Today we announce the spring release of Falco 0.28.1 🌱
This is our first patch release of Falco 0.28 that address some issues found.
And this release address some security advisories
You can take a look at the set of changes here:
As usual, in case you just want to try out the stable Falco 0.28.1, you can install its packages following the process outlined in the docs:
Do you rather prefer using the container images? No problem at all! 🐳
You can read more about running Falco with Docker in the docs.
Notice that from this release onward, thanks to Jonah, one of our Falco Infra maintainers, you can find also the falco-no-driver container images on the AWS ECR gallery. Same for the the falco-driver-loader container images (link). This makes part of an effort to publish Falco container images on other registries that began while cooking up Falco 0.27.0.
Let's now review some of the new things Falco 0.28.1 brings.
For a complete list please visit the changelog.
To highlitght some:
- new flag
--supportit includes information about the Falco engine version.
- new configuration field
syscall_event_timeouts.max_consecutiveto configure after how many consecutive timeouts without an event Falco must alert.
- bug fix: don't stop the webserver for Kubernetes audit logs when some invalid data arrived.
You can check all the security advisories in the page, but the ones important for this release are:
- Undetected crash of the kernel module disables Falco
- Default rules can be bypassed with different techniques
- Security flags not enforced my CMake-files
Let's meet 🤝
As always, we meet every week in our community calls, if you want to know the latest and the greatest you should join us there!
If you have any questions
Thanks to all the amazing contributors! Falco reached 100 contributors, but also all the other Falco projects are receiving a vital amount of contributions every day.
Keep up the good work!