The StackRox Kubernetes Security Platform version 3.0.57 includes new features, bug fixes, and system changes. To upgrade to this release from a previous version, see the Upgrade StackRox section.
Release date: March 18, 2021
The StackRox Kubernetes Security Platform scans all active (deployed) images every 4 hours and updates the image scan results to reflect the latest vulnerability definitions. You can now add inactive (undeployed) images for automatic scanning. For more details, see Scan inactive images.
- ROX-6085: Previously, setting Central log level
by using the
debug logcommand wouldn’t work sometimes. You could also set unacceptable values for log level (for example,
Trace), which didn’t affect the log level. We’ve fixed these issues.
- ROX-6302: We’ve fixed an issue with the Violations view where loading too many violations would sometimes crash the StackRox portal page.
- ROX-6627: Previously, on OpenShift, when creating new builds, the OpenShift web console would show the error message admission webhook “policyeval.stackrox.io” does not support dry run. We’ve fixed this issue by adding dry run support to the admission controller webhook.
- ROX-6640: We’ve fixed an issue where the StackRox portal wouldn’t display the full description for RHSA CVEs in the CVE details view.
- ROX-6723: Previously, if you were using the default CA certificate for Central, and you’ve configured an additional CA certificate for a Sensor, the StackRox Kubernetes Security Platform would overwrite Sensor’s additional certificate. We’ve fixed this issue.
- ROX-6736: Previously, sometimes the StackRox portal didn’t show allowed connections between Sensor and non-isolated deployments in the Network Graph view. We’ve fixed this issue.
Release date: Mar 24, 2021
- ROX-6832: Previously, if you were using the RHEL base image, upgrading the StackRox Kubernetes Security Platform to version 22.214.171.124 would fail. We’ve fixed this issue.
Release date: Mar 25, 2021
- ROX-6834: Previously, in the StackRox Kubernetes Security Platform version 126.96.36.199, you couldn’t install a Sensor using the StackRox portal because downloading the Sensor bundle would fail. We’ve fixed this issue.
- ROX-6805: Previously, if you were using the StackRox Kubernetes Security Platform on OpenShift, the security context constraint conflicted with the Authentication Operator. We’ve updated the StackRox Kubernetes Security Platform’s security context constraint to fix this issue. To upgrade to the StackRox Kubernetes Security Platform version 188.8.131.52, you must also update the security context constraint. See Update OpenShift Security Context Constraints for details.
- You can now declare custom
SourceTypesfor alert and audit events if you are integrating with Splunk.
- The published time for CVEs in RHEL and CentOS images is now correctly shown.
- You can now use cluster init bundles for clusters you’ve deployed with
helmManaged=falseonly worked with certificates that were specific to an existing cluster.
roxctl central generate openshift and
roxctl sensor generate openshift
commands now accept an
--openshift-version option. You can set it to:
- 3 if you are deploying on OpenShift Container Platform version
- 4 if you are deploying on OpenShift Container Platform version
When you don’t specify this option, the StackRox Kubernetes Security Platform generates
deployment bundles in a compatibility mode that works on OpenShift Container
3.11 and version
4.x. However, if you are using OpenShift
Container Platform version
4.x, we recommend that you specify this options as
4 to take advantage of additional features that aren’t available for earlier
We’ve updated the Collector image to resolve the following fixable CVEs:
The Collector image version
3.1.16-latest includes this update.
|Main||It includes Central, Sensor, Admission Controller, and Compliance. It also includes ||stackrox.io/main:184.108.40.206|
|Scanner DB||Stores image scan results and vulnerability definitions.||stackrox.io/scanner-db:2.11.2|
|Collector||Collects runtime activity in Kubernetes or OpenShift clusters.||collector.stackrox.io/collector:3.1.16-latest|
We're happy to help! Reach out to us to discuss questions, issues, or feature requests.