Release notes: 3.0.42

Find out what's new in version 3.0.42.

1 minute read

The StackRox Kubernetes Security Platform version 3.0.42 includes new features, bug fixes, and system changes. To upgrade to this release from a previous version, see the Upgrade StackRox section.

New features

Comments and tags

You can now use Comments and Tags to specify what’s happening with violations and processes to keep your team up to date. Comments and tags are available in various views, for example, you can add comments and tags for,

Violations in the following views:

Processes in the following views:

Important bug fixes

  • ROX-4671: We addressed an issue that caused high CPU usage in Sensor.
  • ROX-4607: Previously, the admission controller didn’t enforce policies with single cluster scope. We’ve fixed this issue.
  • ROX-4580: Previously, in the Configuration Management view, the StackRox portal didn’t show background for selected deployments listed in the Service Account details panel. Now the StackRox portal now shows the details.
  • ROX-4543 and ROX-4272: Previously, in the Configuration Management view, the StackRox portal didn’t show deployments details panel when you selected from Image > Deployment. The StackRox portal now correctly shows the details.
  • ROX-4429: Previously, the automatic upgrades wouldn’t work if the cluster reported some resources as unavailable. We’ve updated the StackRox Kubernetes Security Platform to ensure that automatic upgrades work as usual as long as the required resources are available on the cluster.

Important system changes

Snooze CVEs for a specific time

You can now snooze CVEs for a specified time such as a day, a week, two weeks, a month, or indefinitely (until you unsnooze).

API

  • You can now request pretty-printed JSON responses for all v1 API endpoints by adding the ?pretty path parameter in your requests. For more information, see the Use the API topic.
  • You can use:
    • the SuppressCVEs endpoint /v1/cves/suppress to snooze CVEs for specific duration, and
    • the UnsuppressCVEs endpoint /v1/cves/unsuppress to unsnooze CVEs.

StackRox portal

  • We’ve added a new Deployment Name field in the Deployment Details panel for the Violations and Risk views.
  • In the Risk view, the browser address bar now shows the complete address (including the applied filtering) when you use local page filtering. You can copy and share the address for the filtered view with others.

Central, Sensor, and Collector on OpenShift

We’ve updated the Security Context Constraint (SCC) priority to 0 so that they don’t supersede default SCCs.

Documentation changes

ChangePagesDescription
UpdateEnable PKI authenticationAdded information about configuring custom endpoints by using a YAML configuration file.
UpdateResource requirementsAdded information about recommended machine type and cores for deploying Central and updated the architecture diagram.
UpdateIntegrate with image registriesIncluded the registry integration explanation.
UpdateExamine imagesAdded information about differences in the CVSS scores between Red Hat Security Advisory (RHSA) CVSS score and the CVSS score visible in the StackRox portal.
UpdateGet startedUpdated the StackRox Kubernetes Security Platform architecture diagram.
UpdateIntegrate with CI systemsAdded instructions for running the roxctl client in a container image.
AddedEvaluate the StackRox Kubernetes Security PlatformAdded instructions for evaluating Deploy-time policies, Run-time policies, and Risks report.

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.