Releases: kubearmor/KubeArmor
Releases · kubearmor/KubeArmor
v1.5.0
What's Changed
- chore(controller): deprecate kube-rbac-proxy with controller built-in auth protection by @rksharma95 in #1913
- feat(operator): fetch cluster name from providers by @rootxrishabh in #1881
- feat(deploy) Allow setting additional values in operator chart by @bakito in #1904
- chore : remove kubearmor tests from latest release by @Aryan-sharma11 in #1926
- feat(deployment): Enhance Docker ImagePull Secrets Configuration by @janavenkat in #1754
- fix(build): inject Build Info into systemd package #1928 by @Atharva-Kanherkar in #1937
- fix: typo by @jokestax in #1895
- fix(build): add
go-get-toolfunction in makefile of KubeArmorOperator by @Affan-7 in #1699 - feat: special presets (handle fileless exec) by @daemon1024 in #1743
- feat (proto): include PolicyDataList for ContainerData and HostSecurityPolicies in getProbeData rpc by @tesla59 in #1927
- feat(core): handle sctp protocol and all protocols with raw socket and add protocol:all network rule by @rksharma95 in #1892
- fix(operator): snitch conditional mounts by @rksharma95 in #1936
- docs/FAQ: Talos support & FAQ update by @nyrahul in #1868
- fix(monitor): handle logs with process name empty by @rksharma95 in #1932
- fix(operator): use rbac rules conditionally using flag by @rksharma95 in #1940
- feat(core/containerd): refactor containerd interaction to v2 APIs by @daemon1024 in #1906
- chore: rename hsp by @Aryan-sharma11 in #1942
- fix(core): implement NRI handler by @dqsully in #1674
- chore(dependency): upgrade go dependencies and bump go version to 1.23.0 by @rksharma95 in #1938
New Contributors
- @bakito made their first contribution in #1904
- @janavenkat made their first contribution in #1754
- @Atharva-Kanherkar made their first contribution in #1937
- @jokestax made their first contribution in #1895
- @Affan-7 made their first contribution in #1699
Full Changelog: v1.4.9...v1.5.0
Contributors
bakito, dqsully, and 10 other contributors
Assets 23
v1.4.9
Changelog
- 3dee887 Merge pull request #1924 from kubearmor/fix-operator-bug-dec-24
- 13213a5 fix relay elasticsearch secret bug
- d6a6314 ca support
- e9a601e fix issues
- 1dba939 update operator to support elastic adaptor
- 96b0ad7 Merge pull request #1923 from rksharma95/fix-string-array-cast-issue
- 45be037 fix recommond policy typo
- a484a96 cast arguments data conditionally on type
- 2691fa2 Merge pull request #1862 from tesla59/tesla/non-k8s/dynamic-config
- 435cafc Merge branch 'main' into tesla/non-k8s/dynamic-config
- 6306430 core(unchestratedupdates): dynamically update host visibility
- b93b789 config: remove redundant assignment of DefaultPostureLogs
- 1f884a8 core: update HostSecurity Policy dynamically in unorchaestrated mode
- 0722c24 config: move EnforcerAlerts and DefaultPostureLogs to dynamic config
- db299d2 core: (unorchestratedUpdates) update alert and throttling configs with other dynamic configs
- 6ba254b core: validate posture and visiblity before dynamically loading
- 3880c40 core: update visbility dynamically
- 947b3eb core: move configWatcher to WatchConfigChanges()
- d3d0e70 config: reload global config when config file is updated
v1.4.8
v1.4.7
Changelog
- dc0bb33 Merge pull request #1916 from rksharma95/feat-recommend-csp
- 863a0be add excludePolicy list support
- 34412f8 add recommended policies feature to operator
- 410ea7a Merge pull request #1909 from DelusionalOptimist/chore/latest-release-timeout
- 537460d chore: only smoke test and increase timeout for ci-latest-release
- 61a9884 chore: update stable release to v1.4.6
v1.4.6
Changelog
- 6642be5 Merge pull request #1908 from DelusionalOptimist/feat/host-policy-diff
- 86241f1 feat: diff host policy before apply
- 67cde68 Merge pull request #1883 from Prateeknandle/deadlock
- e95305e fix: race condition by ensuring goroutine completes writing to stdin before going further
- 547d9c7 Enhancement : reducing locks coverage
v1.4.5
What's Changed
- fix(apparmor): add dbus to baseline apparmor host/privileged profile by @daemon1024 in #1907
Full Changelog: v1.4.4...v1.4.5
Contributors
daemon1024
Assets 23
v1.4.4
What's Changed
- Update STABLE-RELEASE to v1.4.3 by @daemon1024 in #1864
- update ossf scorecard action for repository ruleset by @daemon1024 in #1870
- add filelessexec script, build binaries at build-time by @rksharma95 in #1873
- Fuzzer for ContainerPolicy by @prady0t in #1875
- Adding fuzzer for HostPolicy by @prady0t in #1872
- revert(multiubuntu): hotpatch back to 18:04 till tests are migrated by @daemon1024 in #1882
- Config file for oss-fuzz integration by @prady0t in #1877
- fix(ebpf): set min kernel version that handle 1 million instructions to support cwd and throttling by @Prateeknandle in #1863
- fix(apparmor/host): sanitise profile name for from-source policy by @daemon1024 in #1884
- Enabling BPFLSM based KSP protection on Kubearmor itself by @daemon1024 in #1831
- fix(apparmor): clone non conflicting proc rules to from source subprofiles by @daemon1024 in #1885
- fix(monitor): system monitor loading issue with clang-llvm 18 by @rksharma95 in #1897
- fix(operator): update relay env vars with initial config by @rksharma95 in #1893
- fix(throttling): differentiate throttling handling for audit behaviour based on enforcer by @Prateeknandle in #1898
- feat: set probe service health by @DelusionalOptimist in #1903
New Contributors
Full Changelog: v1.4.3...v1.4.4
Contributors
daemon1024, DelusionalOptimist, and 3 other contributors
Assets 23
v1.4.3
What's Changed
- refactor(operator): remove config empty check by @carlosrodfern in #1841
Full Changelog: v1.4.2...v1.4.3
Contributors
carlosrodfern
Assets 23
v1.4.2
What's Changed
- chore: Update stable release to v1.4.1 by @DelusionalOptimist in #1845
- feat(operator): allow to set log level by @carlosrodfern in #1849
- feat(tests): Calculate coverage via codecov for k8s mode by @navin772 in #1847
- fix: untracked ns by @Aryan-sharma11 in #1853
- fix: Update relay clusterrole to watch pods by @anurag-rajawat in #1805
- enabling alert throttling by default by @Prateeknandle in #1852
- fix(policymatcher): skip future matching in case block/audit matches by @daemon1024 in #1855
- fix: BPFLSM enforcer fails to load on newer kernels (6.8+) by @Aryan-sharma11 in #1856
- chore: update slack link by @DelusionalOptimist in #1860
- fix(policyMatcher): handling relative path resource by joining it with cwd by @Prateeknandle in #1859
- fix(apparmor/host): streamline host profile generation with container template generation by @daemon1024 in #1861
Full Changelog: v1.4.1...v1.4.2
Contributors
carlosrodfern, daemon1024, and 5 other contributors
Assets 23
v1.4.1
What's Changed
- Update STABLE-RELEASE to v1.4.0 by @daemon1024 in #1827
- fix(core): handle bpf as an exception for setting node annotations by @tesla59 in #1786
- [skip ci] Update Helm Chart To v1.4.0 by @github-actions in #1828
- Fixes bug #1787 non-k8s: KubeArmor panics when not-enabled policy type is received by @itsCheithanya in #1789
- fix: crio tests in CI by @Aryan-sharma11 in #1835
- fix(core): ensure only cluster policy is updated on new ns by @carlosrodfern in #1837
New Contributors
- @itsCheithanya made their first contribution in #1789
- @carlosrodfern made their first contribution in #1837
Full Changelog: v1.4.0...v1.4.1
Contributors
carlosrodfern, tesla59, and 3 other contributors