0.28.1
版本发布时间: 2021-05-07 22:06:25
falcosecurity/falco最新发布版本:0.39.1(2024-10-09 16:56:32)
Packages | Download |
---|---|
rpm | |
deb | |
tgz |
Images |
---|
docker pull docker.io/falcosecurity/falco:0.28.1 |
docker pull public.ecr.aws/falcosecurity/falco:0.28.1 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.28.1 |
docker pull docker.io/falcosecurity/falco-no-driver:0.28.1 |
Major Changes
- new:
--support
output now includes info about the Falco engine version [#1581] - @mstemm - new: Falco outputs an alert in the unlikely situation it's receiving too many consecutive timeouts without an event [#1622] - @leodido
- new: configuration field
syscall_event_timeouts.max_consecutive
to configure after how many consecutive timeouts without an event Falco must alert [#1622] - @leodido
Minor Changes
Bug Fixes
- fix: do not stop the webserver for k8s audit logs when invalid data is coming in the event to be processed [#1617] - @fntlnz
Rule Changes
- rule(macro: allowed_aws_ecr_registry_root_for_eks): new macro for AWS EKS images hosted on ECR to use in rule: Launch Privileged Container [#1640] - @ismailyenigul
- rule(macro: aws_eks_core_images): new macro for AWS EKS images hosted on ECR to use in rule: Launch Privileged Container [#1640] - @ismailyenigul
- rule(macro: aws_eks_image_sensitive_mount): new macro for AWS EKS images hosted on ECR to use in rule: Launch Privileged Container [#1640] - @ismailyenigul
- rule(list
falco_privileged_images
): remove deprecated Falco's OCI image repositories [#1634] - @maxgio92 - rule(list
falco_sensitive_mount_images
): remove deprecated Falco's OCI image repositories [#1634] - @maxgio92 - rule(macro
k8s_containers
): remove deprecated Falco's OCI image repositories [#1634] - @maxgio92 - rule(macro: python_running_sdchecks): macro removed [#1620] - @leogr
- rule(Change thread namespace): remove python_running_sdchecks exception [#1620] - @leogr
Non user-facing changes
- urelease/docs: fix link and small refactor in the text [#1636] - @cpanato
- Add Secureworks to adopters [#1629] - @dwindsor-scwx
- regression test for malformed k8s audit input (FAL-01-003) [#1624] - @leodido
- Add mathworks to adopterlist [#1621] - @natchaphon-r
- adding known users [#1623] - @danpopSD
- docs: update link for HackMD community call notes [#1614] - @leodido
Statistics
Merged PRs | Number |
---|---|
Not user-facing | 7 |
Release note | 7 |
Total | 14 |
Release Manager @cpanato