Serverless Agent Release Notes
Serverless Agent 6.1.0 September 24, 2025
Enhancements
Standard and FIPS-Compliant Variants
Serverless Agent is now available in two variants:
- Standard: For general workloads without compliance constraints.
- FIPS-compliant: For improved compliance and security across regulated environments.
FIPS-compliant is based on the
scratchimage and includes binaries and libraries grouped into two main components:- Agent: Runs as a sidecar container and uses OpenSSL FIPS-validated libraries for TLS communications.
- Instrumentation: Performs userspace instrumentation within the operational context of the secured container.
Defect Fixes
- Fixed an issue where the workload agent failed to create directories for storing custom CA certificates. Resolved a segmentation fault triggered while collecting CPU metrics.
- Improved reliability and stability by hardening the workload agent to handle cases where required system calls for reading instrumented process memory are unavailable.
Vulnerability Fixes
Addressed the following vulnerabilities in the Workload Agent:
Known Limitations
- Falco hashing enrichment is not available in the FIPS variant.
- The FIPS variant supports sidecar deployment only.
Serverless Patcher 5.4.0 September 16, 2025
Enhancements
Standard and FIPS-Compliant Variants
Serverless Patcher is now available in two variants:
- Standard: Built on a non-STIGβhardened base image.
- FIPS-compliant: Built on a STIG-hardened base image, providing improved compliance and security for regulated environments.
Vulnerability Fixes
Addressed the following vulnerabilities in Serverless Patcher:
Serverless Agent 5.3.4 July 23, 2025
This release does not include Workload Agent updates.
Vulnerability Fixes
Addressed the following vulnerabilities in the Orchestrator Agent:
- CVE-2024-12718
- CVE-2025-4138
- CVE-2025-4517
- CVE-2025-49794
- CVE-2025-49796
- CVE-2025-6020
- CVE-2024-12133
- CVE-2024-12243
- CVE-2024-52533
- CVE-2024-8176
- CVE-2024-8508
- CVE-2025-0395
- CVE-2025-0938
- CVE-2025-24528
- CVE-2025-25724
- CVE-2025-3576
- CVE-2025-4330
- CVE-2025-4373
- CVE-2025-4435
Serverless Patcher 5.3.5 July 2, 2025
Vulnerability Fixes
Addressed the following vulnerabilities in Serverless Patcher:
Serverless Agent 6.0.0 26 June, 2025
This release introduces major changes, including new defaults, and component deprecations. Review carefully, as some updates may require action.
Enhancements
Supported Independent Container Restarts in Availability Mode
The workload agent now supports individual container restarts in availability mode without requiring a full task or instance restart. Both the Sysdig sidecar and workload containers can now restart independently without disrupting Sysdig security and observability operations.
Deprecations
Orchestrator Agent Connectivity Sunset
The workload agent now supports only direct connections to the collector, and no longer allows connections via the orchestrator agent.
Defect Fixes
Vulnerability Fixes
Addressed the following vulnerabilities in the Workload Agent:
Serverless Patcher 5.3.4 May 8, 2025
Vulnerability Fixes
Addressed the following vulnerabilities in Serverless Patcher:
Serverless Agent 5.5.0 May 7, 2025
Defect Fixes
Logging improvements
Improved error messages for cases where the Workload Agent fails to instrument syscalls, making them easier to understand and troubleshoot.
Vulnerability Fixes
Addressed the following vulnerability in the Workload Agent:
Serverless Agent 5.4.0 April 10, 2025
Enhancements
General Availability for Google Cloud Run Support
The Serverless Workload Agent supports securing containers running in Google Cloud Run Service. For more information, see Cloud Run Service.
General Availability for Microsoft Azure Container Apps
The Serverless Workload Agent supports securing containers running in Microsoft Azure Container Apps. For more information, see Azure Container Apps.
Custom CA certificates for Workload Agent
The Serverless Workload Agent supports adding custom CA certificates for secure communication with the Sysdig backend. For more information, see Add Custom CA Certificates.
Multi-cloud serverless labels in policy events
The Serverless Workload Agent provides the following multi-cloud labels in policy events:
serverless.platformserverless.revisionserverless.clusterserverless.serviceserverless.task
Defect Fixes
Logging improvements
Logging has been optimized to exclude messages irrelevant to serverless environments, enhancing clarity and reducing noise.
Vulnerability Fixes
Addressed CVE-2025-22866 in the Workload Agent.
Serverless Agent 5.3.3 April 10, 2025
Vulnerability Fixes
Addressed the following CVEs:
Orchestrator Agent
- CVE-2025-24928
- CVE-2024-8176
- CVE-2024-56171
- CVE-2024-28835
- CVE-2024-28834
- CVE-2024-2236
- CVE-2024-0567
- CVE-2024-0553
- CVE-2023-5981
Serverless Patcher 5.3.3 March 17, 2025
Defect Fixes
Instrumentation failure with dynamically resolved image names
The serverless-patcher can perform task instrumentation when images are dynamically defined at deployment. You must still specify the image’s original entry point and command in the template’s container definitions as mentioned in ECS on Fargate
Serverless Agent 5.3.2 February 26, 2025
Defect Fixes
Orchestrator Agent Metadata Parsing on Startup
Fixed an issue where the Orchestrator Agent failed to properly parse the Network Configuration in the Task Definition, preventing it from starting correctly.
Vulnerability Fixes
Addressed the following CVEs:
Orchestrator Agent
Serverless Patcher
Serverless Agent 5.3.1 February 03, 2025
Enhancements
New CloudFormation Templates are available for direct connection with the Sysdig backend and Orchestrator connection for the Workload Agent.
Defect Fixes
Fixed an issue to improve the agent stability and connection with the collector to prevent unexpected restarts.
Vulnerability Fixes
Addressed the following CVEs:
