Release notes: 2.4.24

Find out what's new in version 2.4.24.

1 minute read

The StackRox Kubernetes Security Platform version 2.4.24 includes several new features and enhancements. To upgrade to this release from a previous version, see the Upgrade StackRox section.

Key features and improvements

Client certificate authentication (PKI)

You can now set up client certificate authentication so users can provide their client certificates to log in. If your organization issues client certificates, configure an authentication provider to get started.

Scoped access control

Different teams are often responsible for working with separate clusters or namespaces. You can now set up an authorization plugin to grant users granular, scoped access to individual clusters or namespaces. To get started, see configure an authorization plugin.

Scoped access control is an advanced feature, and it requires additional manual configuration. We recommend that you only use scoped access control if you’re unable to configure required access levels by using Role based access control.

Performance improvements

Version 2.4.24 includes significant optimizations to reduce resource usage and improve response times.

Database backup operations now complete faster and show progress bars while they’re ongoing. To make it easier to back up a large database, the timeout you set in roxctl is now used as an initial deadline for the file to begin downloading. After that, the backup continues as long as data is successfully flowing from the server to the client.

Important bug fixes

  • ROX-2660: The roxctl command-line client now uses less memory to complete database restore tasks.
  • ROX-2668: Previously, StackRox Scanner would fail to start in clusters with oci-systemd-hook enabled. This issue is resolved.
  • ROX-1883: In large clusters, loading the compliance view could previously use large amounts of memory and could exceed memory limits. This operation is optimized to reduce memory usage significantly.

Important system changes

  • ROX-2543: You can now specify the NameID format for SAML single-sign-on integrations. Some SAML Identity Providers require this format.
  • ROX-2158: When you filter a view based on time, the filtering behavior is now more intuitive. Searching for violations with time >1d, for instance, now returns violations that occurred more than one day ago, not after one day ago.
  • The /v1/deployments/metadata/multipliers API is removed. User-defined risk multipliers (previously accessible only through this API) are no longer taken into account.


We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.