What's Changed (autogenerated)
- Skip flakey Violation tags e2e tests by @vjwilson in #19
- Fix default Helm debug path by @SimonBaeumer in #33
- ROX-8261 + ROX-8263 + ROX-8264 + ROX-8265 + ROX-8564: Added the approved false positives table by @sachaudh in #20
- ROX-8471: Backend.LoginURL() to return error by @0x656b694d in #25
- Supply policy detector to sensor deployment reprocessor by @md2119 in #38
- Adding a helper function to derive scope queries for graphql based queries for vulnerability reporting by @clickboo in #14
- ROX-8515: Verify no privilege escalation when generating APIToken by @ivan-degtiarenko in #17
- ROX-8515: Cosmetic changes to API token privilege escalation check + test by @ivan-degtiarenko in #46
- Fix additional CA secret namespace by @SimonBaeumer in #35
- ROX-8643: Move metadata.tpl to shared directory by @SimonBaeumer in #34
- Bump @types/node from 16.11.6 to 16.11.12 in /ui by @dependabot in #45
- Bump js-base64 from 3.6.1 to 3.7.2 in /ui by @dependabot in #7
- RS-370: Pull up collector full/slim image values to meta template by @fredrb in #21
- RS-371: Type
MetaVals
strongly - round 1 by @msugakov in #24 - ROX-8628: Show notifier name instead of id in policies table cell by @pedrottimark in #36
- Fix TestScopeQueries unit test by @md2119 in #53
- Bump d3-brush from 2.1.0 to 3.0.0 in /ui by @dependabot in #50
- Remove Access Control classic folder from UI as it is unused by @ivan-degtiarenko in #51
- fix: TestErrorWriter by @janisz in #55
- [ROX-8696][ROX-8724] Ensure sensor and admission controller reprocesses deployments on vuln events by @md2119 in #41
- Fix failing AdmissionControllerTest by @md2119 in #59
- Attempt 2: Fix Admissioncontrollertest by @md2119 in #61
- ROX-8368: Adding Step 2 Policy behavior form to PF Policy Wizard by @alwayshooin in #47
- Fix README links to stackrox repo by @SimonBaeumer in #63
- ROX-8730: Fix the loopclosure bug in tests and improve consistency by @porridge in #48
- RS-341: Retag stackrox.io collector and scanner images with main version by @vikin91 in #27
- Add a check that prevents some targets from running in CI. by @porridge in #67
- ROX-8656: Implement colors in standard output by @janisz in #37
- ROX-8430: Add resource scope selection for report form by @vjwilson in #56
- Adding support to save the scope hierarchy in the Context object by @clickboo in #72
- ROX-8736: roxctl - don't retry on policy enforcement failure by @ivan-degtiarenko in #66
- ROX-8431: Add basic select existing notifier and freeform audience list by @vjwilson in #42
- Change to an established environment variable. by @porridge in #78
- roxctl deployment check - display remediation for broken policy by @ivan-degtiarenko in #75
- ROX-8730: gosec: enable implicit memory aliasing in for loop by @janisz in #81
- ROX-8486: Skip the mitre check by @gavin-stackrox in #77
- Bump rest-assured from 2.4.1 to 2.9.0 in /qa-tests-backend by @dependabot in #2
- move tools to a separated go.mods by @janisz in #83
- ROX-8743: Adding policy field keys in PF BPL section by @alwayshooin in #88
- Assert os.ErrOut within roxctl tests for image check / scan & deployment check by @ivan-degtiarenko in #82
- Fix circle CI badge in README by @SimonBaeumer in #58
- ROX-8742: Include executable dependent component by @c-du in #74
- ROX-8045 Validate CRs in operator test suite by @mtesseract in #26
- ROX-8663: Generalize scripts by @0x656b694d in #71
- Update rox-ci-image to
apollo-ci:0.3.20
by @roxbot in #79 - RS-372: Define more attributes as
[< required >]
in *.htpl files by @msugakov in #64 - Removed unused code in a policy check by @rukletsov in #100
- [ROX-8741] Ensure brand new images are enriched with vuln snooze state by @md2119 in #69
- Push k8s artifacts during upgrade tests by @msugakov in #102
- Ensure ImageCVEEdge options map is removed from Image options map by @md2119 in #89
- refactoring: Risk Acceptance Improvements by @sachaudh in #87
- ROX-8750: Change VerifyServiceCert arguments to match its purpose. by @porridge in #96
- ROX-8024: Create policy field for automountServiceAccountToken deployment parameter by @rhybrillou in #29
- ROX-8448: get available auth provider types from backend instead of hard-coded value by @ivan-degtiarenko in #28
- RS-384: enhance deployer test by @fredrb in #93
- RS-369: move artifacts to GCS by @gavin-stackrox in #44
- ROX-8244: Adding pagination to pending approvals table by @sachaudh in #91
- ROX-8709: Use the correct context in the Vulns and VulnCount resolvers in image component by @clickboo in #94
- [ROX-8767] Ensure that the correct image cache key is being used in sensor by @md2119 in #113
- Update go.mod to latest scanner by @theencee in #107
- Write new vuln state field when writing images by @md2119 in #115
- ROX-8266 + ROX-8217: Added GraphQL call for Observed CVEs table and pagination by @sachaudh in #92
- ROX-8434: View report page title with report name by @vjwilson in #108
- RS-374: Remove echoed secret by @gavin-stackrox in #112
- ROX-8676: CI: Fix EKS provisioning by @gavin-stackrox in #117
- ROX-8745: Bump CSV patch timeout to help with flakes. by @porridge in #95
- ROX-8543: handle jagged array in junit printer by @janisz in #111
- ROX-8702: do not display user e-mail if empty by @ivan-degtiarenko in #98
- ROX-7571: Configure linter to create an error when comment does not start with a space by @janisz in #85
- ROX-8775: Create default policy to detect log4shell CVE by @theencee in #129
- ROX-8773: Fix webhook validation for Teams integration by @vjwilson in #130
- ROX-8668: Expire "When Fixable" Deferrals when CVE is fixable by @theencee in #15
- [ROX-8781] Add linked query support for image-cve edge by @md2119 in #127
- CI: Fix build for race-condition-debug tests by @gavin-stackrox in #140
- Fix bundle renderer tests on local machine by @SimonBaeumer in #123
- ROX-8543: Enable JUnit printer for image / deployment check by @janisz in #126
- Update rox-ci-image by @roxbot in #84
- Only cache vuln requests that are approved and active on startup by @theencee in #142
- ROX-8071: GraphQL resolver for the vulnerability request state under the EmbeddedVulnerability GraphQL object by @theencee in #106
- Update PatternFly 2021.16 dependencies in UI by @pedrottimark in #125
- ROX-8419: Wiring up creating a new report by @vjwilson in #136
- ROX-8526-8527: Add validation for policy wizard steps 1 and 2 by @pedrottimark in #118
- Get rid of
buildConfigFileOverridesMap
as unused by @msugakov in #128 - ROX-8670: IdentityFromContext() error propagation by @ivan-degtiarenko in #18
- ROX-8580: Move Scanner manifests to shared helm directory by @SimonBaeumer in #31
- ROX-7996: Switch to upstream helm operator ValueTranslator implementation. by @porridge in #149
- Fix broken master: right amount of return values for IdentityFromContext() by @ivan-degtiarenko in #152
- ROX-8361: Add MitreAttackVectorsFormSection to policies wizard step 1 by @pedrottimark in #105
- style-checks: Fix comment style in test by @ivan-degtiarenko in #154
- [ROX-8805] Ensure vulns searched by "CVE Snoozed" include vulns from new workflow by @md2119 in #148
- [ROX-8724] Handle snooze cases when no affected deployments are found in db by @md2119 in #103
- Update sync release branch script to look at stackrox/stackrox by @viswajithiii in #133
- ROX-8748: GraphQL resolver for vulnerabilityRequestsCount by @theencee in #141
- Rewrite validate imports as an analyzer by @viswajithiii in #156
- CI: fix 4.6 provision for operator tests by @gavin-stackrox in #160
- RS-376: Refactor to allow configurable default image values by @fredrb in #65
- ROX-8130: Introduce ephemeral certs by @porridge in #120
- ROX-8788: Fix Image Overview crash on browser back by @vjwilson in #151
- fix: show risk acceptance if risk acceptance feature flag is on by @sachaudh in #153
- ROX-8820: operator: bind pip and setuptools versions in Makefile by @janisz in #169
- ci: fallback to goproxy.io on proxy.golang.org error by @janisz in #164
- RS-401: Use distinct collector full/slim names by @fredrb in #167
- CI: reduce resource usage by @gavin-stackrox in #159
- Fix E2E test's proto-generated-srcs when running on M1 Macs by @theencee in #172
- ROX-8792 - Consolidate scanner Helm config shape in shared directory by @SimonBaeumer in #150
- Fix the envtest target. by @porridge in #161
- ROX-8130: Validation of operator-issued init bundle certs in Central. by @porridge in #121
- ROX-7197: explicitly return nil and log when service account is missing for the deployment by @janisz in #144
- Adding PF Policies BPL Cards and using react-dnd by @alwayshooin in #143
- ROX-7251: use cached controller-runtime client by @porridge in #175
- Add a minimal .editorconfig file for tabs in Makefiles. by @porridge in #189
- ROX-8759: Move scanner config to Helm shared directory by @SimonBaeumer in #179
- ROX-7807: Fix Anchore scanner test flakiness by @gavin-stackrox in #185
- ROX-8266 + ROX-8226: Added GraphQL API for getting deferred CVEs data and added pagination by @sachaudh in #131
- ROX-8821: Fix upgrade tests by @vikin91 in #180
- Automatically label PRs based on changed files by @dhaus67 in #177
- Automatically assign teams as reviewer based on files changed within a PR by @dhaus67 in #191
- ROX-8130 Make Central operator issue init bundle if a SecuredCluster is present in the same namespace by @porridge in #97
- Remove unnecessary function by @SimonBaeumer in #199
- Fix build due to previous code refactoring by @SimonBaeumer in #203
- Add more areas to github labeler by @SimonBaeumer in #201
- Label PRs on more events via GitHub Actions by @dhaus67 in #196
- Use correct syntax within CODEOWNERS file by @dhaus67 in #198
- ROX-8306 enable azure tests by @sbostick in #170
- RS-386: Add parameter
--image-defaults
toroxctl helm output
by @vikin91 in #168 - Basic E2E test for Vuln Management that tests state transitions by @theencee in #173
- RS-383: deployer support flavors by @fredrb in #176
- RS-348: additional central tests by @fredrb in #181
- RS-385: refactor
.sh
part of templates by @msugakov in #104 - dependabot: fix linters path by @janisz in #207
- Rely on operator to provision init bundle automatically in
securedcluster
e2e test. by @porridge in #215 - ROX-8778: Allow disabling SELinux opts and change container runtime for collector in Helm by @juanrh in #208
- Race condition in datastore test. by @0x656b694d in #202
- Add vuln_req bucket to rocksdb dump tool by @connorgorman in #210
- Remove unused bolthelper code by @connorgorman in #221
- Add generic walker by @connorgorman in #57
- ROX-8297,ROX-8296: Querying report data and notification email. by @clickboo in #22
- ROX-8584 remove alt download feature flag by @Stringy in #52
- ROX-8729: Generate local scanner TLS certificates in Central by @juanrh in #211
- Pin
pip
andsetuptools
to newer versions taken from pypi.org by @msugakov in #217 - Move internal comment to meta template so it is not visible in charts by @juanrh in #224
- ROX-8436: Show details of report in readonly view by @vjwilson in #193
- ROX-8449: AWS ECR integration should support AssumeRole by @keyallis in #73
- Bump fabric8Version from 5.7.0 to 5.10.1 in /qa-tests-backend by @dependabot in #86
- Bump splunk/splunk from 6.6.0 to 8.2.4 in /ci/splunk by @dependabot in #212
- Update go-grpc-http1 to 0.2.4 by @RTann in #229
- ROX-8366: Adding Policy Criteria Cards in BPL Section in PF by @alwayshooin in #204
- ROX-8449: Fix for CI Pipeline issue introduced in #73 by @keyallis in #230
- Ensure image risk is reprocessed on vuln req events by @md2119 in #183
- Fix graphql query to get the image name unmarshalled correctly. by @clickboo in #231
- Derive embedded vuln state from image-cve edge by @md2119 in #235
- ROX-8812: Update Log4Shell Policy's description and criteria to reflect new findings by @theencee in #155
- Bump com.google.protobuf from 0.8.17 to 0.8.18 in /qa-tests-backend by @dependabot in #227
- ROX-8413: Row action to delete specific report by @vjwilson in #225
- Revert "Ensure image risk is reprocessed on vuln req events (#183)" by @md2119 in #238
- Add isSVG prop to occurrences of PatternFly Spinner element by @pedrottimark in #244
- [ROX-8898] Make user name searchable in vuln requests by @md2119 in #250
- [ROX-8898] Migrate CVE Suppressed to Vulnerability State by @md2119 in #249
- ROX-8827: Add conditional logic for showing risk acceptance actions based on permissions by @sachaudh in #205
- RS-352: Allow empty image names in roxctl sensor generate by @0x656b694d in #162
- ROX-8802: Migrate printers to a shared location by @dhaus67 in #243
- RS-382: Use main version number for collector and scanner by @vikin91 in #200
- Make sure inithooks script fails if realpath is not found by @mtesseract in #220
- Fix monitoring deployment script by @connorgorman in #246
- ROX-8796: Refactor cluster delete to use Environment by @stehessel in #234
- Style fix. by @0x656b694d in #256
- Revert "Revert "Ensure image risk is reprocessed on vuln req events (… by @md2119 in #252
- ROX-8366 PF BPL nested fields by @alwayshooin in #247
- ROX-8372: Create ReviewPolicyForm (Step 5 of Wizard) by @pedrottimark in #240
- [ROX-8694] Add vuln req perms to those with write image perms by @md2119 in #251
- ROX-8828: Change Snooze to Defer and Approve by @sachaudh in #258
- Expire requests when denied by @md2119 in #263
- update scanner version for updated proto path by @RTann in #232
- dependabot: remove splunk image from updates by @janisz in #206
- Specify image for CI machine executor by @roxbot in #269
- Speed up go generate by @viswajithiii in #137
- Fix semantic merge conflict in generated file by @viswajithiii in #279
- ROX-8901+ROX-8902+ROX-8903: Risk Acceptance bug fixes by @sachaudh in #257
- ROX-8412: Allow triggering edit mode for existing report by @vjwilson in #264
- Replace specific code with generic usePermissions hook in Policies by @pedrottimark in #280
- Use docker registry catalog API results to filter registry matches by @connorgorman in #242
- ROX-7564: gRPC interceptors to panic on ErrInvariantViolation in dev builds by @ivan-degtiarenko in #254
- RS-391: Add Bats tests for
roxctl central generate
by @vikin91 in #110 - RS-378: use ROX_IMAGE_FLAVOR environment variable to set flavor by @fredrb in #223
- Make
main
,scanner
,scanner-db
images configurable in central chart by @fredrb in #284 - Bump github.com/prometheus/common from 0.30.0 to 0.32.1 by @dependabot in #272
- Fix featureflag check in helmtemplate ignore by @SimonBaeumer in #270
- Unignore
//lint:file-ignore SA4006
for*_easyjson.go
files by @msugakov in #283 - Replace Descriptor with type union for Policy criteria by @pedrottimark in #266
- Groovy script refactor and documentation by @gavin-stackrox in #281
- [ROX-8925] Move migrations behind feature flag by @md2119 in #292
- RS-413: Use job links in artifact location helper by @gavin-stackrox in #293
- [ROX-8930] Add sleep when vuln req are undone in tests by @md2119 in #291
- ROX-8370: Adding Step 4 for Policy Form in PF by @alwayshooin in #290
- Fix roxctl bats output location by @dhaus67 in #289
- Just mark the deployment for reprocessing instead of forcing scan rightaway by @md2119 in #296
- ROX-8906: AssumeRole AWS ECR Integration tests by @keyallis in #261
- Try fix
race-contidion-tests
by @msugakov in #285 - Update rox-ci-image to
v0.3.23
fixing thecci-export
by @roxbot in #241 - ROX-8783: Disable editing the cluster configuration in the StackRox UI for Helm-based installations by @juanrh in #163
- Ensure to images from cache having keys with no ID are also being flushed by @md2119 in #304
- ROX-8905: Miscellaneous fixes in report contents and report email formatting. by @clickboo in #259
- ROX-8784: Remove Helm release revision from configuration fingerprint by @juanrh in #165
- RS-383: follow up refactor by @fredrb in #209
- RS-405 roxctl central generate image defaults by @vikin91 in #245
- Bump fabric8Version from 5.10.1 to 5.11.2 in /qa-tests-backend by @dependabot in #271
- Typo in helm template by @0x656b694d in #298
- Rewrite DeploymentsService in TypeScript by @pedrottimark in #303
- ROX-8414: Allow user to run specific report by @vjwilson in #294
- Reduce lock time for scannderdefinitions update by @RTann in #158
- fix: don't show expired vuln requests in the image findings section by @sachaudh in #282
- Making BPL section inputs disabled for Policy Overview by @alwayshooin in #295
- Revert Bump fabric8Version from 5.10.1 to 5.11.2 in /qa-tests-backend by @msugakov in #316
- ROX-8242: Search filter for Pending Approvals by @sachaudh in #315
- Bump github.com/dave/jennifer from 1.4.1 to 1.5.0 by @dependabot in #274
- Minor optimizations, fixing a bug with posting report configs by @clickboo in #322
- Update PUT url for report configuration by @vjwilson in #319
- Upgrade cypress 9.2.1 devDependencies in ui by @pedrottimark in #320
- ROX-8961: Mention the automatic init bundle creation in operator docs. by @porridge in #328
- ROX-8936: Fix Central panic in nightly tests and other CI fixes by @msugakov in #300
- ROX-8790: Create gRPC endpoint to generate Scanner certificate by @juanrh in #219
- Add deployments to reprocessing pipeline on vuln req events by @md2119 in #333
- ROX-8965: Add scanner slim image flavors by @SimonBaeumer in #331
- ROX-8252: Search filter for Approved Deferrals by @sachaudh in #318
- Revert "Bump github.com/dave/jennifer from 1.4.1 to 1.5.0 (#274)" by @msugakov in #334
- ROX-8258: Search filter for Approved False Positives by @sachaudh in #321
- Remove recompile step from debug helm chart script by @SimonBaeumer in #327
- RS-380: Introduce RHACS flavor by @fredrb in #275
- Revert "ROX-8961: Mention the automatic init bundle creation in operator docs." by @porridge in #343
- ROX-8406: Getting pagination working for reports table by @alwayshooin in #338
- RS-380: set
ImagePullSecrets.AllowNone = true
for Operator by @fredrb in #344 - ROX-8770: return suggested rule attributes for auth provider by @ivan-degtiarenko in #145
- Restore central debugging, improve CI experience by @msugakov in #330
- fix: risk acceptance bug fixes by @sachaudh in #326
- Ensure that the vulnerability states are updated as effective vuln state by @md2119 in #351
- ROX-8973: Make Vulnerability Request ID searchable by @theencee in #335
- ROX-8904: Add UX for sharing link to pending request by @sachaudh in #352
- Vulnerability Request sub-resolver for vulns by @md2119 in #354
- Bump collector version to 3.6.0 by @robbycochran in #339
- RS-379 strong typing of MetaValues by @lvalerom in #255
- ROX-8963: Return 'central.stackrox:443' as the default central endpoint by @0x656b694d in #329
- Assert that manually created init bundle is not deleted. by @porridge in #340
- ROX-8406: Search params in URL for reports list page by @vjwilson in #337
- Proto definition for signature integration by @dhaus67 in #317
- ROX-8931 set ROX_IMAGE_FLAVOR in development by @lvalerom in #309
- Write exportPolicy integration test for PatternFly by @pedrottimark in #353
- ROX-8703: fixes 500 errors for missing kernel probes by @Stringy in #342
- ROX-8406: UI filter for Report table by @vjwilson in #362
- Move
-rhel8
to the proper place forrhacs
images by @msugakov in #359 - ROX-7233: Notifier trigger on all runtime events by @keyallis in #306
- Enable Vulnerability Risk Management feature by @md2119 in #307
- ROX-9005,ROX-9006,ROX-9007: Fix indexing of the image cve edges, fix since last report query, fix empty report email contents by @clickboo in #325
- fix: risk acceptance bug fixes by @sachaudh in #355
- ROX-8983: Limit height of watched image list and add scrolling, review by @vjwilson in #365
- [ROX-8544] UI for vuln req retention system configuration by @md2119 in #368
- Fix make target for circleci validate by @gavin-stackrox in #369
- RS-380: Leftover: enable tests to run on
rhacs
flavor by @fredrb in #363 - Update Scanner version for pre-68 testing by @RTann in #370
- Nil vuln requests shouldn't cause errors in GraphQL resolver by @md2119 in #372
- run diagnostic first by @gavin-stackrox in #373
- Cache pending vuln requests by @md2119 in #374
- Fixing console errors for PF policies page by @alwayshooin in #371
- ROX-8948: Add modal for showing image in deferral request by @vjwilson in #377
- Turning on the vulnerability report feature flag ROX_VULN_REPORTING by @clickboo in #367
- ROX-8170, ROX-8171: Show Inactive state and state on nested CVE table in Active VM flow by @vjwilson in #378
- Add a rate limit on ScanImageInternal in central by @connorgorman in #267
- Respect MAIN_IMAGE_TAG in ensure-rox-image script by @SimonBaeumer in #347
- Update CHANGELOG.md in prep for 68.0 release by @vikin91 in #382
- ROX-9023: disable init bundle generation for release 3.68 by @porridge in #392
New Contributors
- @mtesseract made their first contribution in #26
- @rhybrillou made their first contribution in #29
- @sbostick made their first contribution in #170
- @Stringy made their first contribution in #52
- @lvalerom made their first contribution in #255
Full Changelog: https://github.com/stackrox/stackrox/commits/3.68.0