diff --git a/CHANGELOG.md b/CHANGELOG.md index 922239b6..da70e99f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,45 @@ This file documents all notable changes to Falco. The release numbering uses [semantic versioning](http://semver.org). +## v0.11.0 + +Released 2018-07-24 + +## Major Changes + +* **EBPF Support** (Beta): Falco can now read events via an ebpf program loaded into the kernel instead of the `falco-probe` kernel module. Full docs [here](https://github.com/draios/sysdig/wiki/eBPF-(beta)). [[#365](https://github.com/draios/falco/pull/365)] + +## Minor Changes + +* Rules may now have an `skip-if-unknown-filter` property. If set to true, a rule will be skipped if its condition/output property refers to a filtercheck (e.g. `fd.some-new-attibute`) that is not present in the current falco version. [[#364](https://github.com/draios/falco/pull/364)] [[#345](https://github.com/draios/falco/issues/345)] +* Small changes to Falco `COPYING` file so github automatically recognizes license [[#380](https://github.com/draios/falco/pull/380)] +* New example integration showing how to connect Falco with Anchore to dynamically create falco rules based on negative scan results [[#390](https://github.com/draios/falco/pull/390)] +* New example integration showing how to connect Falco, [nats](https://nats.io/), and K8s to run flexible "playbooks" based on Falco events [[#389](https://github.com/draios/falco/pull/389)] + +## Bug Fixes + +* Ensure all rules are enabled by default [[#379](https://github.com/draios/falco/pull/379)] +* Fix libcurl compilation problems [[#374](https://github.com/draios/falco/pull/374)] +* Add gcc-6 to docker container, which improves compatibility when building kernel module [[#382](https://github.com/draios/falco/pull/382)] [[#371](https://github.com/draios/falco/issues/371)] +* Ensure the /lib/modules symlink to /host/lib/modules is set correctly [[#392](https://github.com/draios/falco/issues/392)] + +## Rule Changes + +* Add additional binary writing programs [[#366](https://github.com/draios/falco/pull/366)] +* Add additional package management programs [[#388](https://github.com/draios/falco/pull/388)] [[#366](https://github.com/draios/falco/pull/366)] +* Expand write_below_etc handling for additional programs [[#388](https://github.com/draios/falco/pull/388)] [[#366](https://github.com/draios/falco/pull/366)] +* Expand set of programs allowed to write to `/etc/pki` [[#388](https://github.com/draios/falco/pull/388)] +* Expand set of root written directories/files [[#388](https://github.com/draios/falco/pull/388)] [[#366](https://github.com/draios/falco/pull/366)] +* Let pam-config read sensitive files [[#388](https://github.com/draios/falco/pull/388)] +* Add additional trusted containers: openshift, datadog, docker ucp agent, gliderlabs logspout [[#388](https://github.com/draios/falco/pull/388)] +* Let coreos update-ssh-keys write to /home/core/.ssh [[#388](https://github.com/draios/falco/pull/388)] +* Expand coverage for MS OMS [[#388](https://github.com/draios/falco/issues/388)] [[#387](https://github.com/draios/falco/issues/387)] +* Expand the set of shell spawning programs [[#366](https://github.com/draios/falco/pull/366)] +* Add additional mysql programs/directories [[#366](https://github.com/draios/falco/pull/366)] +* Let program `id` open network connections [[#366](https://github.com/draios/falco/pull/366)] +* Opt-in rule for protecting tomcat shell spawns [[#366](https://github.com/draios/falco/pull/366)] +* New rule `Write below monitored directory` [[#366](https://github.com/draios/falco/pull/366)] + ## v0.10.0 Released 2018-04-24 diff --git a/README.md b/README.md index d9e6aee3..cc54c8f1 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ #### Latest release -**v0.10.0** +**v0.11.0** Read the [change log](https://github.com/draios/falco/blob/dev/CHANGELOG.md) Dev Branch: [![Build Status](https://travis-ci.org/draios/falco.svg?branch=dev)](https://travis-ci.org/draios/falco)