2022 Archive

2022 Archive of Sysdig On-Premises release notes.

5.1.5 Hotfix Release, December 2022

Upgrade Process

Supported Upgrades From: 4.0.x, 5.0.x

For the full supportability matrix, see the Release Notes on GitHub. There you will also find important Installation instructions.

Defect Fixes

  • Fixed an issue where Sysdigcloud-api would fail to connect to Cassandra when a column name already exists.
  • Fixed an invalid Cassandra StatefulSet YAML issue in multi-AZ deployments.

5.1.4 Hotfix Release, November 2022

Upgrade Process

Supported Upgrades From: 4.0.x, 5.0.x

For the full supportability matrix, see the Release Notes on GitHub. There you will also find important Install instructions.

Secure

  • Removed the Legacy Benchmarks button from the Secure UI.

    The feature will soon be deprecated in on-premises deployments.

  • Added the Shared with Team permission in Group Mappings to the ServiceManager role.

Defect Fixes

  • Fixed an issue where a scanned image would not correctly report a vulnerability detected in kernel-headers packages.
  • Fixed a Secure scanning issue where an image was scanned by multiple sources, such as Inline Scanner and Node Analyzer, and the UI would redirect the user to the incorrect source.
  • Fixed a Team Scope issue in Secure where the agent.tag.accountid scope was configured and users could not see Host scanning results.
  • Updated the Secure Only on-premises setting for aggregation interval set to 60 seconds to help reduce the number of stream resetting log warnings in the Sysdig backend.

5.1.3 Hotfix Release, September 2022

Upgrade Process

Supported Upgrades From: 4.0.x, 5.0.x

For the full supportability matrix, see the Release Notes on GitHub. There you will also find important Installation instructions.

Defect Fixes

  • Fixed an Elasticsearch issue that occurred during upgrades, causing pods to end in a CrashLoopBackOff state. This fix will improve overall Elasticsearch resiliency for users.

4.0.8 Hotfix Release, July 2022

Supported Upgrades From: 3.6.X

Defect Fixes

  • Fixed an issue with persistent volume claim (PVC) metrics not displaying properly in the UI.

  • Fixed a filtering issue where relational database service (RDS) metrics would not populate in the RDS Overview Dashboard.

5.1.2-2 Hotfix Release, July 2022

Upgrade Process

Supported Upgrades From: 4.0.x, 5.0.x

Sysdig Platform

  • Added support for Openshift 4.10.

5.1.2 Hotfix Release, May 2022

Upgrade Process

Supported Upgrades From: 4.0.x, 5.0.x

For the full supportability matrix, see the Release Notes on GitHub. There you will also find important Installation instructions.

Secure Feature: Reporting

  • Added the Run Now and Download(s) menu items.

Defect Fixes

  • Fixed an Unable to load latest task result bug when accessing compliance benchmarks results.

5.1.1 Hotfix Release, May 2022

Upgrade Process

Supported Upgrades From: 4.0.x, 5.0.x

For the full supportability matrix, see the Release Notes on GitHub. There you will also find important Installation instructions.

Sysdig Platform

  • Added the RelayState parameter optional for SAML configuration.

  • Upgraded the Spring Framework to version 5.2.20 in the sysdig-backend container.

Monitor

  • Added the ability to choose regions with Capture Storage.

Installer Improvements

  • Fixed an issue with MultiAZ GCP/GKE platforms that would prevent Elasticsearch from starting.

  • Fixed an ingress permissions issue when upgrading from 5.0.4 to 5.1.0 that would result in the Sysdig UI generating a 404 Not Found error.

  • Fixed an installer bug when cloudProvider.name was set and cloudProvider.region was not set.

  • Fixed a Kafka/Zookeeper statefulset naming issue when installing or upgrading Sysdig on-premises.

Defect Fixes

  • Monitor Alert re-notification messages now provide the latest metric value instead of the metric value at time of triggering.
  • Fixed a Runtime scan page issue not displaying image results based on specific Team scopes.

5.0.5 Hotfix Release for CVE-2022-22965

Upgrade Process

Supported Upgrades From: 4.0.x, 5.0.x

For the full supportability matrix, see the ReleaseNotes on GitHub. There you will also find important Installation instructions.

Improvements

This hotfix upgrades the Spring Framework to version 5.2.20 in the sysdig-backend container.

5.1.0 Release, March 2022

Upgrade Process

Supported Upgrades From: 4.0.x, 5.0.x

For the full supportability matrix, see the Release Notes on GitHub. There you will also find important Installation instructions.

Sysdig Platform

Installer Improvements

  • Kubernetes versions 1.22 and 1.23 are now supported.
  • An optional cronjob for the falco-rules-installer, which runs once a month, can now be created through the installer values file.
  • Users operating their own ingress controller, such as Rancher, are no longer need to manually create Ingress Objects Go HTTP APIs. Note that the Collector uses TCP and will need external configuration.
  • The Installer now has a pre-flight check to verify the kubectl and Kubernetes versions of the cluster with the context provided by the user.

Secure

API Docs

  • API documentation for Sysdig Secure is now enabled by default.

Defect Fixes

  • Fixed an issue with Secure Events not displaying the correct number of events in the dashboard.
  • Fixed an issue that prevented Rapid Response from being enabled with a Secure Team created with LDAP.
  • Fixed a network issue that would sometimes occur during an upgrade which would cause PostgreSQL to timeout.
  • Fixed an issue where the nats-streaming-init container failed to start due to permission problem when storageClassProvisioner is set to hostPath.
  • Fixed a Compliance Database Password issue during upgrades from on-prem 4.0.x to on-prem 5.0.x
  • Fixed an issue with the StatefulSet definition when upgrading from 4.0.x to 5.0.x on a Kubernetes cluster prior to 1.18.x

4.0.7/5.0.4 Hotfix Release for CVE-2021-44228 in Apache’s log4j (3.6.4, 4.0.7, 5.0.4)

The patch relese upgrades all components that compose Sysdig’s Platform running Apache’s vulnerable Log4j library to 2.16.

Note on ElasticSearch: This is using Log4j v2.11.1. An additional JVM parameter has been added through the Installer in accordance with the recommendations from Elastic. In addition, the impacted class from the Log4j library has been removed completely. Security scanners may still list this as vulnerable but in this case it will be a false positive. Elastic currently does not offer a way to fully remove or upgrade this component.

4.0.6/5.0.3 Hotfix Release for CVE-2021-44228 in Apache’s log4j (3.6.3, 4.0.6, 5.0.3)

Security researchers recently disclosed the vulnerability CVE-2021-44228 in Apache’s log4j, which is a common Java-based library used for logging purposes Sysdig is using an alternative framework for logging called Logback. The logback framework isn’t vulnerable to this issue.

Sysdig components include a log4j library in our standard distribution that was vulnerable. This library is included for compatibility reasons only and is not used for primary logging. Sysdig has determined that our products are not vulnerable based on our application architecture and mitigating controls.

We have released a patch version of our self hosted-software which upgrades the vulnerable version of log4j or adds additional mitigating controls suggested by vendors.

  • 3.6.3
  • 4.0.6
  • 5.0.3

Please reach out to support or the customer success team for assistance with your upgrade.