Release notes: 3.0.37

Find out what's new in version 3.0.37.

1 minute read

The StackRox Kubernetes Security Platform version 3.0.37 includes bug fixes and system changes. In this version, we’re also laying the groundwork for exciting new features in forthcoming releases. To upgrade to this release from a previous version, see the Upgrade StackRox section.

Important bug fixes

  • Bug ROX-3811: Previously, some Replication Controllers weren’t visible in Central. We’ve fixed this issue.
  • Bug ROX-3804 and Bug ROX-3784: We’ve fixed issues and streamlined the following scripts:
    • the image bundle script to push the StackRox Kubernetes Security Platform images into a private registry.
    • the script to delete the StackRox Kubernetes Security Platform from a secured cluster.
  • Bug ROX-3803: In the Network Graph view, Simulate Network Policy function didn’t work if you selected namespaces in the menu on the top bar. We’ve fixed this issue.
  • Bug ROX-3689: Previously, sometimes the old active images were deleted when you pushed newer images to the registry. We’ve fixed this issue by updating the pruning check to ensure that no deployment is using an image before it’s deleted.
  • Bug ROX-3788: Previously, when you deleted a deployment, its associated process baselines didn’t get deleted. We’ve fixed this issue.
  • Bug ROX-3337: Previously, there were errors in running the CIS benchmark compliance checks on OpenShift control plane and infrastructure nodes. We’ve fixed this issue.
  • Bug ROX-3809: Previously, when integrating the StackRox Kubernetes Security Platform with JIRA, the integration sometimes failed if the priorities in JIRA didn’t match the Pn format. We’ve added an option to manually map JIRA priorities to fix this issue.
  • Bug ROX-3855: We’ve fixed an issue where integration with Amazon S3 failed because S3 container IAM role used the default container credentials instead of using the container IAM role.

Important system changes


  • We’ve renamed the NIST 800-190 standard to NIST SP 800-190, for correctness. The ID is still the same; therefore, you don’t need to update existing API calls. Existing data is preserved and available on upgrade.
  • We’ve update the policy descriptions, rationale, and remediation for the following built-in policies:
    • Fixable CVSS >=6 and Privileged
    • Fixable CVSS >=7
    • Compiler Tool Execution
    • 30-Day Scan Age
    • Alpine Linux Package Manager Execution
    • Red Hat Package Manager Execution
    • Ubuntu Package Manager Execution

roxctl CLI

We’ve added a roxctl sensor get-bundle <cluster-name-or-id> command. You can use it to download sensor bundles for existing clusters by specifying a cluster name or ID.


We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.