Release notes: 3.0.34

Find out what's new in version 3.0.34.

2 minute read

The StackRox Kubernetes Security Platform version 3.0.34 includes new features, bug fixes, and system changes. In this version, we’re also laying the groundwork for exciting new features in forthcoming releases. To upgrade to this release from a previous version, see the Upgrade StackRox section.

New features

CIS Kubernetes version 1.5

The StackRox Kubernetes Security Platform now assesses compliance with the recently released version 1.5 of the Center for Internet Security (CIS) benchmark for Kubernetes. The current versions are v1.2.0 for Docker and v1.5.0 for Kubernetes. See benchmark versions for more details.

More options to update StackRox Collector for new kernel versions

The StackRox Collector image contains built-in support for runtime activity collection on currently available Linux kernel versions. To get support for new kernel versions, StackRox Collector automatically uses updated images and various secure download methods.

Starting from version 3.0.34.0, you can also upload new support packages by using the roxctl collector support-packages upload command. The StackRox Kubernetes Security Platform uses these support packages before falling back to download options. See Upload support packages to Central for more details.

Important bug fixes

Resolved in version 3.0.34.0

  • ROX-3581: We fixed an issue where some pages in the Configuration Management view showed a “not found” error under certain conditions.
  • We fixed various issues with graphs and filters in the Compliance view.
  • ROX-1849: The Access Control view now shows rules that match on the presence of user metadata keys, regardless of value. Previously, these rules were accepted and not enforced, but not shown in the portal.

Resolved in version 3.0.34.1

  • We fixed a memory leak in Collector that caused high memory consumption in busy environments.

Resolved in version 3.0.34.2

  • We fixed another memory leak in Collector that caused high memory consumption in busy environments.
  • You can now deploy the StackRox Kubernetes Security Platform using images built with the Red Hat Universal Base Image (UBI). See Use StackRox images built with UBI for more information.

Important system changes

Portal

You can add exclusions to StackRox policies based on cluster, namespace, deployment, and deployment labels. The StackRox portal now shows all the details of these excluded entries. Previously, only the deployment name was shown.

roxctl CLI

The roxctl image scan command now has a --force flag. This flag causes the StackRox Kubernetes Security Platform to re-pull image metadata and image scan results from the associated registry and scanner.

Policies

In new installations of the StackRox Kubernetes Security Platform, the built-in Iptables Executed in Privileged Container policy is now part of the “Network Tools” category. If you’ve already installed, we recommend changing the category yourself.

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.