Releases: falcosecurity/falco
Releases Β· falcosecurity/falco
0.39.0
Packages | Download |
---|---|
rpm-x86_64 | |
deb-x86_64 | |
tgz-x86_64 | |
rpm-aarch64 | |
deb-aarch64 | |
tgz-aarch64 |
Images |
---|
docker pull docker.io/falcosecurity/falco:0.39.0 |
docker pull public.ecr.aws/falcosecurity/falco:0.39.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.39.0 |
docker pull docker.io/falcosecurity/falco-driver-loader-legacy:0.39.0 |
docker pull docker.io/falcosecurity/falco-no-driver:0.39.0 |
docker pull docker.io/falcosecurity/falco-distroless:0.39.0 |
v0.39.0
Released on 2024-10-01
Breaking Changes β οΈ
- fix(falco_metrics)!: split tags label into multiple
tag_
-prefixed labels [#3337] - @ekoops - fix(falco_metrics)!: use full name for configs and rules files [#3337] - @ekoops
- update(falco_metrics)!: rearrange
n_evts_cpu
andn_drops_cpu
Prometheus metrics to follow best practices [#3319] - @incertum - cleanup(userspace/falco)!: drop deprecated -t,-T,-D options. [#3311] - @FedeDP
Major Changes
- feat(stats): add host_netinfo networking information stats family [#3344] - @ekoops
- new(falco): add json_include_message_property to have a message field without date and priority [#3314] - @LucaGuerra
- new(userspace/falco,userspace/engine): rule json schema validation [#3313] - @FedeDP
- new(falco): introduce append_output configuration [#3308] - @LucaGuerra
- new(userspace/falco): added --config-schema action to print config schema [#3312] - @FedeDP
- new(falco): enable CLI options with -o key={object} [#3310] - @LucaGuerra
- new(config): add
container_engines
config to falco.yaml [#3266] - @incertum - new(metrics): add host_ifinfo metric [#3253] - @incertum
- new(userspace,unit_tests): validate configs against schema [#3302] - @FedeDP
Minor Changes
- update(falco): upgrade libs to 0.18.1 [#3349] - @LucaGuerra
- update(systemd): users can refer to systemd falco services with a constistent unique alias falco.service [#3332] - @ekoops
- update(cmake): bump libs to 0.18.0 and driver to 7.3.0+driver. [#3330] - @FedeDP
- chore(userspace/falco): deprecate
cri
related CLI options. [#3329] - @FedeDP - update(cmake): bumped falcoctl to v0.10.0 and rules to 3.2.0 [#3327] - @FedeDP
- update(falco_metrics): change prometheus rules metric naming [#3324] - @incertum
Bug Fixes
- fix(falco): allow disable_cri_async from both CLI and config [#3353] - @LucaGuerra
- fix(engine): sync outputs before printing stats at shutdown [#3338] - @LucaGuerra
- fix(falco): allow plugin init_config map in json schema [#3335] - @LucaGuerra
- fix(userspace/falco): properly account for plugin with CAP_PARSING when computing interesting sc set [#3334] - @FedeDP
Non user-facing changes
- feat(cmake): add conditional builds for falcoctl and rules paths [#3305] - @tembleking
- cleanup(falco): ignore lint commit [#3354] - @LucaGuerra
- chore(falco): apply code formatting [#3350] - @poiana
- chore: ignore_some_files for clang format [#3351] - @Andreagit97
- sync: release 0.39.x [#3340] - @FedeDP
- fix(userspace/engine): improve rule json schema to account for
source
andrequired_plugin_versions
[#3328] - @FedeDP - cleanup(falco): use header file for json schema [#3325] - @LucaGuerra
- update(engine): modify append_output format [#3322] - @LucaGuerra
- chore: scaffolding for enabling code formatting [#3321] - @Andreagit97
- update(cmake): bump libs and driver to 0.18.0-rc1. [#3320] - @FedeDP
- fix(ci): restore master and release CI workflow permissions. [#3317] - @FedeDP
- fixed the token-permission and pinned-dependencies issue [#3299] - @harshitasao
- update(cmake): bump falcoctl to v0.10.0-rc1 [#3316] - @alacuku
- ci(insecure-api): update semgrep docker image [#3315] - @francesco-furlan
- Add demo environment instructions and docker-config files [#3295] - @bbl232
- chore(deps): Bump submodules/falcosecurity-rules from
baecf18
tob6ad373
[#3301] - @dependabot[bot] - update(cmake): bump libs and driver to latest master [#3283] - @jasondellaluce
- chore(deps): Bump submodules/falcosecurity-rules from
342b20d
tobaecf18
[#3298] - @dependabot[bot] - chore(deps): Bump submodules/falcosecurity-rules from
068f0f2
to342b20d
[#3288] - @dependabot[bot] - vote: add sgaist to OWNERS [#3264] - @sgaist
- Add Tulip Retail to adopters list [#3291] - @bbl232
- chore(deps): Bump submodules/falcosecurity-rules from
28b98b6
to068f0f2
[#3282] - @dependabot[bot] - chore(deps): Bump submodules/falcosecurit...
0.39.0-rc3
fix(engine): sync outputs before printing stats at shutdown Signed-off-by: Luca Guerra <[email protected]>
0.39.0-rc2
update(cmake): bump libs to 0.18.0 and driver to 7.3.0+driver. Signed-off-by: Federico Di Pierro <[email protected]>
0.39.0-rc1
update(cmake): bump libs and driver to 0.18.0-rc2. Moreover, bumped falcoctl to v0.10.0 and rules to 3.2.0. Signed-off-by: Federico Di Pierro <[email protected]>
0.38.2
Packages | Download |
---|---|
rpm-x86_64 | |
deb-x86_64 | |
tgz-x86_64 | |
rpm-aarch64 | |
deb-aarch64 | |
tgz-aarch64 |
Images |
---|
docker pull docker.io/falcosecurity/falco:0.38.2 |
docker pull public.ecr.aws/falcosecurity/falco:0.38.2 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.38.2 |
docker pull docker.io/falcosecurity/falco-driver-loader-legacy:0.38.2 |
docker pull docker.io/falcosecurity/falco-no-driver:0.38.2 |
docker pull docker.io/falcosecurity/falco-distroless:0.38.2 |
v0.38.2
Released on 2024-08-19
Bug Fixes
- fix(engine): fix metrics names to better adhere to best practices [#3272] - @incertum
- fix(ci): use vault.centos.org for centos:7 CI build. [#3274] - @FedeDP
Statistics
MERGED PRS | NUMBER |
---|---|
Not user-facing | 0 |
Release note | 2 |
Total | 2 |
Release Manager @LucaGuerra
0.38.2-rc2
chore(build): bumpd falcoctl to 0.9.0 for 0.38.2 Signed-off-by: Luca Guerra <[email protected]>
0.38.2-rc1
fix(metrics/prometheus): adopt best prometheus practices for rules coβ¦ β¦unters and sha256 file metrics Signed-off-by: Melissa Kilby <[email protected]>
0.38.1
Packages | Download |
---|---|
rpm-x86_64 | |
deb-x86_64 | |
tgz-x86_64 | |
rpm-aarch64 | |
deb-aarch64 | |
tgz-aarch64 |
Images |
---|
docker pull docker.io/falcosecurity/falco:0.38.1 |
docker pull public.ecr.aws/falcosecurity/falco:0.38.1 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.38.1 |
docker pull docker.io/falcosecurity/falco-driver-loader-legacy:0.38.1 |
docker pull docker.io/falcosecurity/falco-no-driver:0.38.1 |
docker pull docker.io/falcosecurity/falco-distroless:0.38.1 |
v0.38.1
Released on 2024-06-19
Major Changes
Minor Changes
- cleanup(falco): clarify that --print variants only affect syscalls [#3238] - @LucaGuerra
- update(engine): enable -p option for all sources, -pk, -pc etc only for syscall sources [#3239] - @LucaGuerra
Bug Fixes
- fix(engine): enable output substitution only for syscall rules, prevent engine from exiting with validation errors when a plugin is loaded and -pc/pk is specified [#3236] - @mrgian
- fix(metrics): allow each metric output channel to be selected independently [#3232] - @incertum
- fix(userspace/falco): fixed
falco_metrics::to_text
implementation when running with plugins [#3230] - @FedeDP
Statistics
MERGED PRS | NUMBER |
---|---|
Not user-facing | 0 |
Release note | 6 |
Total | 6 |
Release Manager @FedeDP
0.38.1-rc1
new(metrics): enable plugins metrics Signed-off-by: Gianmatteo Palmieri <[email protected]> Co-authored-by: Melissa Kilby <[email protected]>
0.38.0
Packages | Download |
---|---|
rpm-x86_64 | |
deb-x86_64 | |
tgz-x86_64 | |
rpm-aarch64 | |
deb-aarch64 | |
tgz-aarch64 |
Images |
---|
docker pull docker.io/falcosecurity/falco:0.38.0 |
docker pull public.ecr.aws/falcosecurity/falco:0.38.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.38.0 |
docker pull docker.io/falcosecurity/falco-driver-loader-legacy:0.38.0 |
docker pull docker.io/falcosecurity/falco-no-driver:0.38.0 |
docker pull docker.io/falcosecurity/falco-distroless:0.38.0 |
v0.38.0
Released on 2024-05-30
Breaking Changes β οΈ
- new(scripts,docker)!: enable automatic driver selection logic in packages and docker images. Modern eBPF is now also the default driver and the highest priority one in the new driver selection logic. [#3154] - @FedeDP
- cleanup(falco.yaml)!: remove some deprecated configs [#3087] - @Andreagit97
- cleanup(docker)!: remove unused builder dockerfile [#3088] - @Andreagit97
Major Changes
- new(webserver): a metrics endpoint has been added providing prometheus metrics. It can be optionally enabled using the new
metrics.prometheus_enabled
configuration option. It will only be activated if themetrics.enabled
is true as well. [#3140] - @sgaist - new(metrics): add
rules_counters_enabled
option [#3192] - @incertum - new(build): provide signatures for .tar.gz packages [#3201] - @LucaGuerra
- new(engine): add print_enabled_rules_falco_logger when log_level debug [#3189] - @incertum
- new(falco): allow selecting which rules to load from the configuration file or command line [#3178] - @LucaGuerra
- new(metrics): add file sha256sum metrics for loaded config and rules files [#3187] - @incertum
- new(engine): throw an error when an invalid macro/list name is used [#3116] - @mrgian
- new(engine): raise warning instead of error on invalid macro/list name [#3167] - @mrgian
- new(userspace): support split config files [#3024] - @FedeDP
- new(engine): enforce unique exceptions names [#3134] - @mrgian
- new(engine): add warning when appending an exception with no values [#3133] - @mrgian
- feat(metrics): coherent metrics stats model including few metrics naming changes [#3129] - @incertum
- new(config): add
falco_libs.thread_table_size
[#3071] - @incertum - new(proposals): introduce on host anomaly detection framework [#2655] - @incertum
Minor Changes
- update(cmake): bump falcoctl to v0.8.0. [#3219] - @FedeDP
- update(rules): update falco-rules to 3.1.0 [#3217] - @LucaGuerra
- refactor(userspace): move falco logger under falco engine [#3208] - @jasondellaluce
- chore(docs): apply features adoption and deprecation proposal to config file keys [#3206] - @FedeDP
- cleanup(metrics): add original rule name as label [#3205] - @incertum
- update(falco): deprecate options -T, -t and -D [#3193] - @LucaGuerra
- refactor: bump libs and driver, support field modifiers [#3186] - @jasondellaluce
- chore(userspace/falco): deprecated old 'rules_file' config key [#3162] - @FedeDP
- chore(falco): update falco libs and driver to master (Apr 8th 2024) [#3158] - @LucaGuerra
- update(build): update libs to 026ffe1d8f1b25c6ccdc09afa2c02afdd3e3f672 [#3151] - @LucaGuerra
- cleanup: minor adjustments to readme, add new testing section [#3072] - @incertum
- refactor(userspace/engine): reduce allocations during rules loading [#3065] - @jasondellaluce
- update(CI): publish wasm package as dev-wasm [#3017] - @Rohith-Raju
Bug Fixes
- fix(userspace/falco): fix state initialization avoid a crash during hot reload [#3190] - @FedeDP
- fix(userspace/engine): make sure exception fields are not optional in replace mode [#3108] - @jasondellaluce
- fix(docker): added zstd to driver loader images [#3203] - @FedeDP
- fix(engine): raise warning instead of error on not-unique exceptions names [#3159] - @mrgian
- fix(engine): apply output substitutions for all sources [#3135] - @mrgian
- fix(userspace/configuration): make sure that folders that would trigger permission denied are not traversed [#3127] - @sgaist
- fix(engine): logical issue in exceptions condition [#3115] - @mrgian
- fix(cmake): properly let falcoctl cmake module create /usr/share/falco/plugins/ folder. [#3105] - @FedeDP
Non user-facing changes
- update(scripts/falcoctl): bump falco-rules version to 3 [#3128] - @alacuku
- build(deps): Bump submodules/falcosecurity-rules from
59bf03b
to9e56293
[#3212] - @dependabot[bot] - chore(gha): update cosign to v3.5.0 [#3209] - @LucaGuerra
- build(deps): Bump submodules/falcosecurity-rules from
29c41c4
to59bf03b
[#3207] - @dependabot[bot] - update(cmake): bumped libs to 0.17.0-rc1 and falcoctl to v0.8.0-rc6. [[#3204](https://github.com//pull/32...