v0.21.0

Released on 2025-05-19

Breaking Changes ⚠️

• new(userspace/libsinsp)!: use timestamper in usergroup mgr [#2368] - @ekoops
• feat(userspace/libsinsp)!: remove sinsp::add_thread() [#2391] - @ekoops
• feat(userspace/libsinsp)!: remove sinsp::remove_thread() [#2391] - @ekoops
• feat(userspace/libsinsp)!: avoid arg copy in sinsp::set_thread_pool [#2392] - @ekoops
• feat(userspace/libsinsp)!: constify set_track_connection_status() [#2392] - @ekoops
• feat(userspace/libsinsp)!: drop syslog support [#2393] - @ekoops
• feat(userspace/libsinsp)!: remove unused sinsp_dumper::m_inspector [#2385] - @ekoops
• feat(userspace/libsinsp)!: drop unused sinsp_dumper APIs [#2383] - @ekoops
• feat(userspace/libsinsp)!: use refs in sinsp_parser's public APIs [#2380] - @ekoops
• feat(userspace/libsinsp)!: introduce parser verdict [#2374] - @ekoops
• feat(userspace/libsinsp)!: isolate sinsp_thread_manager from sinsp [#2371] - @ekoops
• feat(userspace/libsinsp)!: remove unused sinsp_evt::clone_event() [#2377] - @ekoops
• feat(userspace/libsinsp)!: use timestamper in thread mgr [#2366] - @ekoops
• feat(userspace/libsinsp)!: remove unused sinsp public APIs [#2369] - @ekoops
• feat(userspace/libsinsp)!: make sinsp_parser::erase_fd() private [#2364] - @ekoops
• feat(userspace/libsinsp)!: remove dependency on parser from thread mgr [#2359] - @ekoops
• feat(userspace/libsinsp)!: remove unused m_ts from erase_fd_params [#2361] - @ekoops
• feat(userspace/libsinsp)!: avoid string copy in get_field_accessor() [#2355] - @ekoops
• feat(userspace/libsinsp)!: isolate immutable sinsp_threadinfo deps [#2335] - @ekoops
• feat(userspace/libsinsp)!: isolate mutable sinsp_threadinfo deps [#2335] - @ekoops
• feat(userspace/libsinsp)!: remove unused sinsp public APIs [#2335] - @ekoops
• feat(userspace/libsinsp)!: extract thread mgr accessors/tables logics [#2356] - @ekoops
• feat(libsinsp/userspace)!: reduce fdtable's params resources waste [#2352] - @ekoops
• feat(userspace/libsinsp)!: pass notify into set_user signature [#2347] - @ekoops
• feat(userspace/libsisnp)!: pass notify into set_group signature [#2347] - @ekoops
• feat(userspace/libsinsp)!: move server ports accounting in thread mgr [#2351] - @ekoops
• feat(userspace/libsinsp)!: pass ipv4 server ports as func parameter [#2350] - @ekoops
• BREAKING CHANGE: update *_to_string signatures [#2349] - @ekoops
• feat(userspace/libsinsp)!: move large_envs_enabled into signature [#2345] - @ekoops
• feat(libsinsp)!: move fd filtering logic out of add_fd_from_scap [#2342] - @ekoops
• feat(userspace/libsinsp)!: move host and port res flag into signature [#2344] - @ekoops
• feat(userspace/libsinsp)!: make sinsp::m_table_registry private [#2340] - @ekoops
• feat(userspace/libsinsp)!: remove sinsp::build_threadinfo() [#2319] - @ekoops
• feat(userspace/libsinsp)!: remove sinsp::build_fdinfo() [#2311] - @ekoops
• feat(userspace/libsinsp)!: unexpose sinsp's m_input_plugin* [#2316] - @ekoops
• update(userspace/libsinsp,test,build)!: drop container manager [#2207] - @FedeDP
• update(build)!: drop MINIMAL_BUILD [#2207] - @FedeDP

Major Changes

• new(libsinsp): introduce proc.aargs field [#2387] - @incertum
• new: new API to access tables from C++ code [#2193] - @gnosek

Minor Changes

• update(libsinsp): support indexed proc.args access [#2382] - @incertum
• chore(userspace/libsinsp): properly escape = characters in condition expressions when printing the condition as a string. [#2324] - @mstemm

Bug Fixes

• fix(libsinsp/filter): support syscall.type in event code search [#2331] - @jasondellaluce
• fix(userspace/libsinsp): allow plugin filterchecks args to be both index or key [#2280] - @FedeDP
• fix(userspace/libsinsp): do not immediately process async events whose timestamp is in the future in case a SCAP_TIMEOUT is received [#2250] - @FedeDP

Non user-facing changes

• update(cmake): bump container plugin to 0.2.3. [#2409] - @FedeDP
• fix(userspace/libscap): avoid a possible read past end of buffer. [#2401] - @FedeDP
• refactor(userspace/libsinsp): cleanup sinsp_parser::reset() [#2384] - @ekoops
• fix(test/e2e): rewrite assert_events to avoid ending too soon sinsp-example log matching [#2395] - @FedeDP
• update(cmake): bumped container plugin to 0.2.2. [#2394] - @FedeDP
• fix(ci): download custom container plugin from workflow. [#2390] - @FedeDP
• fix(test/e2e): properly flush remaining queue once sinsp process leaves. [#2388] - @FedeDP
• fix(userspace/libpman): fix modern bpf engine hot-reload. [#2389] - @FedeDP
• new(ci): run e2e tests with podman socket too. [#2386] - @FedeDP
• fix(userspace/libsinsp): avoid bogus error in process_recvmsg_ancilla… [#2381] - @FedeDP
• update(cmake): updated container plugin to 0.2.1. [#2379] - @FedeDP
• chore(deps): Bump the actions group with 2 updates [#2376] - @dependabot[bot]
• fix(ci): fixed drivers_ci fedora container usage. [#2370] - @FedeDP
• ci: remove duplicate clang line in e2e_ci.yml [#2378] - @ekoops
• feat(userspace/libsinsp): use factory in evt proc's build_fdinfo() [[#2373](https://github.com/falcosecurity/libs/pull...

Driver Testing Matrix amd64

Driver Testing Matrix arm64

v8.1.0+driver

Released on 2025-05-19

Major Changes

• new(driver/modern_bpf,userspace/libpman): support multiple programs for each event [#2255] - @FedeDP

Minor Changes

• cleanup(modern_bpf): r/w ro ebpf maps best practices [#2399] - @LucaGuerra

Bug Fixes

• fix(driver): fix driver and bpf makefile for linux 6.13. [#2329] - @FedeDP
• fix(driver/bpf): fixed small verifier bug in old bpf probe. [#2281] - @FedeDP
• fix(driver): avoid kmod crash when a CPU gets enabled at runtime [#2252] - @FedeDP

Non user-facing changes

• chore(driver/modern_bpf): limit bpf_loop helper to 16 iterations. [#2397] - @FedeDP
• update(driver): update syscalls tables and driver report. [#2367] - @github-actions[bot]
• new(driver): add sanity check for kmod and ebpf configure systems [#2283] - @iurly
• fix(bpf): add tail call to sendmmsg filler [#2267] - @therealbobo
• fix(driver): use configure system to check for mnt_idmap for fs [#2247] - @deepskyblue86

Statistics

Release Manager @FedeDP

Driver Testing Matrix amd64

Driver Testing Matrix arm64

v8.0.0+driver

Released on 2025-01-20

Major Changes

• feat(drivers): add gid field for exec* family [#2161] - @ekoops
• new(drivers): add pgid field [#2077] - @Andreagit97

Bug Fixes

• fix(driver/bpf): fix sys_poll_x verifier bug on fedora 40 [#2095] - @albe19029

Non user-facing changes

• fix(driver): take the unix path directly from the kernel [#2215] - @Andreagit97
• fix(modern): move args declaration at the beginning [#2220] - @Andreagit97
• fix(driver): include jiffies.h to prevent warning about missing prototype [#2143] - @hhoffstaette
• fix(driver/bpf): fixed a typo in old ebpf probe code for linux >= 6.11. [#2114] - @FedeDP
• chore(driver/bpf): properly include sched.h in types.h since it uses TASK_COMM_LEN [#2087] - @FedeDP
• fix(schema): make OPENAT2_E DIRFD_PARAM point to the right param [#2084] - @gnosek

Statistics

Release Manager @FedeDP

v0.20.0

Released on 2025-01-20

Breaking Changes ⚠️

• fix(libsinsp)!: make proc.p* (proc.pname...) behave like proc.a*[1] (proc.aname...) [#2230] - @LucaGuerra
• cleanup(userspace/libsinsp)!: drop m_program_hash and m_program_hash_scripts from threadinfo [#2222] - @FedeDP

Major Changes

• new(driver): add arguments for sendmmsg and recvmmsg syscalls [#2027] - @Molter73
• new(userspace/libsinsp): proper containerd engine support [#2195] - @therealbobo
• new(userspace): plugin api to dump async events [#2152] - @FedeDP

Minor Changes

• chore(libsinsp_e2e): add unix_udp_client_server_read test [#2231] - @therealbobo
• cleanup(userspace/libsinsp): call sinsp_observer methods after an event has been processed by all parsers [#2222] - @FedeDP
• update(elftoolchain/libelf): update to r4073-0 [#2226] - @LucaGuerra
• update(userspace/libsinsp): sinsp_container_manager can now handle multiple CRI engines simultaneously [#2141] - @leogr

Bug Fixes

• fix(driver): properly add back fallback to user data when peer socket data is missing [#2231] - @therealbobo
• fix(driver/modern_bpf): lower sendmmsg and recvmmsg loop support to 8 to avoid limit size failures [#2231] - @therealbobo
• fix(driver): add a check on the SCHEMA version compatibility [#2228] - @Andreagit97
• fix(libsinsp): do not reformat input buffer strings while applying arg filters [#2214] - @LucaGuerra
• fix(libsinsp): enable metrics collector on all platforms [#1870] - @mrgian
• fix(userspace/libsinsp): use comm file instead of status to get proc comm [#2197] - @FedeDP

Non user-facing changes

• fix(libsinsp/runc): typo [#2244] - @therealbobo
• fix(libsinsp/runc): augument containerd filter [#2242] - @therealbobo
• fix(libsinsp): allow reading scap from stdin [#2241] - @therealbobo
• cleanup(ci): use github-provided arm runners [#2236] - @FedeDP
• docs(userspace/libsinsp/filter/parser): fix grammar doc [#2239] - @leogr
• chore(libsinsp/runc): report correct container id with short cid [#2238] - @therealbobo
• docs(userspace/libsinsp/filter/parser): update grammar doc [#2237] - @leogr
• fix(libsinsp/runc): use old logic and fallback for containerd [#2235] - @therealbobo
• fix(test/libsinsp_e2e): fixed tcp related libsinsp_e2e tests. [#2234] - @FedeDP
• refactor(libsinp): refactor filter transformers to use interfaces [#2224] - @therealbobo
• fix(userspace/libsinsp): keep event thread after execve [#2212] - @erthalion
• cleanup: avoid including libscap/strl.h in connect_x [#2225] - @Andreagit97
• new: make ACCEPT_{E,X} and ACCEPT_5_E converter-managed [#2211] - @ekoops
• fix: dangling pointer and mixed-signedness warning [#2223] - @federico-sysdig
• update(driver): update syscalls tables and driver report. [#2219] - @github-actions[bot]
• chore(ci): bump zig version. [#2218] - @FedeDP
• cleanup(libsinsp): remove assert that may trigger under normal circumstances [#2213] - @LucaGuerra
• fix(ci): run apt-get update in coverage ci. [#2209] - @FedeDP
• new: extend LISTEN_X [#2208] - @ekoops
• new(driver): update exit events PPME_SOCKET_SOCKET_X with enter params [#2206] - @Andreagit97
• new(driver): update exit events PPME_SOCKET_BIND_X with enter params [#2205] - @ekoops
• chore(userspace/libsinsp): move user group manager on container_id changed refresh to a RAII object [#2194] - @FedeDP
• fix: send enter events also with scap files not only in live captures [#2202] - @Andreagit97
• feat(sinsp/threadinfo): expose thread uid and gid as static fields [#2196] - @ekoops
• chore(deps): Bump the actions group with 2 updates [#2204] - @dependabot[bot]
• chore(ci): fix shared-libs and emscripten CI [#2203] - @Andreagit97
• cleanup(build): move NOMINMAX definition at compile time for windows builds [#2199] - @FedeDP
• fix: some issues with Clang 18 [#2201] - @federico-sysdig
• new(libs): replace elfutils/libelf with elftoolchain/libelf (but with fork this time) [#2175] - @LucaGuerra
• chore: update pre-commit stages [#2169] - @Andreagit97
• chore(deps): Bump the actions group with 2 updates [#2189] - @dependabot[bot]
• cleanup(userspace/libsinsp): drop sinsp m_suppressed_comms unused field [#2191] - @FedeDP
• fix(userspace/libsinsp): always initialize sinsp_evt with a proper source_idx and source_name [#2190] - @FedeDP
• chore: fix windows build [#2188] - @Andreagit97
• cleanup: remove some extra code [#2186] - @Andreagit97
• new(driver): update exit events PPME_SYSCALL_READ_X and PPME_SYSCALL_PREAD_X with enter params [#2176] - @Andreagit97
• new(sinsp-example): add gvisor support [#2185] - @Andreagit97
• update(libsinsp/filter): parse wider whitespace combinations in filter expressions [#2183] - @jasondellaluce
• update(tests): fix emscripten build [#2184] - @Andreagit97
• fix(userspace/libsinsp): let plugins parse events before eventually filtering them out through inspector global filter [#2182] - @FedeDP
• new(userspace/libsinsp): support plugins in sinsp-example. [#2179] - @FedeDP
• new(tests): introduce a new test helper [#2181] - @Andreagit97
• cleanup(sinsp): remove some duplicated code [...

v0.19.0

Released on 2024-11-25

Major Changes

• new(userspace/libsinsp): expose get_owner_last_error in plugin's capture listening capability [#2147] - @FedeDP
• new(libsinsp): add len() filter transformer [#2131] - @LucaGuerra
• new(userspace/libsinsp): expose threadinfo cgroups in plugins table api [#2107] - @FedeDP
• new(userspace): added new addOutput json entry for plugin get_field() API [#2116] - @FedeDP
• new: add container.host_pid container.host_network and container.host_ipc fields [#2047] - @loresuso
• new(libsinsp): print LIST() in markdown format for list fields [#2091] - @LucaGuerra

Bug Fixes

• fix(userspace/libsinsp): multiple fixes related to rawargs. [#2130] - @FedeDP
• fix(build): pkgconfig files should be now generated properly even in static library builds [#2005] - @gnosek
• fix(build): scap_engine_gvisor is now a separate shared library [#2005] - @gnosek

Non user-facing changes

• cleanup(sinsp): handle path too long in a better way [#2160] - @Andreagit97
• update(libsinsp): introduce a description to sinsp_filter_transformer [#2170] - @loresuso
• cleanup(sinsp): remove some duplicated code [#2156] - @Andreagit97
• chore(libsinsp): reduce max proc lookup number log severity [#2166] - @deepskyblue86
• fix(libsinsp): max proc lookup number logging [#2164] - @deepskyblue86
• ci: disable a flaky test [#2154] - @Andreagit97
• cleanup(sinsp): create new methods to handle syscall return values [#2139] - @Andreagit97
• fix(deps): bump tbb and enable its compilation with emscripten [#2149] - @therealbobo
• cleanup: simplify some extract logic in sinsp_filtercheck_fd.cpp [#2137] - @Andreagit97
• chore(libsinsp): avoid useless allocation [#2148] - @therealbobo
• update(sinsp): handle (deleted) in userspace [#2151] - @Andreagit97
• chore(e2e): fix e2e build without bundled deps [#2136] - @Andreagit97
• chore: cleanup CMake dependencies [#2146] - @federico-sysdig
• cleanup(tests): add some exceptions in sinsp test framework [#2140] - @Andreagit97
• chore(deps): Bump softprops/action-gh-release from 1 to 2 [#2105] - @dependabot[bot]
• cleanup: improve perf populate_cmdline [#2138] - @Andreagit97
• fix(libsinsp): invalid field_info check [#2135] - @mrgian
• chore(deps): Bump the actions group with 3 updates [#2134] - @dependabot[bot]
• update(ci): use cncf provided runners for arm64 [#2064] - @FedeDP
• fix(libsinsp): use correct regex for hex numbers [#2132] - @therealbobo
• fix(ci): use local zig folder instead of /usr/local. [#2129] - @FedeDP
• chore(ci): bump zig version and improve install-zig action. [#2126] - @FedeDP
• chore(deps): Bump uraimo/run-on-arch-action from 2.7.2 to 2.8.1 in the actions group [#2124] - @dependabot[bot]
• fix(ci): create-comment workflows array length check. [#2125] - @FedeDP
• fix(ci): use process.exit(); to leave node script in github/action-script [#2123] - @FedeDP
• fix(ci): avoid create comment workflows failing when required worfklows did not run [#2121] - @FedeDP
• fix(ci): fixed latest-kernel CI usage of steps/jobs outputs. [#2120] - @FedeDP
• fix(userspace/libsinsp): stringop-overflow on libvirt_lxc [#2115] - @deepskyblue86
• fix(userspace/libsinsp): disable HTTP proxy for CRI connection [#2113] - @wigol
• chore(deps): Bump the actions group with 2 updates [#2111] - @dependabot[bot]
• fix(userspace/libscap): scap-gvisor does need to depend upon jsoncpp. [#2112] - @FedeDP
• fix(ci): fix build-scap-open-w-extern-bpf-skeleton job [#2109] - @FedeDP
• fix(ci): fix kernel testing action by using proper tag name. [#2108] - @FedeDP
• chore(deps): Bump actions/checkout from 3.6.0 to 4.2.1 [#2106] - @dependabot[bot]
• chore(deps): Bump actions/upload-artifact from 3.1.3 to 4.4.2 [#2098] - @dependabot[bot]
• chore(deps): Bump actions/deploy-pages from 2.0.4 to 4.0.5 [#2104] - @dependabot[bot]
• chore(deps): Bump peter-evans/create-pull-request from 5.0.2 to 7.0.5 [#2103] - @dependabot[bot]
• chore(deps): Bump actions/upload-pages-artifact from 2.0.0 to 3.0.1 [#2102] - @dependabot[bot]
• chore(deps): Bump actions/setup-python from 4.7.1 to 5.2.0 [#2101] - @dependabot[bot]
• chore(deps): Bump dorny/paths-filter from 2.11.1 to 3.0.2 [#2100] - @dependabot[bot]
• chore(deps): Bump codecov/codecov-action from 79066c46f8dcdf8d7355f820dbac958c5b4cb9d3 to e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 [#2099] - @dependabot[bot]
• chore(deps): Bump the actions group with 5 updates [#2097] - @dependabot[bot]
• fix(tests): flaky thread pool tests [#2071] - @mrgian
• chore(ci): update ci actions and add dependabot [#2096] - @cpanato
• cleanup: remove some commits from the blame [#2093] - @Andreagit97
• feat(tests): new e2e tests [8/8] [#1958] - @therealbobo
• fix(test/libsinsp_e2e): fixed libsinsp_e2e tests for more stability [#2085] - @FedeDP
• fix(userspace/libscap): fix build without USE_ZLIB macro. [#2089] - @FedeDP
• chore(ci): show diff on failed format [#2090] - @Molter73
• fix(userspace/libsinsp): av...

v0.18.2

Released on 2024-11-20

Non user-facing changes

• fix(modern): check cred field is not NULL before the access [#2119] - @Andreagit97
• fix(modern_ebpf): address verifier issues on kernel versions >=6.11.4 [#2150] - @Andreagit97

Statistics

Release Manager @FedeDP