Changelog

List of changes throughout Falco versions

Version 0.44.1

Download

LIBS DRIVER

PackagesDownload
rpm-x86_64rpm
deb-x86_64deb
tgz-x86_64tgz
tgz-static-x86_64tgz-static
rpm-aarch64rpm
deb-aarch64deb
tgz-aarch64tgz
Images
docker pull docker.io/falcosecurity/falco:0.44.1
docker pull public.ecr.aws/falcosecurity/falco:0.44.1
docker pull docker.io/falcosecurity/falco-driver-loader:0.44.1
docker pull docker.io/falcosecurity/falco-driver-loader:0.44.1-buster
docker pull docker.io/falcosecurity/falco:0.44.1-debian

v0.44.1

Released on 2026-06-11

Major Changes

  • feat(userspace/falco): add support for disabling BPF iterators [#3879] - @ekoops

Bug Fixes

  • fix: fix multiple issues related to BPF iterators (solved by bumping libs to 0.25.4) [#3879] - @ekoops

Statistics

MERGED PRSNUMBER
Not user-facing0
Release note1
Total1

Release Manager @ekoops


Version 0.44.1-rc1

Download


Version 0.44.0

Download

LIBS DRIVER

PackagesDownload
rpm-x86_64rpm
deb-x86_64deb
tgz-x86_64tgz
tgz-static-x86_64tgz-static
rpm-aarch64rpm
deb-aarch64deb
tgz-aarch64tgz
Images
docker pull docker.io/falcosecurity/falco:0.44.0
docker pull public.ecr.aws/falcosecurity/falco:0.44.0
docker pull docker.io/falcosecurity/falco-driver-loader:0.44.0
docker pull docker.io/falcosecurity/falco-driver-loader:0.44.0-buster
docker pull docker.io/falcosecurity/falco:0.44.0-debian

v0.44.0

Released on 2026-05-26

Breaking Changes :warning:

  • new!: add backslash escaping support to -o key-path parser for literal dots and brackets in YAML key names (e.g., -o 'my.dotted.key=val') [#3835] - @leogr
  • chore!: drop gRPC output and server support [#3798] - @ekoops
  • chore!: drop gVisor engine support [#3797] - @ekoops
  • chore!: drop legacy BPF probe [#3796] - @ekoops

Major Changes

  • feat(engine): support string comparator modifiers (oneof/allof/anyof) [#3878] - @therealbobo
  • new(config,rules): add capture_events and capture_filesize stop conditions for capture files [#3824] - @leogr
  • feat: validation for unknown-key in rules [#3805] - @leogr
  • feat(userspace/engine): add support for list transformer exception [#3799] - @irozzo-1A

Minor Changes

  • chore(build): Add USE_TSAN option to enable Thread Sanitizer. [#3856] - @irozzo-1A
  • build: enable http_output, webserver, and metrics on macOS and Win [#3827] - @leogr

Bug Fixes

  • fix(docker): Restrict falco-webui service to local access only [#3838] - @qux-bbb
  • fix: show condition text in warning snippet for folded scalar conditions [#3858] - @ssam18
  • fix: respect buffered_outputs YAML config value [#3830] - @leogr
  • fix(userspace/falco): fix race condition in watchdog [#3820] - @irozzo-1A
  • fix(scripts): update RPM repository metadata before signing when re-signing all packages [#3774] - @c2ndev

Non user-facing changes

  • chore(cmake): bump libs to 0.25.2 [#3900] - @ekoops
  • chore: update falco rules to version 5.1.0 and add rules sub-command to scripts/update-deps-version [#3890] - @ekoops
  • chore(chart): move Falco chart source to falco (1/5) [#3889] - @c2ndev
  • chore(chart): move Falco chart source to falco [#3884] - @c2ndev
  • chore(cmake): bump libs to 0.25.1 and drivers to 10.2.0+driver [#3888] - @ekoops
  • upstream multiple http_output fixes for Win/macOS (from prempti) [#3882] - @leogr
  • chore: bump container plugin version to 0.7.1 [#3886] - @ekoops
  • fix(ci): reference correct input name for sanitizers flag and update systemd-rpm-macros [#3885] - @irozzo-1A
  • fix(build): use Zig cross-compilation toolchain for external dependencies [#3881] - @irozzo-1A
  • chore(cmake/modules): bump libs version to 0.25.0-rc2 [#3876] - @ekoops
  • chore: bump container plugin version to 0.7.0 [#3877] - @ekoops
  • ci(.github): replace /area CI with /area automation in PR template [#3870] - @ekoops
  • update(cmake): update libs and driver to latest release candidates [#3873] - @github-actions[bot]
  • update(cmake): update libs and driver to latest master [#3868] - @github-actions[bot]
  • chore(cmake): bump falcoctl dependency version to 0.13.0 [#3869] - @c2ndev
  • fix(userspace/engine): replace invalid chars while JSON-encoding [#3866] - @ekoops
  • update(cmake): update libs and driver to latest master [#3864] - @github-actions[bot]
  • build(docker): replace apt-key with keyring; use gnupg instead of gnupg2 [#3844] - @parisnakitakejser
  • chore(cmake): bump drivers to 10.0.0-rc2+driver [#3863] - @ekoops
  • chore(scripts): add script updating libs/drivers cmake module versions [#3862] - @ekoops
  • chore(cmake): bump libs/drivers to 0.24.0-rc1/10.0.0-rc1+driver [#3861] - @ekoops
  • ci(reusable_test_packages): produce core dumps when falco crashes [#3859] - @ekoops
  • fix(config): prevent plugin library path traversal via relative paths [#3850] - @leogr
  • fix: multi thread safety issues [#3852] - @leogr
  • update(cmake): update libs and driver to latest master [#3823] - @github-actions[bot]
  • ci: restore minimum set of required permissions [#3841] - @ekoops
  • sync: docs(CHANGELOG.md): 0.43.1 [#3854] - @leogr
  • feat(userspace/falco): add support for kernel iterator metrics [#3840] - @ekoops
  • docs: multi-thread falco high-level design proposal [#3751] - @irozzo-1A
  • fix(cmake): configure falco.yaml from current src dir [#3821] - @therealbobo
  • fix(metrics): Prevent race condition crash during metrics collection on shutdown [#3741] - @adduali1310
  • update(cmake): update libs and driver to latest master [#3765] - @github-actions[bot]
  • chore(falco): fix warning in webserver.h [#3816] - @irozzo-1A
  • docs: fix Contributing.md outdated references [#3807] - @cluster2600
  • fix(webserver): fix inconsistent include directives trying to compile the webserver on Apple [#3802] - @legobrick
  • chore(build): add support for gperftools CPU profiler [#3771] - @irozzo-1A
  • revert: "chore(.github): put back temporary action for GPG key rotation" [#3776] - @leogr
  • docs(proposals): specify version enforcing the deprecation [#3762] - @ekoops
  • docs(OWNERS): add irozzo-1A(Iacopo Rozzo) as reviewer [#3773] - @irozzo-1A

Statistics

MERGED PRSNUMBER
Not user-facing39
Release note22
Total61

Release Manager @ekoops


Version 0.44.0-rc2

Download


Version 0.44.0-rc1

Download


Version 0.43.1

Download

LIBS DRIVER

PackagesDownload
rpm-x86_64rpm
deb-x86_64deb
tgz-x86_64tgz
tgz-static-x86_64tgz-static
rpm-aarch64rpm
deb-aarch64deb
tgz-aarch64tgz
Images
docker pull docker.io/falcosecurity/falco:0.43.1
docker pull public.ecr.aws/falcosecurity/falco:0.43.1
docker pull docker.io/falcosecurity/falco-driver-loader:0.43.1
docker pull docker.io/falcosecurity/falco-driver-loader:0.43.1-buster
docker pull docker.io/falcosecurity/falco:0.43.1-debian

v0.43.1

Released on 2026-04-09

Minor Changes

  • build: bump libs version to 0.23.2 and container plugin version to 0.6.4 [#3851] - @leogr

Statistics

MERGED PRSNUMBER
Not user-facing0
Release note1
Total1

Release Manager @leogr


Version 0.43.0

Download

LIBS DRIVER

PackagesDownload
rpm-x86_64rpm
deb-x86_64deb
tgz-x86_64tgz
tgz-static-x86_64tgz-static
rpm-aarch64rpm
deb-aarch64deb
tgz-aarch64tgz
Images
docker pull docker.io/falcosecurity/falco:0.43.0
docker pull public.ecr.aws/falcosecurity/falco:0.43.0
docker pull docker.io/falcosecurity/falco-driver-loader:0.43.0
docker pull docker.io/falcosecurity/falco-driver-loader:0.43.0-buster
docker pull docker.io/falcosecurity/falco:0.43.0-debian

v0.43.0

Released on 2026-01-28

Breaking Changes :warning:

  • fix(userspace)!: show source config path only in debug builds [#3787] - @leogr

Minor Changes

  • chore: [NOTICE] The GPG key used to sign DEB/RPM packages has been rotated, and all existing packages have been re-signed. New key fingerprint: 478B2FBBC75F4237B731DA4365106822B35B1B1F [#3753] - @leogr
  • chore(userspace): deprecate --gvisor-generate-config CLI option [#3784] - @ekoops
  • docs: add deprecation notice for legacy eBPF in pkg install dialog [#3786] - @ekoops
  • chore(scripts/falcoctl): increase follow interval to 1 week [#3757] - @leogr
  • docs: add deprecation notice for legacy eBPF, gVisor and gRPC usage [#3763] - @ekoops
  • chore(userspace): deprecate legacy eBPF probe, gVisor engine and gRPC [#3763] - @ekoops
  • chore(engine): emit warning when the deprecated evt.latency field family is used in a rule condition or output [#3744] - @irozzo-1A

Bug Fixes

  • fix: prevent null pointer crash on popen() failure in output_program [#3722] - @vietcgi
  • fix: correct falcoctl.yaml path in debian conffiles [#3745] - @leogr

Non user-facing changes

  • revert: chore(.github): temporary action for GPG key rotation [#3766] - @leogr
  • chore(cmake): bump falcoctl dependency version to 0.12.2 [#3790] - @ekoops
  • chore(cmake): bump falcoctl dependency version to 0.12.1 [#3777] - @ekoops
  • chore(cmake): bump container plugin version to 0.6.1 [#3780] - @ekoops
  • fix(userspace/engine): missing closing quote in deprecated field warning [#3779] - @leogr
  • chore(.github): Put back gpg key rotation workflow [#3772] - @irozzo-1A
  • chore(cmake): bump libs/drivers to 0.23.1/9.1.0+driver [#3769] - @ekoops
  • chore(cmake): bump container plugin version to 0.6.0 [#3768] - @irozzo-1A
  • docs(proposals): add proposal for legacy probe, gVisor engine and gRPC output deprecation [#3755] - @ekoops
  • chore(cmake): bump libs/drivers to 0.23.0/9.1.0+driver [#3760] - @ekoops
  • update(cmake): update libs and driver to latest master [#3754] - @github-actions[bot]
  • fix(metrics): Add null check for state.outputs in metrics collection [#3740] - @adduali1310
  • chore(cmake): bump libs to 0.23.0-rc2 [#3759] - @ekoops
  • chore(cmake): bump libs/drivers to 0.23.0-rc1/9.1.0-rc1+driver [#3758] - @ekoops
  • fix(ci): revert changes to mitigate rate-limitar change [#3752] - @irozzo-1A
  • update(cmake): update libs and driver to latest master [#3723] - @github-actions[bot]
  • Reduce image size [#3746] - @jfcoz
  • docs(RELEASE.md): specify target branch association upon release creation [#3717] - @ekoops
  • docs(RELEASE.md): fix rn2md cmd generating changelogs [#3709] - @ekoops
  • docs(RELEASE.md): fix PRs filtering expr for checking release notes [#3708] - @ekoops
  • docs(RELEASE.md): fix PRs filtering expression text [#3707] - @ekoops

Statistics

MERGED PRSNUMBER
Not user-facing21
Release note11
Total32

Release Manager @ekoops


Version 0.43.0-rc3

Download


Version 0.43.0-rc2

Download


Version 0.43.0-rc1

Download


Version 0.42.1

Download

LIBS DRIVER

PackagesDownload
rpm-x86_64rpm
deb-x86_64deb
tgz-x86_64tgz
tgz-static-x86_64tgz-static
rpm-aarch64rpm
deb-aarch64deb
tgz-aarch64tgz
Images
docker pull docker.io/falcosecurity/falco:0.42.1
docker pull public.ecr.aws/falcosecurity/falco:0.42.1
docker pull docker.io/falcosecurity/falco-driver-loader:0.42.1
docker pull docker.io/falcosecurity/falco-driver-loader:0.42.1-buster
docker pull docker.io/falcosecurity/falco:0.42.1-debian

v0.42.1

Released on 2025-11-06

Non user-facing changes

  • docs(CHANGELOG.md): update changelog for 0.42.0 release [#3730] - @leogr

Statistics

MERGED PRSNUMBER
Not user-facing1
Release note0
Total1

Release Manager @leogr


Version 0.42.0

Download

LIBS DRIVER

PackagesDownload
rpm-x86_64rpm
deb-x86_64deb
tgz-x86_64tgz
tgz-static-x86_64tgz-static
rpm-aarch64rpm
deb-aarch64deb
tgz-aarch64tgz
Images
docker pull docker.io/falcosecurity/falco:0.42.0
docker pull public.ecr.aws/falcosecurity/falco:0.42.0
docker pull docker.io/falcosecurity/falco-driver-loader:0.42.0
docker pull docker.io/falcosecurity/falco-driver-loader:0.42.0-buster
docker pull docker.io/falcosecurity/falco:0.42.0-debian

v0.42.0

Released on 2025-10-22

Major Changes

  • feat: add falco_libs.thread_table_auto_purging_interval_s and thread_table_auto_purging_thread_timeout_s configuration options [#3670] - @ekoops
  • feat: log plugin version info at loading time [#3657] - @FedeDP
  • feat: ability to add statically defined fields via static_fields configuration [#3557] - @FedeDP
  • feat(engine): emit warning when a rule containing the evt.dir field in output is encountered [#3697] - @irozzo-1A
  • feat(engine): emit warning when a rule containing a condition on the deprecated evt.dir field is encountered [#3690] - @irozzo-1A
  • new: ability to record .scap files (capture feature) [#3645] - @leogr
  • new(docker): includes sha on the image labels [#3658] - @jcchavezs
  • new(cmake,userspace,ci): add mimalloc support [#3616] - @FedeDP

Minor Changes

  • docs(falco.yaml): refactor config documentation [#3685] - @leogr
  • build: fix debian:buster apt debian repo URL in :driver-loader-buster container image [#3644] - @ekoops
  • build: updagrade libs to version 0.22.1 [#3705] - @irozzo-1A
  • build: upgrade drivers to v9.0.0+driver [#3701] - @irozzo-1A
  • build: upgrade cpp-httplib to v0.23.1 [#3647] - @FedeDP
  • update: upgrade default ruleset to v5.0.0 [#3700] - @leogr
  • build: upgrade falcoctl to v0.11.4 [#3694] - @leogr
  • chore(prometheus): deprecate enter events drop stats [#3675] - @irozzo-1A

Bug Fixes

  • fix(cmake): correct abseil-cpp for alpine build [#3598] - @RomanenkoDenys
  • fix: enable handling of multiple actions configured with syscall_event_drops.actions [#3676] - @terror96
  • fix: disable dry-run restarts when Falco runs with config-watching disabled [#3640] - @Proximyst

Non user-facing changes

Statistics

MERGED PRSNUMBER
Not user-facing29
Release note23
Total52

Release Manager @ekoops


Version 0.42.0-rc4

Download


Version 0.42.0-rc3

Download


Version 0.42.0-rc2

Download


Version 0.42.0-rc1

Download


Version 0.41.3

Download

LIBS DRIVER

PackagesDownload
rpm-x86_64rpm
deb-x86_64deb
tgz-x86_64tgz
tgz-static-x86_64tgz-static
rpm-aarch64rpm
deb-aarch64deb
tgz-aarch64tgz
Images
docker pull docker.io/falcosecurity/falco:0.41.3
docker pull public.ecr.aws/falcosecurity/falco:0.41.3
docker pull docker.io/falcosecurity/falco-driver-loader:0.41.3
docker pull docker.io/falcosecurity/falco-driver-loader:0.41.3-buster
docker pull docker.io/falcosecurity/falco:0.41.3-debian

v0.41.3

Minor Changes

Statistics

MERGED PRSNUMBER
Not user-facing0
Release note1
Total1

Release Manager @leogr @ekoops


Version 0.41.2

Download

LIBS DRIVER

PackagesDownload
rpm-x86_64rpm
deb-x86_64deb
tgz-x86_64tgz
tgz-static-x86_64tgz-static
rpm-aarch64rpm
deb-aarch64deb
tgz-aarch64tgz
Images
docker pull docker.io/falcosecurity/falco:0.41.2
docker pull public.ecr.aws/falcosecurity/falco:0.41.2
docker pull docker.io/falcosecurity/falco-driver-loader:0.41.2
docker pull docker.io/falcosecurity/falco-driver-loader:0.41.2-buster
docker pull docker.io/falcosecurity/falco:0.41.2-debian

v0.41.2

Released on 2025-06-17

Statistics

MERGED PRSNUMBER
Not user-facing0
Release note0
Total0

Release Manager @leogr @ekoops


Version 0.41.1

Download

LIBS DRIVER

PackagesDownload
rpm-x86_64rpm
deb-x86_64deb
tgz-x86_64tgz
tgz-static-x86_64tgz-static
rpm-aarch64rpm
deb-aarch64deb
tgz-aarch64tgz
Images
docker pull docker.io/falcosecurity/falco:0.41.1
docker pull public.ecr.aws/falcosecurity/falco:0.41.1
docker pull docker.io/falcosecurity/falco-driver-loader:0.41.1
docker pull docker.io/falcosecurity/falco-driver-loader:0.41.1-buster
docker pull docker.io/falcosecurity/falco:0.41.1-debian

v0.41.1

Released on 2025-06-05

Bug Fixes

  • fix(userspace/falco): when collecting metrics for stats_writer, create a libs_metrics_collector for each source [#3585] - @FedeDP
  • fix(userspace/falco): only enable prometheus metrics once all inspectors have been opened [#3588] - @FedeDP

Statistics

MERGED PRSNUMBER
Not user-facing0
Release note2
Total2

Release Manager @FedeDP


Version 0.41.1-rc1

Download


Version 0.41.0

Download

LIBS DRIVER

PackagesDownload
rpm-x86_64rpm
deb-x86_64deb
tgz-x86_64tgz
tgz-static-x86_64tgz-static
rpm-aarch64rpm
deb-aarch64deb
tgz-aarch64tgz
Images
docker pull docker.io/falcosecurity/falco:0.41.0
docker pull public.ecr.aws/falcosecurity/falco:0.41.0
docker pull docker.io/falcosecurity/falco-driver-loader:0.41.0
docker pull docker.io/falcosecurity/falco-driver-loader:0.41.0-buster
docker pull docker.io/falcosecurity/falco:0.41.0-debian

v0.41.0

Released on 2025-05-29

Breaking Changes :warning:

  • cleanup(engine)!: only consider .yaml/.yml rule files [#3551] - @LucaGuerra
  • cleanup(userspace)!: deprecate print of container.info [#3543] - @FedeDP
  • cleanup(userspace/falco)!: drop deprecated in 0.40.0 CLI flags. [#3496] - @FedeDP

Major Changes

  • new(falco): add json_include_output_fields option [#3527] - @LucaGuerra
  • new(build,userspace): switch to use container plugin [#3482] - @FedeDP
  • new(docker,scripts,ci): use an override config file to enable ISO 8601 output timeformat on docker images [#3488] - @FedeDP

Minor Changes

  • chore(build): update falcoctl to v0.11.2, rules for artifact follow to v4 [#3580] - @LucaGuerra
  • update(cmake): bumped falcoctl to 0.11.1 and rules to 4.0.0. [#3577] - @FedeDP
  • update(containers): update opencontainers labels [#3575] - @LucaGuerra
  • update(metrics): improve restart/hot_reload conditions inspection [#3562] - @incertum
  • update: empty values in exceptions won't emit a warning anymore [#3529] - @leogr
  • chore(falco.yaml): enable libs_logger by default with info level [#3507] - @FedeDP

Bug Fixes

  • fix(metrics/prometheus): gracefully handle multiple event sources, avoid erroneous duplicate metrics [#3563] - @incertum
  • fix(ci): properly install rpm systemd-rpm-macro package on building packages pipeline [#3521] - @FedeDP
  • fix(userspace/falco): init cmdline options after loading all config files [#3493] - @FedeDP
  • fix(cmake): add support for 16K kernel page to jemalloc [#3490] - @Darkness4
  • fix(userspace/falco): fix jemalloc enabled in minimal build. [#3478] - @FedeDP

Non user-facing changes

Statistics

MERGED PRSNUMBER
Not user-facing36
Release note17
Total53

Release Manager @FedeDP


Version 0.41.0-rc2

Download


Version 0.41.0-rc1

Download


Version 0.40.0

Download

LIBS DRIVER

PackagesDownload
rpm-x86_64rpm
deb-x86_64deb
tgz-x86_64tgz
tgz-static-x86_64tgz-static
rpm-aarch64rpm
deb-aarch64deb
tgz-aarch64tgz
Images
docker pull docker.io/falcosecurity/falco:0.40.0
docker pull public.ecr.aws/falcosecurity/falco:0.40.0
docker pull docker.io/falcosecurity/falco-driver-loader:0.40.0
docker pull docker.io/falcosecurity/falco-driver-loader:0.40.0-buster
docker pull docker.io/falcosecurity/falco:0.40.0-debian

v0.40.0

Released on 2025-01-28

Breaking Changes :warning:

  • cleanup(userspac/falco)!: drop deprecated options. [#3361] - @FedeDP

Major Changes

  • new(docker): streamline docker images [#3273] - @FedeDP
  • new(build): reintroduce static build [#3428] - @LucaGuerra
  • new(cmake,ci): added support for using jemalloc allocator instead of glibc one and use it by default for release artifacts [#3406] - @FedeDP
  • new(userspace,cmake): honor new plugins exposed suggested output formats [#3388] - @FedeDP
  • new(userspace/falco): allow entirely disabling plugin hostinfo support. [#3412] - @FedeDP
  • new(ci): use zig compiler instead of relying on centos7. [#3307] - @FedeDP
  • new(falco): add buffer_format_base64 option, deprecate -b [#3358] - @LucaGuerra
  • new(falco): add base_syscalls.all option to falco.yaml, deprecate -A [#3352] - @LucaGuerra
  • new(falco): add falco_libs.snaplen option, deprecate -S / --snaplen [#3362] - @LucaGuerra

Minor Changes

  • update(cmake): bump falcoctl to v0.11.0 [#3467] - @alacuku
  • chore(ci): add attestation for falco [#3216] - @cpanato
  • chore(ci): build Falco in RelWithDebInfo, and upload Falco debug symbols as github artifacts [#3452] - @FedeDP
  • update(build): DEB and RPM package requirements for dkms and kernel-devel are now suggestions [#3450] - @jthiltges

Bug Fixes

  • fix(userspace/falco): fix container_engines.cri.sockets not loading from config file [#3453] - @zayaanmoez
  • fix(docker): /usr/src/'*' no longer created if $HOST_PATH/usr/src didn't exist at startup [#3434] - @shane-lawrence
  • fix(docker): add brotli to the Falco image [#3399] - @LucaGuerra
  • fix(userspace/engine): explicitly disallow appending/modifying a rule with different sources [#3383] - @mstemm

Non user-facing changes

Statistics

MERGED PRSNUMBER
Not user-facing31
Release note18
Total49

Release Manager @FedeDP


Version 0.40.0-rc1

Download


Version 0.39.2

Download

LIBS DRIVER

PackagesDownload
rpm-x86_64rpm
deb-x86_64deb
tgz-x86_64tgz
rpm-aarch64rpm
deb-aarch64deb
tgz-aarch64tgz
Images
docker pull docker.io/falcosecurity/falco:0.39.2
docker pull public.ecr.aws/falcosecurity/falco:0.39.2
docker pull docker.io/falcosecurity/falco-driver-loader:0.39.2
docker pull docker.io/falcosecurity/falco-driver-loader-legacy:0.39.2
docker pull docker.io/falcosecurity/falco-no-driver:0.39.2
docker pull docker.io/falcosecurity/falco-distroless:0.39.2

v0.39.2

Released on 2024-11-21

Minor Changes

  • update(cmake): bumped falcoctl to v0.10.1. [#3408] - @FedeDP
  • update(cmake): bump yaml-cpp to latest master. [#3394] - @FedeDP

Non user-facing changes

Statistics

MERGED PRSNUMBER
Not user-facing1
Release note2
Total3

Release Manager @FedeDP


Version 0.39.1

Download

LIBS DRIVER

PackagesDownload
rpm-x86_64rpm
deb-x86_64deb
tgz-x86_64tgz
rpm-aarch64rpm
deb-aarch64deb
tgz-aarch64tgz
Images
docker pull docker.io/falcosecurity/falco:0.39.1
docker pull public.ecr.aws/falcosecurity/falco:0.39.1
docker pull docker.io/falcosecurity/falco-driver-loader:0.39.1
docker pull docker.io/falcosecurity/falco-driver-loader-legacy:0.39.1
docker pull docker.io/falcosecurity/falco-no-driver:0.39.1
docker pull docker.io/falcosecurity/falco-distroless:0.39.1

v0.39.1

Released on 2024-10-09

Bug Fixes

  • fix(engine): allow null init_config for plugin info [#3372] - @LucaGuerra
  • fix(engine): fix parsing issues in -o key={object} when the object definition contains a comma [#3363] - @LucaGuerra
  • fix(userspace/falco): fix event set selection for plugin with parsing capability [#3368] - @FedeDP

Non user-facing changes

  • update(changelog): updated changelog for 0.39.1. [#3373] - @FedeDP

Statistics

MERGED PRSNUMBER
Not user-facing1
Release note3
Total4

Release Manager @FedeDP


Version 0.39.1-rc1

Download


Version 0.39.0

Download

LIBS DRIVER

PackagesDownload
rpm-x86_64rpm
deb-x86_64deb
tgz-x86_64tgz
rpm-aarch64rpm
deb-aarch64deb
tgz-aarch64tgz
Images
docker pull docker.io/falcosecurity/falco:0.39.0
docker pull public.ecr.aws/falcosecurity/falco:0.39.0
docker pull docker.io/falcosecurity/falco-driver-loader:0.39.0
docker pull docker.io/falcosecurity/falco-driver-loader-legacy:0.39.0
docker pull docker.io/falcosecurity/falco-no-driver:0.39.0
docker pull docker.io/falcosecurity/falco-distroless:0.39.0

v0.39.0

Released on 2024-10-01

Breaking Changes :warning:

  • fix(falco_metrics)!: split tags label into multiple tag_-prefixed labels [#3337] - @ekoops
  • fix(falco_metrics)!: use full name for configs and rules files [#3337] - @ekoops
  • update(falco_metrics)!: rearrange n_evts_cpu and n_drops_cpu Prometheus metrics to follow best practices [#3319] - @incertum
  • cleanup(userspace/falco)!: drop deprecated -t,-T,-D options. [#3311] - @FedeDP

Major Changes

  • feat(stats): add host_netinfo networking information stats family [#3344] - @ekoops
  • new(falco): add json_include_message_property to have a message field without date and priority [#3314] - @LucaGuerra
  • new(userspace/falco,userspace/engine): rule json schema validation [#3313] - @FedeDP
  • new(falco): introduce append_output configuration [#3308] - @LucaGuerra
  • new(userspace/falco): added --config-schema action to print config schema [#3312] - @FedeDP
  • new(falco): enable CLI options with -o key={object} [#3310] - @LucaGuerra
  • new(config): add container_engines config to falco.yaml [#3266] - @incertum
  • new(metrics): add host_ifinfo metric [#3253] - @incertum
  • new(userspace,unit_tests): validate configs against schema [#3302] - @FedeDP

Minor Changes

  • update(falco): upgrade libs to 0.18.1 [#3349] - @LucaGuerra
  • update(systemd): users can refer to systemd falco services with a constistent unique alias falco.service [#3332] - @ekoops
  • update(cmake): bump libs to 0.18.0 and driver to 7.3.0+driver. [#3330] - @FedeDP
  • chore(userspace/falco): deprecate cri related CLI options. [#3329] - @FedeDP
  • update(cmake): bumped falcoctl to v0.10.0 and rules to 3.2.0 [#3327] - @FedeDP
  • update(falco_metrics): change prometheus rules metric naming [#3324] - @incertum

Bug Fixes

  • fix(falco): allow disable_cri_async from both CLI and config [#3353] - @LucaGuerra
  • fix(engine): sync outputs before printing stats at shutdown [#3338] - @LucaGuerra
  • fix(falco): allow plugin init_config map in json schema [#3335] - @LucaGuerra
  • fix(userspace/falco): properly account for plugin with CAP_PARSING when computing interesting sc set [#3334] - @FedeDP

Non user-facing changes

Statistics

MERGED PRSNUMBER
Not user-facing35
Release note22
Total57

Release Manager @FedeDP


Version 0.39.0-rc3

Download

Last modified Oct 10, 2023: fix(content): fix more index.md (3fd448a)