The StackRox Kubernetes Security Platform version 3.0.55 includes new features, bug fixes, and system changes. To upgrade to this release from a previous version, see the Upgrade StackRox section.
Release date: February 3, 2021
You can now configure policies in the StackRox Kubernetes Security Platform to detect against
Kubernetes events that may indicate unauthorized access to a pod through the API
server. Specifically, you can configure policies to audit or block
exec events into pods within your environment.
You can now collect runtime activity on SUSE Linux Enterprise Server by using a kernel module. Currently, we support:
- SUSE Linux Enterprise Server 15 (LTSS)
- 15 SP1
- 15 SP2
- SUSE Linux Enterprise Server 12 (LTSS)
- 12 SP3 (LTSS)
- 12 SP4 (LTSS)
- 12 SP5
We’ve added a new, more configurable Secured Cluster Services Helm chart that you can use to install and upgrade Sensor, Collector, and Admission controller. For more information, see the Quick Start (Helm) and Helm charts configuration topics.
- ROX-6142: Previously, the health dashboard
wouldn’t display the Collector health status if you’ve deployed the Collector
in a namespace other than the
stackroxnamespace. We’ve fixed this issue.
- ROX-6200: We’ve fixed an issue where sometimes a JSON parsing error crashed a few Collector pods.
- ROX-6217: Previously, if you deleted a Collector DaemonSet, the health dashboard would still report the Collector as healthy. We’ve fixed this issue.
- ROX-6249: We’ve fixed an issue where the container name was missing from the container resource violation messages.
- ROX-6301: We’ve fixed an issue where filtering violations on the Violations view, would sometimes incorrectly shows the message No results found. Please refine your search.
- ROX-6351: Previously, the StackRox Kubernetes Security Platform would not include process violation messages in the notification triggered by process-related policy violations. We’ve fixed this issue.
- ROX-6392: Previously, in the Vulnerability Management > Images view in the StackRox portal. If you used local page filtering for namespaces, you couldn’t sort the results based on the Risk Priority. We’ve fixed this issue.
- From version 3.0.55, the StackRox Kubernetes Security Platform deploys Admission controller
service by default in new Kubernetes clusters to support run-time policies to
audit or block the
portforwardevents. Currently, it only works on Kubernetes clusters.
/v1/metadataendpoint no longer shows version information in the response message for unauthenticated requests.
- We’ve deprecated the
/db/backupendpoint, use the
- We’ve deprecated the
includeCertificatesrequest parameter from the
/v1/externalbackups/*endpoint. The backups now include certificates by default.
- We’ve deprecated
Policy.whitelistsrequest body parameter from the
/v1/policies/*endpoint, use the
You can use the new
--send-notificationsoption with the
roxctl image checkcommand, which sends notifications (to all configured notifiers) for build time policy violations. This is useful when teams want to be notified on issues individually and aren’t breaking builds.
We’ve deprecated the
roxctl central db backupcommand. Use the
roxctl central backupcommand instead.
We’ve deprecated the following options from the
--retry-delayoptions for the following commands:
roxctl image scan
roxctl image check
roxctl deployment check
--retriesoption to specify the number of times you want to retry running the command. For example,
--retry-delayoption to specify the time (in seconds) to wait before re-running the command. For example,
We’ve added a new
trueby default) to the
roxctl sensor generate k8scommand. It controls the deployment of the admission controller webhook, which listens for Kubernetes
We’ve added new policy criteria called Kubernetes Action.
|Main||It includes Central, Sensor, Admission Controller, and Compliance. It also includes ||stackrox.io/main:126.96.36.199|
|Scanner DB||Stores image scan results and vulnerability definitions.||stackrox.io/scanner-db:2.10.0|
|Collector||Collects runtime activity in Kubernetes or OpenShift clusters.||collector.stackrox.io/collector:3.1.12-latest|
We're happy to help! Reach out to us to discuss questions, issues, or feature requests.