RSS

Cluster Shield Release Notes

Here are the most recent release notes for Cluster Shield. Review the entries to learn about the latest features, defect fixes, and known issues.

1.9.0 Mar 11, 2025

Feature Enhancements

  • Added a gauge metric sysdig_cluster_shield_component_health_status to represent the health status of each enabled component. This is now available through the /metrics endpoint on port 8080

    A metric value of 1 indicates a healthy component, while 0 signifies an unhealthy one.

  • Cluster Shield now attempts to restart unhealthy components after 100 seconds.

1.8.2 Feb 28, 2025

Fixed Vulnerabilities

1.8.1 Feb 25, 2025

Defect Fixes

  • Fixed an issue that prevented the Container Vulnerability Management feature to authenticate to the registry and process the images as expected.
  • Fixed an issue where Cluster Shield reported invalid prometheus metrics.

1.8.0 Feb 4, 2025

Feature Enhancements

  • Optimized memory usage of the container-vulnerability-management-controller component.
  • Added support for multiple candidate pull-strings per workload to resolve scanning failures caused by alias references from non-pullable locations.
  • Added the ability to filter the images for scanning as part of the container vulnerability management feature. See Container Filtering for more details.

Defect Fixes

  • Resolved an issue in which Kubernetes metadata inaccurately reported parent service links when a pod was exposed by multiple services. The pod is now correctly associated with all relevant services.
  • Fixed an issue where the Admission Controller did not honor the features.container_vulnerability_management.registry_ssl.verify configuration parameter.
  • Fixed a bug that caused unexpected lags when pulling images. The issue occurred because features.container_vulnerability_management.registry_ssl.verify was set to true, enforcing SSL certificate verification.

1.7.1 Jan 10, 2025

Fixed Vulnerabilities

1.7.0 Jan 07, 2025

Feature Enhancements

  • The Container Vulnerability Management feature now supports mirrors and insecure registries configurations for image scanning.

Defect Fixes

  • Fixed an issue that prevented the Container Vulnerability Management feature to correctly authenticate and process the image when candidate pull secrets have been found.