From 20f5e5d35ad4f8d7c808037e8c52ed9e4279bb68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kris=20N=C3=B3va?= Date: Thu, 24 Sep 2020 11:22:03 -0700 Subject: [PATCH] feat(release): Release 0.26 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cutting release for 0.26.0 and starting 0.27.0 Signed-off-by: Kris NĂ³va --- CHANGELOG.md | 35 +++++++++++++++++++++++++++++++++++ RELEASE.md | 12 ++++++++---- 2 files changed, 43 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f394a20..3322287b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,40 @@ # Change Log +## v0.26.0 + +Released on 2020-24-09 + +### Major Changes + +* new: Address several sources of FPs, primarily from GKE environments. [[#1372](https://github.com/falcosecurity/falco/pull/1372)] +* new: driver updated to 2aa88dcf6243982697811df4c1b484bcbe9488a2 [[#1410](https://github.com/falcosecurity/falco/pull/1410)] +* new(scripts/falco-driver-loader): detect and try to build the Falco kernel module driver using different GCC versions available in the current environment. [[#1408](https://github.com/falcosecurity/falco/pull/1408)] +* new: tgz (tarball) containing the statically-linked (musl) binary of Falco is now automatically built and published on bintray [[#1377](https://github.com/falcosecurity/falco/pull/1377)] + + +### Minor Changes + +* update: bump Falco engine version to 7 [[#1381](https://github.com/falcosecurity/falco/pull/1381)] +* update: the required_engine_version is now on by default [[#1381](https://github.com/falcosecurity/falco/pull/1381)] +* update: falcosecurity/falco-no-driver image now uses the statically-linked Falco [[#1377](https://github.com/falcosecurity/falco/pull/1377)] +* docs(proposals): artifacts storage [[#1375](https://github.com/falcosecurity/falco/pull/1375)] +* docs(proposals): artifacts cleanup [[#1375](https://github.com/falcosecurity/falco/pull/1375)] + + + +### Rule Changes + +* rule(macro inbound_outbound): add brackets to disambiguate operator precedence [[#1373](https://github.com/falcosecurity/falco/pull/1373)] +* rule(macro redis_writing_conf): add brackets to disambiguate operator precedence [[#1373](https://github.com/falcosecurity/falco/pull/1373)] +* rule(macro run_by_foreman): add brackets to disambiguate operator precedence [[#1373](https://github.com/falcosecurity/falco/pull/1373)] +* rule(macro consider_packet_socket_communication): enable "Packet socket created in container" rule by default. [[#1402](https://github.com/falcosecurity/falco/pull/1402)] +* rule(Delete or rename shell history): skip docker overlay filesystems when considering bash history [[#1393](https://github.com/falcosecurity/falco/pull/1393)] +* rule(Disallowed K8s User): quote colons in user names [[#1393](https://github.com/falcosecurity/falco/pull/1393)] +* rule(macro falco_sensitive_mount_containers): Adds a trailing slash to avoid repo naming issues [[#1394](https://github.com/falcosecurity/falco/pull/1394)] +* rule: adds user.loginuid to the default Falco rules that also contain user.name [[#1369](https://github.com/falcosecurity/falco/pull/1369)] + + + This file documents all notable changes to Falco. The release numbering uses [semantic versioning](http://semver.org). ## v0.25.0 diff --git a/RELEASE.md b/RELEASE.md index af33177e..03ef6cf2 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -10,8 +10,10 @@ Finally, on the proposed due date the assignees for the upcoming release proceed ## Pre-Release Checklist +Before cutting a release we need to do some homework in the Falco repository. This should take 5 minutes using the GitHub UI. + ### 1. Release notes -- Let `YYYY-MM-DD` the day before of the [latest release](https://github.com/falcosecurity/falco/releases) +- Find the LAST release (-1) and use `YYYY-MM-DD` as the day before of the [latest release](https://github.com/falcosecurity/falco/releases) - Check the release note block of every PR matching the `is:pr is:merged closed:>YYYY-MM-DD` [filter](https://github.com/falcosecurity/falco/pulls?q=is%3Apr+is%3Amerged+closed%3A%3EYYYY-MM-DD) - Ensure the release note block follows the [commit convention](https://github.com/falcosecurity/falco/blob/master/CONTRIBUTING.md#commit-convention), otherwise fix its content - If the PR has no milestone, assign it to the milestone currently undergoing release @@ -24,18 +26,20 @@ Finally, on the proposed due date the assignees for the upcoming release proceed ### 3. Release PR +- From the `master` branch checkout a new branch titled the release number such as `git checkout -b 0.26.0` - Double-check if any hard-coded version number is present in the code, it should be not present anywhere: - If any, manually correct it then open an issue to automate version number bumping later - Versions table in the `README.md` update itself automatically - Generate the change log https://github.com/leodido/rn2md, or https://fs.fntlnz.wtf/falco/milestones-changelog.txt for the lazy people (it updates every 5 minutes) -- Add the lastest changes on top the previous `CHANGELOG.md` + - If you review timeout errors with `rn2md` try to generate an GitHub Oauth access token and use `-t` +- Add the latest changes on top the previous `CHANGELOG.md` - Submit a PR with the above modifications - Await PR approval -- Close the completed milestone as soon PR is merged +- Close the completed milestone as soon as the PR is merged ## Release -Let `x.y.z` the new version. +Now assume `x.y.z` is the new version. ### 1. Create a tag