2022 Archive

2022 Archive of Sysdig Serverless Agent release notes.

3.0.5 December 07, 2022

Defect Fixes

Fixed the following vulnerabilities with the orchestrator agent:

  • CVE-2014-6407
  • CVE-2014-3499
  • CVE-2014-9356
  • CVE-2014-9357
  • CVE-2015-3627
  • CVE-2022-32149
  • CVE-2022-42898

Fixed the following vulnerabilities with the workload agent:

  • CVE-2021-42836
  • CVE-2021-42248

Fixed the following vulnerabilities with the serverless instrumentation:

  • CVE-2022-42898

3.0.4 November 17, 2022

Defect Fixes

Fixed Tag Value Reference Failure

The Instrumentation Lambda in the CloudFormation stack no longer fails when the workload to be instrumented contains references for tags values.

Reduced Broad Stack Permissions

Permissions were reduced in the CloudFormation stack.

Fixed Proxy Password Obfuscation Failure

Orchestrator and Instrumentation logs no longer contain plaintext proxy passwords.

3.0.3 September 19, 2022

New Feature

Added task label to the metric serverlessdragent.workload_agent.count to enable grouping multiple containers in a single task.

3.0.2 September 02, 2022

Defect Fixes

Prevented Workload Starvation

The instrumentation can now start the workload even if security policies are not in place.

To configure the starting policy, see configure workload starting policy.

Fixed Workload-starvation-detection Watchdog

Instrumentation watchdog no longer needs to be configured via the watchdog.sinsp_worker_timeout_s parameter.

Fixed the /proc Scan Failure

Instrumentation /proc scan no longer fails when the Systems Manager Agent (SSM Agent) runs as root and the instrumented task runs as non-root user.

New Instrumentation Logging Level Parameter

The instrumentation logging level can now be easily configured via a new parameter exposed in the Instrumentation stack.

3.0.1 June 30, 2022

Defect Fixes

Updated Log Levels

The instrumentation logger for the Fargate Serverless Agent can now be configured to the following log levels:

  • silent
  • error
  • warning
  • info
  • debug
  • trace

3.0.0 June 17, 2022

Defect Fixes

Fixed DEBUG Logging Error

The instrumented task should no longer be blocked from starting when using DEBUG logging with log-forwarding enabled, and better error messages have been added for failures when log-forwarding.

Fixed Termination Error

Instrumentation tasks now terminate correctly on fatal errors and trigger the Elastic Container Service (ECS) restart policy.

Cleaned Up Serverless Agent Metadata

Redundancies in the serverless agent metadata, including labels and tags, were corrected:

  • AWS-related metadata are grouped below aws.* tags
  • Container-related metadata are grouped below container.* tags
  • Custom tags are grouped below agent.* tags

New Features

New Container-Based Installer

The Serverless Agent 3.0.0 provides a new container-based installer to simplify the deployment of the instrumentation and orchestration stacks. Serverless Agent 3.0.0 also supports the existing command-line-based installer.

See AWS Fargate Serverless Agents.

Instrumentation Logs Format

The Serverless Agent 3.0.0 supports both the json and text format for the forwarded instrumentation logs.

See Manage Serverless Agent Logs for more information.

2.3.0 March 15, 2022

Defect Fixes

Container Metadata Now Automatically Provided to Avoid Errors

The following metadata values are now automatically passed by serverless agents:

- container.image.repo*
- container.image.tag**
- container.image.digest**
- container.image.id*

* value is always provided in same way

** value depends on how the image is referred to when deploying the instrumented container. For example, repo:tag vs repo@digest.

Example

:latest

When specifying an image such as falcosecurity/event-generator:latest the metadata configuration is:

- container.image.repo = falcosecurity/event-generator
- container.image.tag = latest
- container.image.digest = null
- container.image.id = sha256:aaabbbcccddd

:named image

When specifying an image such asfalcosecurity/event-generator@sha256:aaabbbcccddd the metadata configuration is:

- container.image.repo = falcosecurity/event-generator
- container.image.tag = null
- container.image.digest = sha256:aaabbbcccddd
- container.image.id = sha256:aaabbbcccddd

Fixed Display Problem in Insights Composite View for Fargate Events

Secure events from the Fargate serverless agent are now correctly labeled with Account ID and Region, allowing them be grouped correctly in the Insights Composite view.

Fixed Occasional Problem with Starting Instrumented Tasks

Added retry and fallback logic to avoid restarts when a log-forwarding endpoint isn’t present.

Manual Instrumentation of Workload Agents

Improved documentation for manual instrumentation of workload agents, including handling logs.