The StackRox Kubernetes Security Platform version 3.0.58 includes feature enhancements, bug fixes, scale improvements, and other changes. In this version, we’re also laying the groundwork for exciting new features in forthcoming releases. To upgrade to this release from a previous version, see the Upgrade StackRox section.
Release date: April 08, 2021
ROX-5397, ROX-6458, and ROX-6619: We’ve fixed a minor issue in the Iptables Executed in Privileged Container security policy, updated the remediation instructions in the Curl in Image security policy, and updated the Kubernetes Dashboard Deployed policy criteria.
ROX-6497: Previously, you couldn’t use OIDC Identity Provider with the Authorization Code Grant authentication flow, by using a client secret. The connection would fail with the implicit grant not allowed for this client error message. We’ve fixed this issue.
ROX-6626: Previously, if you were using the StackRox Kubernetes Security Platform on OpenShift, the Network Graph view would show too many connections and didn’t show Network baselines. We’ve fixed this issue.
ROX-6792: We’ve fixed an issue with the inactive deployment filter in the Violations view.
ROX-6820: Previously, the StackRox Kubernetes Security Platform wouldn’t report CVE’s in Distroless images under certain conditions. We’ve fixed this issue.
ROX-6887: Previously, the admission controller enforcement wouldn’t work for deploy-time policies if you were using
enforceOnUpdates. We’ve fixed this issue.
Release date: Apr 20, 2021
ROX-6959: Previously, the OpenShift Cluster Version Operator wasn’t correctly identified as an orchestrator component. We’ve fixed this issue.
We’ve updated the Collector image to resolve the following fixable CVEs:
We’ve updated all RHEL-based images to resolve the following fixable RHSAs:
- License file functionality has been removed from the StackRox Kubernetes Security Platform. Customers are licensed according to the current agreement in effect for the products purchased including, but not limited to, quantities and license term. Entitlements continue to be enforced by image pull secret. Refer to the licensing restrictions page for more information.
- You can now enforce scheduling for the
scanner-dbdeployments on specific nodes.
- We’ve added a Fixed by column to the Vulnerability Management > All Entities > Components view. It lists the component version that fixes all vulnerabilities for a component. The Fixed by column only works if you’re using StackRox Scanner.
- You can now rollback to a previous version of Central if an upgrade fails to install.
|Main||It includes Central, Sensor, Admission Controller, and Compliance. It also includes ||stackrox.io/main:184.108.40.206|
|Scanner DB||Stores image scan results and vulnerability definitions.||stackrox.io/scanner-db:2.12.2|
|Collector||Collects runtime activity in Kubernetes or OpenShift clusters.||collector.stackrox.io/collector:3.1.20-latest|
We're happy to help! Reach out to us to discuss questions, issues, or feature requests.