0.35.0
版本发布时间: 2023-06-07 20:15:45
falcosecurity/falco最新发布版本:0.39.1(2024-10-09 16:56:32)
| Packages | Download |
|---|---|
| rpm-x86_64 |  |
| deb-x86_64 | |
| tgz-x86_64 | |
| rpm-aarch64 | |
| deb-aarch64 | |
| tgz-aarch64 | |
| Images |
|---|
docker pull docker.io/falcosecurity/falco:0.35.0 |
docker pull public.ecr.aws/falcosecurity/falco:0.35.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.35.0 |
docker pull docker.io/falcosecurity/falco-no-driver:0.35.0 |
Major Changes
- BREAKING CHANGE: support for metadata enrichment from Mesos has been removed. [#2465] - @leogr
- new(falco): introduce new metrics w/ Falco internal: metrics snapshot option and new metrics config [#2333] - @incertum
- new(scripts): properly manage talos prebuilt drivers [#2537] - @FedeDP
- new(release): released container images are now signed with cosign [#2546] - @LucaGuerra
- new(ci): ported master and release artifacts publishing CI to gha [#2501] - @FedeDP
- new(app_actions): introduce base_syscalls user option [#2428] - @incertum
- new(falco/config): add new configurations for http_output that allow custom CA certificates and stores. [#2458] - @alacuku
- new(cmake): bumped libs to c8b0d6a8fdc1bb3ea9067bc2fdc3ae5858cff48f [#2456] - @FedeDP
- new(userspace): add a new
syscall_drop_failedconfig option to drop failed syscalls exit events [#2456] - @FedeDP
Minor Changes
- update(cmake): bump Falco rules to 1.0.0 [#2618] - @loresuso
- update(cmake): bump libs to 0.11.1 [#2614] - @loresuso
- update(cmake): bump plugins to latest versions [#2610] - @loresuso
- update(cmake): bump falco rules to 1.0.0-rc1 [#2609] - @loresuso
- update(cmake): bump libs to 0.11.0 [#2608] - @loresuso
- cleanup(docs): update release.md [#2599] - @incertum
- update(cmake): bump libs to 0.11.0-rc5 and driver to 5.0.1. [#2600] - @FedeDP
- cleanup(docs): adjust falco readme style and content [#2594] - @incertum
- cleanup(userspace, config): improve metrics UX, add include_empty_values option [#2593] - @incertum
- feat: add the curl and jq packages to the falco-no-driver docker image [#2581] - @therealdwright
- update: add missing exception, required_engine_version, required_plugin_version to -L json output [#2584] - @loresuso
- feat: add image source OCI label to docker images [#2592] - @therealdwright
- cleanup(config): improve falco config [#2571] - @incertum
- update(cmake): bump libs and plugins to latest dev versions [#2586] - @jasondellaluce
- chore(userspace/falco): always print invalid syscalls from custom set [#2578] - @jasondellaluce
- update(build): upgrade falcoctl to 0.5.0 [#2572] - @LucaGuerra
- chore(userspace/falco/app): print all supported plugin caps [#2564] - @jasondellaluce
- update: get rules details with
-lor-Lflags when json output format is specified [#2544] - @loresuso - update!: bump libs version, and support latest plugin features, add --nodriver option [#2552] - @jasondellaluce
- cleanup(actions): now modern bpf support
-Aflag [#2551] - @Andreagit97 - update:
falco-driver-loadernow uses now uses $TMPDIR if set [#2518] - @jabdr - update: improve control and UX of ignored events [#2509] - @jasondellaluce
- update: bump libs and adapt Falco to new libsinsp event source management [#2507] - @jasondellaluce
- new(app_actions)!: adjust base_syscalls option, add base_syscalls.repair [#2457] - @incertum
- update(scripts): support al2022 and al2023 in falco-driver-loader. [#2494] - @FedeDP
- update: sync libs with newest event name APIs [#2471] - @jasondellaluce
- update!: remove
--mesos-api,-pmesos, and-pmcommand-line flags [#2465] - @leogr - cleanup(unit_tests): try making test_configure_interesting_sets more robust [#2464] - @incertum
Bug Fixes
- fix: unquote quoted URL's to avoid libcurl errors [#2596] - @therealdwright
- fix(userspace/engine): store alternatives as array in -L json output [#2597] - @loresuso
- fix(userspace/engine): store required engine version as string in -L json output [#2595] - @loresuso
- fix(userspace/falco): report plugin deps rules issues in any case [#2589] - @jasondellaluce
- fix(userspace): hotreload on wrong metrics [#2582] - @therealbobo
- fix(userspace): check the supported number of online CPUs with modern bpf [#2575] - @Andreagit97
- fix(userspace/falco): don't hang on terminating error when multi sourcing [#2576] - @jasondellaluce
- fix(userspace/falco): properly format numeric values in metrics [#2569] - @jasondellaluce
- fix(scripts): properly support debian kernel releases embedded in kernel version [#2377] - @FedeDP
Non user-facing changes
- docs(README.md): add scope/status badge and simply doc structure [#2611] - @leogr
- build(deps): Bump submodules/falcosecurity-rules from
3471984to16fb709[#2598] - @dependabot[bot] - docs(proposals): Falco roadmap management [#2547] - @leogr
- build(deps): Bump submodules/falcosecurity-rules from
b2290adto3471984[#2577] - @dependabot[bot] - update(build): libs 0.11.0-rc2 [#2573] - @LucaGuerra
- build(deps): Bump submodules/falcosecurity-rules from
3f52480tob2290ad[#2570] - @dependabot[bot] - update(ci): use repo instead of master branch for reusable workflows [#2568] - @LucaGuerra
- cleanup(ci): cleaned up circleci workflow. [#2566] - @FedeDP
- build(deps): Bump requests from 2.26.0 to 2.31.0 in /test [#2567] - @dependabot[bot]
- fix(ci): simplify and fix multi-arch image publishing process [#2542] - @LucaGuerra
- fix(ci): get the manifest for the correct tag [#2563] - @LucaGuerra
- build(deps): Bump submodules/falcosecurity-rules from
3f52480to6da15ae[#2559] - @dependabot[bot] - fix(ci): properly use
docker saveto store images. [#2560] - @FedeDP - fix(ci): docker arg is named
TARGETARCH. [#2558] - @FedeDP - fix(ci): set docker TARGET_ARCH [#2557] - @FedeDP
- fix(ci): use normal docker to build docker images, instead of buildx. [#2556] - @FedeDP
- docs: improve documentation and description of base_syscalls option [#2515] - @Happy-Dude
- Updating Falco branding guidelines [#2493] - @aijamalnk
- build(deps): Bump submodules/falcosecurity-rules from
f773578to6da15ae[#2553] - @dependabot[bot] - fix(cmake): properly exclude prereleases when fetching latest tag from cmake [#2550] - @FedeDP
- fix(ci): load falco image before building falco-driver-loader [#2549] - @LucaGuerra
- fix(ci): correctly tag slim manifest [#2545] - @LucaGuerra
- cleanup(config): modern bpf is no more experimental [#2538] - @Andreagit97
- new(ci): add RC/prerelease support [#2533] - @LucaGuerra
- fix(ci): configure ECR public region [#2531] - @LucaGuerra
- fix(ci): falco images directory, ecr login [#2528] - @LucaGuerra
- fix(ci): separate rpm/bin/bin-static/deb packages before publication, rename bin-static [#2527] - @LucaGuerra
- fix(ci): add Cloudfront Distribution ID [#2525] - @LucaGuerra
- fix(ci): escape heredoc [#2521] - @LucaGuerra
- chore(ci): build-musl-package does not need to wait for build-packages anymore [#2520] - @FedeDP
- fix: ci Falco version [#2516] - @FedeDP
- fix(ci): fetch version step, download rpms/debs, minor change [#2519] - @LucaGuerra
- chore(ci): properly install recent version of git (needed >= 2.18 by checkout action) [#2514] - @FedeDP
- fix(ci): enable toolset before every make command [#2513] - @LucaGuerra
- fix(ci): remove unnecessary mv [#2512] - @LucaGuerra
- fix(ci): bucket -> bucket_suffix [#2511] - @LucaGuerra
- build(deps): Bump submodules/falcosecurity-rules from
5857874to1bd7e4a[#2478] - @dependabot[bot] - build(deps): Bump submodules/falcosecurity-rules from
694adf5to5857874[#2473] - @dependabot[bot] - cleanup(ci): properly set a concurrency for CI workflows. [#2470] - @FedeDP
- build(deps): Bump submodules/falcosecurity-rules from
e0646a0to694adf5[#2466] - @dependabot[bot] - build(deps): Bump submodules/falcosecurity-rules from
0b0f50ftoe0646a0[#2460] - @dependabot[bot]