The StackRox Kubernetes Security Platform version 2.5.25 includes several new features and enhancements. To upgrade to this release from a previous version, see the Upgrade StackRox section.
You can now enable a plaintext HTTP server on the StackRox Kubernetes Security Platform for compatibility with ingress controllers, Layer 7 load balancers, or other solutions that require plain HTTP (not HTTPS) back ends. You can expose the StackRox portal over HTTP during installation or on an existing deployment.
You can now use the
roxctl sensor generate openshift command to generate
sensor deployment bundles for OpenShift clusters. Previously, it was only
available for Kubernetes clusters.
Some image registries don’t support checking access before downloading public
images. When you are integrating with a new registry, you can now skip this
test for the affected registries, including
- ROX-2655: Previously, after a Kubernetes rolling upgrade, the Images view could show multiple entries for a single image tag. This issue is resolved.
- ROX-2762: The View Active YAMLS button in the Network Graph view was inadvertently removed in version 188.8.131.52. The button is restored to its previous location.
- ROX-2794: In large clusters, loading specific compliance views could previously use large amounts of memory and could exceed memory limits. These operations are optimized to reduce memory usage significantly.
- ROX-2797: Previously, custom alert data retention settings were discarded due to an internal logic error. This issue is resolved.
- ROX-2806: Backing up large databases to Amazon S3 could fail with an error related to multipart file uploads. This issue is resolved.
- ROX-2812: Starting in version 2.4.24, PDF exports from the Compliance view contained incorrect data in certain columns. This issue is resolved in version 184.108.40.206.
- ROX-2853: In version 220.127.116.11, risk calculations would vary over time in deployments with multiple containers per pod. This issue is resolved in version 18.104.22.168.
ROX-2649: OpenShift requires that the Security Context Constraints (SCCs) must exist before deployments can reference them. We’ve renamed the SCC file so that
oc create -Rcreates it before creating any deployments.
Due to the addition of the
roxctl sensor generate openshiftcommand, you must specify the
--admission-controllerflags (that are exclusive to Kubernetes clusters and aren’t available in OpenShift), after the
k8scommand. For example, the command:
roxctl sensor generate --admission-controller=true k8s
is no longer valid.
Instead, use the following command:
roxctl sensor generate k8s --admission-controller=true
We're happy to help! Reach out to us to discuss questions, issues, or feature requests.