Docker Image (x86_64 only)
docker pull docker.io/aquasec/tracee:0.14.1
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.14.1docker pull docker.io/aquasec/tracee:aarch64-0.14.1
What's Changed (Bug Fix Release)
- feat: support running tracee from pid ns by @roikol in #3037
- libbpfgo: trim suffix newline from libbpf message by @geyslan in #3038
- cli: don't sort flags in help/usage messages by @yanivagman in #3042
- cmd: log only after tracee.Run() by @geyslan in #3048
- ebpf: use new libbpf syscall macros by @yanivagman in #3040
- workflow: move workflows to aqua infrastructure by @rafaeldtinoco in #3056
- tracee: move metrics register to tracee by @NDStrahilevitz in #3049
- cmd: cobra: fix parsing for multiple values by @geyslan in #3058
- add pid to memory capture and change the timestamp to epoch or relative by @AsafEitani in #3047
- v0.14.1 dependencies updates (security, ...) and an urfave quick fix by @rafaeldtinoco in #3067
- fix deadlocks triggered by cancelled ctx by @geyslan in #3059
- change mem_prot_alert alert from W+E to W by @AsafEitani in #3073
- change mem_prot_alert to detect W to E instead W+E to E. by @AsafEitani in #3062
- make print_mem_dump reprint on kernel module load by @AsafEitani in #3072
- fix for kernels v6.3 and mitigation for tracee.pid in tests by @rafaeldtinoco in #3076
- remove pid file on exit by @geyslan in #3075
- Bump libbpfgo to v0.4.8.1-libbpf-1.2.0 by @geyslan in #3080
- fix: correct list of bpf helpers by @roikol in #3064
- tracee: warn only if pidfile removal fails by @rafaeldtinoco in #3081
Full Changelog: v0.14.0...v0.14.1