The StackRox Kubernetes Security Platform version 3.0.37 includes bug fixes and system changes. In this version, we’re also laying the groundwork for exciting new features in forthcoming releases. To upgrade to this release from a previous version, see the Upgrade StackRox section.
- Bug ROX-3811: Previously, some Replication Controllers weren’t visible in Central. We’ve fixed this issue.
- Bug ROX-3804 and Bug ROX-3784: We’ve fixed issues and streamlined
the following scripts:
- the image bundle
import.shscript to push the StackRox Kubernetes Security Platform images into a private registry.
delete-sensor.shscript to delete the StackRox Kubernetes Security Platform from a secured cluster.
- the image bundle
- Bug ROX-3803: In the Network Graph view, Simulate Network Policy
function didn’t work if you selected
namespacesin the menu on the top bar. We’ve fixed this issue.
- Bug ROX-3689: Previously, sometimes the old active images were deleted when you pushed newer images to the registry. We’ve fixed this issue by updating the pruning check to ensure that no deployment is using an image before it’s deleted.
- Bug ROX-3788: Previously, when you deleted a deployment, its associated process baselines didn’t get deleted. We’ve fixed this issue.
- Bug ROX-3337: Previously, there were errors in running the CIS benchmark compliance checks on OpenShift control plane and infrastructure nodes. We’ve fixed this issue.
- Bug ROX-3809: Previously, when integrating the StackRox Kubernetes Security Platform with
JIRA, the integration
sometimes failed if the priorities in JIRA didn’t match the
Pnformat. We’ve added an option to manually map JIRA priorities to fix this issue.
- Bug ROX-3855: We’ve fixed an issue where integration with Amazon S3 failed because S3 container IAM role used the default container credentials instead of using the container IAM role.
- We’ve renamed the NIST 800-190 standard to NIST SP 800-190, for correctness. The ID is still the same; therefore, you don’t need to update existing API calls. Existing data is preserved and available on upgrade.
- We’ve update the policy descriptions, rationale, and remediation for the
following built-in policies:
- Fixable CVSS >=6 and Privileged
- Fixable CVSS >=7
- Compiler Tool Execution
- 30-Day Scan Age
- Alpine Linux Package Manager Execution
- Red Hat Package Manager Execution
- Ubuntu Package Manager Execution
We’ve added a
roxctl sensor get-bundle <cluster-name-or-id> command. You can
use it to download sensor bundles for existing clusters
by specifying a cluster name or ID.
We're happy to help! Reach out to us to discuss questions, issues, or feature requests.