Serverless Agent Release Notes
For Installation and Upgrade steps, see AWS Fargate Serverless Agents.
4.3.1 Dec 05, 2023
Defect Fixes
Improved Agent Logging
- Debugging information related to a process crashing from a fatal signal will now only be logged if the process indeed crashes due to the signal.
- Reduced the verbosity of repeated log messages from the Workload Agent.
- Silenced unnecessary error logs from the Orchestrator Agent.
Vulnerabilities
Fixed the following vulnerabilities for the Orchestrator Agent:
- CVE-2023-38545
- CVE-2023-44487
- CVE-2023-27536
- CVE-2023-29491
- CVE-2023-36054
- CVE-2023-39975
- CVE-2021-43618
- CVE-2023-27533
- CVE-2023-27534
- CVE-2023-27538
- CVE-2023-29499
- CVE-2023-32611
- CVE-2023-32665
- CVE-2023-38546
- CVE-2023-4016
- CVE-2023-4641
Fixed the following vulnerabilities in the Serverless Patcher:
- CVE-2023-38545
- CVE-2021-42694
- CVE-2018-19211
- CVE-2018-19217
- CVE-2018-20657
- CVE-2019-14250
- CVE-2020-19185
- CVE-2020-19186
- CVE-2020-19187
- CVE-2020-19188
- CVE-2020-19189
- CVE-2020-19190
- CVE-2021-39537
4.3.0 Hotfix Nov 08, 2023
This hotfix updated the CloudFormation template, orchestrator-agent.yaml
, to include default values for autoscaling. When autoscaling is disabled, the autoscaling parameters now default to 0
.
4.3.0 Oct 27, 2023
End of Life
The stack serverless-instrumentation.yaml
and the related container image quay.io/sysdig/serverless-instrumentation
reached EOL and are no longer supported.
New Features
Orchestrator Agent Performance Improvements
The performance and stability of the Orchestrator agent have been improved and the Orchestrator is now capable of maintaining up to 3000 Workload agents.
Support for Auto Scaling
Target Tracking configuration is available in Orchestrator CloudFormation template and Terraform Provider for handling target scaling.
Process tree
Process lineage will be available for every event and is enabled by default starting from this version of the serverless agent. The process tree will be visible in the Events detail pane for events related to workloads that are triggered from that point on.
Defect Fixes
Workload Agent Stability Improvements
Fixed Workload Agent stability issues associated with given workloads.
Workload Agent Logging Improvements
Improve readability and separation of information and error level logging.
Vulnerabilities
Fixed the following vulnerabilities with the Orchestrator agent:
4.2.2 Oct 19, 2023
Defect Fixes
Vulnerabilities
Fixed the following vulnerabilities in the Orchestrator Agent:
- CVE-2023-38545
- CVE-2023-4911
- CVE-2023-2603
- CVE-2023-4527
- CVE-2023-4806
- CVE-2023-4813
- CVE-2023-2602
- CVE-2023-38546
Fixed the following vulnerabilities in the Serverless Patcher:
- CVE-2023-38545
- CVE-2023-44487
- CVE-2023-4911
- CVE-2021-35937
- CVE-2021-35938
- CVE-2021-35939
- CVE-2021-3997
- CVE-2023-2603
- CVE-2023-27536
- CVE-2023-28321
- CVE-2023-28484
- CVE-2023-29469
- CVE-2023-29491
- CVE-2023-30571
- CVE-2023-36054
- CVE-2023-39615
- CVE-2023-39975
- CVE-2023-4527
- CVE-2023-45853
- CVE-2023-4806
- CVE-2023-4813
- CVE-2021-43618
- CVE-2022-29458
- CVE-2022-48554
- CVE-2023-2602
- CVE-2023-27533
- CVE-2023-27534
- CVE-2023-27538
- CVE-2023-28322
- CVE-2023-29499
- CVE-2023-2953
- CVE-2023-2975
- CVE-2023-32611
- CVE-2023-32636
- CVE-2023-32665
- CVE-2023-3446
- CVE-2023-3817
- CVE-2023-38546
- CVE-2023-4016
- CVE-2023-4156
Improved Workload Instrumentation Stability with Highly Threaded Workloads
Fixed crashes in workload processes with a large number of threads.
4.2.1 Sep 7, 2023
Defect Fixes
Ensured Workload Instrumentation Handles Signals Consistently
Improved workload instrumentation performance by ensuring the stack pointer always points to a valid stack area, as required by signal handlers.
Vulnerabilities
Fixed the following vulnerabilities with the orchestrator agent:
- CVE-2023-30079
- CVE-2023-22652
- CVE-2023-28321
- CVE-2023-28484
- CVE-2023-29469
- CVE-2023-34969
- CVE-2023-28322
Fixed the following vulnerabilities with the serverless instrumentation:
- CVE-2023-28321
- CVE-2023-28484
- CVE-2023-29469
- CVE-2023-28322
4.2.0 Aug 1, 2023
Defect Fixes
Ensured Graceful Termination of the Instrumented Workload
The runtime instrumentation ensures the graceful termination of the instrumented workload when the container receives a termination signal (SIGTERM
).
Improved Workload Agent Stability
The workload agent no longer fails to handle the syscall bpf(2)
.
Vulnerabilities
Fixed the following vulnerabilities with the orchestrator agent:
- CVE-2018-20839
- CVE-2019-12904
- CVE-2019-17543
- CVE-2020-17049
- CVE-2020-24736
- CVE-2021-39537
- CVE-2021-42694
- CVE-2022-23990
- CVE-2023-1667
- CVE-2023-2253
- CVE-2023-2283
- CVE-2023-26604
Fixed the following vulnerabilities with the serverless patcher:
- CVE-2018-20839
- CVE-2019-12904
- CVE-2019-17543
- CVE-2020-17049
- CVE-2020-24736
- CVE-2021-39537
- CVE-2021-42694
- CVE-2023-0361
- CVE-2023-1667
- CVE-2023-2253
- CVE-2023-2283
- CVE-2023-26604
- CVE-2023-27535
Fixed the following vulnerabilities with the serverless instrumentation:
- CVE-2018-20839
- CVE-2019-12904
- CVE-2019-17543
- CVE-2020-17049
- CVE-2020-24736
- CVE-2021-39537
- CVE-2021-42694
- CVE-2022-23990
- CVE-2023-1667
- CVE-2023-2283
- CVE-2023-24329
- CVE-2023-26604
- CVE-2023-34969
4.1.2 Jun 1, 2023
Defect Fixes
Vulnerabilities
Fixed the following vulnerabilities with the orchestrator agent:
- CVE-2023-27535
- CVE-2023-24329
- CVE-2022-43552
- CVE-2022-35252
- CVE-2019-20916
Fixed the following vulnerabilities with the serverless instrumentation:
- CVE-2023-27535
- CVE-2022-43552
- CVE-2022-35252
Improved Workload Agent Stability
The workload agent no longer fails to handle the capset
syscall.
Improved Orchestrator Agent Secure Features
The orchestrator agent no longer fails to start when the collector enables falcobaseline
.
4.1.1 May 15, 2023
Defect Fixes
Vulnerabilities
Fixed the following vulnerabilities with the serverless patcher:
- CVE-2023-28840
- CVE-2023-28841
- CVE-2023-28842
4.1.0 May 2, 2023
Cross-Compatibility
The orchestrator agent 4.1.0 is compatible with the workload agent 4.0.0 and vice versa.
New Features
Disable AWS ContainerInsights
The CloudFormation templates orchestrator-agent.yaml
and serverless-instrumentation.yaml
support disabling Container Insights.
Defect Fixes
Fixed Captures
Captures no longer fail to start and complete.
Kilt Recipe/Definition Customization
The Kilt Recipe/Definition in the instrumentation.yaml
can now be customized.
Vulnerabilities
Fixed the following vulnerabilities with the orchestrator agent:
- CVE-2022-41723
- CVE-2023-0286
Fixed the following vulnerabilities with the serverless patcher:
- CVE-2023-0286
Fixed the following vulnerabilities with the serverless instrumentation:
- CVE-2023-24329
- CVE-2023-0286
4.0.0 February 10, 2023
End of Life
The local installer used to deploy the instrumentation stack is no longer supported.
Deprecation Notice
The CloudFormation template serverless-instrumentation.yaml
has been deprecated.
New Features
Serverless Patcher
The Serverless Agent 4.0.0 provides serverless-patcher, a new containerized template patcher that can run locally and be integrated into CI/CD pipelines.
Addedinstrumentation.yaml
to the CloudFormation Template
The Serverless Agent 4.0.0 provides instrumentation.yaml
, a new CloudFormation template to deploy the automation to instrument (that is, to patch) templates on Cloud.
SecretsManager Support for the Orchestrator Agent
Secrets like the Access Key and the Proxy Password can now be automatically fetched and provided to the orchestrator agent at deployment time.
Custom CA Certificates Support for the Orchestrator Agent
The orchestrator agent supports the uploading of custom CA(certificate authority) certificates. That allows for the SSL(Secure Sockets Layer) certificate verification of OnPrem backends and proxies.
Improved Fine-Tuning of the Workload Agent Logs
Logs can be tuned and controlled at the fine-grained component level. This can avoid excessive logging from certain components, or enable extra logging from specific components for troubleshooting.
Defect Fixes
Runtime Instrumentation Exits
The runtime instrumentation now exits when the main process exits, thus avoiding waiting for other processes to finish and keeping the container alive.
Renamed Parameter in the orchestrator-agent.yaml
The Gateway
parameter has been renamed to NetworkType
in the orchestrator-agent.yaml
corresponding to the Cloud Formation Template.
Exact Image Tags
The CloudFormation stacks use exact tags now, instead of latest
.
Removed Redundant Wildcard Permissions
Redundant wildcard permissions have been removed from the TaskRole
of the orchestrator-agent.
SIGINT/SIGTERM Propagation
The runtime instrumentation propagates SIGINT
and SIGTERM
signals to the instrumented workload now.
Honor Log Silent Mode in the Workload Agent
The silent
log mode now prevents environment variables from being printed.
List Separator to OptIn/OptOut Containers to be/from being Instrumented
Colons (:
) are now required as list separators to OptIn/OptOut containers. Commas (,
) are no longer supported.
Example
In the TaskDefinition
, Tags
can be leveraged to explicitly instrument some containers of the task, or prevent a number of them from being instrumented.
For example, the following tag prevents myContainer1
and myContainer2
from being instrumented when the template
patching runs in OptOut
mode (default):
Tags:
- Name: "kilt-ignore-containers"
Value: "myContainer1:myContainer2"
Vulnerabilities
Fixed the following vulnerabilities with the orchestrator agent:
- CVE-2022-28948
- CVE-2022-47629
- CVE-2022-41721
Fixed the following vulnerabilities with the workload agent:
- CVE-2022-47629
3.0.5 December 07, 2022
Defect Fixes
Fixed the following vulnerabilities with the orchestrator agent:
- CVE-2014-6407
- CVE-2014-3499
- CVE-2014-9356
- CVE-2014-9357
- CVE-2015-3627
- CVE-2022-32149
- CVE-2022-42898
Fixed the following vulnerabilities with the workload agent:
- CVE-2021-42836
- CVE-2021-42248
Fixed the following vulnerabilities with the serverless instrumentation:
- CVE-2022-42898
3.0.4 November 17, 2022
Defect Fixes
Fixed Tag Value Reference Failure
The Instrumentation Lambda in the CloudFormation stack no longer fails when the workload to be instrumented contains references for tags values.
Reduced Broad Stack Permissions
Permissions were reduced in the CloudFormation stack.
Fixed Proxy Password Obfuscation Failure
Orchestrator and Instrumentation logs no longer contain plaintext proxy passwords.
3.0.3 September 19, 2022
New Feature
Added task label to the metric serverlessdragent.workload_agent.count
to enable grouping multiple containers in a single task.
3.0.2 September 02, 2022
Defect Fixes
Prevented Workload Starvation
The instrumentation can now start the workload even if security policies are not in place.
The easily configure the starting policy, see configure workload starting policy.
Fixed Workload-starvation-detection Watchdog
Instrumentation watchdog no longer needs to be configured via the watchdog.sinsp_worker_timeout_s
parameter.
Fixed the /proc
Scan Failure
Instrumentation /proc
scan no longer fails when the Systems Manager Agent (SSM Agent) runs as root and the instrumented task runs as non-root user.
New Instrumentation Logging Level Parameter
The instrumentation logging level can now be easily configured via a new parameter exposed in the Instrumentation stack.
3.0.1 June 30, 2022
Defect Fixes
Updated Log Levels
The instrumentation logger for the Fargate Serverless Agent can now be configured to the following log levels:
silent
error
warning
info
debug
trace
See Manage Serverless Agent Logs for more information.
3.0.0 June 17, 2022
Defect Fixes
Fixed DEBUG Logging Error
The instrumented task should no longer be blocked from starting when using DEBUG
logging with log-forwarding enabled, and better error messages have been added for failures when log-forwarding.
Fixed Termination Error
Instrumentation tasks now terminate correctly on fatal errors and trigger the Elastic Container Service (ECS) restart policy.
Cleaned Up Serverless Agent Metadata
Redundancies in the serverless agent metadata, including labels and tags, were corrected:
- AWS-related metadata are grouped below
aws.*
tags - Container-related metadata are grouped below
container.*
tags - Custom tags are grouped below
agent.*
tags
New Features
New Container-Based Installer
The Serverless Agent 3.0.0 provides a new container-based installer to simplify the deployment of the instrumentation and orchestration stacks. Serverless Agent 3.0.0 also supports the existing command-line-based installer.
See AWS Fargate Serverless Agents.
Instrumentation Logs Format
The Serverless Agent 3.0.0 supports both the json
and text
format for the forwarded instrumentation logs.
See also Manage Serverless Agent Logs.
2.3.0 March 15, 2022
Defect Fixes
Container Metadata Now Automatically Provided to Avoid Errors
The following metadata values are now automatically passed by serverless agents:
- container.image.repo*
- container.image.tag**
- container.image.digest**
- container.image.id*
*
value is always provided in same way
**
value depends on how the image is referred to when deploying the instrumented container. For example, repo:tag
vs
repo@digest
.
Example
:latest
When specifying an image such as falcosecurity/event-generator:latest
the metadata configuration is:
- container.image.repo = falcosecurity/event-generator
- container.image.tag = latest
- container.image.digest = null
- container.image.id = sha256:aaabbbcccddd
:named image
When specifying an image such asfalcosecurity/event-generator@sha256:aaabbbcccddd
the metadata configuration is:
- container.image.repo = falcosecurity/event-generator
- container.image.tag = null
- container.image.digest = sha256:aaabbbcccddd
- container.image.id = sha256:aaabbbcccddd
Fixed Display Problem in Insights Composite View for Fargate Events
Secure events from the Fargate serverless agent are now correctly labeled with Account ID and Region, allowing them be grouped correctly in the Insights Composite view.
Fixed Occasional Problem with Starting Instrumented Tasks
Added retry and fallback logic to avoid restarts when a log-forwarding endpoint isn’t present.
Manual Instrumentation of Workload Agents
Improved documentation for manual instrumentation of workload agents, including handling logs.
2021 Archive
2021 Archive of Sysdig Serverless Agent release notes.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.