RSS

Sysdig On-Premises Release Notes

You may also want to review the update log for Falco rules used in the Sysdig Secure Policy Editor. See Falco Rules Changelog.

Oversight Services Now Offered for All Installs and Upgrades

As part of our continued focus on our customers, we are now offering oversight services for all on-premise installs and upgrades. Your Technical Account Manager (TAM), in conjunction with our support organization and Professional Services [where applicable], will work with you to:

  • Assess your environment to ensure it is configured correctly

  • Review your infrastructure to validate the appropriate storage capacities are available

  • Review and provide recommendations for backing up your Sysdig data

  • Work with you to ensure our teams are ready to assist you during the install and upgrade process

  • Provide the software for the install

  • Be available during the process to ensure a successful deployment

You can always review the process in the documentation on GitHub (v. 3.6.0+) or the standard docs site (for older versions).

If you are a new customer looking to explore Sysdig, please head over here to sign up for a trial on our SaaS Platform. Alternatively, you can contact us here.

Review the Sysdig On-Premises Release Support statement.

Supported Web Browsers

Sysdig supports, tests, and verifies the latest versions of Chrome and Firefox.

Other browsers may also work, but are not tested in the same way.

5.1.6 Hotfix January 2023

Upgrade Process

Supported Upgrades From: 4.0.x, 5.0.x

For the full supportability matrix, see the Release Notes on Github. There you will also find important Install instructions.

Defect Fixes

  • Fixed a privacy setting issue that would revert the admin setting after an update to the values.yaml file.
  • Fixed a sidepanel interface bug that would appear under Scan Results.
  • Fixed an issue with the metadata service sometimes returning an empty string as a value for some metrics, causing a banner to display saying A new version of Sysdig is available.
  • Fixed an Anchore issue that would show vulnerabilities in packages that should not have been present.
  • Updated the Anchore image with latest code and security updates.

5.1.5 Hotfix December 2022

Upgrade Process

Supported Upgrades From: 4.0.x, 5.0.x

For the full supportability matrix, see the Release Notes on Github. There you will also find important Install instructions.

Defect Fixes

  • Fixed an issue when Sysdigcloud-api would fail to connect to Cassandra when a column name already exists
  • Fixed an invalid Cassandra StatefulSet YAML issue in multi-AZ deployments

5.1.4 Hotfix November 2022

Upgrade Process

Supported Upgrades From: 4.0.x, 5.0.x

For the full supportability matrix, see the Release Notes on Github. There you will also find important Install instructions.

Secure

  • Removed the Legacy Benchmarks button from the Secure UI. The feature soon to be deprecated in on-premise deployments.

  • Added the Shared with Team permission in Group Mappings to the ServiceManager role.

Defect Fixes

  • Fixed an issue when a scanned image would not correctly report a vulnerability detected in kernel-headers package.
  • Fixed a Secure scanning issue when an image was scanned by multiple sources (i.e. Inline Scanner and Node Analyzer) and the UI would redirect the user to the incorrect source.
  • Fixed a Team Scope issue in Secure when the agent.tag.accountid scope was configured and users could not see Host scanning results.
  • Updated the Secure Only on-premise setting for aggregation interval set to 60 seconds to help reduce the number of “stream resetting” log warnings in the Sysdig backend.

5.1.3 Hotfix September 2022

Upgrade Process

Supported Upgrades From: 4.0.x, 5.0.x

For the full supportability matrix, see the Release Notes on Github. There you will also find important Install instructions.

Defect Fixes

  • Fixed an Elasticsearch issue occurred during upgrades that could result in pods ending in a CrashLoopBackOff state. This fix will overall improve Elasticsearch resiliency for users.

4.0.8 Hotfix July 2022

Supported Upgrades From: 3.6.X

Defect Fixes

  • Fixed an issue with PVC metrics not displaying properly in the UI.
  • Fixed a filtering issue when RDS metrics would not populate in the RDS Overview Dashboard.

5.1.2-2 Hotfix July 2022

Upgrade Process

Supported Upgrades From: 4.0.x, 5.0.x

Sysdig Platform

  • Added support for Openshift 4.10.

5.1.2 Hotfix May 2022

Upgrade Process

Supported Upgrades From: 4.0.x, 5.0.x

For the full supportability matrix, see the Release Notes on Github. There you will also find important Install instructions.

Secure Feature: Reporting

  • Added the Run Now and Download(s) menu items.

Defect Fixes

  • Fixed an “Unable to load latest task result” bug when accessing compliance benchmarks results.

5.1.1 Hotfix May 2022

Upgrade Process

Supported Upgrades From: 4.0.x, 5.0.x

For the full supportability matrix, see the Release Notes on Github. There you will also find important Install instructions.

Sysdig Platform

  • Added the RelayState parameter optional for SAML configuration.
  • Upgraded the Spring Framework to version 5.2.20 in the sysdig-backend container.

Monitor

  • Added the ability to choose regions with Capture Storage.

Installer Improvements

  • Fixed an issue with MultiAZ GCP/GKE platforms that would prevent Elasticsearch from starting.
  • Fixed an ingress permissions issue when upgrading from 5.0.4 to 5.1.0 that would result in the Sysdig UI generating a 404 Not Found error.
  • Fixed an installer bug when cloudProvider.name was set and cloudProvider.region was not set.
  • Fixed a Kafka/Zookeeper statefulset naming issue when installing or upgrading Sysdig on-premise

Defect Fixes

  • Monitor Alert re-notification messages now provide the latest metric value instead of the metric value at time of triggering.
  • Fixed a Runtime scan page issue not displaying image results based on specific Team scopes.

Release 5.0.5 Hotfix for CVE-2022-22965

Upgrade Process

Supported Upgrades From: 4.0.x, 5.0.x

For the full supportability matrix, see the ReleaseNotes on Github. There you will also find important Install instructions.

Improvements

This hotfix upgrades the Spring Framework to version 5.2.20 in the sysdig-backend container.

Release 5.1.0 March 2022

Upgrade Process

Supported Upgrades From: 4.0.x, 5.0.x

For the full supportability matrix, see the Release Notes on Github. There you will also find important Install instructions.

Sysdig Platform

Installer Improvements

  • Kubernetes versions 1.22 and 1.23 are now supported.
  • An optional cronjob for the falco-rules-installer, which runs once a month, can now be created through the Installer values file.
  • Users operating their own ingress controller, such as Rancher, are no longer need to manually create Ingress Objects Go HTTP APIs. Note that the Collector uses TCP and will need external configuration.
  • The Installer now has a pre-flight check to verify the kubectl and Kubernetes versions of the cluster with the context provided by the user.

Secure

API Docs

  • API documentation for Sysdig Secure are now enabled by default.

Defect Fixes

  • Fixed an issue with Secure Events not displaying the correct number of events in the dashboard.
  • Fixed an issue that prevented Rapid Response being enabled with a Secure Team created with LDAP.
  • Fixed a network issue that would sometimes occur during an upgrade which would cause PostgreSQL to timeout.
  • Fixed an issue when the nats-streaming-init container failed to start due to permission problem when storageClassProvisioner is set to hostPath.
  • Fixed a Compliance Database Password issue during upgrades from on-prem 4.0.x to on-prem 5.0.x
  • Fixed an issue with the StatefulSet definition when upgrading from 4.0.x to 5.0.x on a Kubernetes cluster prior to 1.18.x

Release 4.0.7/5.0.4 Hotfix for CVE-2021-44228 in Apache’s log4j (3.6.4, 4.0.7, 5.0.4)

The patch relese upgrades all components that compose Sysdig’s Platform running Apache’s vulnerable Log4j library to 2.16.

Note on ElasticSearch: This is using Log4j v2.11.1. An additional JVM parameter has been added through the Installer in accordance with the recommendations from Elastic. In addition, the impacted class from the Log4j library has been removed completely. Security scanners may still list this as vulnerable but in this case it will be a false positive. Elastic currently does not offer a way to fully remove or upgrade this component.

Release 4.0.6/5.0.3 Hotfix for CVE-2021-44228 in Apache’s log4j (3.6.3, 4.0.6, 5.0.3)

Security researchers recently disclosed the vulnerability CVE-2021-44228 in Apache’s log4j, which is a common Java-based library used for logging purposes Sysdig is using an alternative framework for logging called Logback. The logback framework isn’t vulnerable to this issue.

Sysdig components include a log4j library in our standard distribution that was vulnerable. This library is included for compatibility reasons only, is not used for primary logging, and our security team has determined we are not vulnerable based on our application architecture and existing mitigating controls.

We have released a patch version of our self hosted-software which upgrades the vulnerable version of log4j or adds additional mitigating controls suggested by vendors.

  • 3.6.3
  • 4.0.6
  • 5.0.3

Please reach out to support or the customer success team for assistance with your upgrade.

Topics in This Section
2021 Archive

2021 Archive of Sysdig On-Premises release notes.

2020 Archive

2020 Archive of Sysdig On-Premises release notes.

2018 Archive

2018 Archive of Sysdig On-Premises release notes.

2019 Archive

2019 Archive of Sysdig On-Premises release notes.

Sysdig On-Premises Release Support