Releases: kubearmor/KubeArmor
Releases · kubearmor/KubeArmor
v0.7.1
What's Changed
- copy ignore list to BPF module by @rksharma95 in #953
- fix(bpf): ignore rhel check if btf present by @daemon1024 in #993
- Update STABLE-RELEASE by @daemon1024 in #994
- feat(Apparmor): disable profile autoreload by @achrefbensaad in #996
- refactor: move from io/ioutil to io and os packages by @Juneezee in #997
- [fix] KubeArmor Helm Chart Update by @yasin-cs-ko-ak in #990
New Contributors
- @Juneezee made their first contribution in #997
- @yasin-cs-ko-ak made their first contribution in #990
Full Changelog: v0.7.0...v0.7.1
Contributors
Juneezee, achrefbensaad, and 3 other contributors
Assets 2
v0.7.0
Release Blog
What's Changed
- update github actions to use latest Node.js version by @Ankurk99 in #935
- added keys to GetOptions function struct by @PrimalPimmy in #936
- fix typo by @achrefbensaad in #937
- add test for security_path_rmdir by @achrefbensaad in #938
- remove GKE COS specific scripts by @nyrahul in #939
- enable policy enforcement namespace wide by @achrefbensaad in #930
- update Dockerfile by @kranurag7 in #943
- update deployment guide with FTR changes by @rksharma95 in #917
- fixed kubearmor design image name by @nyrahul in #957
- use buildkit during build by @kranurag7 in #949
- add klm by @achrefbensaad in #955
- chore(pull_request): add pull request template by @rajaSahil in #958
- Enhancement(Feeder) Change TAGS from string to string array (#961) by @vishnusomank in #965
- fix(enforcer): Apparmor policies not working as expected by @achrefbensaad in #962
- refactor(monitor) : add debug logs by @daemon1024 in #969
- docs(apparmor): add apparmor docs by @achrefbensaad in #968
- feat(enforcer): enforce read only policies in bpflsm by @daemon1024 in #971
- docs: add kubearmor-eks arch. diagram by @rksharma95 in #967
- feat(docker): add cross arch docker image build feature by @achrefbensaad in #973
- fix(CI): fix ci fails by @achrefbensaad in #974
- add KubeArmor ARM64 support by @Ankurk99 in #802
- fix(CI): Slipt Docker to fix ci by @achrefbensaad in #976
- feat(CI): enable arm images building by @achrefbensaad in #975
- fix(CI): increase build & push CI timeout by @achrefbensaad in #977
- docs: update EKS deployment architecture diagram by @rksharma95 in #978
- chore(CI): increase build timeout - rename workflow - trigger ci build & push for controllers. by @achrefbensaad in #979
- fix(CI): Fix variable name by @achrefbensaad in #980
- fix(CI): Fix typo by @achrefbensaad in #981
- fix(CI): restore image label by @achrefbensaad in #982
- fix(enforcer): add allow redundant rules to aid conflict resolution by @daemon1024 in #986
- fix(apparmor): fix apparmor profile generation logic by @achrefbensaad in #987
- feat(enforcer): update default posture to audit by @Ankurk99 in #985
New Contributors
- @rajaSahil made their first contribution in #958
- @vishnusomank made their first contribution in #965
Full Changelog: v0.6.2...v0.7.0
Contributors
nyrahul, PrimalPimmy, and 7 other contributors
Assets 9
v0.6.2
What's Changed
- ship compiled syscheck binary in systemd release by @daemon1024 in #932
Full Changelog: v0.6.1...v0.6.2
Contributors
daemon1024
Assets 6
v0.6.1
What's Changed
- chore: fix controllers after dep updates by @DelusionalOptimist in #888
- fix container-name field matching (un-orchestrated) by @Ankurk99 in #886
- Fix test ginko CI by @achrefbensaad in #895
- Add code generation for Capabilties by @kranurag7 in #900
- Fixes #769 Ignore empty policy in Kubeamor by @Chinwendu20 in #908
- Updating Karts package name by @PrimalPimmy in #916
- use informers instead of watchers for default posture by @daemon1024 in #912
- fix capabilities allow policy bug by @daemon1024 in #921
- handle dynamically added containers by @achrefbensaad in #902
- enable multicontainer support by @achrefbensaad in #892
- add lsm order by @achrefbensaad in #898
- fix util import by @achrefbensaad in #922
- Fix network default deny bpflsm by @daemon1024 in #924
- enforcer: fix directory rule behaviour by @daemon1024 in #926
New Contributors
- @kranurag7 made their first contribution in #900
- @Chinwendu20 made their first contribution in #908
- @PrimalPimmy made their first contribution in #916
Full Changelog: v0.6.0...v0.6.1
Contributors
PrimalPimmy, achrefbensaad, and 5 other contributors
Assets 6
v0.6.0
Release Notes
What's Changed
- Update support matrix for partial support of openshift by @vikasvr in #772
- ginkgo based test framework by @nyrahul in #760
- migrate bcc based system monitor to libbpf and cilium/ebpf by @daemon1024 in #677
- add cmctl to ci by @achrefbensaad in #775
- fix yaml daemonset by @r0binak in #780
- fix minor nit in document indentation by @Ankurk99 in #783
- set k3s init timeout by @achrefbensaad in #784
- hotfix: deprecate docker in CI by @daemon1024 in #785
- add connect accept tcp by @achrefbensaad in #779
- add pending state to annotation controller pod monitoring by @achrefbensaad in #777
- fix get ns pid/tgid of process by @xjas in #768
- hotfix: release CI workflow by @daemon1024 in #790
- added unlink, unlinkat syscalls by @rksharma95 in #737
- fix CI workflow by @nam-jaehyun in #791
- bpflsm: enforce network policies on socket accept by @daemon1024 in #800
- update CI workflow by @nam-jaehyun in #798
- Refactor Apparmor Profile generation by @daemon1024 in #796
- update SELinux enforcer by @nam-jaehyun in #799
- hotfix/disable-security-unlink-path-for-unsupported-platforms by @achrefbensaad in #797
- update ci by @achrefbensaad in #810
- added tag to hsp to make it cluster-scoped resource by @rksharma95 in #807
- best practices badge by @nyrahul in #814
- KubeArmor support for un-orchestrated containers by @Ankurk99 in #709
- address review comments in #709 by @Ankurk99 in #815
- add rmdir syscall by @achrefbensaad in #811
- performance profiling and enhancements by @DelusionalOptimist in #816
- Refactor BPFLSM Enforcement by @daemon1024 in #817
- updated README by @nyrahul in #819
- ignore proc events by @achrefbensaad in #821
- ignore open proc by @achrefbensaad in #834
- add KubeArmorController by @achrefbensaad in #794
- community meeting zoom link update by @nyrahul in #843
- Write karmor probe data by @Essietom in #822
- run containerized mode without host mode enabled by @Ankurk99 in #849
- deprecate ubuntu 18.04 & change latest to 20.04 by @achrefbensaad in #854
- ignore sys event by @achrefbensaad in #856
- gracefully terminate kubearmor container by @daemon1024 in #861
- adds controller healthchecks by @s1ntaxe770r in #820
- add FAQs by @Ankurk99 in #786
- enable relative path test by @nyrahul in #864
- fix typo. by @achrefbensaad in #866
- backup container policies by @Ankurk99 in #868
- add syscalls by @achrefbensaad in #806
- disable fallback annotation logic when the controller is healthy by @achrefbensaad in #860
- Extend syscalls by @achrefbensaad in #862
- Compile BPF code using vmlinux.h by @wazir-ahmed in #853
- add syscall documentation by @achrefbensaad in #867
- fix owner reference bug by @achrefbensaad in #873
- use DirectoryOrCreate for lib modules by @daemon1024 in #872
- update kubearmor-test yamls by @achrefbensaad in #874
- run containerized mode without host mode enabled by @daemon1024 in #852
- Update STABLE-RELEASE to v0.6 by @achrefbensaad in #882
- fix stable ci by @achrefbensaad in #887
- googleapis/gnositc -> google/gnostic and other dependency updates by @DelusionalOptimist in #869
- update support matrix rke by @achrefbensaad in #881
New Contributors
- @r0binak made their first contribution in #780
- @xjas made their first contribution in #768
- @rksharma95 made their first contribution in #737
- @Essietom made their first contribution in #822
- @s1ntaxe770r made their first contribution in #820
- @wazir-ahmed made their first contribution in #853
Full Changelog: v0.5...v0.6.0
Contributors
nyrahul, Essietom, and 11 other contributors
Assets 6
v0.5.5
What's Changed
- Update support matrix for partial support of openshift by @vikasvr in #772
- ginkgo based test framework by @nyrahul in #760
- migrate bcc based system monitor to libbpf and cilium/ebpf by @daemon1024 in #677
- add cmctl to ci by @achrefbensaad in #775
- fix yaml daemonset by @r0binak in #780
- fix minor nit in document indentation by @Ankurk99 in #783
- set k3s init timeout by @achrefbensaad in #784
- hotfix: deprecate docker in CI by @daemon1024 in #785
- add connect accept tcp by @achrefbensaad in #779
- add pending state to annotation controller pod monitoring by @achrefbensaad in #777
- fix get ns pid/tgid of process by @xjas in #768
- hotfix: release CI workflow by @daemon1024 in #790
- added unlink, unlinkat syscalls by @rksharma95 in #737
- fix CI workflow by @nam-jaehyun in #791
- bpflsm: enforce network policies on socket accept by @daemon1024 in #800
- update CI workflow by @nam-jaehyun in #798
- Refactor Apparmor Profile generation by @daemon1024 in #796
- update SELinux enforcer by @nam-jaehyun in #799
- hotfix/disable-security-unlink-path-for-unsupported-platforms by @achrefbensaad in #797
- update ci by @achrefbensaad in #810
- added tag to hsp to make it cluster-scoped resource by @rksharma95 in #807
- best practices badge by @nyrahul in #814
- KubeArmor support for un-orchestrated containers by @Ankurk99 in #709
- address review comments in #709 by @Ankurk99 in #815
New Contributors
- @r0binak made their first contribution in #780
- @xjas made their first contribution in #768
- @rksharma95 made their first contribution in #737
Full Changelog: v0.5...v0.5.5
Contributors
nyrahul, vikasvr, and 7 other contributors
Assets 6
v0.5
Release Blog 🔗
What's Changed
- update KubeArmorPolicy and KubeArmorHostPolicy by @nam-jaehyun in #689
- update KubeArmorAnnotation by @nam-jaehyun in #690
- feat: add support for matching
rawprotcol in policy by @DelusionalOptimist in #685 - Fix for identical source/resource value for process operation on system log by @seswarrajan in #696
- fix process names by @nam-jaehyun in #703
- fix hostname by @nam-jaehyun in #706
- fix latest-release CI by @nam-jaehyun in #707
- Minikube Cluster Setup by @Akshit42-hue in #694
- fix parentProcessName and processName by @nam-jaehyun in #716
- update install_k3s.sh by @nam-jaehyun in #714
- update helm by @nam-jaehyun in #702
- update deployment_guide.md by @nam-jaehyun in #713
- fix github action workflow to create stable release by @Ankurk99 in #717
- updated readme file by @Akshit42-hue in #719
- add debug info by @nam-jaehyun in #715
- fix CleanUpExitedHostPids by @nam-jaehyun in #722
- fix ResolvedProcessWhiteListConflicts by @nam-jaehyun in #723
- Testing KubeArmor with AKS by @DelusionalOptimist in #721
- Kubearmor main by @asifalix in #729
- Revert "Kubearmor main" by @nyrahul in #730
- Update github.com/containerd/containerd to v1.5.13 to fix security issues by @bmelbourne in #731
- kubearmor support matrix by @nyrahul in #732
- fix default posture and audit mode by @nam-jaehyun in #727
- fix defaultPosture=audit by @nam-jaehyun in #734
- update the stable release to 0.4.4 by @nyrahul in #735
- fixes k8s-nodeName, hostname mismatch issue by @nyrahul in #736
- use random grpc port by @nthnieljson in #672
- add controller deployment by @achrefbensaad in #671
- update ci scripts by @achrefbensaad in #695
- clean up KubeArmorAnnotation by @nam-jaehyun in #738
- feat: support CRI-O by @DelusionalOptimist in #697
- [tests] add multi runtime CI tests by @DelusionalOptimist in #739
- Code CleanUp by @nam-jaehyun in #751
- fix failed CI by @nam-jaehyun in #755
- cri: handle bugs and edge cases by @daemon1024 in #747
- add annotation controller docs by @achrefbensaad in #686
- Add bottlerocket deployment by @daemon1024 in #758
- Fixcontrollerdeleetebug by @achrefbensaad in #757
- update selinux enforcer by @nam-jaehyun in #748
- fix k3s installation script to use proper kubectl command by @Ankurk99 in #743
New Contributors
- @DelusionalOptimist made their first contribution in #685
- @Akshit42-hue made their first contribution in #694
- @bmelbourne made their first contribution in #731
- @nthnieljson made their first contribution in #672
Full Changelog: v0.4...v0.5
Contributors
asifalix, nyrahul, and 9 other contributors
Assets 6
v0.4
What's Changed
- update test scenarios by @nam-jaehyun in #674
- Add a field for labels by @nam-jaehyun in #683
- Fix Audit Mode and minor bugs by @nam-jaehyun in #682
Full Changelog: v0.3.1...v0.4
Contributors
nam-jaehyun
Assets 6
v0.3.1
What's Changed
- update stable release to v0.3 by @nyrahul in #662
- apparmor-enforcer: skip non-regular profiles by @nyrahul in #665
- KubeArmor fails to send alerts/logs for Host on specific scenario by @seswarrajan in #664
- Update Policy Matcher by @nam-jaehyun in #668
- Update SELinux Enforcer by @nam-jaehyun in #673
Full Changelog: v0.3...v0.3.1
Contributors
nyrahul, nam-jaehyun, and seswarrajan
Assets 6
v0.3
Release Highlights
- Default Security Posture
- ProcessName, ParentProcessName fields in all telemetry events
- Improved Support for Virtual Machines
- Branching and Release Strategy
- Support for KubeArmor on GKE Rapid Release, Regular & Stable channels
Detailed Blog at https://blog.accuknox.com/kubearmor-version-release/
What's Changed
- Added correct and standard command to see logs by @viveksahu26 in #626
- pkg: update path and dir validation regex by @daemon1024 in #643
- Segfault on policy handling by @seswarrajan in #644
- update logs to not print EINPROGRESS error by @Ankurk99 in #634
- feeder: handle race condition by @daemon1024 in #646
- update deployment YAML files by @nam-jaehyun in #645
- deploy/core: kubearmor for GKE latest COS images by @nyrahul in #648
- fix stable version release to match correct release name by @Ankurk99 in #652
- GH-actions: release from upstream repo only by @nyrahul in #654
- fix for disabling HostLogs in k8s env by @nyrahul in #656
- Remove backed-up host policy on policy removal by @seswarrajan in #658
- Equip KubeArmor with Default Armors by @daemon1024 in #602
- Handle per namespace default posture implementation by @daemon1024 in #630
- update stable release to v0.3 by @nyrahul in #662
- apparmor-enforcer: skip non-regular profiles by @nyrahul in #665
Full Changelog: v0.2.1...v0.3
Contributors
nyrahul, Ankurk99, and 4 other contributors