github falcosecurity/falco 0.25.0
on GitHub

latest releases: 0.37.1, 0.37.1-rc1, 0.37.0...
3 years ago

Released on 2020-08-25

Major Changes

  • new(userspace/falco): print the Falco and driver versions at the very beginning of the output. [#1303] - @leogr
  • new: libyaml is now bundled in the release process. Users can now avoid installing libyaml directly when getting Falco from the official release. [#1252] - @fntlnz

Minor Changes

  • docs(test): step-by-step instructions to run integration tests locally [#1313] - @leodido
  • update: renameat2 syscall support [#1355] - @fntlnz
  • update: support for 5.8.x kernels [#1355] - @fntlnz

Bug Fixes

  • fix(userspace/falco): correct the fallback mechanism for loading the kernel module [#1366] - @leogr
  • fix(falco-driver-loader): script crashing when using arguments [#1330] - @antoinedeschenes

Rule Changes

  • rule(macro user_trusted_containers): add sysdig/node-image-analyzer and sysdig/agent-slim [#1321] - @Kaizhe
  • rule(macro falco_privileged_images): add docker.io/falcosecurity/falco [#1326] - @nvanheuverzwijn
  • rule(EphemeralContainers Created): add new rule to detect ephemeral container created [#1339] - @Kaizhe
  • rule(macro user_read_sensitive_file_containers): replace endswiths with exact image repo name [#1349] - @Kaizhe
  • rule(macro user_trusted_containers): replace endswiths with exact image repo name [#1349] - @Kaizhe
  • rule(macro user_privileged_containers): replace endswiths with exact image repo name [#1349] - @Kaizhe
  • rule(macro trusted_images_query_miner_domain_dns): replace endswiths with exact image repo name [#1349] - @Kaizhe
  • rule(macro falco_privileged_containers): append "/" to quay.io/sysdig [#1349] - @Kaizhe
  • rule(list falco_privileged_images): add images docker.io/sysdig/agent-slim and docker.io/sysdig/node-image-analyzer [#1349] - @Kaizhe
  • rule(list falco_sensitive_mount_images): add image docker.io/sysdig/agent-slim [#1349] - @Kaizhe
  • rule(list k8s_containers): prepend docker.io to images [#1349] - @Kaizhe
  • rule(macro exe_running_docker_save): add better support for centos [#1350] - @admiral0
  • rule(macro rename): add renameat2 syscall [#1359] - @leogr
  • rule(Read sensitive file untrusted): add trusted images into whitelist [#1327] - @Kaizhe
  • rule(Pod Created in Kube Namespace): add new list k8s_image_list as white list [#1336] - @Kaizhe
  • rule(list allowed_k8s_users): add "kubernetes-admin" user [#1323] - @leogr

Statistics

Merged PRs Number
Not user-facing 5
Release note 15
Total 20
Check out latest releases or
releases around falcosecurity/falco 0.25.0

Don't miss a new falco release

NewReleases is sending notifications on new releases.

Get notifications