0.27.0

New features

• Userspace instrumentation support (#1636); see https://github.com/falcosecurity/pdig for more information
• renameat2 support
• Add new filter for open+create/create with exec permissions (#1637)
• Add parent pid to v_procs chisel (#1640)

Bug fixes

• Assorted build fixes (#1672, #1663 and more)

0.26.7

Bug fixes

• Fixed build error with kernels too old to support ktime_get_real (#1624)
• Fixed support for Fedora 32 and GCC 10 (#1620)
• Lowered cgroup limit size for ARM(#1622)
• Fixed compile errors on Linux 5.6 due to timespec/timeval (#1621)
• Changed timeout parameter for curl_multi_wait to avoid error return with libcurl >= 7.69.0 (#1616)
• Fixed return value checks for bpf_probe_read_str() (#1612)
• Fixed compile on Windows (#1604)

0.26.6

Bug fixes

• Rewrite the probe builder (#1576)
• Build fixes for 5.4+ kernels (#1595)
• Use Debian Stable as the base container image (#1605)
• All the fixes incorporated in 0.26.5 (that didn't get artifacts released for tooling reasons)

New features

• Support for s390x and ppc64le architectures

0.26.5

Bug fixes

• Fixed segfault that happens at startup (#1475, #1528)
• Fixed memory leaks from certain thread/socket operations (#1491)
• Fixed handling of SEND_SIG_NOINFO in the eBPF driver (#1493)
• Fixed a regression in reading certain partial container events from scap files (#1513)
• Updated use of Kubernetes APIs to support v1.16 (#1521)
• Fixed rare driver deadlock that could occur during a context switch (#1522)
• Fixed EPEL repo link in the install script (#1534)
• Added more detail to probe loader error message (#1541)

0.26.4

Bug fixes

• Fixed docker builds (#1492)

Internal changes

• Prevent double-definition of ASSERT macro (#1490)

0.26.3

New Features

• Added fillers for chmod syscalls (#1472)
• Added support for reporting cpu usage per docker cpuset (#1473)

Bug fixes

• Fixed build error on older Linux kernels (#1477)
• Fixed driver build for RHEL 7.7/4.13+ w/CONFIG_VIRT_CPU_ACCOUNTING_GEN (#1471)
• Fixed cmake to look for pkg-config before building grpc (#1470)
• Fixed printing of strings (#1466)
• readv input parsing improvements (#1463)

Internal changes

• Fixed comment about scap minor version (#1476)

0.26.2

New features

• Suport Kubernetes liveness/readiness probes [#1320]

Bug fixes

• Fix kernel panic when tracing signals that use SEND_SIG_NOINFO [#1460]
• Add prebuilt probes for CoreOS on OpenShift 4
• Fix eBPF probe for ChromiumOS [#1431]
• Fix edge cases in handling clone() and prlimit() system calls [#1401, #1465]
• Stability and performance fixes

0.26.1

Bug fixes

• Changes to build the kmod with 5.1 kernels [#1413]
• Explicitly disable psl to address build failures on MAC OS [#1417]

Internal changes

• Fix handling of container metadata in "infra" events [#1418]

0.26.0

New features

• Perform docker metadata fetches asynchronously: When new containers are discovered, fetch metadata about the container asynchronously, which should significantly reduce the likelihood of dropped system call events. [#1326] [#1378] [#1374] [#1381] [#1373] [#1382] [#1388] [#1389] [#1384] [#1392] [#1396] [#1411]
• Add field to display time in ISO 8601 UTC [#1317] [#1360]
• Performance improvements of ring buffer processing [#1372]
• Support major/minor device numbers for fd events [#1315] #1383]
• Add the ability to prepend encoded log severity in the log message [#1327]
• Raise the iov limit in eBPF [#1390]
• Changes to pull user event logging out into a separate component. [#1375]
• Log a debug message when looking up an IP address of an incomplete container [#1398]
• Support cri-o container metadata caching [#1399]
• Logging API with lazy parameter evaluation [#1394]
• Support BPM container type [#1319]

Bug fixes

• Fix bug in fullcapture range check [#1386]
• Allow chisels to receive the full content of big buffers. [#1361]
• start the analyzer before forcing next for a scap file [#1366]
• Create a grpc_channel_registry for all channels [#1369]
• Modified the behavior of fullcapture port range [#1370]
• Check file before dereferencing [#1397]
• Fix build for older kernels (<3.9) [#1400]
• Added -fno-stack-protector to avoid clang errors [#1401]
• Addl loop prevention for traverse_parent_state [#1411]

Internal changes

• Add interfaces for async metrics collection [#1346]
• Use epel 7-11 (7-9 is no longer available) [#1362]
• Make some global variables related to fetching container state thread-local [#1356]
• Allow downloading prebuilt modules without SSL verification [#1358]
• add test helper to container manager. [#1365]
• Cleanup old docker images after building a new ebpf-probe-builder [#1367]
• valgrind clean for analyzer end to end test [#1387]
• flush flags change to new namespace, add code enabling easy use of sinsp_threadinfo in std::set/map [#1395]
• add friend class for unit testing [#1406]

0.25

New features

• Support Linux 5.0
  • Redefine asm_volatile_goto needed for 5.0 kernels (#1332)
  • Update for change to access_ok in Linux 5.0 (#1302)
• CRI container runtime support
  • runtimeSpec.linux returned by containerd is an object, not an array (#1343)
  • Fix gRPC build with gcc 7 (#1322)
  • CRI-O container support (#1310)
  • Fix check for Docker pause containers [SMAGENT-1305] (#1306)
  • Detect CRI pod sandbox containers (#1297)
  • Container Runtime Interface support (#1277)
• Prebuilt probes
  • Prebuild minikube kernel modules (#1294)
  • Build probe modification to include Fedora-Atomic. [SMAGENT-1251] (#1293)

Bug fixes

• Fix for newer versions of LXC not being detected (#1345)
• Build fixes
  • [SMAGENT-1433] pull legacy GCC artifacts from local cache as debian no longer supports (#1342)
  • Use TBB_INCLUDE_DIR for consistency w/ falco agent (#1329)
  • SMAGENT-1297: Rebuild gcc-plugins before building kernel module (#1305)
  • Modified BPF probe builder (#1301)
• Stability fixes
  • Call set*ent() before reading the user/group NSS database (#1341)
  • Properly initialize default settings for tracers (#1339)
  • Fix bpf ptrace filler (#1338)
  • Fix potential memory leak in libelf (#1337)
  • Fix case where fclose could be called twice. (#1330)
  • Handle mmap failure gracefully (#1324)

Internal changes

• Add stream event details in csysdig output (#1335)
• SMAGENT-1400: Make sinsp_logger thread-safe (#1333)
• Never drop socket syscalls to ensure we have fdinfo for subsequent binds. SMAGENT-1270 (#1312)
• Infer fd info for sendto system call [SMAGENT-1282] (#1304)
• Async framework base [SMAGENT-1247] (#1303)
• Handle events for unknown threads after scap start [SMAGENT-1082] (#1296)
• Add ability to print filtercheck field names only (#1288)