The StackRox Kubernetes Security Platform version 3.0.46 includes new features, bug fixes, and system changes. To upgrade to this release from a previous version, see the Upgrade StackRox section.
Release date: July 15, 2020
It’s now easier to view overlapping events in the Event Timeline modal box. The StackRox Kubernetes Security Platform now groups the overlapping events and shows an event count badge. You can click on the group to view details about all events in that group.
ROX-3023: Previously, in the StackRox portal, you couldn’t disable alert data retention. You could only set retention periods to
1day or higher. You can now use
0to store violations and unused images forever.
ROX-4002: Previously, StackRox Collector wouldn’t show network connection details and process paths, if you were using the StackRox Kubernetes Security Platform on Ubuntu 19.10. We’ve updated the Collector image to fix this issue.
ROX-4541: Previously, if you were using the
docker-auth.sh(Docker authentication helper) or
add-cluster.sh(Helm add cluster) scripts, they would run without checking the required
jqbinary. We’ve updated these scripts to verify the existence of
jqbinary and execute only if it’s present.
ROX-4872: Previously, the default Cryptocurrency Mining Process Execution security policy wouldn’t report errors for
xmr-stak-cpucryptocurrency mining Docker image. We’ve fixed this issue.
ROX-4931: Previously, when you scanned container images based on CentOS 7 or Red Hat Enterprise Linux (RHEL) 7, StackRox Scanner only showed vulnerabilities that had fixes available. We’ve fixed this issue.
When you scan an image based on CentOS 7 or RHEL 7 in the StackRox Kubernetes Security Platform version 188.8.131.52 or higher, StackRox Scanner returns more vulnerability results than before. To avoid disrupting build or deployment pipelines, make sure your enforced policies use the
Fixed Bypolicy attribute so they only match fixable vulnerabilities.
ROX-5183: Previously, sometimes, the API requests to generate new tokens would fail listing a timeout error. We’ve increased the timeout to 60 seconds to fix this issue.
ROX-5193: Previously, StackRox Collector would report errors for missing
net/tcp6files. We’ve updated the internal logic not to report this error if it isn’t applicable.
ROX-5276: In the StackRox Kubernetes Security Platform version 3.0.45, you couldn’t use the Add Selected CVEs to Policy button in the CVEs view to add CVEs to an existing policy. We’ve fixed this issue.
- We’ve renamed the Required Label: Owner and the Required Annotation: Owner security policies to Required Label: Owner/Team and Required Annotation: Owner/Team.
- The StackRox Central database uses a new format that’s more scalable and performs better. The upgrade includes an automatic migration to the new format. After you upgrade the StackRox Central image to version 3.0.46 or higher, Central may take longer to start up while it finishes the automatic migration.
- We’ve renamed the port for the
tcp-dbto better support protocol selection in Istio.
- If you are on a view that lists items in a table, for example, the Risk view, and you are on a page number higher than 1, clicking a column heading now sorts the table and takes you back to page number 1. Previously, the view stayed on the later page even after you re-sorted the table.
- The cluster details in the Platform Configuration > Clusters view now shows a message if the secured cluster’s credentials are about to expire.
- In the Vulnerability Management > Policies view, we’ve updated the Deployment column values to only show the number of deployments for which a policy is failing.
We’ve added the following new endpoints:
|PATCH||Modify a specific notifier.|
|POST||Check if a notifier is correctly configured.|
|PATCH||Modify a specific scoped access control plugin.|
|POST||Check if a specific scoped access control plugin is correctly configured.|
|PATCH||Modify a specific external backup.|
|POST||Check if a specific external backup is correctly configured.|
For more information, see the Use the API topic.
- We’ll deprecate the Required Label: Email and Required Annotation: Email security policies in the StackRox Kubernetes Security Platform version 3.0.48. If you are using Required Label: Email and Required Annotation: Email security policies, we recommend using the Required Label: Owner/Team and Required Annotation: Owner/Team policies instead.
- In the StackRox Kubernetes Security Platform version 184.108.40.206,
we restored previous behavior of
.*values for the
Fixed Bypolicy attribute. The further fix for this issue, previously scheduled for version 220.127.116.11, is now delayed to a later release.
We’ll update the available options for the
roxctl sensor generate k8s
command, in the StackRox Kubernetes Security Platform version 3.0.47. We’ll:
- Rename the
- Change the default value for the
- Deprecate (and later remove) the
- Rename the
- Rename the
- Remove the deprecated
The previously announced change to the default behavior of the
collection-method parameter is no longer planned.
|Main||It includes Central, Sensor, Admission Controller, and Compliance. It also includes ||stackrox.io/main:18.104.22.168|
|Scanner DB||Stores image scan results and vulnerability definitions.||stackrox.io/scanner-db:2.2.12|
|Collector||Collects runtime activity in Kubernetes or OpenShift clusters.||collector.stackrox.io/collector:3.0.17-latest|
|Update||Create custom policies||Added instructions to toggle between logical operators inside a policy section in the Add logical conditions section.|
|New section||Resource requirements||Added Admission controller requirements.|
|Update||Manage role-based access control||Updated the Resource definitions section to include missing RBAC resources.|
|New topic||Quick Start (Helm)||Learn how to install the StackRox Kubernetes Security Platform by using Helm charts.|
|New section||Use the roxctl CLI||Added a new Install and set up roxctl CLI section which includes instructions for downloading and setting up the |
|New topic||Add trusted certificate authorities||Learn how to add custom trusted certificate authorities to the StackRox Kubernetes Security Platform.|
We're happy to help! Reach out to us to discuss questions, issues, or feature requests.