Release notes: 2.5.29

Find out what's new in version 2.5.29.

2 minute read

The StackRox Kubernetes Security Platform version 2.5.29 includes new features, bug fixes, scale improvements, and other changes. In this version, we’re also laying the groundwork for exciting new features in forthcoming releases. To upgrade to this release from a previous version, see the Upgrade StackRox section.

Version 2.5.28 wasn’t released.

New feature

Automatic upgrades

Automatic upgrades make it easier to stay up-to-date by automating the manual task of upgrading each secured cluster. After you upgrade to version 2.5.29, you can use automatic upgrades for future releases of the StackRox Kubernetes Security Platform.

Automatic upgrades are enabled by default in version 2.5.29. If you prefer to complete future upgrades manually, you can disable automatic upgrades.

Important bug fixes

  • ROX-2536: If you mount Kubernetes secrets as environment variables using a secretKeyRef, your deployments will no longer violate the built-in policy Environment Variable Contains Secret.
  • ROX-2982: We fixed the issue of missing data in PDF exports for namespaces in the Compliance view.
  • ROX-3034: We’ve restored the CSV download option on some parts of the Compliance view.
  • ROX-3044: In the Compliance view, the loading animation for Scan Environment remains visible until all results are retrieved.

Also, see additional bugs resolved in versions and

Important system changes

Changed in version

  • As part of the automatic upgrades feature, we’ve moved the Clusters integrations from Platform Configuration > Integrations to a new page. To open it, select Platform Configuration > Clusters from the left-hand navigation menu.
  • In the Risk view, the Process Discovery tab now always shows, even if there are no observed processes.
  • ROX-3000: When you integrate with a SAML 2.0 identity provider (IdP) and use IdP-initiated sign-in, you no longer need to set a default RelayState. The StackRox Kubernetes Security Platform automatically associates SAML responses with the correct IdP. If the automatic association fails, you can now see the correct RelayState value under Platform Configuration > Access Control.
  • The StackRox Collector image tag matches the major version of the StackRox Kubernetes Security Platform (currently 2.5). Previously, the Collector image tag was a Git reference beginning with 1.6.0. See the upgrade instructions to find the right tag for your release.
  • The updatedAt field in the GetDeployment API is renamed to created because it reports the deployment creation time.
  • We changed the Prometheus scrape endpoint in StackRox services from localhost:9090 to :9090 so you can more easily scrape metrics using your own Prometheus server.

Changed in version

  • Collector now supports runtime activity monitoring on the latest Red Hat Enterprise Linux kernel releases (versions beginning with 3.10.0-1062).
    • eBPF-based runtime activity collection isn’t yet supported on these kernel versions.
    • Collector will automatically fall back to kernel module-based collection if you request eBPF-based collection on a node running an affected kernel version.
    • In new deployments, the default Collector image tag is now 2.5.3. To apply this update in an existing secured cluster, follow the upgrade instructions.

Also, see additional system changes in versions and


We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.