Serverless Agent Release Notes
Welcome to the release notes for Sysdig Serverless Agent.
Serverless Agent 6.3.0 June 18, 2026
Enhancements
Malware Response Support
- Added support for Container kill and Process kill Policy Actions.
Static Policy Scoping
- Optimized policy scoping when using the
host.hostName,host.mac, andagent.tag.*labels. In this case, the scope is evaluated at load time (statically) instead of when events are generated. As a result, when static scopes do not match, the policies and their rules are not loaded and no events are generated. For mixed scopes, the static portion is evaluated at load time and the rules are loaded; the dynamic portion (such ascontainer.name) is evaluated when an event matches any of the policy’s rules.
Defect Fixes
- Fixed an issue in Azure Container Apps that left secure events without the
container.idandcontainer.namelabels, preventing policy scoping and Falco rule-exception matching.
Vulnerability Fixes
Addressed the following vulnerabilities in Workload Agent:
Serverless Patcher 5.4.4 May 13, 2026
Vulnerability Fixes
Addressed the following vulnerabilities in Serverless Patcher:
- CVE-2026-32280
- CVE-2026-32281
- CVE-2026-32283
- CVE-2026-33811
- CVE-2026-33814
- CVE-2026-39836
- CVE-2026-4878
- CVE-2026-32282
- CVE-2026-32288
- CVE-2026-32289
- CVE-2026-39820
- CVE-2026-39823
- CVE-2026-39825
- CVE-2026-39826
- CVE-2026-42499
Serverless Agent 6.2.1 May 12, 2026
Defect Fixes
- Fixed an issue where termination signals were not properly forwarded to the agent in sidecar mode.
- Fixed an issue on ARM64 that could occur in workloads containing specific Go binaries.
Vulnerability Fixes
Addressed the following vulnerabilities in Workload Agent:
- CVE-2026-32280
- CVE-2026-32281
- CVE-2026-32283
- CVE-2026-33811
- CVE-2026-33814
- CVE-2026-39836
- CVE-2026-32282
- CVE-2026-32288
- CVE-2026-32289
- CVE-2026-39820
- CVE-2026-39823
- CVE-2026-39825
- CVE-2026-39826
- CVE-2026-42499
Serverless Patcher 5.4.3 March 18, 2026
Vulnerability Fixes
Addressed the following vulnerabilities in Serverless Patcher:
- CVE-2025-15281
- CVE-2025-61726
- CVE-2025-61728
- CVE-2025-61730
- CVE-2025-68121
- CVE-2025-68212
- CVE-2026-0861
- CVE-2026-0915
- CVE-2025-15558
- CVE-2026-25679
- CVE-2026-27139
- CVE-2026-27142
Serverless Agent 6.2.0 March 16, 2026
Enhancements
Malware Detection for AWS ECS Fargate
- Sysdig now extends Malware Detection to AWS ECS Fargate via Workload Agent sidecar deployments. This allows security teams to identify malicious binaries and known malware hashes within serverless workloads without sacrificing cloud-native scalability. For more information, see Malware Detection. The feature is disabled by default.
Defect Fixes
- Fixed an issue where instrumented Go workloads could occasionally terminate unexpectedly while instrumenting socket system calls.
Vulnerability Fixes
Addressed the following vulnerabilities in Workload Agent:
Serverless Patcher 5.4.2 December 19, 2025
Vulnerability Fixes
Addressed the following vulnerabilities in Serverless Patcher:
