The StackRox Kubernetes Security Platform version 3.64.0 includes feature enhancements, bug fixes, scale improvements, and other changes. In this version, we’re also laying the groundwork for exciting new features in forthcoming releases.
To upgrade to this release from a previous version, see the Upgrade StackRox section.
Release date: August 11, 2021
- ROX-7230: You can now use deployment and namespace annotations to define where the StackRox Kubernetes Security Platform sends the violation notifications when configuring your notifiers such as Slack, Microsoft Teams, Email, and others.
- ROX-7534: The Red Hat Advanced Cluster Security Operator now supports the ability to allow users to set the enforcement behavior of the admission controller as part of their custom resource.
- ROX-7561: The StackRox Kubernetes Security Platform now supports kernel modules for Ubuntu 16.04 LTS with extended security maintenance (ESM).
- ROX-6326: Previously, users would get sporadic server errors in environments with a considerably large number of namespaces. We’ve addressed this issue.
Release date: August 26, 2021
- ROX-7850: Due to the way StackRox Kubernetes Security Platform previously addressed its internal
service endpoints, OpenShift clusters with enabled proxy were incorrectly attempting
to send internal traffic as external through the proxy. This resulted in internal
service failures that prevented StackRox Kubernetes Security Platform from communicating appropriately.
To address communications failures, we’ve added the
.svcsuffix to the default addresses of the internal service endpoints so that the default OpenShift proxy
noProxysetting correctly treats the traffic between StackRox Kubernetes Security Platform components as internal. All customers using OpenShift with the proxy are advised to upgrade to 3.64.1 and above.
- ROX-7872 The updated operator updated image sets the memory limit to 1 GiB and memory requests to 200 MiB to address out of memory issues when using the RHACS Operator at scale.
- ROX-6258 The StackRox Kubernetes Security Platform now pre-fixes the optional security context constraint name with
stackroxto avoid global naming conflicts.
- ROX-7318: Previously, violations for
execsevents didn’t contain information about the user who performed the action that generated the events. The violations now include the user context.
- ROX-7449: Cluster init bundles contain the secrets required for internal StackRox Kubernetes Security Platform services to communicate with each other. You can delete these to rotate secrets, which have previously sometimes caused outages. We’ve updated the deletion workflow. It now gives a warning about the possible impact of deletion on the environment.
- ROX-7684: The OpenShift compliance operator uses
rpmonly for querying, and it doesn’t install any packages. We’ve put in a policy exception for this pod by default to reduce the violations count.
Release date: August 26, 2021
- ROX-7850: We’ve updated our internal services to the following addresses:
|Main||It includes Central, Sensor, Admission Controller, and Compliance. It also includes ||stackrox.io/main:3.64.1|
|Scanner||Scans images and nodes.||stackrox.io/scanner:2.18.3|
|Scanner DB||Stores image scan results and vulnerability definitions.||stackrox.io/scanner-db:2.18.3|
|Collector||Collects runtime activity in Kubernetes or OpenShift clusters.||collector.stackrox.io/collector:3.2.2-latest|
We're happy to help! Reach out to us to discuss questions, issues, or feature requests.