update: changelog 0.20.0

Signed-off-by: rajibmitra <fiorm.github@gmail.com>
Verify checksum after downloading sysdig tarball
2026-03-23 05:02:13 +00:00 · 2020-02-24 11:05:15 +01:00 · 2020-02-23 17:10:44 +01:00
7 changed files with 36 additions and 9 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,32 @@

 This file documents all notable changes to Falco. The release numbering uses [semantic versioning](http://semver.org).

+## v0.20.0
+
+Released on 2020-02-24
+
+### Major Changes
+
+* fix: memory leak introduced in 0.18.0 happening while using json events and the kubernetes audit endpoint [[#1041](https://github.com/falcosecurity/falco/pull/1041)]
+* new: grpc version api [[#872](https://github.com/falcosecurity/falco/pull/872)]
+
+
+### Bug Fixes
+
+* fix: the base64 output format (-b) now works with both json and normal output. [[#1033](https://github.com/falcosecurity/falco/pull/1033)]
+* fix: version follows semver 2 bnf [[#872](https://github.com/falcosecurity/falco/pull/872)]
+
+### Rule Changes
+
+* rule(write below etc): add "dsc_host" as a ms oms program [[#1028](https://github.com/falcosecurity/falco/pull/1028)]
+* rule(write below etc): let mcafee write to /etc/cma.d  [[#1028](https://github.com/falcosecurity/falco/pull/1028)]
+* rule(write below etc): let avinetworks supervisor write some ssh cfg [[#1028](https://github.com/falcosecurity/falco/pull/1028)]
+* rule(write below etc): alow writes to /etc/pki from openshift secrets dir [[#1028](https://github.com/falcosecurity/falco/pull/1028)]
+* rule(write below root): let runc write to /exec.fifo [[#1028](https://github.com/falcosecurity/falco/pull/1028)]
+* rule(change thread namespace): let cilium-cni change namespaces [[#1028](https://github.com/falcosecurity/falco/pull/1028)]
+* rule(run shell untrusted): let puma reactor spawn shells [[#1028](https://github.com/falcosecurity/falco/pull/1028)]
+
+
 ## v0.19.0

 Released on 2020-01-23
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@

 #### Latest release

-**v0.19.0**
+**v0.20.0**
 Read the [change log](CHANGELOG.md)

 [![Build Status](https://img.shields.io/circleci/build/github/falcosecurity/falco/master?style=for-the-badge)](https://circleci.com/gh/falcosecurity/falco) [![CII Best Practices Summary](https://img.shields.io/cii/summary/2317?label=CCI%20Best%20Practices&style=for-the-badge)](https://bestpractices.coreinfrastructure.org/projects/2317) [![GitHub](https://img.shields.io/github/license/falcosecurity/falco?style=for-the-badge)](COPYING)
--- a/cmake/modules/sysdig-repo/CMakeLists.txt
+++ b/cmake/modules/sysdig-repo/CMakeLists.txt
@@ -22,12 +22,13 @@ include(ExternalProject)
 # In case you want to test against another sysdig version just pass the variable - ie., `cmake -DSYSDIG_VERSION=dev ..`
 if(NOT SYSDIG_VERSION)
  set(SYSDIG_VERSION "146a431edf95829ac11bfd9c85ba3ef08789bffe")
+  set(SYSDIG_CHECKSUM "SHA256=6e477ac5fe9d3110b870bd4495f01541373a008c375a1934a2d1c46798b6bad6")
 endif()

 ExternalProject_Add(
  sysdig
  URL "https://github.com/draios/sysdig/archive/${SYSDIG_VERSION}.tar.gz"
-  # URL_HASH SHA256=bd09607aa8beb863db07e695863f7dc543e2d39e7153005759d26a340ff66fa5
+  URL_HASH "${SYSDIG_CHECKSUM}"
  CONFIGURE_COMMAND ""
  BUILD_COMMAND ""
  INSTALL_COMMAND ""
--- a/cmake/modules/sysdig.cmake
+++ b/cmake/modules/sysdig.cmake
@@ -22,7 +22,7 @@ endif()

 file(MAKE_DIRECTORY ${SYSDIG_CMAKE_WORKING_DIR})
 # cd /path/to/build && cmake /path/to/source
-execute_process(COMMAND "${CMAKE_COMMAND}" ${SYSDIG_CMAKE_SOURCE_DIR} WORKING_DIRECTORY ${SYSDIG_CMAKE_WORKING_DIR})
+execute_process(COMMAND "${CMAKE_COMMAND}" -DSYSDIG_VERSION=${SYSDIG_VERSION} ${SYSDIG_CMAKE_SOURCE_DIR} WORKING_DIRECTORY ${SYSDIG_CMAKE_WORKING_DIR})

 # todo(leodido, fntlnz) > use the following one when CMake version will be >= 3.13

--- a/docker/kernel/linuxkit/Dockerfile
+++ b/docker/kernel/linuxkit/Dockerfile
@@ -1,13 +1,13 @@
 ARG ALPINE_VERSION=3.10
 ARG KERNEL_VERSION=4.9.184
-ARG FALCO_VERSION=0.19.0
+ARG FALCO_VERSION=0.20.0

 FROM linuxkit/kernel:${KERNEL_VERSION} AS ksrc
 FROM falcosecurity/falco:${FALCO_VERSION}-minimal as falco
 FROM alpine:${ALPINE_VERSION} AS probe-build
 LABEL maintainer="opensource@sysdig.com"
 ARG KERNEL_VERSION=4.9.184
-ARG FALCO_VERSION=0.19.0
+ARG FALCO_VERSION=0.20.0
 ENV FALCO_VERSION=${FALCO_VERSION}
 ENV KERNEL_VERSION=${KERNEL_VERSION}

@@ -32,7 +32,7 @@ RUN apk add --no-cache --update \
  autoconf

 FROM alpine:${ALPINE_VERSION}
-ARG FALCO_VERSION=0.19.0
+ARG FALCO_VERSION=0.20.0
 ENV FALCO_VERSION=${FALCO_VERSION}
 COPY --from=probe-build /usr/src/falco-${FALCO_VERSION}/falco-probe.ko /
 CMD ["insmod","/falco-probe.ko"]
--- a/docker/minimal/Dockerfile
+++ b/docker/minimal/Dockerfile
@@ -2,7 +2,7 @@ FROM ubuntu:18.04 as ubuntu

 LABEL maintainer="opensource@sysdig.com"

-ARG FALCO_VERSION=0.19.0
+ARG FALCO_VERSION=0.20.0

 ENV FALCO_VERSION=${FALCO_VERSION}

--- a/integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap-slim.yaml
+++ b/integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap-slim.yaml
@@ -20,7 +20,7 @@ spec:
            privileged: true
          #env:
          #  - name: FALCOCTL_FALCO_VERSION
-          #    value: 0.19.0
+          #    value: 0.20.0
          #  - name: FALCOCTL_FALCO_PROBE_URL
          #    value:
          #  - name: FALCOCTL_FALCO_PROBE_REPO
@@ -31,7 +31,7 @@ spec:
              readOnly: true
      containers:
        - name: falco
-          image: falcosecurity/falco:0.19.0-slim
+          image: falcosecurity/falco:0.20.0-slim
          securityContext:
            privileged: true
 # Uncomment the 3 lines below to enable eBPF support for Falco.