The StackRox Kubernetes Security Platform version 3.0.34 includes new features, bug fixes, and system changes. In this version, we’re also laying the groundwork for exciting new features in forthcoming releases. To upgrade to this release from a previous version, see the Upgrade StackRox section.
The StackRox Kubernetes Security Platform now assesses compliance with the recently released version 1.5 of the Center for Internet Security (CIS) benchmark for Kubernetes. The current versions are v1.2.0 for Docker and v1.5.0 for Kubernetes. See benchmark versions for more details.
The StackRox Collector image contains built-in support for runtime activity collection on currently available Linux kernel versions. To get support for new kernel versions, StackRox Collector automatically uses updated images and various secure download methods.
Starting from version 220.127.116.11, you can also upload new support packages by
roxctl collector support-packages upload command. The StackRox Kubernetes Security Platform
uses these support packages before falling back to download options. See
Upload support packages to Central
for more details.
- ROX-3581: We fixed an issue where some pages in the Configuration Management view showed a “not found” error under certain conditions.
- We fixed various issues with graphs and filters in the Compliance view.
- ROX-1849: The Access Control view now shows rules that match on the presence of user metadata keys, regardless of value. Previously, these rules were accepted and not enforced, but not shown in the portal.
- We fixed a memory leak in Collector that caused high memory consumption in busy environments.
- We fixed another memory leak in Collector that caused high memory consumption in busy environments.
- You can now deploy the StackRox Kubernetes Security Platform using images built with the Red Hat Universal Base Image (UBI). See Use StackRox images built with UBI for more information.
You can add exclusions to StackRox policies based on cluster, namespace, deployment, and deployment labels. The StackRox portal now shows all the details of these excluded entries. Previously, only the deployment name was shown.
roxctl image scan command now has a
This flag causes the StackRox Kubernetes Security Platform to re-pull image metadata and image scan
results from the associated registry and scanner.
In new installations of the StackRox Kubernetes Security Platform, the built-in Iptables Executed in Privileged Container policy is now part of the “Network Tools” category. If you’ve already installed, we recommend changing the category yourself.
We're happy to help! Reach out to us to discuss questions, issues, or feature requests.