v0.9.2
This is release contains fixes to regressions that were introduced in the last two releases. In particular we've disabled TRC-108, TRC-1022, default capabilities drop, move libbpf back to v1.0.1.
As this comes very soon after the prior two releases, take a look at v0.9.0's release notes to see recent highlights of tracee's improvements and added features!
Docker images
docker pull docker.io/aquasec/tracee:0.9.2 (embedded eBPF CO-RE obj with BTFHUB support)
docker pull docker.io/aquasec/tracee:full-0.9.2 (compiles non CO-RE eBPF object on startup)
Full changelog
f7a0b78 - rules: disable TRC-1022 (#2304) (Jose Donizetti)
84fd91e - capabilities: do not drop caps by default (Rafael David Tinoco)
29b89f8 - golang: go mod tidy (Rafael David Tinoco)
70ea836 - libbpfgo: bump to v0.4.4-libbpf-1.0.1 (Rafael David Tinoco)
6a079a9 - libbpf: back to v1.0.1 (Rafael David Tinoco)
537fe6c - hooked_proc_fops: remove redundant struct check and handle null pointer (#2303) (AsafEitani)
b8ac9db - k8s: disable signature TRC-108 (#2297) (Jose Donizetti)
bbcc6a5 - k8s: update version to 0.9.2 (#2299) (Jose Donizetti)
ae722d7 - event fix: bpf_attach map key (#2295) (roikol)