Release notes: 3.0.35

Find out what's new in version 3.0.35.

2 minute read

The StackRox Kubernetes Security Platform version 3.0.35 includes new features, bug fixes, and system changes. In this version, we’re also laying the groundwork for exciting new features in forthcoming releases. To upgrade to this release from a previous version, see the Upgrade StackRox section.

New features

Language-specific vulnerability scanning

The StackRox Kubernetes Security Platform now identifies vulnerabilities in language-specific components such as Java JAR files, Ruby gems, and Python and JavaScript libraries.

The StackRox Kubernetes Security Platform includes these new vulnerability results when checking images and deployments against your security policies. If you have enabled enforcement on image vulnerability-based policies by integrating with a continuous integration (CI) system, enabling admission control, or using scale-to-zero enforcement, we recommend disabling enforcement before you upgrade so that you can view policy violations before re-enabling enforcement. New image scan results and policy violations appear in the StackRox portal over a four-hour interval as images are rescanned with the updated version of StackRox Scanner.

To find out if your policies are enforced, navigate to Platform Configuration > System Policies and filter the view by Enforcement: Fail build and Enforcement: Scale to zero.

Native support for network proxies

The StackRox Kubernetes Security Platform now natively supports the use of a network proxy. You can now configure StackRox Central and Scanner to send external traffic through an HTTP, HTTPS, or SOCKS5 proxy by configuring a Kubernetes Secret. See Configure a proxy for external network access for more information.

Important bug fixes

  • ROX-3118: Previously, once a deployment details tab was open in the Network graph view, you couldn’t view generated network policies. We’ve resolved this issue.
  • ROX-3653: We fixed an issue where pages in the Compliance view did not respond correctly when you filtered by Compliance State.
  • ROX-3657: We clarified the header in the Compliance view to reflect that the number of clusters, namespaces, nodes, and deployments only includes those checked for compliance.

Important system changes

General

You can now deploy the StackRox Kubernetes Security Platform using images built with the Red Hat Universal Base Image (UBI). See Use StackRox images built with UBI for more information. (This change was first released in version 3.0.34.2).

StackRox Scanner

Because language-specific vulnerability scanning is now generally available, we’ve deprecated the preview version of StackRox Scanner.

If you are using the preview version, follow the upgrade instructions to switch to the generally available version of StackRox Scanner.

API

In the /v1/images/{id} API, the image object now includes a source field for each component in scan.components[]. This field indicates how the component was identified:

  • Components installed using operating system package managers like apk, apt, or rpm list OS as the source.
  • Components identified using language analysis list the programming language as the source, for example PYTHON or JAVA.

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.