0.38.1

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

Images
docker pull docker.io/falcosecurity/falco:0.38.1
docker pull public.ecr.aws/falcosecurity/falco:0.38.1
docker pull docker.io/falcosecurity/falco-driver-loader:0.38.1
docker pull docker.io/falcosecurity/falco-driver-loader-legacy:0.38.1
docker pull docker.io/falcosecurity/falco-no-driver:0.38.1
docker pull docker.io/falcosecurity/falco-distroless:0.38.1

v0.38.1

Released on 2024-06-19

Major Changes

• new(metrics): enable plugins metrics [#3228] - @mrgian

Minor Changes

• cleanup(falco): clarify that --print variants only affect syscalls [#3238] - @LucaGuerra
• update(engine): enable -p option for all sources, -pk, -pc etc only for syscall sources [#3239] - @LucaGuerra

Bug Fixes

• fix(engine): enable output substitution only for syscall rules, prevent engine from exiting with validation errors when a plugin is loaded and -pc/pk is specified [#3236] - @mrgian
• fix(metrics): allow each metric output channel to be selected independently [#3232] - @incertum
• fix(userspace/falco): fixed falco_metrics::to_text implementation when running with plugins [#3230] - @FedeDP

Statistics

MERGED PRS	NUMBER
Not user-facing	0
Release note	6
Total	6

Release Manager @FedeDP

0.38.1-rc1

new(metrics): enable plugins metrics

Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>

0.38.0

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

Images
docker pull docker.io/falcosecurity/falco:0.38.0
docker pull public.ecr.aws/falcosecurity/falco:0.38.0
docker pull docker.io/falcosecurity/falco-driver-loader:0.38.0
docker pull docker.io/falcosecurity/falco-driver-loader-legacy:0.38.0
docker pull docker.io/falcosecurity/falco-no-driver:0.38.0
docker pull docker.io/falcosecurity/falco-distroless:0.38.0

v0.38.0

Released on 2024-05-30

Breaking Changes ⚠️

• new(scripts,docker)!: enable automatic driver selection logic in packages and docker images. Modern eBPF is now also the default driver and the highest priority one in the new driver selection logic. [#3154] - @FedeDP
• cleanup(falco.yaml)!: remove some deprecated configs [#3087] - @Andreagit97
• cleanup(docker)!: remove unused builder dockerfile [#3088] - @Andreagit97

Major Changes

• new(webserver): a metrics endpoint has been added providing prometheus metrics. It can be optionally enabled using the new metrics.prometheus_enabled configuration option. It will only be activated if the metrics.enabled is true as well. [#3140] - @sgaist
• new(metrics): add rules_counters_enabled option [#3192] - @incertum
• new(build): provide signatures for .tar.gz packages [#3201] - @LucaGuerra
• new(engine): add print_enabled_rules_falco_logger when log_level debug [#3189] - @incertum
• new(falco): allow selecting which rules to load from the configuration file or command line [#3178] - @LucaGuerra
• new(metrics): add file sha256sum metrics for loaded config and rules files [#3187] - @incertum
• new(engine): throw an error when an invalid macro/list name is used [#3116] - @mrgian
• new(engine): raise warning instead of error on invalid macro/list name [#3167] - @mrgian
• new(userspace): support split config files [#3024] - @FedeDP
• new(engine): enforce unique exceptions names [#3134] - @mrgian
• new(engine): add warning when appending an exception with no values [#3133] - @mrgian
• feat(metrics): coherent metrics stats model including few metrics naming changes [#3129] - @incertum
• new(config): add falco_libs.thread_table_size [#3071] - @incertum
• new(proposals): introduce on host anomaly detection framework [#2655] - @incertum

Minor Changes

• update(cmake): bump falcoctl to v0.8.0. [#3219] - @FedeDP
• update(rules): update falco-rules to 3.1.0 [#3217] - @LucaGuerra
• refactor(userspace): move falco logger under falco engine [#3208] - @jasondellaluce
• chore(docs): apply features adoption and deprecation proposal to config file keys [#3206] - @FedeDP
• cleanup(metrics): add original rule name as label [#3205] - @incertum
• update(falco): deprecate options -T, -t and -D [#3193] - @LucaGuerra
• refactor: bump libs and driver, support field modifiers [#3186] - @jasondellaluce
• chore(userspace/falco): deprecated old 'rules_file' config key [#3162] - @FedeDP
• chore(falco): update falco libs and driver to master (Apr 8th 2024) [#3158] - @LucaGuerra
• update(build): update libs to 026ffe1d8f1b25c6ccdc09afa2c02afdd3e3f672 [#3151] - @LucaGuerra
• cleanup: minor adjustments to readme, add new testing section [#3072] - @incertum
• refactor(userspace/engine): reduce allocations during rules loading [#3065] - @jasondellaluce
• update(CI): publish wasm package as dev-wasm [#3017] - @Rohith-Raju

Bug Fixes

• fix(userspace/falco): fix state initialization avoid a crash during hot reload [#3190] - @FedeDP
• fix(userspace/engine): make sure exception fields are not optional in replace mode [#3108] - @jasondellaluce
• fix(docker): added zstd to driver loader images [#3203] - @FedeDP
• fix(engine): raise warning instead of error on not-unique exceptions names [#3159] - @mrgian
• fix(engine): apply output substitutions for all sources [#3135] - @mrgian
• fix(userspace/configuration): make sure that folders that would trigger permission denied are not traversed [#3127] - @sgaist
• fix(engine): logical issue in exceptions condition [#3115] - @mrgian
• fix(cmake): properly let falcoctl cmake module create /usr/share/falco/plugins/ folder. [#3105] - @FedeDP

Non user-facing changes

• update(scripts/falcoctl): bump falco-rules version to 3 [#3128] - @alacuku
• build(deps): Bump submodules/falcosecurity-rules from 59bf03b to 9e56293 [#3212] - @dependabot[bot]
• chore(gha): update cosign to v3.5.0 [#3209] - @LucaGuerra
• build(deps): Bump submodules/falcosecurity-rules from 29c41c4 to 59bf03b [#3207] - @dependabot[bot]
• update(cmake): bumped libs to 0.17.0-rc1 and falcoctl to v0.8.0-rc6. [[#3204](https://github.com//pull/32...

0.38.0-rc5

update(cmake): bump libs to 0.17.1.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

0.38.0-rc4

update(cmake): bumped libs to 0.17.0 and driver to 7.2.0+driver.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

0.38.0-rc3

update(cmake): bump libs to 0.17.0-rc2.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

0.38.0-rc2

chore(gha): update cosign

Signed-off-by: Luca Guerra <luca@guerra.sh>

0.38.0-rc1

chore(falco.yaml): `rule` -> `rules`.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

0.37.1

Packages	Download
rpm-x86_64
deb-x86_64
tgz-x86_64
rpm-aarch64
deb-aarch64
tgz-aarch64

Images
docker pull docker.io/falcosecurity/falco:0.37.1
docker pull public.ecr.aws/falcosecurity/falco:0.37.1
docker pull docker.io/falcosecurity/falco-driver-loader:0.37.1
docker pull docker.io/falcosecurity/falco-driver-loader-legacy:0.37.1
docker pull docker.io/falcosecurity/falco-no-driver:0.37.1
docker pull docker.io/falcosecurity/falco-distroless:0.37.1

v0.37.1

Released on 2024-02-13

Major Changes

• new(docker): added option for insecure http driver download to falco and driver-loader images [#3058] - @toamto94

Minor Changes

• update(cmake): bumped falcoctl to v0.7.2 [#3076] - @FedeDP
• update(build): link libelf dynamically [#3048] - @LucaGuerra

Bug Fixes

• fix(userspace/engine): always consider all rules (even the ones below min_prio) in m_rule_stats_manager [#3060] - @FedeDP

Non user-facing changes

• sync(docs): cherrypick CHANGELOG entry for 0.37.1 [#3080] - @FedeDP
• Added http headers option for driver download in docker images [#3075] - @toamto94
• fix(build): install libstdc++ in the Wolfi image [#3053] - @LucaGuerra

Statistics

MERGED PRS	NUMBER
Not user-facing	3
Release note	4
Total	7

Release Manager @FedeDP

0.37.1-rc1

update(cmake): bump libs to 0.14.3.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>