v1.4.9

Changelog

• 3dee887 Merge pull request #1924 from kubearmor/fix-operator-bug-dec-24
• 13213a5 fix relay elasticsearch secret bug
• d6a6314 ca support
• e9a601e fix issues
• 1dba939 update operator to support elastic adaptor
• 96b0ad7 Merge pull request #1923 from rksharma95/fix-string-array-cast-issue
• 45be037 fix recommond policy typo
• a484a96 cast arguments data conditionally on type
• 2691fa2 Merge pull request #1862 from tesla59/tesla/non-k8s/dynamic-config
• 435cafc Merge branch 'main' into tesla/non-k8s/dynamic-config
• 6306430 core(unchestratedupdates): dynamically update host visibility
• b93b789 config: remove redundant assignment of DefaultPostureLogs
• 1f884a8 core: update HostSecurity Policy dynamically in unorchaestrated mode
• 0722c24 config: move EnforcerAlerts and DefaultPostureLogs to dynamic config
• db299d2 core: (unorchestratedUpdates) update alert and throttling configs with other dynamic configs
• 6ba254b core: validate posture and visiblity before dynamically loading
• 3880c40 core: update visbility dynamically
• 947b3eb core: move configWatcher to WatchConfigChanges()
• d3d0e70 config: reload global config when config file is updated

v1.4.8

Changelog

• 6bd41e2 Merge pull request #1917 from rksharma95/redhat-container-label
• a3bfce3 add maintainer label to all container images
• c472718 Merge pull request #1915 from daemon1024/apparmor-cleanup-graceful
• 98bc591 feat(apparmor/host): cleanup profiles on gracefult termination

v1.4.7

Changelog

• dc0bb33 Merge pull request #1916 from rksharma95/feat-recommend-csp
• 863a0be add excludePolicy list support
• 34412f8 add recommended policies feature to operator
• 410ea7a Merge pull request #1909 from DelusionalOptimist/chore/latest-release-timeout
• 537460d chore: only smoke test and increase timeout for ci-latest-release
• 61a9884 chore: update stable release to v1.4.6

v1.4.6

Changelog

• 6642be5 Merge pull request #1908 from DelusionalOptimist/feat/host-policy-diff
• 86241f1 feat: diff host policy before apply
• 67cde68 Merge pull request #1883 from Prateeknandle/deadlock
• e95305e fix: race condition by ensuring goroutine completes writing to stdin before going further
• 547d9c7 Enhancement : reducing locks coverage

v1.4.5

What's Changed

• fix(apparmor): add dbus to baseline apparmor host/privileged profile by @daemon1024 in #1907

Full Changelog: v1.4.4...v1.4.5

v1.4.4

What's Changed

• Update STABLE-RELEASE to v1.4.3 by @daemon1024 in #1864
• update ossf scorecard action for repository ruleset by @daemon1024 in #1870
• add filelessexec script, build binaries at build-time by @rksharma95 in #1873
• Fuzzer for ContainerPolicy by @prady0t in #1875
• Adding fuzzer for HostPolicy by @prady0t in #1872
• revert(multiubuntu): hotpatch back to 18:04 till tests are migrated by @daemon1024 in #1882
• Config file for oss-fuzz integration by @prady0t in #1877
• fix(ebpf): set min kernel version that handle 1 million instructions to support cwd and throttling by @Prateeknandle in #1863
• fix(apparmor/host): sanitise profile name for from-source policy by @daemon1024 in #1884
• Enabling BPFLSM based KSP protection on Kubearmor itself by @daemon1024 in #1831
• fix(apparmor): clone non conflicting proc rules to from source subprofiles by @daemon1024 in #1885
• fix(monitor): system monitor loading issue with clang-llvm 18 by @rksharma95 in #1897
• fix(operator): update relay env vars with initial config by @rksharma95 in #1893
• fix(throttling): differentiate throttling handling for audit behaviour based on enforcer by @Prateeknandle in #1898
• feat: set probe service health by @DelusionalOptimist in #1903

New Contributors

• @prady0t made their first contribution in #1875

Full Changelog: v1.4.3...v1.4.4

v1.4.3

What's Changed

• refactor(operator): remove config empty check by @carlosrodfern in #1841

Full Changelog: v1.4.2...v1.4.3

v1.4.2

What's Changed

• chore: Update stable release to v1.4.1 by @DelusionalOptimist in #1845
• feat(operator): allow to set log level by @carlosrodfern in #1849
• feat(tests): Calculate coverage via codecov for k8s mode by @navin772 in #1847
• fix: untracked ns by @Aryan-sharma11 in #1853
• fix: Update relay clusterrole to watch pods by @anurag-rajawat in #1805
• enabling alert throttling by default by @Prateeknandle in #1852
• fix(policymatcher): skip future matching in case block/audit matches by @daemon1024 in #1855
• fix: BPFLSM enforcer fails to load on newer kernels (6.8+) by @Aryan-sharma11 in #1856
• chore: update slack link by @DelusionalOptimist in #1860
• fix(policyMatcher): handling relative path resource by joining it with cwd by @Prateeknandle in #1859
• fix(apparmor/host): streamline host profile generation with container template generation by @daemon1024 in #1861

Full Changelog: v1.4.1...v1.4.2

v1.4.1

What's Changed

• Update STABLE-RELEASE to v1.4.0 by @daemon1024 in #1827
• fix(core): handle bpf as an exception for setting node annotations by @tesla59 in #1786
• [skip ci] Update Helm Chart To v1.4.0 by @github-actions in #1828
• Fixes bug #1787 non-k8s: KubeArmor panics when not-enabled policy type is received by @itsCheithanya in #1789
• fix: crio tests in CI by @Aryan-sharma11 in #1835
• fix(core): ensure only cluster policy is updated on new ns by @carlosrodfern in #1837

New Contributors

• @itsCheithanya made their first contribution in #1789
• @carlosrodfern made their first contribution in #1837

Full Changelog: v1.4.0...v1.4.1

v1.4.0

What's Changed

• [skip ci] Update Helm Chart To v1.3.4 by @github-actions in #1733
• fix(core) : updating owner info for job/cronjob controller by @Prateeknandle in #1748
• fix(core) : owner information in logs by @Prateeknandle in #1753
• chore(CI): static builds of KubeArmor in release archives by @DelusionalOptimist in #1756
• chore(CI): publish KubeArmor tars to dockerhub by @DelusionalOptimist in #1764
• chore(deployment):update rbac rules for jobs/cronjobs for kubearmor clusterRole by @Prateeknandle in #1762
• fix(operator): fix tls rotation logic for controller by @rksharma95 in #1757
• doc(Security): Kubearmor security enhancement doc by @rksharma95 in #1778
• feat : Alert Throttling by @Prateeknandle in #1723
• fix(docs): Update KubeArmor VM/Bare-metal docs according to new conventions by @navin772 in #1777
• feat(security): Refine hostPaths/capabilities in deployments and remove init container by @daemon1024 in #1658
• fix(core):patch apparmor annotations for cronjobs and updating rbac rules by @Prateeknandle in #1768
• chore : remove kernel headers mount if btf found with initDeploy = true by @Aryan-sharma11 in #1785
• fix(snitch): use DirectoryOrCreate for apparmor mount in Snitch by @daemon1024 in #1788
• feat:Adding support for KubeArmorClusterPolicy by @Prateeknandle in #1772
• hotfix(controller): don't exit controller on reconciler failure for hsp and csp by @daemon1024 in #1799
• chore: workaround for login with PAT by @DelusionalOptimist in #1800
• fix(helm): quote configmap values by @tesla59 in #1795
• fix: use custom action for pushing charts by @DelusionalOptimist in #1802
• fix(logs): reset eventChan everytime KarmorLogStart() is called by @navin772 in #1798
• fix: pass PAT as env var for gh-cli by @DelusionalOptimist in #1804
• docs: updated the main diagram & updater script by @nyrahul in #1806
• fix(core):timeout when host & cluster security policies crds are not found by @Prateeknandle in #1803
• fix(apparmor): reenable profile after parsing to make whitelisties work by @daemon1024 in #1808
• fix: default posture logs for system generated permission denied events by @Aryan-sharma11 in #1809
• fix(operator): controller image updation issue by @rksharma95 in #1801
• remove kustomize binary from the repo by @kranurag7 in #1810
• fix: ksp test failure in latest CI by @Aryan-sharma11 in #1821
• Fix hyperlink in hardening guide by @SD-13 in #1752
• add multienforcer controller by @rksharma95 in #1335
• fix(helm): create release in charts repo stable release updates by @daemon1024 in #1826

New Contributors

• @navin772 made their first contribution in #1777
• @SD-13 made their first contribution in #1752

Full Changelog: v1.3.8...v1.4.0