression defined.
Full Changelog: 2.24.3...2.25.0
2.25.0 ea: IA 2.27.0 containerd fix; AC enforcer 2.10.0 GSL fix
Image Assurance 2.27.0
- Fix “Internal error” image scan errors: on nodes with containerd Container runtime configured to discard compressed image layers once they were unpacked. Affects GKE 1.27+ and all EKS with AMIs released after July 28 2023
Admission Control Enforcer 2.10.0
- Fix escaping in GSL if regular expression defined.
Full Changelog: 2.24.3-ea...2.25.0-ea
2.24.3: IA Sonatype Nexus registry; all: enhancements
Image Assurance 2.25.0
- support Sonatype Nexus Registry scan
All features: Inventory 1.13.0; Image Assurance 2.25.0; Admission Control: enforcer 2.9.0, policy 1.7.0; Runtime Protection: policy 1.7.0; Flow Logs 0.12.0
- improved telemetry
- security enhancements
Full Changelog: 2.23.0...2.24.3
2.24.3 ea: IA Sonatype Nexus registry; all: enhancements
Image Assurance 2.25.0
- support Sonatype Nexus Registry scan
All features: Inventory 1.13.0; Image Assurance 2.25.0; Admission Control: enforcer 2.9.0, policy 1.7.0; Runtime Protection: policy 1.7.0; Flow Logs 0.12.0
- improved telemetry
- security enhancements
Full Changelog: 2.24.0-ea...2.24.3-ea
2.24.0 ea: Runtime Protection: reduced False Positives in File Reputation blade
Runtime Protection: daemon 1.11.4, probe 0.30.2-cp-6
- reduced False Positives in File Reputation blade
2.23.0: Autopilot, AC port change, ECR custom role, RP PSP etc.
Admission Control: enforcer 2.8.0, policy 1.6.0
- Enforcer server receives requests on port 8443 instead of port 8080
Image Assurance 2.23.0
- When scanning an ECR Container Registry from an EKS cluster, a custom IAM Role can be used for access control (within the same AWS account or across accounts)
Runtime Protection: policy 1.5.0
- Adjust support for Pod Security Policy
Flow Logs 0.10.0
- Improved telemetry
Inventory 1.11.1
- GKE Autopilot support
All features
- Support for GKE Autopilot (except for Runtime Protection)
- Do not attempt to run Daemonset pods on Fargate nodes that are not supported
Full Changelog: 2.22.0...2.23.0
2.22.0: runtime protection enhancements
2.20.1 ea: priority class enhancements
- Allow specifying priority class per agent. Set 'cluster-critical' and 'node-critical' priority class for agents by default
Full Changelog: 2.20.0...2.20.1
2.20.0: RP File Reputation on GKE COS; fluentbit removal; misc.
Image Assurance | 2.21.0
- improvements for slow networks and large images
RuntimeProtection | runtime-daemon 1.6.2, runtime-probe 0.30.2-cp-3, runtime-cos-compat 0.0.9
- Google COS support in File Reputation engine
- Security enhancements
- FluentBit container removal from runtime-daemon Pod
- Profiling engine improvements - better detection of startup event
All features
- FluentBit removal
Full Changelog: 2.19.1...2.20.0
2.20.0 ea: RP File Reputation on GKE COS; fluentbit removal; misc
Image Assurance | 2.21.0
- improvements for slow networks and large images
RuntimeProtection | runtime-daemon 1.6.2, runtime-probe 0.30.2-cp-3, runtime-cos-compat 0.0.9
- Google COS support in File Reputation engine
- Security enhancements
- FluentBit container removal from runtime-daemon Pod
- Profiling engine improvements - better detection of startup event
All features
- FluentBit removal
Full Changelog: 2.19.0-ea...2.20.0-ea