The StackRox Kubernetes Security Platform version 2.4.23 includes several new features and enhancements. To upgrade to this release from a previous version, see the Upgrade StackRox section.
The StackRox Kubernetes Security Platform enforces licensing restrictions in version 2.4.20 and higher.
Contact your sales representative or StackRox support if you don’t have a license.
You can now enable Offline Mode to run the StackRox Kubernetes Security Platform in clusters without internet connectivity. See the Offline mode instructions for more details.
It’s important to know what access users and service accounts have to the Kubernetes API. Risk assessments, policies, and compliance checks now account for Kubernetes Role-Based Access Control (RBAC) privileges. Navigate to the Risk or Compliance views in the left-hand navigation menu to see RBAC data, or configure policies under Platform Configuration > System Policies.
Version 2.4.23 includes new optimizations to reduce disk space requirements and make Central start up faster.
- ROX-2488: Previously, API responses were sometimes truncated incorrectly, delivering fewer objects than requested. The API server now delivers up to 1000 matching objects, depending on the pagination parameters you use. See the API guide for more information.
- ROX-2429: Packages in the Scanner and Monitoring images have been updated to address CVEs.
- ROX-2487: Previously, backup requests for large databases could time out or require additional RAM to complete. The backup process is optimized, and the default timeout is increased to 60 minutes in version 220.127.116.11.
- ROX-2464: Previously, loading active flows in the network graph could fail or time out for clusters with a large number of deployments and network connections. This issue is resolved in version 18.104.22.168.
- ROX-2645: Previously, some OpenShift pods weren’t handled as part of the deployments that created them, especially ReplicationControllers. This issue is resolved in version 22.214.171.124.
- You can now configure the size of the persistent volume for Central during installation.
- The resource requests and limits for Central and Sensor have been increased to provide a more predictable user experience.
- StackRox Scanner now communicates with Central using mutual TLS.
- Previously, the Prometheus endpoint for Central was available over HTTPS on port 8443. For better compatibility with monitoring systems, the endpoint now is available over plain HTTP on port 9090.
- You can now configure a retention period for alerts using the API. Once configured, Central deletes the alerts after the retention period expires. See Enable alert data retention to get started.
We're happy to help! Reach out to us to discuss questions, issues, or feature requests.