Releases: falcosecurity/falco
Releases · falcosecurity/falco
0.38.1-rc1
new(metrics): enable plugins metrics Signed-off-by: Gianmatteo Palmieri <[email protected]> Co-authored-by: Melissa Kilby <[email protected]>
0.38.0
| Packages | Download |
|---|---|
| rpm-x86_64 |  |
| deb-x86_64 | |
| tgz-x86_64 | |
| rpm-aarch64 | |
| deb-aarch64 | |
| tgz-aarch64 | |
| Images |
|---|
docker pull docker.io/falcosecurity/falco:0.38.0 |
docker pull public.ecr.aws/falcosecurity/falco:0.38.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.38.0 |
docker pull docker.io/falcosecurity/falco-driver-loader-legacy:0.38.0 |
docker pull docker.io/falcosecurity/falco-no-driver:0.38.0 |
docker pull docker.io/falcosecurity/falco-distroless:0.38.0 |
v0.38.0
Released on 2024-05-30
Breaking Changes ⚠️
- new(scripts,docker)!: enable automatic driver selection logic in packages and docker images. Modern eBPF is now also the default driver and the highest priority one in the new driver selection logic. [#3154] - @FedeDP
- cleanup(falco.yaml)!: remove some deprecated configs [#3087] - @Andreagit97
- cleanup(docker)!: remove unused builder dockerfile [#3088] - @Andreagit97
Major Changes
- new(webserver): a metrics endpoint has been added providing prometheus metrics. It can be optionally enabled using the new
metrics.prometheus_enabledconfiguration option. It will only be activated if themetrics.enabledis true as well. [#3140] - @sgaist - new(metrics): add
rules_counters_enabledoption [#3192] - @incertum - new(build): provide signatures for .tar.gz packages [#3201] - @LucaGuerra
- new(engine): add print_enabled_rules_falco_logger when log_level debug [#3189] - @incertum
- new(falco): allow selecting which rules to load from the configuration file or command line [#3178] - @LucaGuerra
- new(metrics): add file sha256sum metrics for loaded config and rules files [#3187] - @incertum
- new(engine): throw an error when an invalid macro/list name is used [#3116] - @mrgian
- new(engine): raise warning instead of error on invalid macro/list name [#3167] - @mrgian
- new(userspace): support split config files [#3024] - @FedeDP
- new(engine): enforce unique exceptions names [#3134] - @mrgian
- new(engine): add warning when appending an exception with no values [#3133] - @mrgian
- feat(metrics): coherent metrics stats model including few metrics naming changes [#3129] - @incertum
- new(config): add
falco_libs.thread_table_size[#3071] - @incertum - new(proposals): introduce on host anomaly detection framework [#2655] - @incertum
Minor Changes
- update(cmake): bump falcoctl to v0.8.0. [#3219] - @FedeDP
- update(rules): update falco-rules to 3.1.0 [#3217] - @LucaGuerra
- refactor(userspace): move falco logger under falco engine [#3208] - @jasondellaluce
- chore(docs): apply features adoption and deprecation proposal to config file keys [#3206] - @FedeDP
- cleanup(metrics): add original rule name as label [#3205] - @incertum
- update(falco): deprecate options -T, -t and -D [#3193] - @LucaGuerra
- refactor: bump libs and driver, support field modifiers [#3186] - @jasondellaluce
- chore(userspace/falco): deprecated old 'rules_file' config key [#3162] - @FedeDP
- chore(falco): update falco libs and driver to master (Apr 8th 2024) [#3158] - @LucaGuerra
- update(build): update libs to 026ffe1d8f1b25c6ccdc09afa2c02afdd3e3f672 [#3151] - @LucaGuerra
- cleanup: minor adjustments to readme, add new testing section [#3072] - @incertum
- refactor(userspace/engine): reduce allocations during rules loading [#3065] - @jasondellaluce
- update(CI): publish wasm package as dev-wasm [#3017] - @Rohith-Raju
Bug Fixes
- fix(userspace/falco): fix state initialization avoid a crash during hot reload [#3190] - @FedeDP
- fix(userspace/engine): make sure exception fields are not optional in replace mode [#3108] - @jasondellaluce
- fix(docker): added zstd to driver loader images [#3203] - @FedeDP
- fix(engine): raise warning instead of error on not-unique exceptions names [#3159] - @mrgian
- fix(engine): apply output substitutions for all sources [#3135] - @mrgian
- fix(userspace/configuration): make sure that folders that would trigger permission denied are not traversed [#3127] - @sgaist
- fix(engine): logical issue in exceptions condition [#3115] - @mrgian
- fix(cmake): properly let falcoctl cmake module create /usr/share/falco/plugins/ folder. [#3105] - @FedeDP
Non user-facing changes
- update(scripts/falcoctl): bump falco-rules version to 3 [#3128] - @alacuku
- build(deps): Bump submodules/falcosecurity-rules from
59bf03bto9e56293[#3212] - @dependabot[bot] - chore(gha): update cosign to v3.5.0 [#3209] - @LucaGuerra
- build(deps): Bump submodules/falcosecurity-rules from
29c41c4to59bf03b[#3207] - @dependabot[bot] - update(cmake): bumped libs to 0.17.0-rc1 and falcoctl to v0.8.0-rc6. [[#3204](https://github.com//pull/32...
Contributors
LucaGuerra
Assets 2
0.38.0-rc5
update(cmake): bump libs to 0.17.1. Signed-off-by: Federico Di Pierro <[email protected]>
0.38.0-rc4
update(cmake): bumped libs to 0.17.0 and driver to 7.2.0+driver. Signed-off-by: Federico Di Pierro <[email protected]>
0.38.0-rc3
update(cmake): bump libs to 0.17.0-rc2. Signed-off-by: Federico Di Pierro <[email protected]>
0.38.0-rc2
chore(gha): update cosign Signed-off-by: Luca Guerra <[email protected]>
0.38.0-rc1
chore(falco.yaml): `rule` -> `rules`. Signed-off-by: Federico Di Pierro <[email protected]>
0.37.1
| Packages | Download |
|---|---|
| rpm-x86_64 |  |
| deb-x86_64 | |
| tgz-x86_64 | |
| rpm-aarch64 | |
| deb-aarch64 | |
| tgz-aarch64 | |
| Images |
|---|
docker pull docker.io/falcosecurity/falco:0.37.1 |
docker pull public.ecr.aws/falcosecurity/falco:0.37.1 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.37.1 |
docker pull docker.io/falcosecurity/falco-driver-loader-legacy:0.37.1 |
docker pull docker.io/falcosecurity/falco-no-driver:0.37.1 |
docker pull docker.io/falcosecurity/falco-distroless:0.37.1 |
v0.37.1
Released on 2024-02-13
Major Changes
- new(docker): added option for insecure http driver download to falco and driver-loader images [#3058] - @toamto94
Minor Changes
- update(cmake): bumped falcoctl to v0.7.2 [#3076] - @FedeDP
- update(build): link libelf dynamically [#3048] - @LucaGuerra
Bug Fixes
- fix(userspace/engine): always consider all rules (even the ones below min_prio) in m_rule_stats_manager [#3060] - @FedeDP
Non user-facing changes
- sync(docs): cherrypick CHANGELOG entry for 0.37.1 [#3080] - @FedeDP
- Added http headers option for driver download in docker images [#3075] - @toamto94
- fix(build): install libstdc++ in the Wolfi image [#3053] - @LucaGuerra
Statistics
| MERGED PRS | NUMBER |
|---|---|
| Not user-facing | 3 |
| Release note | 4 |
| Total | 7 |
Release Manager @FedeDP
Contributors
FedeDP
Assets 2
0.37.1-rc1
update(cmake): bump libs to 0.14.3. Signed-off-by: Federico Di Pierro <[email protected]>
0.37.0
| Packages | Download |
|---|---|
| rpm-x86_64 |  |
| deb-x86_64 | |
| tgz-x86_64 | |
| rpm-aarch64 | |
| deb-aarch64 | |
| tgz-aarch64 | |
| Images |
|---|
docker pull docker.io/falcosecurity/falco:0.37.0 |
docker pull public.ecr.aws/falcosecurity/falco:0.37.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.37.0 |
docker pull docker.io/falcosecurity/falco-driver-loader-legacy:0.37.0 |
docker pull docker.io/falcosecurity/falco-no-driver:0.37.0 |
docker pull docker.io/falcosecurity/falco-distroless:0.37.0 |
v0.37.0
Released on 2024-01-30
Breaking Changes ⚠️
- new!: dropped falco-driver-loader script in favor of new falcoctl driver command [#2905] - @FedeDP
- update!: bump libs to latest and deprecation of k8s metadata options and configs [#2914] - @jasondellaluce
- cleanup(falco)!: remove
outputs.rateandoutputs.max_burstfrom Falco config [#2841] - @Andreagit97 - cleanup(falco)!: remove
--userspacesupport [#2839] - @Andreagit97
Major Changes
- new(engine): add selective overrides for Falco rules [#2981] - @LucaGuerra
- feat(userspace/falco): falco administrators can now configure the http output to compress the data sent as well as enable keep alive for the connection. Two new fields (compress_uploads and keep_alive) in the http_output block of the
falco.yamlfile can be used for that purpose. Both are disabled by default. [#2974] - @sgaist - new(userspace): support env variable expansion in all yaml, even inside strings. [#2918] - @FedeDP
- new(scripts): add a way to enforce driver kind and falcoctl enablement when installing Falco from packages and dialog is not present. [#2773] - @vjjmiras
- new(falco): print system info when Falco starts [#2927] - @Andreagit97
- new: driver selection in falco.yaml [#2413] - @therealbobo
- new(build): enable compilation on win32 and macOS. [#2889] - @therealbobo
- feat(userspace/falco): falco administrators can now configure the address on which the webserver listen using the new listen_address field in the webserver block of the
falco.yamlfile. [#2890] - @sgaist
Minor Changes
- update(userspace/falco): add
engine_version_semverkey in/versionsendpoint [#2899] - @loresuso - update: default ruleset upgrade to version 3.0 [#3034] - @leogr
- update!(config): soft deprecation of drop stats counters in
syscall_event_drops[#3015] - @incertum - update(cmake): bumped falcoctl tool to v0.7.1. [#3030] - @FedeDP
- update(rule_loader): deprecate the
appendflag in Falco rules [#2992] - @Andreagit97 - cleanup!(cmake): drop bundled plugins in Falco [#2997] - @FedeDP
- update(config): clarify deprecation notices + list all env vars [#2988] - @incertum
- update: now the
watch_config_filesconfig option monitors file/directory moving and deletion, too [#2965] - @NitroCao - update(userspace): enhancements in rule description feature [#2934] - @jasondellaluce
- update(userspace/falco): add libsinsp state metrics option [#2883] - @incertum
- update(doc): Add Thought Machine as adopters [#2919] - @RichardoC
- update(docs): add Wireshark/Logray as adopter [#2867] - @geraldcombs
- update: engine_version in semver representation [#2838] - @loresuso
- update(userspace/engine): modularize rule compiler, fix and enrich rule descriptions [#2817] - @jasondellaluce
Bug Fixes
- fix(userspace/metric): minor fixes in new libsinsp state metrics handling [#3033] - @incertum
- fix(userspace/engine): avoid storing escaped strings in engine defs [#3028] - @jasondellaluce
- fix(userspace/engine): cache latest rules compilation output [#2900] - @jasondellaluce
- fix(userspace/engine): solve description of macro-only rules [#2898] - @jasondellaluce
- fix(userspace/engine): fix memory leak [#2877] - @therealbobo
Non user-facing changes
- new(docs): add changelog for 0.37.0 [#3041] - @Andreagit97
- fix: nlohmann_json lib include path [#3032] - @federico-sysdig
- chore: bump falco rules [#3021] - @Andreagit97
- chore: bump Falco to libs 0.14.1 [#3020] - @Andreagit97
- chore(build): remove outdated development libs [#2946] - @federico-sysdig
- chore(falco): bump Falco to
000d576libs commit [#2944] - @Andreagit97 - fix(gha): update rpmsign [#2856] - @LucaGuerra
- build(deps): Bump submodules/falcosecurity-rules from
424b258to1221b9e[#3000] - @dependabot[bot] - build(deps): Bump submodules/falcosecurity-rules from
2ac430btoc39d31a[#3019] - @dependabot[bot] - cleanup(falco.yaml): rename
noneinnodriver[#3012] - @Andreagit97 - update(config): graduate outputs_queue to stable [#3016] - [@incertum](https://github.com/incer...
Contributors
Andreagit97