Serverless Agent Release Notes

For Installation and Upgrade steps, see AWS Fargate Serverless Agents.

3.0.5 December 07, 2022

Defect Fixes

Fixed the following vulnerabilities with the orchestrator agent:

  • CVE-2014-6407
  • CVE-2014-3499
  • CVE-2014-9356
  • CVE-2014-9357
  • CVE-2015-3627
  • CVE-2022-32149
  • CVE-2022-42898

Fixed the following vulnerabilities with the workload agent:

  • CVE-2021-42836
  • CVE-2021-42248

Fixed the following vulnerabilities with the serverless instrumentation:

  • CVE-2022-42898

3.0.4 November 17, 2022

Defect Fixes

Tag Value Reference Failure Fixed

The Instrumentation Lambda in the CloudFormation stack no longer fails when the workload to be instrumented contains references for tags’ values.

Broad Stack Permissions Reduced

Permissions were reduced in the CloudFormation stack.

Proxy Password Obfuscation Failure Fixed

Orchestrator and Instrumentation logs no longer contain plaintext proxy passwords.

3.0.3 September 19, 2022

New Feature

Added task label to the metric serverlessdragent.workload_agent.count to enable grouping multiple containers in a single task.

3.0.2 September 02, 2022

Defect Fixes

Fixed Preventing Workload Starting if no Policies in Place

To avoid workload starvation, the instrumentation can now start the workload if security policies are not in place.

The workload starting policy can be easily configured, see Configure workload starting policy.

Fixed Workload-starvation-detection Watchdog

Instrumentation watchdog no longer needs to be configured via the watchdog.sinsp_worker_timeout_s parameter.

Fixed /proc Scan Failure

Instrumentation /proc scan no longer fails when the SSM Agent runs as root and the instrumented task runs as non-root user.

New Instrumentation Logging Level Parameter

The instrumentation logging level can now be easily configured via a new parameter exposed in the Instrumentation stack.

3.0.1 June 30, 2022

Defect Fixes

Log Levels Updated

The instrumentation logger for the Fargate Serverless Agent can now be configured to the following log levels:

  • silent
  • error
  • warning
  • info
  • debug
  • trace

See also: Manage Serverless Agent Logs

3.0.0 June 17, 2022

Defect Fixes

Fixed DEBUG Logging Error

The instrumented task should no longer be blocked from starting when using DEBUG logging with log-forwarding enabled, and better error messages have been added for failures when log forwarding.

Fixed Termination Error

Instrumentation tasks now terminate correctly on fatal errors and trigger the ECS restart policy.

Cleaned Up Serverless Agent Metadata

Redundancies in the serverless agent metadata (labels and tags) were corrected:

  • AWS-related metadata are grouped below aws.* tags
  • Container-related metadata are grouped below container.* tags
  • Custom tags are grouped below agent.* tags

New Features

New Container-Based Installer

The Serverless Agent 3.0.0 provides a new container-based installer to simplify the deployment of the instrumentation & orchestration stacks. (Serverless Agent 3.0.0 supports the existing command-line-based installer as well.) See also: AWS Fargate Serverless Agents.

Instrumentation Logs Format

The Serverless Agent 3.0.0 supports both the json and text format for the forwarded instrumentation logs. See also Manage Serverless Agent Logs.

2.3.0 March 15, 2022

Defect Fixes

Container Metadata Now Automatically Provided to Avoid Errors

The following metadata values are now automatically passed by serverless agents:

- container.image.repo*
- container.image.tag**
- container.image.digest**

*value is always provided in same way **value depends on how the image is referred to when deploying the instrumented container, i.e. repo:tag vs repo@digest.


:latest When specifying an image such as falcosecurity/event-generator:latest the metadata configuration =:

- container.image.repo = falcosecurity/event-generator
- container.image.tag = latest
- container.image.digest = null
- = sha256:aaabbbcccddd

:named image When specifying an image such asfalcosecurity/event-generator@sha256:aaabbbcccddd the metadata configuration =:

- container.image.repo = falcosecurity/event-generator
- container.image.tag = null
- container.image.digest = sha256:aaabbbcccddd
- = sha256:aaabbbcccddd

Fixed Display Problem in Insights Composite View for Fargate Events

Secure events from the Fargate serverless agent are now correctly labeled with Account ID and Region, allowiing them be grouped correctly in the Insights Composite view.

Fixed Occasional Problem with Starting Instrumented Tasks

Added retry and fallback logic to avoid restarts when a log-forwarding endpoint isn’t present.

Manual Instrumentation of Workload Agents

Improved documentation for manual instrumentation of workload agents, including handling logs.

Topics in This Section
2021 Archive

2021 Archive of Sysdig Serverless Agent release notes.