Changelog
List of changes throughout Falco versions
Version 0.44.1
Download
| Packages | Download |
|---|---|
| rpm-x86_64 | |
| deb-x86_64 | |
| tgz-x86_64 | |
| tgz-static-x86_64 | |
| rpm-aarch64 | |
| deb-aarch64 | |
| tgz-aarch64 |
| Images |
|---|
docker pull docker.io/falcosecurity/falco:0.44.1 |
docker pull public.ecr.aws/falcosecurity/falco:0.44.1 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.44.1 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.44.1-buster |
docker pull docker.io/falcosecurity/falco:0.44.1-debian |
v0.44.1
Released on 2026-06-11
Major Changes
Bug Fixes
- fix: fix multiple issues related to BPF iterators (solved by bumping libs to
0.25.4) [#3879] - @ekoops
Statistics
| MERGED PRS | NUMBER |
|---|---|
| Not user-facing | 0 |
| Release note | 1 |
| Total | 1 |
Release Manager @ekoops
Version 0.44.1-rc1
Download
Version 0.44.0
Download
| Packages | Download |
|---|---|
| rpm-x86_64 | |
| deb-x86_64 | |
| tgz-x86_64 | |
| tgz-static-x86_64 | |
| rpm-aarch64 | |
| deb-aarch64 | |
| tgz-aarch64 |
| Images |
|---|
docker pull docker.io/falcosecurity/falco:0.44.0 |
docker pull public.ecr.aws/falcosecurity/falco:0.44.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.44.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.44.0-buster |
docker pull docker.io/falcosecurity/falco:0.44.0-debian |
v0.44.0
Released on 2026-05-26
Breaking Changes :warning:
- new!: add backslash escaping support to
-okey-path parser for literal dots and brackets in YAML key names (e.g., -o 'my.dotted.key=val') [#3835] - @leogr - chore!: drop gRPC output and server support [#3798] - @ekoops
- chore!: drop gVisor engine support [#3797] - @ekoops
- chore!: drop legacy BPF probe [#3796] - @ekoops
Major Changes
- feat(engine): support string comparator modifiers (oneof/allof/anyof) [#3878] - @therealbobo
- new(config,rules): add
capture_eventsandcapture_filesizestop conditions for capture files [#3824] - @leogr - feat: validation for unknown-key in rules [#3805] - @leogr
- feat(userspace/engine): add support for list transformer exception [#3799] - @irozzo-1A
Minor Changes
- chore(build): Add USE_TSAN option to enable Thread Sanitizer. [#3856] - @irozzo-1A
- build: enable http_output, webserver, and metrics on macOS and Win [#3827] - @leogr
Bug Fixes
- fix(docker): Restrict falco-webui service to local access only [#3838] - @qux-bbb
- fix: show condition text in warning snippet for folded scalar conditions [#3858] - @ssam18
- fix: respect buffered_outputs YAML config value [#3830] - @leogr
- fix(userspace/falco): fix race condition in watchdog [#3820] - @irozzo-1A
- fix(scripts): update RPM repository metadata before signing when re-signing all packages [#3774] - @c2ndev
Non user-facing changes
- chore(cmake): bump libs to
0.25.2[#3900] - @ekoops - chore: update falco rules to version
5.1.0and addrulessub-command toscripts/update-deps-version[#3890] - @ekoops - chore(chart): move Falco chart source to falco (1/5) [#3889] - @c2ndev
- chore(chart): move Falco chart source to falco [#3884] - @c2ndev
- chore(cmake): bump libs to
0.25.1and drivers to10.2.0+driver[#3888] - @ekoops - upstream multiple http_output fixes for Win/macOS (from prempti) [#3882] - @leogr
- chore: bump container plugin version to
0.7.1[#3886] - @ekoops - fix(ci): reference correct input name for sanitizers flag and update systemd-rpm-macros [#3885] - @irozzo-1A
- fix(build): use Zig cross-compilation toolchain for external dependencies [#3881] - @irozzo-1A
- chore(cmake/modules): bump libs version to
0.25.0-rc2[#3876] - @ekoops - chore: bump container plugin version to
0.7.0[#3877] - @ekoops - ci(.github): replace
/area CIwith/area automationin PR template [#3870] - @ekoops - update(cmake): update libs and driver to latest release candidates [#3873] - @github-actions[bot]
- update(cmake): update libs and driver to latest master [#3868] - @github-actions[bot]
- chore(cmake): bump falcoctl dependency version to 0.13.0 [#3869] - @c2ndev
- fix(userspace/engine): replace invalid chars while JSON-encoding [#3866] - @ekoops
- update(cmake): update libs and driver to latest master [#3864] - @github-actions[bot]
- build(docker): replace apt-key with keyring; use gnupg instead of gnupg2 [#3844] - @parisnakitakejser
- chore(cmake): bump drivers to
10.0.0-rc2+driver[#3863] - @ekoops - chore(scripts): add script updating libs/drivers cmake module versions [#3862] - @ekoops
- chore(cmake): bump libs/drivers to
0.24.0-rc1/10.0.0-rc1+driver[#3861] - @ekoops - ci(reusable_test_packages): produce core dumps when falco crashes [#3859] - @ekoops
- fix(config): prevent plugin library path traversal via relative paths [#3850] - @leogr
- fix: multi thread safety issues [#3852] - @leogr
- update(cmake): update libs and driver to latest master [#3823] - @github-actions[bot]
- ci: restore minimum set of required permissions [#3841] - @ekoops
- sync: docs(CHANGELOG.md): 0.43.1 [#3854] - @leogr
- feat(userspace/falco): add support for kernel iterator metrics [#3840] - @ekoops
- docs: multi-thread falco high-level design proposal [#3751] - @irozzo-1A
- fix(cmake): configure falco.yaml from current src dir [#3821] - @therealbobo
- fix(metrics): Prevent race condition crash during metrics collection on shutdown [#3741] - @adduali1310
- update(cmake): update libs and driver to latest master [#3765] - @github-actions[bot]
- chore(falco): fix warning in webserver.h [#3816] - @irozzo-1A
- docs: fix Contributing.md outdated references [#3807] - @cluster2600
- fix(webserver): fix inconsistent include directives trying to compile the webserver on Apple [#3802] - @legobrick
- chore(build): add support for gperftools CPU profiler [#3771] - @irozzo-1A
- revert: "chore(.github): put back temporary action for GPG key rotation" [#3776] - @leogr
- docs(proposals): specify version enforcing the deprecation [#3762] - @ekoops
- docs(OWNERS): add irozzo-1A(Iacopo Rozzo) as reviewer [#3773] - @irozzo-1A
Statistics
| MERGED PRS | NUMBER |
|---|---|
| Not user-facing | 39 |
| Release note | 22 |
| Total | 61 |
Release Manager @ekoops
Version 0.44.0-rc2
Download
Version 0.44.0-rc1
Download
Version 0.43.1
Download
| Packages | Download |
|---|---|
| rpm-x86_64 | |
| deb-x86_64 | |
| tgz-x86_64 | |
| tgz-static-x86_64 | |
| rpm-aarch64 | |
| deb-aarch64 | |
| tgz-aarch64 |
| Images |
|---|
docker pull docker.io/falcosecurity/falco:0.43.1 |
docker pull public.ecr.aws/falcosecurity/falco:0.43.1 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.43.1 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.43.1-buster |
docker pull docker.io/falcosecurity/falco:0.43.1-debian |
v0.43.1
Released on 2026-04-09
Minor Changes
Statistics
| MERGED PRS | NUMBER |
|---|---|
| Not user-facing | 0 |
| Release note | 1 |
| Total | 1 |
Release Manager @leogr
Version 0.43.0
Download
| Packages | Download |
|---|---|
| rpm-x86_64 | |
| deb-x86_64 | |
| tgz-x86_64 | |
| tgz-static-x86_64 | |
| rpm-aarch64 | |
| deb-aarch64 | |
| tgz-aarch64 |
| Images |
|---|
docker pull docker.io/falcosecurity/falco:0.43.0 |
docker pull public.ecr.aws/falcosecurity/falco:0.43.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.43.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.43.0-buster |
docker pull docker.io/falcosecurity/falco:0.43.0-debian |
v0.43.0
Released on 2026-01-28
Breaking Changes :warning:
Minor Changes
- chore: [NOTICE] The GPG key used to sign DEB/RPM packages has been rotated, and all existing packages have been re-signed. New key fingerprint:
478B2FBBC75F4237B731DA4365106822B35B1B1F[#3753] - @leogr - chore(userspace): deprecate
--gvisor-generate-configCLI option [#3784] - @ekoops - docs: add deprecation notice for legacy eBPF in pkg install dialog [#3786] - @ekoops
- chore(scripts/falcoctl): increase follow interval to 1 week [#3757] - @leogr
- docs: add deprecation notice for legacy eBPF, gVisor and gRPC usage [#3763] - @ekoops
- chore(userspace): deprecate legacy eBPF probe, gVisor engine and gRPC [#3763] - @ekoops
- chore(engine): emit warning when the deprecated
evt.latencyfield family is used in a rule condition or output [#3744] - @irozzo-1A
Bug Fixes
- fix: prevent null pointer crash on
popen()failure in output_program [#3722] - @vietcgi - fix: correct falcoctl.yaml path in debian conffiles [#3745] - @leogr
Non user-facing changes
- revert: chore(.github): temporary action for GPG key rotation [#3766] - @leogr
- chore(cmake): bump falcoctl dependency version to
0.12.2[#3790] - @ekoops - chore(cmake): bump falcoctl dependency version to
0.12.1[#3777] - @ekoops - chore(cmake): bump container plugin version to
0.6.1[#3780] - @ekoops - fix(userspace/engine): missing closing quote in deprecated field warning [#3779] - @leogr
- chore(.github): Put back gpg key rotation workflow [#3772] - @irozzo-1A
- chore(cmake): bump libs/drivers to
0.23.1/9.1.0+driver[#3769] - @ekoops - chore(cmake): bump container plugin version to 0.6.0 [#3768] - @irozzo-1A
- docs(proposals): add proposal for legacy probe, gVisor engine and gRPC output deprecation [#3755] - @ekoops
- chore(cmake): bump libs/drivers to
0.23.0/9.1.0+driver[#3760] - @ekoops - update(cmake): update libs and driver to latest master [#3754] - @github-actions[bot]
- fix(metrics): Add null check for state.outputs in metrics collection [#3740] - @adduali1310
- chore(cmake): bump libs to
0.23.0-rc2[#3759] - @ekoops - chore(cmake): bump libs/drivers to
0.23.0-rc1/9.1.0-rc1+driver[#3758] - @ekoops - fix(ci): revert changes to mitigate rate-limitar change [#3752] - @irozzo-1A
- update(cmake): update libs and driver to latest master [#3723] - @github-actions[bot]
- Reduce image size [#3746] - @jfcoz
- docs(RELEASE.md): specify target branch association upon release creation [#3717] - @ekoops
- docs(RELEASE.md): fix
rn2mdcmd generating changelogs [#3709] - @ekoops - docs(RELEASE.md): fix PRs filtering expr for checking release notes [#3708] - @ekoops
- docs(RELEASE.md): fix PRs filtering expression text [#3707] - @ekoops
Statistics
| MERGED PRS | NUMBER |
|---|---|
| Not user-facing | 21 |
| Release note | 11 |
| Total | 32 |
Release Manager @ekoops
Version 0.43.0-rc3
Download
Version 0.43.0-rc2
Download
Version 0.43.0-rc1
Download
Version 0.42.1
Download
| Packages | Download |
|---|---|
| rpm-x86_64 | |
| deb-x86_64 | |
| tgz-x86_64 | |
| tgz-static-x86_64 | |
| rpm-aarch64 | |
| deb-aarch64 | |
| tgz-aarch64 |
| Images |
|---|
docker pull docker.io/falcosecurity/falco:0.42.1 |
docker pull public.ecr.aws/falcosecurity/falco:0.42.1 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.42.1 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.42.1-buster |
docker pull docker.io/falcosecurity/falco:0.42.1-debian |
v0.42.1
Released on 2025-11-06
Non user-facing changes
Statistics
| MERGED PRS | NUMBER |
|---|---|
| Not user-facing | 1 |
| Release note | 0 |
| Total | 1 |
Release Manager @leogr
Version 0.42.0
Download
| Packages | Download |
|---|---|
| rpm-x86_64 | |
| deb-x86_64 | |
| tgz-x86_64 | |
| tgz-static-x86_64 | |
| rpm-aarch64 | |
| deb-aarch64 | |
| tgz-aarch64 |
| Images |
|---|
docker pull docker.io/falcosecurity/falco:0.42.0 |
docker pull public.ecr.aws/falcosecurity/falco:0.42.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.42.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.42.0-buster |
docker pull docker.io/falcosecurity/falco:0.42.0-debian |
v0.42.0
Released on 2025-10-22
Major Changes
- feat: add
falco_libs.thread_table_auto_purging_interval_sandthread_table_auto_purging_thread_timeout_sconfiguration options [#3670] - @ekoops - feat: log plugin version info at loading time [#3657] - @FedeDP
- feat: ability to add statically defined fields via
static_fieldsconfiguration [#3557] - @FedeDP - feat(engine): emit warning when a rule containing the
evt.dirfield in output is encountered [#3697] - @irozzo-1A - feat(engine): emit warning when a rule containing a condition on the deprecated
evt.dirfield is encountered [#3690] - @irozzo-1A - new: ability to record
.scapfiles (capture feature) [#3645] - @leogr - new(docker): includes sha on the image labels [#3658] - @jcchavezs
- new(cmake,userspace,ci): add mimalloc support [#3616] - @FedeDP
Minor Changes
- docs(falco.yaml): refactor config documentation [#3685] - @leogr
- build: fix
debian:busterapt debian repo URL in:driver-loader-bustercontainer image [#3644] - @ekoops - build: updagrade libs to version 0.22.1 [#3705] - @irozzo-1A
- build: upgrade drivers to v9.0.0+driver [#3701] - @irozzo-1A
- build: upgrade cpp-httplib to v0.23.1 [#3647] - @FedeDP
- update: upgrade default ruleset to v5.0.0 [#3700] - @leogr
- build: upgrade
falcoctlto v0.11.4 [#3694] - @leogr - chore(prometheus): deprecate enter events drop stats [#3675] - @irozzo-1A
Bug Fixes
- fix(cmake): correct abseil-cpp for alpine build [#3598] - @RomanenkoDenys
- fix: enable handling of multiple actions configured with
syscall_event_drops.actions[#3676] - @terror96 - fix: disable dry-run restarts when Falco runs with config-watching disabled [#3640] - @Proximyst
Non user-facing changes
- fix(userspace/falco): correct default duration calculation [#3715] - @leogr
- chore(falcoctl): update falco rules to version 5 [#3712] - @irozzo-1A
- doc(OWNERS): move incertum (Melissa Kilby) to emeritus_approvers [#3605] - @incertum
- update(cmake): update libs and driver to latest master [#3689] - @github-actions[bot]
- chore(docker): use new
ENVsyntax in place of deprecated one [#3696] - @ekoops - chore(cmake/modules): update rules to 5.0.0-rc1 [#3698] - @leogr
- fix(userspace/engine): fix logger date format [#3672] - @ekoops
- docs(OWNERS): add
ekoops(Leonardo Di Giovanna) as approver [#3688] - @ekoops - update(cmake): update libs and driver to latest master [#3665] - @github-actions[bot]
- Refactor: cppcheck cleanups [#3649] - @sgaist
- update(userspace/engine): update falco engine version and checksum [#3648] - @ekoops
- update(cmake): update libs and driver to latest master [#3662] - @github-actions[bot]
- update(cmake): update libs and driver to latest master [#3661] - @github-actions[bot]
- update(cmake): update libs and driver to latest master [#3653] - @github-actions[bot]
- chore(ci): disable mimalloc for master builds. [#3655] - @FedeDP
- chore(deps): Bump submodules/falcosecurity-rules from
1208816tobe38001[#3651] - @dependabot[bot] - docs(falco.yaml): avoid out-of-sync config options for
containerpl… [#3650] - @leogr - update(cmake): update libs and driver to latest master [#3636] - @github-actions[bot]
- update(CHANGELOG.md): release 0.41.3 (cherry-pick) [#3634] - @ekoops
- update(cmake): update libs and driver to latest master [#3628] - @github-actions[bot]
- update(CHANGELOG.md): release 0.41.2 (cherry-pick) [#3623] - @ekoops
- update(cmake): update libs and driver to latest master [#3618] - @github-actions[bot]
- update(cmake): update libs and driver to latest master [#3602] - @github-actions[bot]
- chore(falco.yaml): clean up plugins config leftover [#3596] - @leogr
- chore(deps): Bump submodules/falcosecurity-rules from
b4437c4to4d51b18[#3607] - @dependabot[bot] - update(docs): cherry pick CHANGELOG. [#3600] - @FedeDP
- update(cmake): update libs and driver to latest master [#3592] - @github-actions[bot]
- update(docs): bumped changelog for release 0.41.0, master sync [#3586] - @FedeDP
- chore(deps): Bump submodules/falcosecurity-rules from
cb17833tob4437c4[#3578] - @dependabot[bot]
Statistics
| MERGED PRS | NUMBER |
|---|---|
| Not user-facing | 29 |
| Release note | 23 |
| Total | 52 |
Release Manager @ekoops
Version 0.42.0-rc4
Download
Version 0.42.0-rc3
Download
Version 0.42.0-rc2
Download
Version 0.42.0-rc1
Download
Version 0.41.3
Download
| Packages | Download |
|---|---|
| rpm-x86_64 | |
| deb-x86_64 | |
| tgz-x86_64 | |
| tgz-static-x86_64 | |
| rpm-aarch64 | |
| deb-aarch64 | |
| tgz-aarch64 |
| Images |
|---|
docker pull docker.io/falcosecurity/falco:0.41.3 |
docker pull public.ecr.aws/falcosecurity/falco:0.41.3 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.41.3 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.41.3-buster |
docker pull docker.io/falcosecurity/falco:0.41.3-debian |
v0.41.3
Minor Changes
Statistics
| MERGED PRS | NUMBER |
|---|---|
| Not user-facing | 0 |
| Release note | 1 |
| Total | 1 |
Release Manager @leogr @ekoops
Version 0.41.2
Download
| Packages | Download |
|---|---|
| rpm-x86_64 | |
| deb-x86_64 | |
| tgz-x86_64 | |
| tgz-static-x86_64 | |
| rpm-aarch64 | |
| deb-aarch64 | |
| tgz-aarch64 |
| Images |
|---|
docker pull docker.io/falcosecurity/falco:0.41.2 |
docker pull public.ecr.aws/falcosecurity/falco:0.41.2 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.41.2 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.41.2-buster |
docker pull docker.io/falcosecurity/falco:0.41.2-debian |
v0.41.2
Released on 2025-06-17
Statistics
| MERGED PRS | NUMBER |
|---|---|
| Not user-facing | 0 |
| Release note | 0 |
| Total | 0 |
Release Manager @leogr @ekoops
Version 0.41.1
Download
| Packages | Download |
|---|---|
| rpm-x86_64 | |
| deb-x86_64 | |
| tgz-x86_64 | |
| tgz-static-x86_64 | |
| rpm-aarch64 | |
| deb-aarch64 | |
| tgz-aarch64 |
| Images |
|---|
docker pull docker.io/falcosecurity/falco:0.41.1 |
docker pull public.ecr.aws/falcosecurity/falco:0.41.1 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.41.1 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.41.1-buster |
docker pull docker.io/falcosecurity/falco:0.41.1-debian |
v0.41.1
Released on 2025-06-05
Bug Fixes
- fix(userspace/falco): when collecting metrics for stats_writer, create a
libs_metrics_collectorfor each source [#3585] - @FedeDP - fix(userspace/falco): only enable prometheus metrics once all inspectors have been opened [#3588] - @FedeDP
Statistics
| MERGED PRS | NUMBER |
|---|---|
| Not user-facing | 0 |
| Release note | 2 |
| Total | 2 |
Release Manager @FedeDP
Version 0.41.1-rc1
Download
Version 0.41.0
Download
| Packages | Download |
|---|---|
| rpm-x86_64 | |
| deb-x86_64 | |
| tgz-x86_64 | |
| tgz-static-x86_64 | |
| rpm-aarch64 | |
| deb-aarch64 | |
| tgz-aarch64 |
| Images |
|---|
docker pull docker.io/falcosecurity/falco:0.41.0 |
docker pull public.ecr.aws/falcosecurity/falco:0.41.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.41.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.41.0-buster |
docker pull docker.io/falcosecurity/falco:0.41.0-debian |
v0.41.0
Released on 2025-05-29
Breaking Changes :warning:
- cleanup(engine)!: only consider .yaml/.yml rule files [#3551] - @LucaGuerra
- cleanup(userspace)!: deprecate print of
container.info[#3543] - @FedeDP - cleanup(userspace/falco)!: drop deprecated in 0.40.0 CLI flags. [#3496] - @FedeDP
Major Changes
- new(falco): add json_include_output_fields option [#3527] - @LucaGuerra
- new(build,userspace): switch to use container plugin [#3482] - @FedeDP
- new(docker,scripts,ci): use an override config file to enable ISO 8601 output timeformat on docker images [#3488] - @FedeDP
Minor Changes
- chore(build): update falcoctl to v0.11.2, rules for artifact follow to v4 [#3580] - @LucaGuerra
- update(cmake): bumped falcoctl to 0.11.1 and rules to 4.0.0. [#3577] - @FedeDP
- update(containers): update opencontainers labels [#3575] - @LucaGuerra
- update(metrics): improve restart/hot_reload conditions inspection [#3562] - @incertum
- update: empty
valuesinexceptionswon't emit a warning anymore [#3529] - @leogr - chore(falco.yaml): enable libs_logger by default with info level [#3507] - @FedeDP
Bug Fixes
- fix(metrics/prometheus): gracefully handle multiple event sources, avoid erroneous duplicate metrics [#3563] - @incertum
- fix(ci): properly install rpm systemd-rpm-macro package on building packages pipeline [#3521] - @FedeDP
- fix(userspace/falco): init cmdline options after loading all config files [#3493] - @FedeDP
- fix(cmake): add support for 16K kernel page to jemalloc [#3490] - @Darkness4
- fix(userspace/falco): fix jemalloc enabled in minimal build. [#3478] - @FedeDP
Non user-facing changes
- chore(deps): Bump submodules/falcosecurity-rules from
4ccf111tocb17833[#3572] - @dependabot[bot] - update(cmake/rules): bump to falco-rules-4.0.0-rc1 [#3567] - @leogr
- cleanup(userspace/falco): drop unused
libs_metrics_collectorvariable. [#3566] - @FedeDP - update(cmake): update libs and driver to latest master [#3564] - @github-actions[bot]
- fix(build): fixed container custom_target
sedcommand. [#3556] - @FedeDP - chore(deps): Bump submodules/falcosecurity-rules from
ae6ed41to4ccf111[#3555] - @dependabot[bot] - fix(cmake): fix bundled c-ares cmake issue with e.g. SLES [#3559] - @terror96
- chore(deps): Bump submodules/falcosecurity-rules from
1d2c6b1toae6ed41[#3553] - @dependabot[bot] - chore: revert "chore(deps): Bump submodules/falcosecurity-rules from
1d2c6b1to371e431" [#3552] - @FedeDP - update(cmake): update libs and driver to latest master [#3550] - @github-actions[bot]
- update(cmake): update libs and driver to latest master [#3549] - @github-actions[bot]
- update(adopters): added SafeDep as adopter [#3548] - @KunalSin9h
- update(cmake): update libs and driver to latest master [#3547] - @github-actions[bot]
- update(cmake): update libs and driver to latest master [#3541] - @github-actions[bot]
- fix(userspace): fixed engine
openssldep. [#3535] - @FedeDP - fix(userspace/falco): fix outputs_http timeout [#3523] - @benierc
- fix(ci): use clang-19 to build modern_ebpf skeleton. [#3537] - @FedeDP
- update(cmake): update libs and driver to latest master [#3531] - @github-actions[bot]
- update(cmake): update libs and driver to latest master [#3530] - @github-actions[bot]
- update(cmake): update libs and driver to latest master [#3525] - @github-actions[bot]
- update(cmake): update libs and driver to latest master [#3520] - @github-actions[bot]
- update(cmake): update libs and driver to latest master [#3516] - @github-actions[bot]
- docs(README.md): cleanups and enhancements [#3514] - @leogr
- update(cmake): update libs and driver to latest master [#3511] - @github-actions[bot]
- chore(deps): Bump submodules/falcosecurity-rules from
1d2c6b1to371e431[#3510] - @dependabot[bot] - update(cmake): update libs and driver to latest master [#3508] - @github-actions[bot]
- update(cmake): update libs and driver to latest master [#3506] - @github-actions[bot]
- fix(userspace/falco): when counting
-Mtimeout, do not account for async events [#3505] - @FedeDP - chore(deps): Bump submodules/falcosecurity-rules from
d8415c1to1d2c6b1[#3504] - @dependabot[bot] - docs(proposals): correct typo in example [#3499] - @leogr
- fix(docker): fixed entrypoints paths with new docker context. [#3492] - @FedeDP
- feat(falco/app): move actions not using config before
load_config[#3483] - @ekoops - refactor(falco/app): apply early return pattern in actions code [#3484] - @ekoops
- chore(deps): Bump submodules/falcosecurity-rules from
abf6637tod8415c1[#3489] - @dependabot[bot] - Add NETWAYS Web Services to ADOPTERS.md [#3487] - @mocdaniel
- chore: add back Falco static package to the release template. [#3472] - @FedeDP
Statistics
| MERGED PRS | NUMBER |
|---|---|
| Not user-facing | 36 |
| Release note | 17 |
| Total | 53 |
Release Manager @FedeDP
Version 0.41.0-rc2
Download
Version 0.41.0-rc1
Download
Version 0.40.0
Download
| Packages | Download |
|---|---|
| rpm-x86_64 | |
| deb-x86_64 | |
| tgz-x86_64 | |
| tgz-static-x86_64 | |
| rpm-aarch64 | |
| deb-aarch64 | |
| tgz-aarch64 |
| Images |
|---|
docker pull docker.io/falcosecurity/falco:0.40.0 |
docker pull public.ecr.aws/falcosecurity/falco:0.40.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.40.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.40.0-buster |
docker pull docker.io/falcosecurity/falco:0.40.0-debian |
v0.40.0
Released on 2025-01-28
Breaking Changes :warning:
Major Changes
- new(docker): streamline docker images [#3273] - @FedeDP
- new(build): reintroduce static build [#3428] - @LucaGuerra
- new(cmake,ci): added support for using jemalloc allocator instead of glibc one and use it by default for release artifacts [#3406] - @FedeDP
- new(userspace,cmake): honor new plugins exposed suggested output formats [#3388] - @FedeDP
- new(userspace/falco): allow entirely disabling plugin hostinfo support. [#3412] - @FedeDP
- new(ci): use
zigcompiler instead of relying on centos7. [#3307] - @FedeDP - new(falco): add buffer_format_base64 option, deprecate -b [#3358] - @LucaGuerra
- new(falco): add base_syscalls.all option to falco.yaml, deprecate -A [#3352] - @LucaGuerra
- new(falco): add falco_libs.snaplen option, deprecate -S / --snaplen [#3362] - @LucaGuerra
Minor Changes
- update(cmake): bump falcoctl to v0.11.0 [#3467] - @alacuku
- chore(ci): add attestation for falco [#3216] - @cpanato
- chore(ci): build Falco in RelWithDebInfo, and upload Falco debug symbols as github artifacts [#3452] - @FedeDP
- update(build): DEB and RPM package requirements for dkms and kernel-devel are now suggestions [#3450] - @jthiltges
Bug Fixes
- fix(userspace/falco): fix container_engines.cri.sockets not loading from config file [#3453] - @zayaanmoez
- fix(docker): /usr/src/'*' no longer created if $HOST_PATH/usr/src didn't exist at startup [#3434] - @shane-lawrence
- fix(docker): add brotli to the Falco image [#3399] - @LucaGuerra
- fix(userspace/engine): explicitly disallow appending/modifying a rule with different sources [#3383] - @mstemm
Non user-facing changes
- chore(falco.yaml): remove comments about cri cli arguments [#3458] - @alacuku
- fix(ci): fixed reusable_build/publish_docker workflows. [#3459] - @FedeDP
- update(cmake): update libs and driver to latest master [#3455] - @github-actions[bot]
- chore(ci): bumped actions/upload-download-artifact. [#3454] - @FedeDP
- chore(docker): drop unused libelf dep from container images [#3451] - @leogr
- chore(docs): update
plugins_hostinfoconfig file comment. [#3449] - @FedeDP - new(build): add RelWithDebInfo target [#3440] - @shane-lawrence
- chore(deps): Bump submodules/falcosecurity-rules from
283a62ftoabf6637[#3448] - @dependabot[bot] - update(ci): use 4cpu-16gb arm runners [#3447] - @LucaGuerra
- update(cmake): update libs and driver to latest master [#3439] - @github-actions[bot]
- chore: avoid deprecated funcs to calculate sha256 [#3442] - @federico-sysdig
- chore(ci): enable jemalloc in musl build. [#3436] - @FedeDP
- docs(falco.yaml): correct
buffered_outputsdescription [#3427] - @leogr - fix(userspace/falco): use correct filtercheck_field_info. [#3426] - @FedeDP
- update(cmake): update libs and driver to latest master [#3421] - @github-actions[bot]
- fix: update the url for the docs about the concurrent queue classes [#3415] - @Issif
- update(changelog): updated changelog for 0.39.2. [#3410] - @FedeDP
- update(cmake): update libs and driver to latest master [#3392] - @github-actions[bot]
- fix(cmake,docker): avoid cpp-httplib requiring brotli. [#3400] - @FedeDP
- chore(deps): Bump submodules/falcosecurity-rules from
407e997to283a62f[#3391] - @dependabot[bot] - update(cmake): bump libs to latest master. [#3389] - @FedeDP
- update(cmake): update libs and driver to latest master [#3385] - @github-actions[bot]
- Make enable()/disable() virtual so they can be overridden [#3375] - @mstemm
- fix(ci): fixed shasum computation for bump-libs CI. [#3379] - @FedeDP
- chore(ci): use redhat advised method to check rpmsign success. [#3376] - @FedeDP
- chore(deps): Bump submodules/falcosecurity-rules from
e38fb3fto407e997[#3374] - @dependabot[bot] - Compile output clone [#3364] - @mstemm
- fix(ci): fixed bump-libs workflow syntax. [#3369] - @FedeDP
- new(ci): add a workflow to automatically bump libs on each monday. [#3360] - @FedeDP
- chore(deps): Bump submodules/falcosecurity-rules from
b6ad373toe38fb3f[#3365] - @dependabot[bot] - cleanup(falco): reformat options::define [#3356] - @LucaGuerra
Statistics
| MERGED PRS | NUMBER |
|---|---|
| Not user-facing | 31 |
| Release note | 18 |
| Total | 49 |
Release Manager @FedeDP
Version 0.40.0-rc1
Download
Version 0.39.2
Download
| Packages | Download |
|---|---|
| rpm-x86_64 | |
| deb-x86_64 | |
| tgz-x86_64 | |
| rpm-aarch64 | |
| deb-aarch64 | |
| tgz-aarch64 |
| Images |
|---|
docker pull docker.io/falcosecurity/falco:0.39.2 |
docker pull public.ecr.aws/falcosecurity/falco:0.39.2 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.39.2 |
docker pull docker.io/falcosecurity/falco-driver-loader-legacy:0.39.2 |
docker pull docker.io/falcosecurity/falco-no-driver:0.39.2 |
docker pull docker.io/falcosecurity/falco-distroless:0.39.2 |
v0.39.2
Released on 2024-11-21
Minor Changes
- update(cmake): bumped falcoctl to v0.10.1. [#3408] - @FedeDP
- update(cmake): bump yaml-cpp to latest master. [#3394] - @FedeDP
Non user-facing changes
- update(ci): use arm64 CNCF runners for GH actions [#3386] - @LucaGuerra
Statistics
| MERGED PRS | NUMBER |
|---|---|
| Not user-facing | 1 |
| Release note | 2 |
| Total | 3 |
Release Manager @FedeDP
Version 0.39.1
Download
| Packages | Download |
|---|---|
| rpm-x86_64 | |
| deb-x86_64 | |
| tgz-x86_64 | |
| rpm-aarch64 | |
| deb-aarch64 | |
| tgz-aarch64 |
| Images |
|---|
docker pull docker.io/falcosecurity/falco:0.39.1 |
docker pull public.ecr.aws/falcosecurity/falco:0.39.1 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.39.1 |
docker pull docker.io/falcosecurity/falco-driver-loader-legacy:0.39.1 |
docker pull docker.io/falcosecurity/falco-no-driver:0.39.1 |
docker pull docker.io/falcosecurity/falco-distroless:0.39.1 |
v0.39.1
Released on 2024-10-09
Bug Fixes
- fix(engine): allow null init_config for plugin info [#3372] - @LucaGuerra
- fix(engine): fix parsing issues in -o key={object} when the object definition contains a comma [#3363] - @LucaGuerra
- fix(userspace/falco): fix event set selection for plugin with parsing capability [#3368] - @FedeDP
Non user-facing changes
Statistics
| MERGED PRS | NUMBER |
|---|---|
| Not user-facing | 1 |
| Release note | 3 |
| Total | 4 |
Release Manager @FedeDP
Version 0.39.1-rc1
Download
Version 0.39.0
Download
| Packages | Download |
|---|---|
| rpm-x86_64 | |
| deb-x86_64 | |
| tgz-x86_64 | |
| rpm-aarch64 | |
| deb-aarch64 | |
| tgz-aarch64 |
| Images |
|---|
docker pull docker.io/falcosecurity/falco:0.39.0 |
docker pull public.ecr.aws/falcosecurity/falco:0.39.0 |
docker pull docker.io/falcosecurity/falco-driver-loader:0.39.0 |
docker pull docker.io/falcosecurity/falco-driver-loader-legacy:0.39.0 |
docker pull docker.io/falcosecurity/falco-no-driver:0.39.0 |
docker pull docker.io/falcosecurity/falco-distroless:0.39.0 |
v0.39.0
Released on 2024-10-01
Breaking Changes :warning:
- fix(falco_metrics)!: split tags label into multiple
tag_-prefixed labels [#3337] - @ekoops - fix(falco_metrics)!: use full name for configs and rules files [#3337] - @ekoops
- update(falco_metrics)!: rearrange
n_evts_cpuandn_drops_cpuPrometheus metrics to follow best practices [#3319] - @incertum - cleanup(userspace/falco)!: drop deprecated -t,-T,-D options. [#3311] - @FedeDP
Major Changes
- feat(stats): add host_netinfo networking information stats family [#3344] - @ekoops
- new(falco): add json_include_message_property to have a message field without date and priority [#3314] - @LucaGuerra
- new(userspace/falco,userspace/engine): rule json schema validation [#3313] - @FedeDP
- new(falco): introduce append_output configuration [#3308] - @LucaGuerra
- new(userspace/falco): added --config-schema action to print config schema [#3312] - @FedeDP
- new(falco): enable CLI options with -o key={object} [#3310] - @LucaGuerra
- new(config): add
container_enginesconfig to falco.yaml [#3266] - @incertum - new(metrics): add host_ifinfo metric [#3253] - @incertum
- new(userspace,unit_tests): validate configs against schema [#3302] - @FedeDP
Minor Changes
- update(falco): upgrade libs to 0.18.1 [#3349] - @LucaGuerra
- update(systemd): users can refer to systemd falco services with a constistent unique alias falco.service [#3332] - @ekoops
- update(cmake): bump libs to 0.18.0 and driver to 7.3.0+driver. [#3330] - @FedeDP
- chore(userspace/falco): deprecate
crirelated CLI options. [#3329] - @FedeDP - update(cmake): bumped falcoctl to v0.10.0 and rules to 3.2.0 [#3327] - @FedeDP
- update(falco_metrics): change prometheus rules metric naming [#3324] - @incertum
Bug Fixes
- fix(falco): allow disable_cri_async from both CLI and config [#3353] - @LucaGuerra
- fix(engine): sync outputs before printing stats at shutdown [#3338] - @LucaGuerra
- fix(falco): allow plugin init_config map in json schema [#3335] - @LucaGuerra
- fix(userspace/falco): properly account for plugin with CAP_PARSING when computing interesting sc set [#3334] - @FedeDP
Non user-facing changes
- feat(cmake): add conditional builds for falcoctl and rules paths [#3305] - @tembleking
- cleanup(falco): ignore lint commit [#3354] - @LucaGuerra
- chore(falco): apply code formatting [#3350] - @poiana
- chore: ignore_some_files for clang format [#3351] - @Andreagit97
- sync: release 0.39.x [#3340] - @FedeDP
- fix(userspace/engine): improve rule json schema to account for
sourceandrequired_plugin_versions[#3328] - @FedeDP - cleanup(falco): use header file for json schema [#3325] - @LucaGuerra
- update(engine): modify append_output format [#3322] - @LucaGuerra
- chore: scaffolding for enabling code formatting [#3321] - @Andreagit97
- update(cmake): bump libs and driver to 0.18.0-rc1. [#3320] - @FedeDP
- fix(ci): restore master and release CI workflow permissions. [#3317] - @FedeDP
- fixed the token-permission and pinned-dependencies issue [#3299] - @harshitasao
- update(cmake): bump falcoctl to v0.10.0-rc1 [#3316] - @alacuku
- ci(insecure-api): update semgrep docker image [#3315] - @francesco-furlan
- Add demo environment instructions and docker-config files [#3295] - @bbl232
- chore(deps): Bump submodules/falcosecurity-rules from
baecf18tob6ad373[#3301] - @dependabot[bot] - update(cmake): bump libs and driver to latest master [#3283] - @jasondellaluce
- chore(deps): Bump submodules/falcosecurity-rules from
342b20dtobaecf18[#3298] - @dependabot[bot] - chore(deps): Bump submodules/falcosecurity-rules from
068f0f2to342b20d[#3288] - @dependabot[bot] - vote: add sgaist to OWNERS [#3264] - @sgaist
- Add Tulip Retail to adopters list [#3291] - @bbl232
- chore(deps): Bump submodules/falcosecurity-rules from
28b98b6to068f0f2[#3282] - @dependabot[bot] - chore(deps): Bump submodules/falcosecurity-rules from
c0a9bf1to28b98b6[#3267] - @dependabot[bot] - Added the OpenSSF Scorecard Badge [#3250] - @harshitasao
- chore(deps): Bump submodules/falcosecurity-rules from
ea57e78toc0a9bf1[#3247] - @dependabot[bot] - update(cmake,userspace): bump libs and driver to latest master. [#3263] - @FedeDP
- If rule compilation fails, return immediately [#3260] - @mstemm
- new(userspace/engine): generalize indexable ruleset [#3251] - @mstemm
- update(cmake): bump libs to master. [#3249] - @FedeDP
- chore(deps): Bump submodules/falcosecurity-rules from
df963b6toea57e78[#3240] - @dependabot[bot] - chore(ci): enable dummy tests on the testing framework. [#3233] - @FedeDP
- chore(deps): Bump submodules/falcosecurity-rules from
679a50atodf963b6[#3231] - @dependabot[bot] - update(cmake): bump libs and driver to master. [#3225] - @FedeDP
- chore(deps): Bump submodules/falcosecurity-rules from
9e56293to679a50a[#3222] - @dependabot[bot] - update(docs): update CHANGELOG for 0.38.0 (master branch) [#3224] - @LucaGuerra
Statistics
| MERGED PRS | NUMBER |
|---|---|
| Not user-facing | 35 |
| Release note | 22 |
| Total | 57 |
Release Manager @FedeDP
Version 0.39.0-rc3
Download
Was this page helpful?
Let us know! You feedback will help us to improve the content and to stay in touch with our users.
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified Oct 10, 2023: fix(content): fix more index.md (3fd448a)