Falco 0.21.0 is out!
Even though there's the lockdown, Falco 0.21.0 decided to go out! Such a bad guy!
Notably, this is the first release that happens with the new build & release process. 🚀
In case you just want Falco 0.21.0, you can find its packages at the following repositories:
Instructions to install using them are already updated on the Falco website:
Instead, for people preferring docker images... 🐳
docker pull falcosecurity/falco:0.21.0 docker pull falcosecurity/falco:0.21.0-minimal docker pull falcosecurity/falco:0.21.0-slim
Release #100 of Falco comes with some notable changes.
New release process in place
We did most of the work into PR 1059.
This process takes place in two cases:
- A pull request is merged into master, which leads to the release of a development version of Falco
- A commit on master receives a git tag, which leads to the release of a stable version of Falco
When one of these two conditions happen:
- it packages Falco into signed (GPG public key) packages: DEB, a RPM, and a TAR.GZ
- it pushes these packages to their new open repositories
- it builds the docker images from these packages
- it pushes the docker images to the docker hub
falcosecurity/falco:master-minimalfor development versions
falcosecurity/falco:latest-minimalfor stable versions
March 2021 update: All packages are now published to download.falco.org.
FALCO_BPF_PROBE="" ./build/release/userspace/falco/falco -r ...
Please update your systemd scripts or Kubernetes deployments.
Falco versions are now SemVer 2.0 compliant
This PR introduces the pre-release part into Falco versions.
Now Falco versions are something like
0.21.0-3+c5674c9, where 3 is the number of commits since the latest stable version (
0.21.0) of Falco, while
c5674c9 is the commit hash of the current development version.
Please notice that the Falco gRPC version API already contains this version part, too.
Detect outbound connections to common miner pool ports rule disabled by default
From now on, this rule is disabled by default.
Also, if it is enabled by you, it will ignore localhost and RFC1918 addresses.
You can read the full changelog here!
19 PRs merged in, 12 of which containing changes targeting end-users.
64 commits since past release, in 17 days.
Stay tuned for the upcoming drivers build grid which, using driverkit - a quarantine project by me and Lorenzo - will pre-build and release (in the open too!) the Falco kernel modules and the Falco eBPF probes for a set of predefined target systems and kernel releases.