github stackrox/stackrox 3.72.0-rc.5
on GitHub

latest releases: 4.4.x-nightly-20240701, 4.4.x-nightly-20240628, 4.4.4-rc.2...
pre-release21 months ago

Removed Features

  • ROX-11784: The RenamePolicyCategory and DeletePolicyCategory methods in the
    v1/policycategories endpoint have been removed.
  • Support for violation tags and process tags has been removed.

Deprecated Features

  • ROX-11284: Permission ClusterCVE is deprecated and will be superseded by the existing permission Cluster.
  • Label and Annotation search options are deprecated and will be removed in 3.73. Use the following search options starting 3.73:
    Resource Deprecated Search Option New Search Option
    Node Label Node Label
    Node Annotation Node Annotation
    Namespace Label Namespace Label
    Deployment Label Deployment Label
    ServiceAccount Label Service Account Label
    ServiceAccount Annotation Service Account Annotation
    K8sRole Label Role Label
    K8sRole Annotation Role Annotation
    K8sRoleBinding Label Role Binding Label
    K8sRoleAnnotation Annotation Role Binding Annotation

Technical Changes

  • ROX-11181: Any clusters that have been unhealthy (defined as central being unable to reach sensor running on those clusters) for a configured period of time will be automatically removed. The number of days after which an 'unhealthy' cluster is removed can be configured in the System Configuration page or using the cluster API.
    • Any cluster that is expected to be unavailable for a period of time (e.g. clusters used in disaster recovery), can be tagged with a customizable label. Clusters with those labels will never be removed automatically.
    • By default, this unhealthy cluster removal is disabled (number of days set to 0)
  • ROX-7591: Policy Fixable CVSS >= 6 and Privileged disabled by default on new installations, new policy Severity Important and Privileged added and enabled by default.
  • ROX-11348: The email notifier now allows for unauthenticated SMTP. By default,
    authentication is still required for an email notifier, but the user can now choose to turn it off.
  • Previously, the syslog integration did not respect a configured TCP proxy. This is now fixed.
  • The default technique used by string expression searches will be to match any substrings in future release. Currently, string search uses prefix matching technique in most cases.
  • ROX-9484: When integrating Quay registry you can now optionally use robot account instead of just OAuth tokens. In fact this is Quay's recommended integration credentials. However, integration with Quay scanner still requires an OAuth token.
  • The init-db init-container for ScannerDB now specifies resource requests/limits which match the db container in ScannerDB.
  • Starting 3.73, CSV export API /api/vm/export/csv would require to pass CVE Type filter as part of the input query parameter. Requests that do not have the filter would error out.
    • Examples : CVE Type:NODE_CVE, CVE_Type:IMAGE_CVE, CVE_TYPE:K8S_CVE
Check out latest releases or
releases around stackrox/stackrox 3.72.0-rc.5

Don't miss a new stackrox release

NewReleases is sending notifications on new releases.

Get notifications