Featured Image for Falco 0.28.1
Carlos Panato

Falco 0.28.1

Today we announce the spring release of Falco 0.28.1 🌱

This is our first patch release of Falco 0.28 that address some issues found.

And this release address some security advisories

You can take a look at the set of changes here:

As usual, in case you just want to try out the stable Falco 0.28.1, you can install its packages following the process outlined in the docs:

Do you rather prefer using the container images? No problem at all! 🐳

You can read more about running Falco with Docker in the docs.

Notice that from this release onward, thanks to Jonah, one of our Falco Infra maintainers, you can find also the falco-no-driver container images on the AWS ECR gallery. Same for the the falco-driver-loader container images (link). This makes part of an effort to publish Falco container images on other registries that began while cooking up Falco 0.27.0.

Novelties 🆕

Let's now review some of the new things Falco 0.28.1 brings.

For a complete list please visit the changelog.

To highlitght some:

  • new flag --support it includes information about the Falco engine version.
  • new configuration field syscall_event_timeouts.max_consecutive to configure after how many consecutive timeouts without an event Falco must alert.
  • bug fix: don't stop the webserver for Kubernetes audit logs when some invalid data arrived.

Security Advisories

You can check all the security advisories in the page, but the ones important for this release are:

Let's meet 🤝

As always, we meet every week in our community calls, if you want to know the latest and the greatest you should join us there!

If you have any questions

Thanks to all the amazing contributors! Falco reached 100 contributors, but also all the other Falco projects are receiving a vital amount of contributions every day.

Keep up the good work!

Ciao!

Carlos