Serverless Agent Release Notes
For installation and upgrade steps, see Serverless Agents.
Serverless Agent 5.2.1 November 25, 2024
Defect Fixes
- The workload agent starts properly when the instrumented containers include multiple EFS mount points
- Fixed the Ring buffer corruption issues
- Fixed issues in multithreaded processes on ARM64
Vulnerability Fixes
Addressed the following vulnerabilities in the Orchestrator Agent:
- CVE-2024-3596
- CVE-2023-5363
- CVE-2024-26462
- CVE-2024-50602
- CVE-2024-6119
- CVE-2024-6232
- CVE-2024-8088
- CVE-2023-2975
- CVE-2023-3446
- CVE-2023-3817
- CVE-2023-5678
- CVE-2023-6129
- CVE-2023-6237
- CVE-2024-0727
- CVE-2024-2511
- CVE-2024-26458
- CVE-2024-26461
- CVE-2024-4603
- CVE-2024-4741
- CVE-2024-5535
Serverless Agent 5.2.0 October 28, 2024
Enhancements
Controlled Availability for Graviton (ARM64) Support
Users running Gravition workloads in ECS Fargate can now secure them with the Serverless Agent. Contact your Sysdig representative to enroll.
Multi-Arch Manifest List
The Serverless Agent is now distributed via a manifest list and it includes images for both x86_64
and arm64
architectures.
Serverless Patcher 5.2.0 October 23, 2024
Multi-Arch Manifest List
The serverless-patcher is now distributed via a manifest list and it includes images for both x86_64
and arm64
architectures.
Serverless Agent 5.1.1 October 14, 2024
Defect Fixes
- Resolved an intermittent ring buffer issue that could lead to unexpected task shutdowns.
- Fixed occasional startup delays caused by timing issues when fetching task metadata.
Serverless Patcher 5.1.1 September 20, 2024
This release updates only the Serverless Patcher to address the vulnerabilities.
Defect Fixes
Vulnerability Fixes
Addressed the following vulnerabilities:
Serverless Agent 5.1.0 September 18, 2024
This release updates the Serverless Agent and the CloudFormation templates.
Feature Enhancements
- Added support for DNS detection in runtime workload policies.
- Optimized CPU and memory usage for more efficient instrumentation of short-lived binaries.
- Increased robustness in handling invalid memory references passed as system call arguments.
Defect Fixes
- Reduced memory consumption during instrumentation when handling fatal signals from workloads.
- Resolved occasional stack pointer corruption when creating new threads.
- Fixed an issue that prevented the workload agent from starting correctly when the workload image working directory had restricted permissions.
Vulnerability Fixes
Addressed the following vulnerabilities:
orchestrator-agent
workload-agent
Serverless Patcher 5.1.0 August 19, 2024
This release updates only the Serverless Patcher to address the vulnerabilities.
Defect Fixes
Vulnerability Fixes
Addressed the following vulnerability:
Serverless Agent 5.0.2 June 25, 2024
Feature Enhancements
Enhanced Process Logging
Process logging has been improved to reduce the memory usage. The agent now retains only the latest fatal log while discarding the previous ones. This bounds the potential memory used for crash logs and expresses the intent better, since if multiple fatal signals were received, the earlier ones weren’t actually fatal but handled by the process.
Previously, all fatal signals for a process generated detailed reports with stack trace and memory map when the process was terminated because of the signal. This caused potentially unbounded memory growth because all the logs in memory were stored to log them when the process exited.
Improved Memory Usage
Reduced memory usage in the binpatch performance library.
Defect Fixes
- Fixed missing process information for processes where the clone or fork event was missing. The max_n_proc_lookups parameter controls the maximum number of proc filesystem lookups performed. This change sets it to -1, meaning that no limit is applied to the number of proc scans. Previously, it was set to 1, meaning that only a single scan was allowed.
- The
memdump.size
setting was ignored in previous versions, leading to potentially excessive memory consumption up to 300 MB. The setting works as expected now, and the default is changed to 32 MB. - Addressed a defect in which the event Process Tree fields were missing data.
Vulnerability Fixes
Addressed the following vulnerabilities:
Serverless Agent 5.0.1 June 07, 2024
Defect Fixes
- Improved performance in terms of CPU and memory usage for processing policy updates
- Fixed excessive memory usage with workloads starting many child processes on musl-based images, such as Alpine Linux, and with Go applications
- Reduced memory usage in the binpatch performance library
Serverless Agent 5.0.0 April 08, 2024
Feature Enhancements
Changes to Deploying the Serverless Agent
To prioritize between
Security
andAvailability
in deployments, configurable Serverless Agent Priority Modes have been introduced. For more information, see Configure Priority Modes.To reduce the load on the Orchestrator Agent, the following changes are introduced:
- A single Workload Agent sidecar will now secure all containers within a task, whereas before each container would run its own Workload Agent.
- The Workload Agent now runs within the sidecar container with only the
pdig
instrumentation stack remaining in the workload container.
For this enhancements to work, your system requires one of the following:
- serverless-patcher v5.0.0 or above for CloudFormation template
- Terraform provider v1.23.3 or above
Availability of sysdig_serverless_agent_info
Serverless Agent now exposes the Prometheus metric, sysdig_serverless_agent_info
. This metric provides the following labels:
agent_type
container_id
serverless_account_id
serverless_cloud_vendor
serverless_cluster_id
serverless_task_id
serverless_version
Known Issues
The Workload Agent versions 4.2 and prior will not receive policies when connected to the Orchestrator v5.0.0.
For more information, see the Compatibility Matrix.
Defect Fixes
Vulnerability Fixes
Fixed the following vulnerabilities:
serverless-patcher
orchestrator-agent
- CVE-2021-35937
- CVE-2021-35938
- CVE-2021-35939
- CVE-2023-46218
- CVE-2023-5363
- CVE-2023-5981
- CVE-2023-7104
- CVE-2024-0553
- CVE-2024-0567
Serverless Agent 4.3.2 Hotfix Jan 12, 2024
This hotfix updated the CloudFormation template, orchestrator-agent.yaml
, to include default values for autoscaling. When autoscaling is disabled, the autoscaling parameters now default to 0
.
Serverless Agent 4.3.2 Jan 11, 2024
Defect Fixes
Improved Agent Error Logging
Enhanced error message clarity for cases where the Workload Agent fails to start the workload task.
Make signal handling more robust
Fixed an edge case in handling signals while running instrumentation code.
Improve ELF format compatibility
Fixed instrumentation crashes associated with specific workloads, such as Chromium webdriver, that occurred when loading ELF binaries with a particular structure.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.