Release notes: 3.0.50

Find out what's new in version 3.0.50.

1 minute read

The StackRox Kubernetes Security Platform version 3.0.50 includes new features, bug fixes, and system changes. To upgrade to this release from a previous version, see the Upgrade StackRox section.

Release date: October 7, 2020

New features

Helm charts installation experience

We’ve added new more configurable Helm chart that you can use to install and upgrade the StackRox Kubernetes Security Platform. For more information, see Quick Start (Helm) and Helm charts configuration.

.NET Core vulnerability scanning

The StackRox Kubernetes Security Platform now identifies vulnerabilities in images with .NET Core and ASP.NET Core developer platform. If you have existing images that are using the .NET Core runtime, you’ll now get alerts for vulnerabilities when you upgrade to the StackRox Kubernetes Security Platform version 3.0.50.

Important bug fixes

  • ROX-3467: Previously, when viewing clusters in the Network Graph view, active network connections didn’t display when you switched clusters until your refreshed the page. We’ve fixed this issue.
  • ROX-5551 and ROX-5593: Previously, the Navigate to deployment option in the Network Graph view and the View deployment in Network Graph option in the Risk view didn’t work. We’ve fixed this issue.
  • ROX-5579: We’ve fixed an issue where the Sensor Upgrade column in the Platform Configuration > Clusters view incorrectly displayed Incomplete status even when the Sensor version was up-to-date.

Resolved in version 3.0.50.1

Release date: Oct 21, 2020

  • ROX-5785: We’ve fixed an issue in Sensor where it was treating completed jobs as deployment objects in a monitored cluster.
  • ROX-5777: We’ve fixed an issue where the embedded documentation for the StackRox Kubernetes Security Platform didn’t completely render when accessing it in version 3.50.0.

Important system changes

Central

We’ve increased the default resource limit to 4 CPU cores for new Central deployments. Also see Sizing guidelines for recommended compute resources and storage values.

Policy criteria

We’ve added a new policy criteria called Service Account that evaluate policy against a deployment’s service account name.

Scanner

  • The ROX_CONTINUE_UNKNOWN_OS feature flag is now enabled by default in Scanner. It means that the scans won’t fail if Scanner can’t determine the image OS and the image has other feature components. For example, scans won’t fail for the fedora:32 image.
  • Scanner now uses Red Hat CVSS scores (instead of NVD) for rhel and centos based images.
  • Scanner now identifies .NET Core runtime CVEs (based on data from NVD). If you have existing images that are using the .NET Core runtime, you’ll now get alerts.

Image versions

ImageDescriptionCurrent version
MainIt includes Central, Sensor, Admission Controller, and Compliance. It also includes roxctl for use in Continuous Integration systems.stackrox.io/main:3.0.50.1
ScannerScans images.stackrox.io/scanner:2.5.0
Scanner DBStores image scan results and vulnerability definitions.stackrox.io/scanner-db:2.5.0
CollectorCollects runtime activity in Kubernetes or OpenShift clusters.collector.stackrox.io/collector:3.1.3-latest

Documentation changes

ChangePageDescription
UpdateView network policiesAdded details about viewing information in the Network Graph view.
UpdateResource requirementsAdded resource sizing guidelines for Central.
UpdateExamine imagesClarified information about the ROX_LANGUAGE_VULNS environment variable.
UpdateQuick Start (Helm)Added instructions for installing the StackRox Kubernetes Security Platform version 3.0.50.
New topicHelm chart configurationLearn about the Helm chart configuration parameters you can use when you install or upgrade the StackRox Kubernetes Security Platform by using Helm.

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.