Release notes: 2.4.23

Find out what's new in version 2.4.23.

2 minute read

The StackRox Kubernetes Security Platform version 2.4.23 includes several new features and enhancements. To upgrade to this release from a previous version, see the Upgrade StackRox section.

The StackRox Kubernetes Security Platform enforces licensing restrictions in version 2.4.20 and higher.

Contact your sales representative or StackRox support if you don’t have a license.

Key features and improvements

Offline mode

You can now enable Offline Mode to run the StackRox Kubernetes Security Platform in clusters without internet connectivity. See the Offline mode instructions for more details.

Kubernetes RBAC assessment

It’s important to know what access users and service accounts have to the Kubernetes API. Risk assessments, policies, and compliance checks now account for Kubernetes Role-Based Access Control (RBAC) privileges. Navigate to the Risk or Compliance views in the left-hand navigation menu to see RBAC data, or configure policies under Platform Configuration > System Policies.

Performance improvements

Version 2.4.23 includes new optimizations to reduce disk space requirements and make Central start up faster.

Important bug fixes

  • ROX-2488: Previously, API responses were sometimes truncated incorrectly, delivering fewer objects than requested. The API server now delivers up to 1000 matching objects, depending on the pagination parameters you use. See the API guide for more information.
  • ROX-2429: Packages in the Scanner and Monitoring images have been updated to address CVEs.
  • ROX-2487: Previously, backup requests for large databases could time out or require additional RAM to complete. The backup process is optimized, and the default timeout is increased to 60 minutes in version 2.4.23.1.
  • ROX-2464: Previously, loading active flows in the network graph could fail or time out for clusters with a large number of deployments and network connections. This issue is resolved in version 2.4.23.1.
  • ROX-2645: Previously, some OpenShift pods weren’t handled as part of the deployments that created them, especially ReplicationControllers. This issue is resolved in version 2.4.23.2.

Important system changes

  • You can now configure the size of the persistent volume for Central during installation.
  • The resource requests and limits for Central and Sensor have been increased to provide a more predictable user experience.
  • StackRox Scanner now communicates with Central using mutual TLS.
  • Previously, the Prometheus endpoint for Central was available over HTTPS on port 8443. For better compatibility with monitoring systems, the endpoint now is available over plain HTTP on port 9090.
  • You can now configure a retention period for alerts using the API. Once configured, Central deletes the alerts after the retention period expires. See Enable alert data retention to get started.

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.