falco

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

v0.38.1

Released on 2024-06-19

Major Changes

• new(metrics): enable plugins metrics [#3228] - @mrgian

Minor Changes

• cleanup(falco): clarify that --print variants only affect syscalls [#3238] - @LucaGuerra
• update(engine): enable -p option for all sources, -pk, -pc etc only for syscall sources [#3239] - @LucaGuerra

Bug Fixes

• fix(engine): enable output substitution only for syscall rules, prevent engine from exiting with validation errors when a plugin is loaded and -pc/pk is specified [#3236] - @mrgian
• fix(metrics): allow each metric output channel to be selected independently [#3232] - @incertum
• fix(userspace/falco): fixed falco_metrics::to_text implementation when running with plugins [#3230] - @FedeDP

Statistics

Release Manager @FedeDP

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

v0.38.0

Released on 2024-05-30

Breaking Changes ⚠️

• new(scripts,docker)!: enable automatic driver selection logic in packages and docker images. Modern eBPF is now also the default driver and the highest priority one in the new driver selection logic. [#3154] - @FedeDP
• cleanup(falco.yaml)!: remove some deprecated configs [#3087] - @Andreagit97
• cleanup(docker)!: remove unused builder dockerfile [#3088] - @Andreagit97

Major Changes

• new(webserver): a metrics endpoint has been added providing prometheus metrics. It can be optionally enabled using the new metrics.prometheus_enabled configuration option. It will only be activated if the metrics.enabled is true as well. [#3140] - @sgaist
• new(metrics): add rules_counters_enabled option [#3192] - @incertum
• new(build): provide signatures for .tar.gz packages [#3201] - @LucaGuerra
• new(engine): add print_enabled_rules_falco_logger when log_level debug [#3189] - @incertum
• new(falco): allow selecting which rules to load from the configuration file or command line [#3178] - @LucaGuerra
• new(metrics): add file sha256sum metrics for loaded config and rules files [#3187] - @incertum
• new(engine): throw an error when an invalid macro/list name is used [#3116] - @mrgian
• new(engine): raise warning instead of error on invalid macro/list name [#3167] - @mrgian
• new(userspace): support split config files [#3024] - @FedeDP
• new(engine): enforce unique exceptions names [#3134] - @mrgian
• new(engine): add warning when appending an exception with no values [#3133] - @mrgian
• feat(metrics): coherent metrics stats model including few metrics naming changes [#3129] - @incertum
• new(config): add falco_libs.thread_table_size [#3071] - @incertum
• new(proposals): introduce on host anomaly detection framework [#2655] - @incertum

Minor Changes

• update(cmake): bump falcoctl to v0.8.0. [#3219] - @FedeDP
• update(rules): update falco-rules to 3.1.0 [#3217] - @LucaGuerra
• refactor(userspace): move falco logger under falco engine [#3208] - @jasondellaluce
• chore(docs): apply features adoption and deprecation proposal to config file keys [#3206] - @FedeDP
• cleanup(metrics): add original rule name as label [#3205] - @incertum
• update(falco): deprecate options -T, -t and -D [#3193] - @LucaGuerra
• refactor: bump libs and driver, support field modifiers [#3186] - @jasondellaluce
• chore(userspace/falco): deprecated old 'rules_file' config key [#3162] - @FedeDP
• chore(falco): update falco libs and driver to master (Apr 8th 2024) [#3158] - @LucaGuerra
• update(build): update libs to 026ffe1d8f1b25c6ccdc09afa2c02afdd3e3f672 [#3151] - @LucaGuerra
• cleanup: minor adjustments to readme, add new testing section [#3072] - @incertum
• refactor(userspace/engine): reduce allocations during rules loading [#3065] - @jasondellaluce
• update(CI): publish wasm package as dev-wasm [#3017] - @Rohith-Raju

Bug Fixes

• fix(userspace/falco): fix state initialization avoid a crash during hot reload [#3190] - @FedeDP
• fix(userspace/engine): make sure exception fields are not optional in replace mode [#3108] - @jasondellaluce
• fix(docker): added zstd to driver loader images [#3203] - @FedeDP
• fix(engine): raise warning instead of error on not-unique exceptions names [#3159] - @mrgian
• fix(engine): apply output substitutions for all sources [#3135] - @mrgian
• fix(userspace/configuration): make sure that folders that would trigger permission denied are not traversed [#3127] - @sgaist
• fix(engine): logical issue in exceptions condition [#3115] - @mrgian
• fix(cmake): properly let falcoctl cmake module create /usr/share/falco/plugins/ folder. [#3105] - @FedeDP

Non user-facing changes

• update(scripts/falcoctl): bump falco-rules version to 3 [#3128] - @alacuku
• build(deps): Bump submodules/falcosecurity-rules from 59bf03b to 9e56293 [#3212] - @dependabot[bot]
• chore(gha): update cosign to v3.5.0 [#3209] - @LucaGuerra
• build(deps): Bump submodules/falcosecurity-rules from 29c41c4 to 59bf03b [#3207] - @dependabot[bot]
• update(cmake): bumped libs to 0.17.0-rc1 and falcoctl to v0.8.0-rc6. [#3204] - @FedeDP
• build(deps): Bump submodules/falcosecurity-rules from 3f668d0 to 3cac61c [#3044] - @dependabot[bot]
• build(deps): Bump submodules/falcosecurity-testing from ae3950a to 7abf76f [#3094] - @dependabot[bot]
• fix(ci): enforce bundled deps OFF in build-dev CI [#3118] - @FedeDP
• build(deps): Bump submodules/falcosecurity-rules from 88a40c8 to 869c9a7 [#3156] - @dependabot[bot]
• update(cmake): bumped falcoctl to v0.8.0-rc5. [#3199] - @FedeDP
• build(deps): Bump submodules/falcosecurity-rules from 4f153f5 to 29c41c4 [#3198] - @dependabot[bot]
• update(cmake): bump falcoctl to v0.8.0-rc4 [#3191] - @FedeDP
• refactor: smart pointer usage [#3184] - @federico-sysdig
• build(deps): Bump submodules/falcosecurity-rules from ec255e6 to 4f153f5 [#3182] - @dependabot[bot]
• update(cmake): bumped libs and driver to latest master. [#3177] - @FedeDP
• chore(cmake): enable modern bpf build by default. [#3180] - @FedeDP
• cleanup(docs): fix typo in license blocks [#3175] - @LucaGuerra
• chore(docker,scripts): set old eBPF probe as lowest priority driver. [#3173] - @FedeDP
• build(deps): Bump submodules/falcosecurity-rules from 869c9a7 to ec255e6 [#3170] - @dependabot[bot]
• update(app): close inspectors at teardown time [#3169] - @LucaGuerra
• fix(docker): fixed docker entrypoints for driver loading. [#3168] - @FedeDP
• fix(docker,scripts): do not load falcoctl driver loader when installing Falco deb package in docker images [#3166] - @FedeDP
• update(ci): build both release and debug versions [#3161] - @LucaGuerra
• chore(userspace/falco): watch all configs files. [#3160] - @FedeDP
• fix(ci): update scorecard-action to v2.3.1 [#3153] - @LucaGuerra
• cleanup(falco): consolidate falco::grpc::server in one class [#3150] - @LucaGuerra
• new(build): enable ASan and UBSan builds with options and in CI [#3147] - @LucaGuerra
• fix(userspace): variable / function shadowing [#3123] - @sgaist
• build(deps): Bump submodules/falcosecurity-rules from fbf0a4e to 88a40c8 [#3145] - @dependabot[bot]
• fix(cmake): fix USE_BUNDLED_DEPS=ON and BUILD_FALCO_UNIT_TESTS=ON [#3146] - @LucaGuerra
• Add --kernelversion and --kernelrelease options to falco driver loader entrypoint [#3143] - @Sryther
• build(deps): Bump submodules/falcosecurity-rules from 44addef to fbf0a4e [#3139] - @dependabot[bot]
• chore: bump to latest libs commit [#3137] - @Andreagit97
• refactor: Use FetchContent for integrating three bundled libs [#3107] - @federico-sysdig
• build(deps): Bump submodules/falcosecurity-rules from dc7970d to 44addef [#3136] - @dependabot[bot]
• build(deps): Bump submodules/falcosecurity-rules from f88b991 to dc7970d [#3126] - @dependabot[bot]
• refactor(ci): Avoid using command make directly [#3101] - @federico-sysdig
• docs(proposal): 20231220-features-adoption-and-deprecation.md [#2986] - @leogr
• build(deps): Bump submodules/falcosecurity-rules from b499a1d to f88b991 [#3125] - @dependabot[bot]
• docs(README.md): Falco Graduates within the CNCF [#3124] - @leogr
• build(deps): Bump submodules/falcosecurity-rules from 497e011 to b499a1d [#3111] - @dependabot[bot]
• chore(ci): bumped codeql actions. [#3114] - @FedeDP
• Cleanup warnings and smart ptrs [#3112] - @federico-sysdig
• new(build): add options to use bundled dependencies [#3092] - @mrgian
• fix(ci): test-dev-packages-arm64 needs build-dev-packages-arm64. [#3110] - @FedeDP
• refactor: bump libs and driver, and adopt unique pointers wherever possible [#3109] - @jasondellaluce
• cleanup: falco_engine test fixture [#3099] - @federico-sysdig
• refactor: test AtomicSignalHandler.handle_once_wait_consistency [#3100] - @federico-sysdig
• Cleanup variable use [#3097] - @sgaist
• cleanup(submodules): dropped testing submodule. [#3098] - @FedeDP
• cleanup(ci): make use of falcosecurity/testing provided composite action [#3093] - @FedeDP
• Improve const correctness [#3083] - @sgaist
• Improve exception throwing [#3085] - @sgaist
• fix(ci): update sync in deb and rpm scripts with acl [#3062] - @LucaGuerra
• cleanup(tests): consolidate Falco engine and rule loader tests [#3066] - @LucaGuerra
• cleanup: falco_engine deps and include paths [#3090] - @federico-sysdig
• fix: Some compiler warnings [#3089] - @federico-sysdig
• build(deps): Bump submodules/falcosecurity-rules from 0f60976 to 497e011 [#3081] - @dependabot[bot]
• fix(c++): add missing explicit to single argument constructors [#3069] - @sgaist
• Improve class initialization [#3074] - @sgaist
• build(deps): Bump submodules/falcosecurity-rules from 6ed2036 to 0f60976 [#3078] - @dependabot[bot]
• build(deps): Bump submodules/falcosecurity-rules from 1053b2d to 6ed2036 [#3067] - @dependabot[bot]
• fix(c++): add missing overrides [#3064] - @sgaist
• new(build): prune deb-dev and rpm-dev directories [#3056] - @LucaGuerra
• refactor(userspace): align falco to gen-event class family deprecation [#3051] - @jasondellaluce
• build(deps): Bump submodules/falcosecurity-rules from 3cac61c to 1053b2d [#3047] - @dependabot[bot]
• fix: adopt new libsinsp logger [#3026] - @therealbobo
• refactor: cleanup libs relative include paths [#2936] - @therealbobo
• chore(ci): bumped rn2md to latest master. [#3046] - @FedeDP
• Support alternate rules loader [#3008] - @mstemm
• fix(ci): fixed release body driver version. [#3042] - @FedeDP
• build(deps): Bump submodules/falcosecurity-rules from c39d31a to 3f668d0 [#3039] - @dependabot[bot]

Statistics

Release Manager @LucaGuerra

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

v0.37.1

Released on 2024-02-13

Major Changes

• new(docker): added option for insecure http driver download to falco and driver-loader images [#3058] - @toamto94

Minor Changes

• update(cmake): bumped falcoctl to v0.7.2 [#3076] - @FedeDP
• update(build): link libelf dynamically [#3048] - @LucaGuerra

Bug Fixes

• fix(userspace/engine): always consider all rules (even the ones below min_prio) in m_rule_stats_manager [#3060] - @FedeDP

Non user-facing changes

• sync(docs): cherrypick CHANGELOG entry for 0.37.1 [#3080] - @FedeDP
• Added http headers option for driver download in docker images [#3075] - @toamto94
• fix(build): install libstdc++ in the Wolfi image [#3053] - @LucaGuerra

Statistics

Release Manager @FedeDP

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

v0.37.0

Released on 2024-01-30

Breaking Changes ⚠️

• new!: dropped falco-driver-loader script in favor of new falcoctl driver command [#2905] - @FedeDP
• update!: bump libs to latest and deprecation of k8s metadata options and configs [#2914] - @jasondellaluce
• cleanup(falco)!: remove outputs.rate and outputs.max_burst from Falco config [#2841] - @Andreagit97
• cleanup(falco)!: remove --userspace support [#2839] - @Andreagit97

Major Changes

• new(engine): add selective overrides for Falco rules [#2981] - @LucaGuerra
• feat(userspace/falco): falco administrators can now configure the http output to compress the data sent as well as enable keep alive for the connection. Two new fields (compress_uploads and keep_alive) in the http_output block of the falco.yaml file can be used for that purpose. Both are disabled by default. [#2974] - @sgaist
• new(userspace): support env variable expansion in all yaml, even inside strings. [#2918] - @FedeDP
• new(scripts): add a way to enforce driver kind and falcoctl enablement when installing Falco from packages and dialog is not present. [#2773] - @vjjmiras
• new(falco): print system info when Falco starts [#2927] - @Andreagit97
• new: driver selection in falco.yaml [#2413] - @therealbobo
• new(build): enable compilation on win32 and macOS. [#2889] - @therealbobo
• feat(userspace/falco): falco administrators can now configure the address on which the webserver listen using the new listen_address field in the webserver block of the falco.yaml file. [#2890] - @sgaist

Minor Changes

• update(userspace/falco): add engine_version_semver key in /versions endpoint [#2899] - @loresuso
• update: default ruleset upgrade to version 3.0 [#3034] - @leogr
• update!(config): soft deprecation of drop stats counters in syscall_event_drops [#3015] - @incertum
• update(cmake): bumped falcoctl tool to v0.7.1. [#3030] - @FedeDP
• update(rule_loader): deprecate the append flag in Falco rules [#2992] - @Andreagit97
• cleanup!(cmake): drop bundled plugins in Falco [#2997] - @FedeDP
• update(config): clarify deprecation notices + list all env vars [#2988] - @incertum
• update: now the watch_config_files config option monitors file/directory moving and deletion, too [#2965] - @NitroCao
• update(userspace): enhancements in rule description feature [#2934] - @jasondellaluce
• update(userspace/falco): add libsinsp state metrics option [#2883] - @incertum
• update(doc): Add Thought Machine as adopters [#2919] - @RichardoC
• update(docs): add Wireshark/Logray as adopter [#2867] - @geraldcombs
• update: engine_version in semver representation [#2838] - @loresuso
• update(userspace/engine): modularize rule compiler, fix and enrich rule descriptions [#2817] - @jasondellaluce

Bug Fixes

• fix(userspace/metric): minor fixes in new libsinsp state metrics handling [#3033] - @incertum
• fix(userspace/engine): avoid storing escaped strings in engine defs [#3028] - @jasondellaluce
• fix(userspace/engine): cache latest rules compilation output [#2900] - @jasondellaluce
• fix(userspace/engine): solve description of macro-only rules [#2898] - @jasondellaluce
• fix(userspace/engine): fix memory leak [#2877] - @therealbobo

Non user-facing changes

• new(docs): add changelog for 0.37.0 [#3041] - @Andreagit97
• fix: nlohmann_json lib include path [#3032] - @federico-sysdig
• chore: bump falco rules [#3021] - @Andreagit97
• chore: bump Falco to libs 0.14.1 [#3020] - @Andreagit97
• chore(build): remove outdated development libs [#2946] - @federico-sysdig
• chore(falco): bump Falco to 000d576 libs commit [#2944] - @Andreagit97
• fix(gha): update rpmsign [#2856] - @LucaGuerra
• build(deps): Bump submodules/falcosecurity-rules from 424b258 to 1221b9e [#3000] - @dependabot[bot]
• build(deps): Bump submodules/falcosecurity-rules from 2ac430b to c39d31a [#3019] - @dependabot[bot]
• cleanup(falco.yaml): rename none in nodriver [#3012] - @Andreagit97
• update(config): graduate outputs_queue to stable [#3016] - @incertum
• update(cmake): bump falcoctl to v0.7.0. [#3009] - @FedeDP
• build(deps): Bump submodules/falcosecurity-rules from 1221b9e to 2ac430b [#3007] - @dependabot[bot]
• chore(ci): bumped rn2md to latest master. [#3006] - @FedeDP
• chore: bump Falco to latest libs [#3002] - @Andreagit97
• chore: bump driver version [#2998] - @Andreagit97
• Add addl source related methods [#2939] - @mstemm
• build(deps): Bump submodules/falcosecurity-rules from cd33bc3 to 424b258 [#2993] - @dependabot[bot]
• cleanup(engine): clarify deprecation notice for engines [#2987] - @LucaGuerra
• update(cmake): bumped falcoctl to v0.7.0-rc1. [#2983] - @FedeDP
• chore(ci): revert #2961. [#2984] - @FedeDP
• build(deps): Bump submodules/falcosecurity-testing from 930170b to 9b9630e [#2980] - @dependabot[bot]
• chore: bump Falco to latest libs [#2977] - @Andreagit97
• build(deps): Bump submodules/falcosecurity-rules from 262f569 to cd33bc3 [#2976] - @dependabot[bot]
• Allow enabling rules by ruleset id in addition to name [#2920] - @mstemm
• chore(ci): enable aarch64 falco driver loader tests. [#2961] - @FedeDP
• chore(unit_tests): added more tests for yaml env vars expansion. [#2972] - @FedeDP
• chore(falco.yaml): use HOME env var for ebpf probe path. [#2971] - @FedeDP
• chore: bump falco to latest libs [#2970] - @Andreagit97
• build(deps): Bump submodules/falcosecurity-rules from dd38952 to 262f569 [#2969] - @dependabot[bot]
• update(readme): add actuated.dev badge [#2967] - @LucaGuerra
• chore(cmake,docker): bumped falcoctl to v0.7.0-beta5. [#2968] - @FedeDP
• build(deps): Bump submodules/falcosecurity-rules from 64e2adb to dd38952 [#2959] - @dependabot[bot]
• fix(docker): small fixes in docker entrypoints for new driver loader. [#2966] - @FedeDP
• chore(build): allow usage of non-bundled nlohmann-json [#2947] - @federico-sysdig
• update(ci): enable actuated.dev [#2945] - @LucaGuerra
• cleanup: fix several warnings from a Clang build [#2948] - @federico-sysdig
• chore(docker/falco): add back some deps to falco docker image. [#2932] - @FedeDP
• build(deps): Bump submodules/falcosecurity-testing from 92c313f to 5248e6d [#2937] - @dependabot[bot]
• build(deps): Bump submodules/falcosecurity-rules from e206c1a to 8f0520f [#2904] - @dependabot[bot]
• cleanup(falco): remove decode_uri as it is no longer used [#2933] - @LucaGuerra
• update(engine): port decode_uri in falco engine [#2912] - @LucaGuerra
• chore(falco): update to libs on nov 28th [#2929] - @LucaGuerra
• cleanup(falco): remove init in the configuration constructor [#2917] - @Andreagit97
• build(deps): Bump submodules/falcosecurity-rules from 8f0520f to 64e2adb [#2908] - @dependabot[bot]
• cleanup(userspace/engine): remove legacy k8saudit implementation [#2913] - @jasondellaluce
• fix(gha): disable branch protection rule trigger for scorecard [#2911] - @LucaGuerra
• chore(gha): set cosign-installer to v3.1.2 [#2901] - @LucaGuerra
• new(docs): sync changelog for 0.36.2. [#2894] - @FedeDP
• Run OpenSSF Scorecard in pipeline [#2888] - @maxgio92
• cleanup: replace banned.h with semgrep [#2881] - @LucaGuerra
• chore(gha): upgrade GitHub actions [#2876] - @LucaGuerra
• build(deps): Bump submodules/falcosecurity-rules from a22d0d7 to e206c1a [#2865] - @dependabot[bot]
• build(deps): Bump submodules/falcosecurity-rules from d119706 to a22d0d7 [#2860] - @dependabot[bot]
• fix(gha): use fedora instead of centos 7 for package publishing [#2854] - @LucaGuerra
• chore(gha): pin versions to hashes [#2849] - @LucaGuerra
• build(deps): Bump submodules/falcosecurity-rules from c366d5b to d119706 [#2847] - @dependabot[bot]
• new(ci): properly link libs and driver releases linked to a Falco release [#2846] - @FedeDP
• build(deps): Bump submodules/falcosecurity-rules from 7a7cf24 to c366d5b [#2842] - @dependabot[bot]
• build(deps): Bump submodules/falcosecurity-rules from 77ba57a to 7a7cf24 [#2836] - @dependabot[bot]
• chore(ci): bumped rn2md to latest master. [#2844] - @FedeDP

Statistics

Release Manager @Andreagit97

What's Changed

• sync: release 0.37.x by @FedeDP in https://github.com/falcosecurity/falco/pull/3035
• update(build): update libs to 0.14.2 by @LucaGuerra in https://github.com/falcosecurity/falco/pull/3036

Full Changelog: https://github.com/falcosecurity/falco/compare/0.37.0-rc2...0.37.0-rc3

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

v0.36.2

Released on 2023-10-27

Major Changes

Minor Changes

Bug Fixes

• Bumped libs to 0.13.4

Release Manager @FedeDP

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

v0.36.1

Released on 2023-10-16

Major Changes

Minor Changes

• feat(userspace): remove experimental outputs queue recovery strategies [#2863] - @incertum

Bug Fixes

• fix(userspace/falco): timer_delete() workaround due to bug in older GLIBC [#2851] - @incertum

Statistics

Release Manager @Andreagit97

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

Release Candidate for Falco 0.36.1.
To see what's included, check the corresponding milestone: https://github.com/falcosecurity/falco/milestone/35