Release notes: 2.5.27

Find out what's new in version 2.5.27.

3 minute read

The StackRox Kubernetes Security Platform version 2.5.27 includes feature enhancements, bug fixes, scale improvements, and other changes. In this version, we’re also laying the groundwork for exciting new features in forthcoming releases. To upgrade to this release from a previous version, see the Upgrade StackRox section.

New features

Precise data retention

You can now configure data retention settings for violations and images in the StackRox portal. These settings also enable better control, since you can now set different retention periods for different kinds of violations.

Resumable restore operations

During a database restore operation by using the roxctl command-line tool, if your connection is interrupted or you need to go offline, you can now resume the restore later. See Backup and restore for more information.

Important enhancements

  • ROX-2519: The StackRox Kubernetes Security Platform now includes PodSecurityPolicy configurations for each StackRox Kubernetes deployment so you can deploy the StackRox Kubernetes Security Platform seamlessly in clusters that enforce pod security policies.
  • ROX-2311: The StackRox portal now handles temporary connection problems better. If the server becomes reachable again after temporarily being unreachable, you’ll now see a message asking you to refresh the page.

Important bug fixes

Resolved in version 2.5.27.0

  • ROX-2424: In the Compliance view, some buttons and screens would crash if the Sensor in a secured cluster hadn’t checked in yet. The StackRox portal now correctly handles this case.
  • ROX-2781: The browser appeared frozen when accessing the Process Discovery tab in the Risk view and selecting an image in the Images view. We’ve optimized the page rendering to fix this issue.
  • ROX-2886: In the “Passing Standards by Cluster” widget on the Dashboard view, you couldn’t use the arrow buttons to cycle through more than three clusters. The buttons now work correctly.
  • ROX-2927: The Images view would change back to the first page of results after you selected an image to view. The table now stays on the page you’ve opened.
  • ROX-2929: The roxctl central generate command now runs successfully on Windows.

Resolved in version 2.5.27.1

  • ROX-2568: We’ve updated the StackRox Kubernetes Security Platform integration with Jira to handle recent changes to Jira Cloud’s authentication process.
  • ROX-2985: The StackRox Kubernetes Security Platform Jira integration now automatically discovers available options for the priority field when creating issues, in case your project uses custom values like P3-Minor.
  • ROX-2998: We’ve fixed an issue where the Process Discovery view could show processes without names.
  • ROX-3133: If you deploy CronJob resources in Kubernetes, you previously could see warning logs in the StackRox Sensor. Because these logs didn’t reflect any incorrect system behavior, we’ve changed settings, so they only appear in debug-level logs.

Resolved in version 2.5.27.2

Important system changes

Changed in version 2.5.27.0

  • When you’re backing up the database by using the roxctl central db backup command, you can now provide a file output location using the new --output option.
  • The StackRox Kubernetes Security Platform periodically refreshes data from external systems like image scanners. The StackRox Kubernetes Security Platform now spreads these refresh requests over a four-hour interval to reduce load instead of refreshing every hour.
  • If you configure data retention settings, the StackRox Kubernetes Security Platform now checks for expired data every hour instead of every 24 hours.

Changed in version 2.5.27.1

  • We’ve clarified the text shown in the StackRox portal when you are configuring role-based access control. We’ve changed the “Default role” field name to “Minimum access role” to explain its purpose better. System behavior and APIs remain the same:

    • you can select a minimum access role to grant to all users who sign in with the configured authentication provider, and
    • you can grant additional roles to specific users and groups using rules.
  • StackRox Central now compacts its database files by default. Compaction saves disk space by freeing the space used for already-deleted objects. The compaction process begins if the free space is above a configured threshold when Central restarts.

Security updates

  • We’ve updated our images to resolve the CVE-2019-14697 vulnerability in the Alpine Linux musl library. We identified this vulnerability in StackRox images by using the StackRox Scanner. However, this vulnerability doesn’t apply to the StackRox Kubernetes Security Platform because:

    • The vulnerability only affects musl when running on a host with the x86 architecture. However, the StackRox Kubernetes Security Platform only runs on the amd64 (x86_64) architecture, which isn’t affected.
    • The binaries in the StackRox Kubernetes Security Platform are linked statically, so they don’t use the affected musl library. The StackRox Kubernetes Security Platform doesn’t pass any user input to the affected binaries in Alpine Linux.
  • Netflix recently published a security advisory identifying several problems that can cause HTTP/2 servers to exhaust resources serving specially crafted requests. The Go programming language was affected by two of these vulnerabilities (CVE-2019-9512 and CVE-2019-9514). We’ve updated the StackRox Kubernetes Security Platform to use a new version of Go that resolves these vulnerabilities.

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.