Changelog

Download

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

v0.40.0

Released on 2025-01-28

Breaking Changes :warning:

• cleanup(userspac/falco)!: drop deprecated options. [#3361] - @FedeDP

Major Changes

• new(docker): streamline docker images [#3273] - @FedeDP
• new(build): reintroduce static build [#3428] - @LucaGuerra
• new(cmake,ci): added support for using jemalloc allocator instead of glibc one and use it by default for release artifacts [#3406] - @FedeDP
• new(userspace,cmake): honor new plugins exposed suggested output formats [#3388] - @FedeDP
• new(userspace/falco): allow entirely disabling plugin hostinfo support. [#3412] - @FedeDP
• new(ci): use zig compiler instead of relying on centos7. [#3307] - @FedeDP
• new(falco): add buffer_format_base64 option, deprecate -b [#3358] - @LucaGuerra
• new(falco): add base_syscalls.all option to falco.yaml, deprecate -A [#3352] - @LucaGuerra
• new(falco): add falco_libs.snaplen option, deprecate -S / --snaplen [#3362] - @LucaGuerra

Minor Changes

• update(cmake): bump falcoctl to v0.11.0 [#3467] - @alacuku
• chore(ci): add attestation for falco [#3216] - @cpanato
• chore(ci): build Falco in RelWithDebInfo, and upload Falco debug symbols as github artifacts [#3452] - @FedeDP
• update(build): DEB and RPM package requirements for dkms and kernel-devel are now suggestions [#3450] - @jthiltges

Bug Fixes

• fix(userspace/falco): fix container_engines.cri.sockets not loading from config file [#3453] - @zayaanmoez
• fix(docker): /usr/src/'*' no longer created if $HOST_PATH/usr/src didn't exist at startup [#3434] - @shane-lawrence
• fix(docker): add brotli to the Falco image [#3399] - @LucaGuerra
• fix(userspace/engine): explicitly disallow appending/modifying a rule with different sources [#3383] - @mstemm

Non user-facing changes

• chore(falco.yaml): remove comments about cri cli arguments [#3458] - @alacuku
• fix(ci): fixed reusable_build/publish_docker workflows. [#3459] - @FedeDP
• update(cmake): update libs and driver to latest master [#3455] - @github-actions[bot]
• chore(ci): bumped actions/upload-download-artifact. [#3454] - @FedeDP
• chore(docker): drop unused libelf dep from container images [#3451] - @leogr
• chore(docs): update plugins_hostinfo config file comment. [#3449] - @FedeDP
• new(build): add RelWithDebInfo target [#3440] - @shane-lawrence
• chore(deps): Bump submodules/falcosecurity-rules from 283a62f to abf6637 [#3448] - @dependabot[bot]
• update(ci): use 4cpu-16gb arm runners [#3447] - @LucaGuerra
• update(cmake): update libs and driver to latest master [#3439] - @github-actions[bot]
• chore: avoid deprecated funcs to calculate sha256 [#3442] - @federico-sysdig
• chore(ci): enable jemalloc in musl build. [#3436] - @FedeDP
• docs(falco.yaml): correct buffered_outputs description [#3427] - @leogr
• fix(userspace/falco): use correct filtercheck_field_info. [#3426] - @FedeDP
• update(cmake): update libs and driver to latest master [#3421] - @github-actions[bot]
• fix: update the url for the docs about the concurrent queue classes [#3415] - @Issif
• update(changelog): updated changelog for 0.39.2. [#3410] - @FedeDP
• update(cmake): update libs and driver to latest master [#3392] - @github-actions[bot]
• fix(cmake,docker): avoid cpp-httplib requiring brotli. [#3400] - @FedeDP
• chore(deps): Bump submodules/falcosecurity-rules from 407e997 to 283a62f [#3391] - @dependabot[bot]
• update(cmake): bump libs to latest master. [#3389] - @FedeDP
• update(cmake): update libs and driver to latest master [#3385] - @github-actions[bot]
• Make enable()/disable() virtual so they can be overridden [#3375] - @mstemm
• fix(ci): fixed shasum computation for bump-libs CI. [#3379] - @FedeDP
• chore(ci): use redhat advised method to check rpmsign success. [#3376] - @FedeDP
• chore(deps): Bump submodules/falcosecurity-rules from e38fb3f to 407e997 [#3374] - @dependabot[bot]
• Compile output clone [#3364] - @mstemm
• fix(ci): fixed bump-libs workflow syntax. [#3369] - @FedeDP
• new(ci): add a workflow to automatically bump libs on each monday. [#3360] - @FedeDP
• chore(deps): Bump submodules/falcosecurity-rules from b6ad373 to e38fb3f [#3365] - @dependabot[bot]
• cleanup(falco): reformat options::define [#3356] - @LucaGuerra

Statistics

Release Manager @FedeDP

Download

Download

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

v0.39.2

Released on 2024-11-21

Minor Changes

• update(cmake): bumped falcoctl to v0.10.1. [#3408] - @FedeDP
• update(cmake): bump yaml-cpp to latest master. [#3394] - @FedeDP

Non user-facing changes

• update(ci): use arm64 CNCF runners for GH actions [#3386] - @LucaGuerra

Statistics

Release Manager @FedeDP

Download

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

v0.39.1

Released on 2024-10-09

Bug Fixes

• fix(engine): allow null init_config for plugin info [#3372] - @LucaGuerra
• fix(engine): fix parsing issues in -o key={object} when the object definition contains a comma [#3363] - @LucaGuerra
• fix(userspace/falco): fix event set selection for plugin with parsing capability [#3368] - @FedeDP

Non user-facing changes

• update(changelog): updated changelog for 0.39.1. [#3373] - @FedeDP

Statistics

Release Manager @FedeDP

Download

Download

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

v0.39.0

Released on 2024-10-01

Breaking Changes :warning:

• fix(falco_metrics)!: split tags label into multiple tag_-prefixed labels [#3337] - @ekoops
• fix(falco_metrics)!: use full name for configs and rules files [#3337] - @ekoops
• update(falco_metrics)!: rearrange n_evts_cpu and n_drops_cpu Prometheus metrics to follow best practices [#3319] - @incertum
• cleanup(userspace/falco)!: drop deprecated -t,-T,-D options. [#3311] - @FedeDP

Major Changes

• feat(stats): add host_netinfo networking information stats family [#3344] - @ekoops
• new(falco): add json_include_message_property to have a message field without date and priority [#3314] - @LucaGuerra
• new(userspace/falco,userspace/engine): rule json schema validation [#3313] - @FedeDP
• new(falco): introduce append_output configuration [#3308] - @LucaGuerra
• new(userspace/falco): added --config-schema action to print config schema [#3312] - @FedeDP
• new(falco): enable CLI options with -o key={object} [#3310] - @LucaGuerra
• new(config): add container_engines config to falco.yaml [#3266] - @incertum
• new(metrics): add host_ifinfo metric [#3253] - @incertum
• new(userspace,unit_tests): validate configs against schema [#3302] - @FedeDP

Minor Changes

• update(falco): upgrade libs to 0.18.1 [#3349] - @LucaGuerra
• update(systemd): users can refer to systemd falco services with a constistent unique alias falco.service [#3332] - @ekoops
• update(cmake): bump libs to 0.18.0 and driver to 7.3.0+driver. [#3330] - @FedeDP
• chore(userspace/falco): deprecate cri related CLI options. [#3329] - @FedeDP
• update(cmake): bumped falcoctl to v0.10.0 and rules to 3.2.0 [#3327] - @FedeDP
• update(falco_metrics): change prometheus rules metric naming [#3324] - @incertum

Bug Fixes

• fix(falco): allow disable_cri_async from both CLI and config [#3353] - @LucaGuerra
• fix(engine): sync outputs before printing stats at shutdown [#3338] - @LucaGuerra
• fix(falco): allow plugin init_config map in json schema [#3335] - @LucaGuerra
• fix(userspace/falco): properly account for plugin with CAP_PARSING when computing interesting sc set [#3334] - @FedeDP

Non user-facing changes

• feat(cmake): add conditional builds for falcoctl and rules paths [#3305] - @tembleking
• cleanup(falco): ignore lint commit [#3354] - @LucaGuerra
• chore(falco): apply code formatting [#3350] - @poiana
• chore: ignore_some_files for clang format [#3351] - @Andreagit97
• sync: release 0.39.x [#3340] - @FedeDP
• fix(userspace/engine): improve rule json schema to account for source and required_plugin_versions [#3328] - @FedeDP
• cleanup(falco): use header file for json schema [#3325] - @LucaGuerra
• update(engine): modify append_output format [#3322] - @LucaGuerra
• chore: scaffolding for enabling code formatting [#3321] - @Andreagit97
• update(cmake): bump libs and driver to 0.18.0-rc1. [#3320] - @FedeDP
• fix(ci): restore master and release CI workflow permissions. [#3317] - @FedeDP
• fixed the token-permission and pinned-dependencies issue [#3299] - @harshitasao
• update(cmake): bump falcoctl to v0.10.0-rc1 [#3316] - @alacuku
• ci(insecure-api): update semgrep docker image [#3315] - @francesco-furlan
• Add demo environment instructions and docker-config files [#3295] - @bbl232
• chore(deps): Bump submodules/falcosecurity-rules from baecf18 to b6ad373 [#3301] - @dependabot[bot]
• update(cmake): bump libs and driver to latest master [#3283] - @jasondellaluce
• chore(deps): Bump submodules/falcosecurity-rules from 342b20d to baecf18 [#3298] - @dependabot[bot]
• chore(deps): Bump submodules/falcosecurity-rules from 068f0f2 to 342b20d [#3288] - @dependabot[bot]
• vote: add sgaist to OWNERS [#3264] - @sgaist
• Add Tulip Retail to adopters list [#3291] - @bbl232
• chore(deps): Bump submodules/falcosecurity-rules from 28b98b6 to 068f0f2 [#3282] - @dependabot[bot]
• chore(deps): Bump submodules/falcosecurity-rules from c0a9bf1 to 28b98b6 [#3267] - @dependabot[bot]
• Added the OpenSSF Scorecard Badge [#3250] - @harshitasao
• chore(deps): Bump submodules/falcosecurity-rules from ea57e78 to c0a9bf1 [#3247] - @dependabot[bot]
• update(cmake,userspace): bump libs and driver to latest master. [#3263] - @FedeDP
• If rule compilation fails, return immediately [#3260] - @mstemm
• new(userspace/engine): generalize indexable ruleset [#3251] - @mstemm
• update(cmake): bump libs to master. [#3249] - @FedeDP
• chore(deps): Bump submodules/falcosecurity-rules from df963b6 to ea57e78 [#3240] - @dependabot[bot]
• chore(ci): enable dummy tests on the testing framework. [#3233] - @FedeDP
• chore(deps): Bump submodules/falcosecurity-rules from 679a50a to df963b6 [#3231] - @dependabot[bot]
• update(cmake): bump libs and driver to master. [#3225] - @FedeDP
• chore(deps): Bump submodules/falcosecurity-rules from 9e56293 to 679a50a [#3222] - @dependabot[bot]
• update(docs): update CHANGELOG for 0.38.0 (master branch) [#3224] - @LucaGuerra

Statistics

Release Manager @FedeDP

Download

Download

Download

Download

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

v0.38.2

Released on 2024-08-19

Bug Fixes

• fix(engine): fix metrics names to better adhere to best practices [#3272] - @incertum
• fix(ci): use vault.centos.org for centos:7 CI build. [#3274] - @FedeDP

Statistics

Release Manager @LucaGuerra

Download

Download

Download

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

v0.38.1

Released on 2024-06-19

Major Changes

• new(metrics): enable plugins metrics [#3228] - @mrgian

Minor Changes

• cleanup(falco): clarify that --print variants only affect syscalls [#3238] - @LucaGuerra
• update(engine): enable -p option for all sources, -pk, -pc etc only for syscall sources [#3239] - @LucaGuerra

Bug Fixes

• fix(engine): enable output substitution only for syscall rules, prevent engine from exiting with validation errors when a plugin is loaded and -pc/pk is specified [#3236] - @mrgian
• fix(metrics): allow each metric output channel to be selected independently [#3232] - @incertum
• fix(userspace/falco): fixed falco_metrics::to_text implementation when running with plugins [#3230] - @FedeDP

Statistics

Release Manager @FedeDP

Download

Download

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

v0.38.0

Released on 2024-05-30

Breaking Changes :warning:

• new(scripts,docker)!: enable automatic driver selection logic in packages and docker images. Modern eBPF is now also the default driver and the highest priority one in the new driver selection logic. [#3154] - @FedeDP
• cleanup(falco.yaml)!: remove some deprecated configs [#3087] - @Andreagit97
• cleanup(docker)!: remove unused builder dockerfile [#3088] - @Andreagit97

Major Changes

• new(webserver): a metrics endpoint has been added providing prometheus metrics. It can be optionally enabled using the new metrics.prometheus_enabled configuration option. It will only be activated if the metrics.enabled is true as well. [#3140] - @sgaist
• new(metrics): add rules_counters_enabled option [#3192] - @incertum
• new(build): provide signatures for .tar.gz packages [#3201] - @LucaGuerra
• new(engine): add print_enabled_rules_falco_logger when log_level debug [#3189] - @incertum
• new(falco): allow selecting which rules to load from the configuration file or command line [#3178] - @LucaGuerra
• new(metrics): add file sha256sum metrics for loaded config and rules files [#3187] - @incertum
• new(engine): throw an error when an invalid macro/list name is used [#3116] - @mrgian
• new(engine): raise warning instead of error on invalid macro/list name [#3167] - @mrgian
• new(userspace): support split config files [#3024] - @FedeDP
• new(engine): enforce unique exceptions names [#3134] - @mrgian
• new(engine): add warning when appending an exception with no values [#3133] - @mrgian
• feat(metrics): coherent metrics stats model including few metrics naming changes [#3129] - @incertum
• new(config): add falco_libs.thread_table_size [#3071] - @incertum
• new(proposals): introduce on host anomaly detection framework [#2655] - @incertum

Minor Changes

• update(cmake): bump falcoctl to v0.8.0. [#3219] - @FedeDP
• update(rules): update falco-rules to 3.1.0 [#3217] - @LucaGuerra
• refactor(userspace): move falco logger under falco engine [#3208] - @jasondellaluce
• chore(docs): apply features adoption and deprecation proposal to config file keys [#3206] - @FedeDP
• cleanup(metrics): add original rule name as label [#3205] - @incertum
• update(falco): deprecate options -T, -t and -D [#3193] - @LucaGuerra
• refactor: bump libs and driver, support field modifiers [#3186] - @jasondellaluce
• chore(userspace/falco): deprecated old 'rules_file' config key [#3162] - @FedeDP
• chore(falco): update falco libs and driver to master (Apr 8th 2024) [#3158] - @LucaGuerra
• update(build): update libs to 026ffe1d8f1b25c6ccdc09afa2c02afdd3e3f672 [#3151] - @LucaGuerra
• cleanup: minor adjustments to readme, add new testing section [#3072] - @incertum
• refactor(userspace/engine): reduce allocations during rules loading [#3065] - @jasondellaluce
• update(CI): publish wasm package as dev-wasm [#3017] - @Rohith-Raju

Bug Fixes

• fix(userspace/falco): fix state initialization avoid a crash during hot reload [#3190] - @FedeDP
• fix(userspace/engine): make sure exception fields are not optional in replace mode [#3108] - @jasondellaluce
• fix(docker): added zstd to driver loader images [#3203] - @FedeDP
• fix(engine): raise warning instead of error on not-unique exceptions names [#3159] - @mrgian
• fix(engine): apply output substitutions for all sources [#3135] - @mrgian
• fix(userspace/configuration): make sure that folders that would trigger permission denied are not traversed [#3127] - @sgaist
• fix(engine): logical issue in exceptions condition [#3115] - @mrgian
• fix(cmake): properly let falcoctl cmake module create /usr/share/falco/plugins/ folder. [#3105] - @FedeDP

Non user-facing changes

• update(scripts/falcoctl): bump falco-rules version to 3 [#3128] - @alacuku
• build(deps): Bump submodules/falcosecurity-rules from 59bf03b to 9e56293 [#3212] - @dependabot[bot]
• chore(gha): update cosign to v3.5.0 [#3209] - @LucaGuerra
• build(deps): Bump submodules/falcosecurity-rules from 29c41c4 to 59bf03b [#3207] - @dependabot[bot]
• update(cmake): bumped libs to 0.17.0-rc1 and falcoctl to v0.8.0-rc6. [#3204] - @FedeDP
• build(deps): Bump submodules/falcosecurity-rules from 3f668d0 to 3cac61c [#3044] - @dependabot[bot]
• build(deps): Bump submodules/falcosecurity-testing from ae3950a to 7abf76f [#3094] - @dependabot[bot]
• fix(ci): enforce bundled deps OFF in build-dev CI [#3118] - @FedeDP
• build(deps): Bump submodules/falcosecurity-rules from 88a40c8 to 869c9a7 [#3156] - @dependabot[bot]
• update(cmake): bumped falcoctl to v0.8.0-rc5. [#3199] - @FedeDP
• build(deps): Bump submodules/falcosecurity-rules from 4f153f5 to 29c41c4 [#3198] - @dependabot[bot]
• update(cmake): bump falcoctl to v0.8.0-rc4 [#3191] - @FedeDP
• refactor: smart pointer usage [#3184] - @federico-sysdig
• build(deps): Bump submodules/falcosecurity-rules from ec255e6 to 4f153f5 [#3182] - @dependabot[bot]
• update(cmake): bumped libs and driver to latest master. [#3177] - @FedeDP
• chore(cmake): enable modern bpf build by default. [#3180] - @FedeDP
• cleanup(docs): fix typo in license blocks [#3175] - @LucaGuerra
• chore(docker,scripts): set old eBPF probe as lowest priority driver. [#3173] - @FedeDP
• build(deps): Bump submodules/falcosecurity-rules from 869c9a7 to ec255e6 [#3170] - @dependabot[bot]
• update(app): close inspectors at teardown time [#3169] - @LucaGuerra
• fix(docker): fixed docker entrypoints for driver loading. [#3168] - @FedeDP
• fix(docker,scripts): do not load falcoctl driver loader when installing Falco deb package in docker images [#3166] - @FedeDP
• update(ci): build both release and debug versions [#3161] - @LucaGuerra
• chore(userspace/falco): watch all configs files. [#3160] - @FedeDP
• fix(ci): update scorecard-action to v2.3.1 [#3153] - @LucaGuerra
• cleanup(falco): consolidate falco::grpc::server in one class [#3150] - @LucaGuerra
• new(build): enable ASan and UBSan builds with options and in CI [#3147] - @LucaGuerra
• fix(userspace): variable / function shadowing [#3123] - @sgaist
• build(deps): Bump submodules/falcosecurity-rules from fbf0a4e to 88a40c8 [#3145] - @dependabot[bot]
• fix(cmake): fix USE_BUNDLED_DEPS=ON and BUILD_FALCO_UNIT_TESTS=ON [#3146] - @LucaGuerra
• Add --kernelversion and --kernelrelease options to falco driver loader entrypoint [#3143] - @Sryther
• build(deps): Bump submodules/falcosecurity-rules from 44addef to fbf0a4e [#3139] - @dependabot[bot]
• chore: bump to latest libs commit [#3137] - @Andreagit97
• refactor: Use FetchContent for integrating three bundled libs [#3107] - @federico-sysdig
• build(deps): Bump submodules/falcosecurity-rules from dc7970d to 44addef [#3136] - @dependabot[bot]
• build(deps): Bump submodules/falcosecurity-rules from f88b991 to dc7970d [#3126] - @dependabot[bot]
• refactor(ci): Avoid using command make directly [#3101] - @federico-sysdig
• docs(proposal): 20231220-features-adoption-and-deprecation.md [#2986] - @leogr
• build(deps): Bump submodules/falcosecurity-rules from b499a1d to f88b991 [#3125] - @dependabot[bot]
• docs(README.md): Falco Graduates within the CNCF [#3124] - @leogr
• build(deps): Bump submodules/falcosecurity-rules from 497e011 to b499a1d [#3111] - @dependabot[bot]
• chore(ci): bumped codeql actions. [#3114] - @FedeDP
• Cleanup warnings and smart ptrs [#3112] - @federico-sysdig
• new(build): add options to use bundled dependencies [#3092] - @mrgian
• fix(ci): test-dev-packages-arm64 needs build-dev-packages-arm64. [#3110] - @FedeDP
• refactor: bump libs and driver, and adopt unique pointers wherever possible [#3109] - @jasondellaluce
• cleanup: falco_engine test fixture [#3099] - @federico-sysdig
• refactor: test AtomicSignalHandler.handle_once_wait_consistency [#3100] - @federico-sysdig
• Cleanup variable use [#3097] - @sgaist
• cleanup(submodules): dropped testing submodule. [#3098] - @FedeDP
• cleanup(ci): make use of falcosecurity/testing provided composite action [#3093] - @FedeDP
• Improve const correctness [#3083] - @sgaist
• Improve exception throwing [#3085] - @sgaist
• fix(ci): update sync in deb and rpm scripts with acl [#3062] - @LucaGuerra
• cleanup(tests): consolidate Falco engine and rule loader tests [#3066] - @LucaGuerra
• cleanup: falco_engine deps and include paths [#3090] - @federico-sysdig
• fix: Some compiler warnings [#3089] - @federico-sysdig
• build(deps): Bump submodules/falcosecurity-rules from 0f60976 to 497e011 [#3081] - @dependabot[bot]
• fix(c++): add missing explicit to single argument constructors [#3069] - @sgaist
• Improve class initialization [#3074] - @sgaist
• build(deps): Bump submodules/falcosecurity-rules from 6ed2036 to 0f60976 [#3078] - @dependabot[bot]
• build(deps): Bump submodules/falcosecurity-rules from 1053b2d to 6ed2036 [#3067] - @dependabot[bot]
• fix(c++): add missing overrides [#3064] - @sgaist
• new(build): prune deb-dev and rpm-dev directories [#3056] - @LucaGuerra
• refactor(userspace): align falco to gen-event class family deprecation [#3051] - @jasondellaluce
• build(deps): Bump submodules/falcosecurity-rules from 3cac61c to 1053b2d [#3047] - @dependabot[bot]
• fix: adopt new libsinsp logger [#3026] - @therealbobo
• refactor: cleanup libs relative include paths [#2936] - @therealbobo
• chore(ci): bumped rn2md to latest master. [#3046] - @FedeDP
• Support alternate rules loader [#3008] - @mstemm
• fix(ci): fixed release body driver version. [#3042] - @FedeDP
• build(deps): Bump submodules/falcosecurity-rules from c39d31a to 3f668d0 [#3039] - @dependabot[bot]

Statistics

Release Manager @LucaGuerra

Download

Download

Download

Download

Download

Download

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

v0.37.1

Released on 2024-02-13

Major Changes

• new(docker): added option for insecure http driver download to falco and driver-loader images [#3058] - @toamto94

Minor Changes

• update(cmake): bumped falcoctl to v0.7.2 [#3076] - @FedeDP
• update(build): link libelf dynamically [#3048] - @LucaGuerra

Bug Fixes

• fix(userspace/engine): always consider all rules (even the ones below min_prio) in m_rule_stats_manager [#3060] - @FedeDP

Non user-facing changes

• sync(docs): cherrypick CHANGELOG entry for 0.37.1 [#3080] - @FedeDP
• Added http headers option for driver download in docker images [#3075] - @toamto94
• fix(build): install libstdc++ in the Wolfi image [#3053] - @LucaGuerra

Statistics

Release Manager @FedeDP

Download

Download

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

v0.37.0

Released on 2024-01-30

Breaking Changes :warning:

• new!: dropped falco-driver-loader script in favor of new falcoctl driver command [#2905] - @FedeDP
• update!: bump libs to latest and deprecation of k8s metadata options and configs [#2914] - @jasondellaluce
• cleanup(falco)!: remove outputs.rate and outputs.max_burst from Falco config [#2841] - @Andreagit97
• cleanup(falco)!: remove --userspace support [#2839] - @Andreagit97

Major Changes

• new(engine): add selective overrides for Falco rules [#2981] - @LucaGuerra
• feat(userspace/falco): falco administrators can now configure the http output to compress the data sent as well as enable keep alive for the connection. Two new fields (compress_uploads and keep_alive) in the http_output block of the falco.yaml file can be used for that purpose. Both are disabled by default. [#2974] - @sgaist
• new(userspace): support env variable expansion in all yaml, even inside strings. [#2918] - @FedeDP
• new(scripts): add a way to enforce driver kind and falcoctl enablement when installing Falco from packages and dialog is not present. [#2773] - @vjjmiras
• new(falco): print system info when Falco starts [#2927] - @Andreagit97
• new: driver selection in falco.yaml [#2413] - @therealbobo
• new(build): enable compilation on win32 and macOS. [#2889] - @therealbobo
• feat(userspace/falco): falco administrators can now configure the address on which the webserver listen using the new listen_address field in the webserver block of the falco.yaml file. [#2890] - @sgaist

Minor Changes

• update(userspace/falco): add engine_version_semver key in /versions endpoint [#2899] - @loresuso
• update: default ruleset upgrade to version 3.0 [#3034] - @leogr
• update!(config): soft deprecation of drop stats counters in syscall_event_drops [#3015] - @incertum
• update(cmake): bumped falcoctl tool to v0.7.1. [#3030] - @FedeDP
• update(rule_loader): deprecate the append flag in Falco rules [#2992] - @Andreagit97
• cleanup!(cmake): drop bundled plugins in Falco [#2997] - @FedeDP
• update(config): clarify deprecation notices + list all env vars [#2988] - @incertum
• update: now the watch_config_files config option monitors file/directory moving and deletion, too [#2965] - @NitroCao
• update(userspace): enhancements in rule description feature [#2934] - @jasondellaluce
• update(userspace/falco): add libsinsp state metrics option [#2883] - @incertum
• update(doc): Add Thought Machine as adopters [#2919] - @RichardoC
• update(docs): add Wireshark/Logray as adopter [#2867] - @geraldcombs
• update: engine_version in semver representation [#2838] - @loresuso
• update(userspace/engine): modularize rule compiler, fix and enrich rule descriptions [#2817] - @jasondellaluce

Bug Fixes

• fix(userspace/metric): minor fixes in new libsinsp state metrics handling [#3033] - @incertum
• fix(userspace/engine): avoid storing escaped strings in engine defs [#3028] - @jasondellaluce
• fix(userspace/engine): cache latest rules compilation output [#2900] - @jasondellaluce
• fix(userspace/engine): solve description of macro-only rules [#2898] - @jasondellaluce
• fix(userspace/engine): fix memory leak [#2877] - @therealbobo

Non user-facing changes

• new(docs): add changelog for 0.37.0 [#3041] - @Andreagit97
• fix: nlohmann_json lib include path [#3032] - @federico-sysdig
• chore: bump falco rules [#3021] - @Andreagit97
• chore: bump Falco to libs 0.14.1 [#3020] - @Andreagit97
• chore(build): remove outdated development libs [#2946] - @federico-sysdig
• chore(falco): bump Falco to 000d576 libs commit [#2944] - @Andreagit97
• fix(gha): update rpmsign [#2856] - @LucaGuerra
• build(deps): Bump submodules/falcosecurity-rules from 424b258 to 1221b9e [#3000] - @dependabot[bot]
• build(deps): Bump submodules/falcosecurity-rules from 2ac430b to c39d31a [#3019] - @dependabot[bot]
• cleanup(falco.yaml): rename none in nodriver [#3012] - @Andreagit97
• update(config): graduate outputs_queue to stable [#3016] - @incertum
• update(cmake): bump falcoctl to v0.7.0. [#3009] - @FedeDP
• build(deps): Bump submodules/falcosecurity-rules from 1221b9e to 2ac430b [#3007] - @dependabot[bot]
• chore(ci): bumped rn2md to latest master. [#3006] - @FedeDP
• chore: bump Falco to latest libs [#3002] - @Andreagit97
• chore: bump driver version [#2998] - @Andreagit97
• Add addl source related methods [#2939] - @mstemm
• build(deps): Bump submodules/falcosecurity-rules from cd33bc3 to 424b258 [#2993] - @dependabot[bot]
• cleanup(engine): clarify deprecation notice for engines [#2987] - @LucaGuerra
• update(cmake): bumped falcoctl to v0.7.0-rc1. [#2983] - @FedeDP
• chore(ci): revert #2961. [#2984] - @FedeDP
• build(deps): Bump submodules/falcosecurity-testing from 930170b to 9b9630e [#2980] - @dependabot[bot]
• chore: bump Falco to latest libs [#2977] - @Andreagit97
• build(deps): Bump submodules/falcosecurity-rules from 262f569 to cd33bc3 [#2976] - @dependabot[bot]
• Allow enabling rules by ruleset id in addition to name [#2920] - @mstemm
• chore(ci): enable aarch64 falco driver loader tests. [#2961] - @FedeDP
• chore(unit_tests): added more tests for yaml env vars expansion. [#2972] - @FedeDP
• chore(falco.yaml): use HOME env var for ebpf probe path. [#2971] - @FedeDP
• chore: bump falco to latest libs [#2970] - @Andreagit97
• build(deps): Bump submodules/falcosecurity-rules from dd38952 to 262f569 [#2969] - @dependabot[bot]
• update(readme): add actuated.dev badge [#2967] - @LucaGuerra
• chore(cmake,docker): bumped falcoctl to v0.7.0-beta5. [#2968] - @FedeDP
• build(deps): Bump submodules/falcosecurity-rules from 64e2adb to dd38952 [#2959] - @dependabot[bot]
• fix(docker): small fixes in docker entrypoints for new driver loader. [#2966] - @FedeDP
• chore(build): allow usage of non-bundled nlohmann-json [#2947] - @federico-sysdig
• update(ci): enable actuated.dev [#2945] - @LucaGuerra
• cleanup: fix several warnings from a Clang build [#2948] - @federico-sysdig
• chore(docker/falco): add back some deps to falco docker image. [#2932] - @FedeDP
• build(deps): Bump submodules/falcosecurity-testing from 92c313f to 5248e6d [#2937] - @dependabot[bot]
• build(deps): Bump submodules/falcosecurity-rules from e206c1a to 8f0520f [#2904] - @dependabot[bot]
• cleanup(falco): remove decode_uri as it is no longer used [#2933] - @LucaGuerra
• update(engine): port decode_uri in falco engine [#2912] - @LucaGuerra
• chore(falco): update to libs on nov 28th [#2929] - @LucaGuerra
• cleanup(falco): remove init in the configuration constructor [#2917] - @Andreagit97
• build(deps): Bump submodules/falcosecurity-rules from 8f0520f to 64e2adb [#2908] - @dependabot[bot]
• cleanup(userspace/engine): remove legacy k8saudit implementation [#2913] - @jasondellaluce
• fix(gha): disable branch protection rule trigger for scorecard [#2911] - @LucaGuerra
• chore(gha): set cosign-installer to v3.1.2 [#2901] - @LucaGuerra
• new(docs): sync changelog for 0.36.2. [#2894] - @FedeDP
• Run OpenSSF Scorecard in pipeline [#2888] - @maxgio92
• cleanup: replace banned.h with semgrep [#2881] - @LucaGuerra
• chore(gha): upgrade GitHub actions [#2876] - @LucaGuerra
• build(deps): Bump submodules/falcosecurity-rules from a22d0d7 to e206c1a [#2865] - @dependabot[bot]
• build(deps): Bump submodules/falcosecurity-rules from d119706 to a22d0d7 [#2860] - @dependabot[bot]
• fix(gha): use fedora instead of centos 7 for package publishing [#2854] - @LucaGuerra
• chore(gha): pin versions to hashes [#2849] - @LucaGuerra
• build(deps): Bump submodules/falcosecurity-rules from c366d5b to d119706 [#2847] - @dependabot[bot]
• new(ci): properly link libs and driver releases linked to a Falco release [#2846] - @FedeDP
• build(deps): Bump submodules/falcosecurity-rules from 7a7cf24 to c366d5b [#2842] - @dependabot[bot]
• build(deps): Bump submodules/falcosecurity-rules from 77ba57a to 7a7cf24 [#2836] - @dependabot[bot]
• chore(ci): bumped rn2md to latest master. [#2844] - @FedeDP

Statistics

Release Manager @Andreagit97

Download

What's Changed

• sync: release 0.37.x by @FedeDP in https://github.com/falcosecurity/falco/pull/3035
• update(build): update libs to 0.14.2 by @LucaGuerra in https://github.com/falcosecurity/falco/pull/3036

Full Changelog: https://github.com/falcosecurity/falco/compare/0.37.0-rc2...0.37.0-rc3

Download

Download

Download

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

v0.36.2

Released on 2023-10-27

Major Changes

Minor Changes

Bug Fixes

• Bumped libs to 0.13.4

Release Manager @FedeDP

Download

Download

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

v0.36.1

Released on 2024-01-30

Major Changes

• feat(userspace): remove experimental outputs queue recovery strategies [#2863] - @incertum

Bug Fixes

• fix(userspace/falco): timer_delete() workaround due to bug in older GLIBC [#2851] - @incertum

Non user-facing changes

• new(docs): add changelog for 0.36.1 [#2872] - @Andreagit97

Statistics

Release Manager @Andreagit97

Download

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

Release Candidate for Falco 0.36.1. To see what's included, check the corresponding milestone: https://github.com/falcosecurity/falco/milestone/35