Today we announce the release of Falco 0.31.1 🦅!
Let's review some of the highlights of the new release.
This release allows you to use multiple
--cri command-line options (#1893) to specify multiple CRI socket paths. Note that Falco will only connect to the first one in order that successfully connects!
Speaking of command-line options, various changes are happening under the hood to improve the online help and to make it easier for contributors to add and modify options (#1886 #1903 #1915).
The update to the drivers version b7eb0dd brings in many improvements including proper detection of execveat, bugfixes for podman and support for the clone3 and copy_file_range system calls. In addition, the necessary extra arguments to entry system calls have been added to improve security of Falco event parsing as described below.
Security Content 🔒
Falco is now more resilient to TOCTOU type attacks that could lead to rule bypass (CVE-2022-26316). For more information, read the security advisory. Thanks to Xiaofei 'Rex' Guo and Junyuan Zeng for reporting this issue!
Default rules update
This release also includes modifications to the default ruleset, including a brand new rule to detect CVE-2021-4034 (Polkit Local Privilege Escalation) and false positive fixes (#1825, #1832)!
As usual, in case you just want to try out the stable Falco 0.31.1, you can install its packages following the process outlined in the docs:
Do you rather prefer using the container images? No problem at all! 🐳
You can read more about running Falco with Docker in the docs.
You can also find the Falcosecurity container images on the public AWS ECR gallery:
What's next 🔮
Falco 0.32.0 is anticipated to be released in May 2022!
As usual, the final release date will be discussed during the Falco Community Calls.
Let's meet 🤝
As always, we meet every week in our community calls, if you want to know the latest and the greatest you should join us there!
If you have any questions
- Join the #falco channel on the Kubernetes Slack
- Join the Falco mailing list
Thanks to all the amazing contributors!