The StackRox Kubernetes Security Platform version 2.4.24 includes several new features and enhancements. To upgrade to this release from a previous version, see the Upgrade StackRox section.
You can now set up client certificate authentication so users can provide their client certificates to log in. If your organization issues client certificates, configure an authentication provider to get started.
Different teams are often responsible for working with separate clusters or namespaces. You can now set up an authorization plugin to grant users granular, scoped access to individual clusters or namespaces. To get started, see configure an authorization plugin.
Scoped access control is an advanced feature, and it requires additional manual configuration. We recommend that you only use scoped access control if you’re unable to configure required access levels by using Role based access control.
Version 2.4.24 includes significant optimizations to reduce resource usage and improve response times.
Database backup operations now complete faster and show progress bars while
they’re ongoing. To make it easier to back up a large database, the timeout you
roxctl is now used as an initial deadline for the file to begin
downloading. After that, the backup continues as long as data is successfully
flowing from the server to the client.
- ROX-2660: The
roxctlcommand-line client now uses less memory to complete database restore tasks.
- ROX-2668: Previously, StackRox Scanner would fail to start in clusters
oci-systemd-hookenabled. This issue is resolved.
- ROX-1883: In large clusters, loading the compliance view could previously use large amounts of memory and could exceed memory limits. This operation is optimized to reduce memory usage significantly.
- ROX-2543: You can now specify the NameID format for SAML single-sign-on integrations. Some SAML Identity Providers require this format.
- ROX-2158: When you filter a view based on time, the filtering behavior is
now more intuitive. Searching for violations with time
>1d, for instance, now returns violations that occurred more than one day ago, not after one day ago.
/v1/deployments/metadata/multipliersAPI is removed. User-defined risk multipliers (previously accessible only through this API) are no longer taken into account.
We're happy to help! Reach out to us to discuss questions, issues, or feature requests.