The StackRox Kubernetes Security Platform version 2.5.29 includes new features, bug fixes, scale improvements, and other changes. In this version, we’re also laying the groundwork for exciting new features in forthcoming releases. To upgrade to this release from a previous version, see the Upgrade StackRox section.
Version 2.5.28 wasn’t released.
Automatic upgrades make it easier to stay up-to-date by automating the manual task of upgrading each secured cluster. After you upgrade to version 2.5.29, you can use automatic upgrades for future releases of the StackRox Kubernetes Security Platform.
Automatic upgrades are enabled by default in version 2.5.29. If you prefer to complete future upgrades manually, you can disable automatic upgrades.
- ROX-2536: If you mount Kubernetes secrets as environment variables using
secretKeyRef, your deployments will no longer violate the built-in policy Environment Variable Contains Secret.
- ROX-2982: We fixed the issue of missing data in PDF exports for namespaces in the Compliance view.
- ROX-3034: We’ve restored the CSV download option on some parts of the Compliance view.
- ROX-3044: In the Compliance view, the loading animation for Scan Environment remains visible until all results are retrieved.
Also, see additional bugs resolved in versions 188.8.131.52 and 184.108.40.206.
- As part of the automatic upgrades feature, we’ve moved the Clusters integrations from Platform Configuration > Integrations to a new page. To open it, select Platform Configuration > Clusters from the left-hand navigation menu.
- In the Risk view, the Process Discovery tab now always shows, even if there are no observed processes.
- ROX-3000: When you integrate with a SAML 2.0 identity provider (IdP) and use IdP-initiated sign-in, you no longer need to set a default RelayState. The StackRox Kubernetes Security Platform automatically associates SAML responses with the correct IdP. If the automatic association fails, you can now see the correct RelayState value under Platform Configuration > Access Control.
- The StackRox Collector image tag matches the major version of
the StackRox Kubernetes Security Platform (currently 2.5). Previously, the Collector
image tag was a Git reference beginning with
1.6.0. See the upgrade instructions to find the right tag for your release.
updatedAtfield in the
GetDeploymentAPI is renamed to
createdbecause it reports the deployment creation time.
- We changed the Prometheus scrape endpoint in StackRox services from
:9090so you can more easily scrape metrics using your own Prometheus server.
- Collector now supports runtime activity monitoring on the latest Red Hat
Enterprise Linux kernel releases (versions beginning with
- eBPF-based runtime activity collection isn’t yet supported on these kernel versions.
- Collector will automatically fall back to kernel module-based collection if you request eBPF-based collection on a node running an affected kernel version.
- In new deployments, the default Collector image tag is now 2.5.3. To apply this update in an existing secured cluster, follow the upgrade instructions.
Also, see additional system changes in versions 220.127.116.11 and 18.104.22.168.
We're happy to help! Reach out to us to discuss questions, issues, or feature requests.