2023 Archive
4.3.1 Dec 05, 2023
Defect Fixes
Improved Agent Logging
- Debugging information related to a process crashing from a fatal signal will now only be logged if the process indeed crashes due to the signal.
- Reduced the verbosity of repeated log messages from the Workload Agent.
- Silenced unnecessary error logs from the Orchestrator Agent.
Vulnerabilities
Fixed the following vulnerabilities for the Orchestrator Agent:
- CVE-2023-38545
- CVE-2023-44487
- CVE-2023-27536
- CVE-2023-29491
- CVE-2023-36054
- CVE-2023-39975
- CVE-2021-43618
- CVE-2023-27533
- CVE-2023-27534
- CVE-2023-27538
- CVE-2023-29499
- CVE-2023-32611
- CVE-2023-32665
- CVE-2023-38546
- CVE-2023-4016
- CVE-2023-4641
Fixed the following vulnerabilities in the Serverless Patcher:
- CVE-2023-38545
- CVE-2021-42694
- CVE-2018-19211
- CVE-2018-19217
- CVE-2018-20657
- CVE-2019-14250
- CVE-2020-19185
- CVE-2020-19186
- CVE-2020-19187
- CVE-2020-19188
- CVE-2020-19189
- CVE-2020-19190
- CVE-2021-39537
4.3.0 Hotfix Nov 08, 2023
This hotfix updated the CloudFormation template, orchestrator-agent.yaml, to include default values for autoscaling. When autoscaling is disabled, the autoscaling parameters now default to 0.
4.3.0 Oct 27, 2023
End of Life
The stack serverless-instrumentation.yaml and the related container image quay.io/sysdig/serverless-instrumentation reached EOL and are no longer supported.
New Features
Orchestrator Agent Performance Improvements
The performance and stability of the Orchestrator agent have been improved and the Orchestrator is now capable of maintaining up to 3000 Workload agents.
Support for Auto Scaling
Target Tracking configuration is available in Orchestrator CloudFormation template and Terraform Provider for handling target scaling.
Process tree
Process lineage will be available for every event and is enabled by default starting from this version of the serverless agent. The process tree will be visible in the Events detail pane for events related to workloads that are triggered from that point on.
Defect Fixes
Workload Agent Stability Improvements
Fixed Workload Agent stability issues associated with given workloads.
Workload Agent Logging Improvements
Improve readability and separation of information and error level logging.
Vulnerabilities
Fixed the following vulnerabilities with the Orchestrator agent:
4.2.2 Oct 19, 2023
Defect Fixes
Vulnerabilities
Fixed the following vulnerabilities in the Orchestrator Agent:
- CVE-2023-38545
- CVE-2023-4911
- CVE-2023-2603
- CVE-2023-4527
- CVE-2023-4806
- CVE-2023-4813
- CVE-2023-2602
- CVE-2023-38546
Fixed the following vulnerabilities in the Serverless Patcher:
- CVE-2023-38545
- CVE-2023-44487
- CVE-2023-4911
- CVE-2021-35937
- CVE-2021-35938
- CVE-2021-35939
- CVE-2021-3997
- CVE-2023-2603
- CVE-2023-27536
- CVE-2023-28321
- CVE-2023-28484
- CVE-2023-29469
- CVE-2023-29491
- CVE-2023-30571
- CVE-2023-36054
- CVE-2023-39615
- CVE-2023-39975
- CVE-2023-4527
- CVE-2023-45853
- CVE-2023-4806
- CVE-2023-4813
- CVE-2021-43618
- CVE-2022-29458
- CVE-2022-48554
- CVE-2023-2602
- CVE-2023-27533
- CVE-2023-27534
- CVE-2023-27538
- CVE-2023-28322
- CVE-2023-29499
- CVE-2023-2953
- CVE-2023-2975
- CVE-2023-32611
- CVE-2023-32636
- CVE-2023-32665
- CVE-2023-3446
- CVE-2023-3817
- CVE-2023-38546
- CVE-2023-4016
- CVE-2023-4156
Improved Workload Instrumentation Stability with Highly Threaded Workloads
Fixed crashes in workload processes with a large number of threads.
4.2.1 Sep 7, 2023
Defect Fixes
Ensured Workload Instrumentation Handles Signals Consistently
Improved workload instrumentation performance by ensuring the stack pointer always points to a valid stack area, as required by signal handlers.
Vulnerabilities
Fixed the following vulnerabilities with the orchestrator agent:
- CVE-2023-30079
- CVE-2023-22652
- CVE-2023-28321
- CVE-2023-28484
- CVE-2023-29469
- CVE-2023-34969
- CVE-2023-28322
Fixed the following vulnerabilities with the serverless instrumentation:
- CVE-2023-28321
- CVE-2023-28484
- CVE-2023-29469
- CVE-2023-28322
4.2.0 Aug 1, 2023
Defect Fixes
Ensured Graceful Termination of the Instrumented Workload
The runtime instrumentation ensures the graceful termination of the instrumented workload when the container receives a termination signal (SIGTERM).
Improved Workload Agent Stability
The workload agent no longer fails to handle the syscall bpf(2).
Vulnerabilities
Fixed the following vulnerabilities with the orchestrator agent:
- CVE-2018-20839
- CVE-2019-12904
- CVE-2019-17543
- CVE-2020-17049
- CVE-2020-24736
- CVE-2021-39537
- CVE-2021-42694
- CVE-2022-23990
- CVE-2023-1667
- CVE-2023-2253
- CVE-2023-2283
- CVE-2023-26604
Fixed the following vulnerabilities with the serverless patcher:
- CVE-2018-20839
- CVE-2019-12904
- CVE-2019-17543
- CVE-2020-17049
- CVE-2020-24736
- CVE-2021-39537
- CVE-2021-42694
- CVE-2023-0361
- CVE-2023-1667
- CVE-2023-2253
- CVE-2023-2283
- CVE-2023-26604
- CVE-2023-27535
Fixed the following vulnerabilities with the serverless instrumentation:
- CVE-2018-20839
- CVE-2019-12904
- CVE-2019-17543
- CVE-2020-17049
- CVE-2020-24736
- CVE-2021-39537
- CVE-2021-42694
- CVE-2022-23990
- CVE-2023-1667
- CVE-2023-2283
- CVE-2023-24329
- CVE-2023-26604
- CVE-2023-34969
4.1.2 Jun 1, 2023
Defect Fixes
Vulnerabilities
Fixed the following vulnerabilities with the orchestrator agent:
- CVE-2023-27535
- CVE-2023-24329
- CVE-2022-43552
- CVE-2022-35252
- CVE-2019-20916
Fixed the following vulnerabilities with the serverless instrumentation:
- CVE-2023-27535
- CVE-2022-43552
- CVE-2022-35252
Improved Workload Agent Stability
The workload agent no longer fails to handle the capset syscall.
Improved Orchestrator Agent Secure Features
The orchestrator agent no longer fails to start when the collector enables falcobaseline.
4.1.1 May 15, 2023
Defect Fixes
Vulnerabilities
Fixed the following vulnerabilities with the serverless patcher:
- CVE-2023-28840
- CVE-2023-28841
- CVE-2023-28842
4.1.0 May 2, 2023
Cross-Compatibility
The orchestrator agent 4.1.0 is compatible with the workload agent 4.0.0 and vice versa.
New Features
Disable AWS ContainerInsights
The CloudFormation templates orchestrator-agent.yaml and serverless-instrumentation.yaml support disabling Container Insights.
Defect Fixes
Fixed Captures
Captures no longer fail to start and complete.
Kilt Recipe/Definition Customization
The Kilt Recipe/Definition in the instrumentation.yaml can now be customized.
Vulnerabilities
Fixed the following vulnerabilities with the orchestrator agent:
- CVE-2022-41723
- CVE-2023-0286
Fixed the following vulnerabilities with the serverless patcher:
- CVE-2023-0286
Fixed the following vulnerabilities with the serverless instrumentation:
- CVE-2023-24329
- CVE-2023-0286
4.0.0 February 10, 2023
End of Life
The local installer used to deploy the instrumentation stack is no longer supported.
Deprecation Notice
The CloudFormation template serverless-instrumentation.yaml has been deprecated.
New Features
Serverless Patcher
The Serverless Agent 4.0.0 provides serverless-patcher, a new containerized template patcher that can run locally and be integrated into CI/CD pipelines.
Addedinstrumentation.yaml to the CloudFormation Template
The Serverless Agent 4.0.0 provides instrumentation.yaml, a new CloudFormation template to deploy the automation to instrument (that is, to patch) templates on Cloud.
SecretsManager Support for the Orchestrator Agent
Secrets like the Access Key and the Proxy Password can now be automatically fetched and provided to the orchestrator agent at deployment time.
Custom CA Certificates Support for the Orchestrator Agent
The orchestrator agent supports the uploading of custom CA(certificate authority) certificates. That allows for the SSL(Secure Sockets Layer) certificate verification of OnPrem backends and proxies.
Improved Fine-Tuning of the Workload Agent Logs
Logs can be tuned and controlled at the fine-grained component level. This can avoid excessive logging from certain components, or enable extra logging from specific components for troubleshooting.
Defect Fixes
Runtime Instrumentation Exits
The runtime instrumentation now exits when the main process exits, thus avoiding waiting for other processes to finish and keeping the container alive.
Renamed Parameter in the orchestrator-agent.yaml
The Gateway parameter has been renamed to NetworkType in the orchestrator-agent.yaml corresponding to the Cloud Formation Template.
Exact Image Tags
The CloudFormation stacks use exact tags now, instead of latest.
Removed Redundant Wildcard Permissions
Redundant wildcard permissions have been removed from the TaskRole of the orchestrator-agent.
SIGINT/SIGTERM Propagation
The runtime instrumentation propagates SIGINT and SIGTERM signals to the instrumented workload now.
Honor Log Silent Mode in the Workload Agent
The silent log mode now prevents environment variables from being printed.
List Separator to OptIn/OptOut Containers to be/from being Instrumented
Colons (:) are now required as list separators to OptIn/OptOut containers. Commas (,) are no longer supported.
Example
In the TaskDefinition, Tags can be leveraged to explicitly instrument some containers of the task, or prevent a number of them from being instrumented.
For example, the following tag prevents myContainer1 and myContainer2 from being instrumented when the template
patching runs in OptOut mode (default):
Tags:
- Name: "kilt-ignore-containers"
Value: "myContainer1:myContainer2"
Vulnerabilities
Fixed the following vulnerabilities with the orchestrator agent:
- CVE-2022-28948
- CVE-2022-47629
- CVE-2022-41721
Fixed the following vulnerabilities with the workload agent:
- CVE-2022-47629
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.