Release notes: 3.0.58

Find out what's new in version 3.0.58.

1 minute read

The StackRox Kubernetes Security Platform version 3.0.58 includes feature enhancements, bug fixes, scale improvements, and other changes. In this version, we’re also laying the groundwork for exciting new features in forthcoming releases. To upgrade to this release from a previous version, see the Upgrade StackRox section.

Release date: April 08, 2021

Important bug fixes

  • ROX-5397, ROX-6458, and ROX-6619: We’ve fixed a minor issue in the Iptables Executed in Privileged Container security policy, updated the remediation instructions in the Curl in Image security policy, and updated the Kubernetes Dashboard Deployed policy criteria.

  • ROX-6497: Previously, you couldn’t use OIDC Identity Provider with the Authorization Code Grant authentication flow, by using a client secret. The connection would fail with the implicit grant not allowed for this client error message. We’ve fixed this issue.

  • ROX-6626: Previously, if you were using the StackRox Kubernetes Security Platform on OpenShift, the Network Graph view would show too many connections and didn’t show Network baselines. We’ve fixed this issue.

  • ROX-6792: We’ve fixed an issue with the inactive deployment filter in the Violations view.

  • ROX-6820: Previously, the StackRox Kubernetes Security Platform wouldn’t report CVE’s in Distroless images under certain conditions. We’ve fixed this issue.

  • ROX-6887: Previously, the admission controller enforcement wouldn’t work for deploy-time policies if you were using enforceOnUpdates. We’ve fixed this issue.

    Resolved in version 3.0.58.1

Release date: Apr 20, 2021

  • ROX-6959: Previously, the OpenShift Cluster Version Operator wasn’t correctly identified as an orchestrator component. We’ve fixed this issue.

    Security updates

We’ve updated the Collector image to resolve the following fixable CVEs:

We’ve updated all RHEL-based images to resolve the following fixable RHSAs:

Important system changes

  • We’ve removed all licensing restrictions from the StackRox Kubernetes Security Platform.
  • You can now enforce scheduling for the scanner and scanner-db deployments on specific nodes.
  • We’ve added a Fixed by column to the Vulnerability Management > All Entities > Components view. It lists the component version that fixes all vulnerabilities for a component. The Fixed by column only works if you’re using StackRox Scanner.
  • You can now rollback to a previous version of Central if an upgrade fails to install.

Image versions

ImageDescriptionCurrent version
MainIt includes Central, Sensor, Admission Controller, and Compliance. It also includes roxctl for use in Continuous Integration systems.stackrox.io/main:3.0.58.1
ScannerScans images.stackrox.io/scanner:2.12.2
Scanner DBStores image scan results and vulnerability definitions.stackrox.io/scanner-db:2.12.2
CollectorCollects runtime activity in Kubernetes or OpenShift clusters.collector.stackrox.io/collector:3.1.20-latest

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.