We're moving the documentation to a new location. Please bookmark our new site.

Release notes: 3.64

Find out what's new in version 3.64.0

2 minute read

The StackRox Kubernetes Security Platform version 3.64.0 includes feature enhancements, bug fixes, scale improvements, and other changes. In this version, we’re also laying the groundwork for exciting new features in forthcoming releases.

To upgrade to this release from a previous version, see the Upgrade StackRox section.

Release date: August 11, 2021

New Features

  • ROX-7230: You can now use deployment and namespace annotations to define where the StackRox Kubernetes Security Platform sends the violation notifications when configuring your notifiers such as Slack, Microsoft Teams, Email, and others.
  • ROX-7534: The Red Hat Advanced Cluster Security Operator now supports the ability to allow users to set the enforcement behavior of the admission controller as part of their custom resource.
  • ROX-7561: The StackRox Kubernetes Security Platform now supports kernel modules for Ubuntu 16.04 LTS with extended security maintenance (ESM).

Important bug fixes

  • ROX-6326: Previously, users would get sporadic server errors in environments with a considerably large number of namespaces. We’ve addressed this issue.

Resolved in version 3.64.1

Release date: August 26, 2021

  • ROX-7850: Due to the way StackRox Kubernetes Security Platform previously addressed its internal service endpoints, OpenShift clusters with enabled proxy were incorrectly attempting to send internal traffic as external through the proxy. This resulted in internal service failures that prevented StackRox Kubernetes Security Platform from communicating appropriately. To address communications failures, we’ve added the .svc suffix to the default addresses of the internal service endpoints so that the default OpenShift proxy noProxy setting correctly treats the traffic between StackRox Kubernetes Security Platform components as internal. All customers using OpenShift with the proxy are advised to upgrade to 3.64.1 and above.
  • ROX-7872 The updated operator updated image sets the memory limit to 1 GiB and memory requests to 200 MiB to address out of memory issues when using the RHACS Operator at scale.

Important system changes

  • ROX-6258 The StackRox Kubernetes Security Platform now pre-fixes the optional security context constraint name with stackrox to avoid global naming conflicts.
  • ROX-7318: Previously, violations for port forwards and execs events didn’t contain information about the user who performed the action that generated the events. The violations now include the user context.
  • ROX-7449: Cluster init bundles contain the secrets required for internal StackRox Kubernetes Security Platform services to communicate with each other. You can delete these to rotate secrets, which have previously sometimes caused outages. We’ve updated the deletion workflow. It now gives a warning about the possible impact of deletion on the environment.
  • ROX-7684: The OpenShift compliance operator uses rpm only for querying, and it doesn’t install any packages. We’ve put in a policy exception for this pod by default to reduce the violations count.

Updated in version 3.64.1

Release date: August 26, 2021

  • ROX-7850: We’ve updated our internal services to the following addresses:
    • sensor.stackrox changed to sensor.stackrox.svc
    • central.stackrox changed to central.stackrox.svc
    • scanner.stackrox changed to scanner.stackrox.svc
    • scanner-db.stackrox changed to scanner-db.stackrox.svc

Image versions

ImageDescriptionCurrent version
MainIt includes Central, Sensor, Admission Controller, and Compliance. It also includes roxctl for use in Continuous Integration systems.stackrox.io/main:3.64.1
ScannerScans images and nodes.stackrox.io/scanner:2.18.3
Scanner DBStores image scan results and vulnerability definitions.stackrox.io/scanner-db:2.18.3
CollectorCollects runtime activity in Kubernetes or OpenShift clusters.collector.stackrox.io/collector:3.2.2-latest

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.