The StackRox Kubernetes Security Platform version 3.0.41 includes new features, bug fixes, and system changes. To upgrade to this release from a previous version, see the Upgrade StackRox section.
The StackRox Kubernetes Security Platform now features a Vulnerability Management view in the StackRox portal to help you identify, prioritize, and manage vulnerabilities across your applications and infrastructure. The Vulnerability Management view displays information you can act on and gives you a complete view of the vulnerabilities and how they relate to other entities, for example, deployments, images, and components.
You can now use Helm charts to install Sensor, Collector, and Admission Controller. To get started, navigate to the stackrox/helm-charts repository on GitHub.
The GitHub repository includes charts for each version of the StackRox Kubernetes Security Platform,
starting from version 126.96.36.199. In version 188.8.131.52, we added a new
image.repository.collector parameter and adjusted the default values of other
- ROX-3800: Previously, in the Violations view, the StackRox portal didn’t show enforcement actions that the StackRox Kubernetes Security Platform had taken in response to violations. The StackRox portal now correctly shows these actions.
- ROX-4359: Previously, while adding a new authentication provider, selecting Cancel would crash the StackRox portal page if you didn’t have any other authentication providers. We’ve fixed this issue.
- ROX-4521: Previously, in the Violations view when you selected a violation, the Policy tab of the violation details panel didn’t show the policy details. The StackRox portal now correctly shows policy details for the selected violation.
- ROX-4570: In version 184.108.40.206, the StackRox portal didn’t display CVE descriptions in the Vulnerability Management and Images views. These views now correctly show a summary of each vulnerability.
- ROX-4575: In version 220.127.116.11, local page filtering suggestions in the StackRox portal overlapped with other parts of some views. We’ve fixed this issue.
- ROX-4577: From versions 18.104.22.168 to 22.214.171.124, when you bypassed admission controller enforcement in an emergency, the StackRox Kubernetes Security Platform would still apply scale-to-zero enforcement. We’ve fixed this issue.
- ROX-4578: We’ve fixed an issue where the StackRox Kubernetes Security Platform didn’t include new results from re-scanning images when checking compliance with your policies.
- ROX-4590: Previously, if you first installed the StackRox Kubernetes Security Platform version 2.4.21 or earlier, then eventually upgraded to version 3.0.41, StackRox Sensor would crash in each cluster until you adjusted that cluster’s dynamic configuration options in the Platform Configuration > Clusters view. We’ve resolved this issue.
- ROX-4598: Previously, StackRox Sensor crashed sometimes when processing large amounts of data, due to an internal error. We’ve resolved this issue.
The StackRox admission controller prevents users from creating workloads that violate policies you configure in the StackRox Kubernetes Security Platform. Beginning from the StackRox Kubernetes Security Platform version 3.0.41, you can also configure the admission controller to prevent updates to workloads that violate policies. For more details, see Enable admission controller enforcement.
We’ve updated the StackRox Kubernetes Security Platform images based on the Red Hat Enterprise Linux (RHEL) images, from Red Hat Universal Base Image (UBI) version 7.7 to UBI version 8.1. See Use StackRox images built with UBI for more information.
|New topic||Manage vulnerabilities||Learn how to identify and prioritize vulnerabilities for remediation.|
|Update||Enable admission controller enforcement||Added Additional information section, and added user interface options only available for the StackRox Kubernetes Security Platform version 3.0.41 and newer.|
|Update||Supported platforms||Clarified supported version numbers for Kubernetes and OpenShift.|
We're happy to help! Reach out to us to discuss questions, issues, or feature requests.