Release notes: 2.5.25

Find out what's new in version 2.5.25.

1 minute read

The StackRox Kubernetes Security Platform version 2.5.25 includes several new features and enhancements. To upgrade to this release from a previous version, see the Upgrade StackRox section.

Key features and improvements

Optional unencrypted HTTP endpoint

You can now enable a plaintext HTTP server on the StackRox Kubernetes Security Platform for compatibility with ingress controllers, Layer 7 load balancers, or other solutions that require plain HTTP (not HTTPS) back ends. You can expose the StackRox portal over HTTP during installation or on an existing deployment.

OpenShift sensor bundle generation

You can now use the roxctl sensor generate openshift command to generate sensor deployment bundles for OpenShift clusters. Previously, it was only available for Kubernetes clusters.

Improved registry compatibility

Some image registries don’t support checking access before downloading public images. When you are integrating with a new registry, you can now skip this test for the affected registries, including docker.bintray.io, k8s.gcr.io, and registry.gitlab.com.

Important bug fixes

Resolved in version 2.5.25.0

  • ROX-2655: Previously, after a Kubernetes rolling upgrade, the Images view could show multiple entries for a single image tag. This issue is resolved.
  • ROX-2762: The View Active YAMLS button in the Network Graph view was inadvertently removed in version 2.4.24.0. The button is restored to its previous location.
  • ROX-2794: In large clusters, loading specific compliance views could previously use large amounts of memory and could exceed memory limits. These operations are optimized to reduce memory usage significantly.
  • ROX-2797: Previously, custom alert data retention settings were discarded due to an internal logic error. This issue is resolved.
  • ROX-2806: Backing up large databases to Amazon S3 could fail with an error related to multipart file uploads. This issue is resolved.

Resolved in version 2.5.25.1

  • ROX-2812: Starting in version 2.4.24, PDF exports from the Compliance view contained incorrect data in certain columns. This issue is resolved in version 2.5.25.1.
  • ROX-2853: In version 2.5.25.0, risk calculations would vary over time in deployments with multiple containers per pod. This issue is resolved in version 2.5.25.1.

Important system changes

  • ROX-2649: OpenShift requires that the Security Context Constraints (SCCs) must exist before deployments can reference them. We’ve renamed the SCC file so that oc create -R creates it before creating any deployments.

  • Due to the addition of the roxctl sensor generate openshift command, you must specify the --admission-controller flags (that are exclusive to Kubernetes clusters and aren’t available in OpenShift), after the k8s command. For example, the command:

    Copy
    roxctl sensor generate --admission-controller=true k8s

    is no longer valid.

    Instead, use the following command:

    Copy
    roxctl sensor generate k8s --admission-controller=true

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.