Releases: neuvector/neuvector
Releases · neuvector/neuvector
v5.4.4-p1
chore: pin golang images This allows us to build it using BCI 15.6 images
v5.4.5 Release
What's Changed
- fix(controller): make admission control rules test endpoint accessible with read permission by @lentus in #1970
- NVSHAS-9791: read runtime dependency not dev dependency by @pohanhuangtw in #1960
- NVSHAS-9953:Resolve crash issue identified via core file analysis by @gfsuse in #1975
- NVSHAS-9952: Remove 'signature' from usage report because NV no longe… by @williamlin-suse in #1974
- NVSHAS-9958:fix implicit deny logic from host subnet by @gfsuse in #1980
- chore(deps): update github/codeql-action action to v3.28.18 by @renovate-rancher in #1977
- chore(deps): update module google.golang.org/grpc to v1.72.1 by @renovate-rancher in #1976
- chore(deps): update github.com/codeskyblue/go-sh digest to c29da58 by @renovate-rancher in #1971
- chore(deps): update module github.com/containerd/containerd/v2 to v2.1.1 by @renovate-rancher in #1982
- NVSHAS-9946: Display issue with Admission Control alert for Credentia… by @williamlin-suse in #1981
- NVSHAS-9949: [Harbor][Incorrect user/pw] It still scan images even in… by @williamlin-suse in #1984
- chore(deps): update module google.golang.org/grpc to v1.72.2 by @renovate-rancher in #1985
- NV9964: Scan fails due to its scan report size by @jayhuang-suse in #1987
- NVSHAS-9960: Scanners not working by @williamlin-suse in #1986
- chore(deps): update alpine docker tag to v3.22 by @renovate-rancher in #1993
- chore(deps): update github actions by @renovate-rancher in #1992
- chore(deps): update module github.com/vishvananda/netlink to v1.3.1 by @renovate-rancher in #1972
- NVSHAS-9969: concurrent map writes results in enforcer component restart by @williamlin-suse in #1991
- chore(deps): update module golang.org/x/sync to v0.15.0 by @renovate-rancher in #1999
- chore(deps): update dependency go to v1.24.4 by @renovate-rancher in #1997
- chore(deps): update module google.golang.org/grpc to v1.73.0 by @renovate-rancher in #2000
- chore(deps): update module golang.org/x/net to v0.41.0 by @renovate-rancher in #1998
- NVSHAS-9928:Adjust SYN flood metering parameters to better handle traffic burst and reduce false positives. by @gfsuse in #1996
- NVSHAS-9911: remove mis-leading info by @pohanhuangtw in #2002
- NVSHAS-9860: ensure that learning-related connections are always sent to the controller for network policy learning by @gfsuse in #2003
- chore(deps): update github/codeql-action action to v3.29.0 by @renovate-rancher in #2005
- NVSHAS-9883: quay.io is unable to use wildcard properly by @pohanhuangtw in #2006
- chore(deps): update module github.com/containerd/containerd/v2 to v2.1.2 by @renovate-rancher in #2007
- NVSHAS-9964: Scan fails after upgrading NeuVector to 5.4.1 due to rep… by @williamlin-suse in #2010
- chore(deps): update module github.com/urfave/cli/v2 to v2.27.7 by @renovate-rancher in #2011
- NVSHAS-9964: Scan fails after upgrading NeuVector to 5.4.1 due to rep… by @williamlin-suse in #2014
- NVSHAS-9942: Images scans for customer images are failing by @pohanhuangtw in #2016
- NVSHAS-9993: Replace md5 by sha256 by @williamlin-suse in #2015
- chore(deps): update module github.com/containerd/containerd/v2 to v2.1.3 by @renovate-rancher in #2019
- chore(dep): upgrade to BCI 15.7 by @holyspectral in #2020
- NVSHAS-9998: Cannot export group from Neuvector federated master by @williamlin-suse in #2022
- NVSHAS-9940: NV scan JFrog Subdomain mode issue by @williamlin-suse in #2021
- Update dependencies for 5.4.5 by @holyspectral in #2025
- chore: switch to obs opa by @holyspectral in #2029
- chore: fix build error by @holyspectral in #2030
- chore(deps): update github/codeql-action action to v3.29.2 by @renovate-rancher in #2026
- NVSHAS-10010: Improve SYN flood detection by considering source IP by @gfsuse in #2031
Full Changelog: v5.4.4...v5.4.5
v5.4.5 Release Candidate 2
v5.4.5-rc2 NVSHAS-10010: Improve SYN flood detection by considering source IP
v5.4.5 Release Candidate 1
v5.4.5-rc1 NVSHAS-9940: NV scan JFrog Subdomain mode issue
v5.4.4 Release
What's Changed
- NVSHAS-9876: adapt the changes of the kublet v1.32 by @jayhuang-suse in #1886
- Runtime driver: containerd has a panic condition by @jayhuang-suse in #1891
- chore(deps): update module github.com/containerd/containerd to v1.7.27 [security] by @renovate-rancher in #1892
- chore(deps): update github actions by @renovate-rancher in #1893
- fix: NVSHAS-9884 prevent half-baked agent info by @holyspectral in #1896
- NVSHAS-9828: fix false-positive asynchronous processes checkup by @jayhuang-suse in #1890
- Potential race condition by @jayhuang-suse in #1897
- NVSHAS-9884: [Node Scan][Container Scan] Scan will Fail by @williamlin-suse in #1898
- chore: update CODEOWNERS by @holyspectral in #1899
- chore(deps): update module github.com/russellhaering/goxmldsig to v1.5.0 by @renovate-rancher in #1902
- chore(deps): update github actions by @renovate-rancher in #1900
- chore(deps): update module github.com/russellhaering/gosaml2 to v0.10.0 by @renovate-rancher in #1901
- chore(deps): update module gopkg.in/ldap.v2 to v3 by @renovate-rancher in #1819
- chore(deps): update module github.com/opencontainers/runtime-spec to v1.2.1 by @renovate-rancher in #1845
- chore(deps): update module github.com/docker/docker to v28 by @renovate-rancher in #1830
- chore(deps): update module github.com/golang-jwt/jwt/v5 to v5.2.2 [security] by @renovate-rancher in #1903
- NVSHAS-8160: [Controller] Adjust some items for Security Risk Score c… by @williamlin-suse in #1904
- chore(deps): update module golang.org/x/net to v0.38.0 by @renovate-rancher in #1907
- chore(deps): update github/codeql-action action to v3.28.13 by @renovate-rancher in #1905
- chore(deps): update module github.com/docker/docker to v28.0.4+incompatible by @renovate-rancher in #1906
- NVSHAS-9902: [REST API] The score calculation for admission control r… by @williamlin-suse in #1914
- chore(deps): update module google.golang.org/grpc to v1.71.1 by @renovate-rancher in #1912
- chore(deps): update dependency go to v1.24.2 by @renovate-rancher in #1910
- chore(deps): update module github.com/mattn/go-sqlite3 to v1.14.27 by @renovate-rancher in #1911
- chore(deps): update module golang.org/x/sys to v0.32.0 by @renovate-rancher in #1918
- chore(deps): update module golang.org/x/sync to v0.13.0 by @renovate-rancher in #1917
- chore(deps): update module github.com/fsnotify/fsnotify to v1.9.0 by @renovate-rancher in #1915
- chore(deps): update module golang.org/x/oauth2 to v0.29.0 by @renovate-rancher in #1916
- chore(deps): update github/codeql-action action to v3.28.15 by @renovate-rancher in #1921
- chore(deps): update module golang.org/x/net to v0.39.0 by @renovate-rancher in #1922
- fix: update incorrect renovate schedule by @holyspectral in #1920
- NV9894: false-positive incidents on k8s's controller by @jayhuang-suse in #1923
- NVSHAS-9913: Fix goroutine panic for unknown_ip_map by @kyledong-suse in #1926
- NV9905: k8s workload scan returns image metadata by @jayhuang-suse in #1924
- NVSHAS-9783: adjust internal rate-limit number for connection report by @gfsuse in #1930
- NVSHAS-9783:always send connection report when there is violation by @gfsuse in #1931
- chore: update module github.com/containerd/containerd to v2.0.4 by @jayhuang-suse in #1927
- NV9919: Enforcer keep crashing because monitor getting killed by @jayhuang-suse in #1928
- NV9920: Neuvector components are reported in container and group page by @jayhuang-suse in #1929
- NVSHAS-9925_Fix image asset API error by @jeffhuang4704 in #1932
- NVSHAS-9927 Add a new filter option for risk page by @jeffhuang4704 in #1938
- fix: update unit-test permission by @holyspectral in #1939
- NVSHAS-9926:add match counter when policyAction is learn by @gfsuse in #1934
- NV9905: k8s workload scan by @jayhuang-suse in #1937
- NV9932: container suspicious process missing user info by @jayhuang-suse in #1941
- Update module google.golang.org/grpc to v1.72.0 by @renovate-rancher in #1950
- Update module github.com/containerd/containerd/v2 to v2.0.5 by @renovate-rancher in #1945
- Update GitHub Actions by @renovate-rancher in #1948
- Update module github.com/docker/docker to v28.1.1+incompatible by @renovate-rancher in #1949
- Update module github.com/aws/aws-sdk-go to v1.55.7 by @renovate-rancher in #1943
- Update module github.com/go-jose/go-jose/v4 to v4.0.5 [SECURITY] by @renovate-rancher in #1951
- Update github/codeql-action action to v3.28.17 by @renovate-rancher in #1952
- Update module github.com/beevik/etree to v1.5.1 by @renovate-rancher in #1944
- Update module github.com/go-ldap/ldap/v3 to v3.4.11 by @renovate-rancher in #1946
- Update module github.com/mattn/go-sqlite3 to v1.14.28 by @renovate-rancher in #1947
- NVSHAS-9917: Bump up opa to v1.4.2 by @kyledong-suse in #1953
- Update module golang.org/x/net to v0.40.0 by @renovate-rancher in #1954
- Update module golang.org/x/sys to v0.33.0 by @renovate-rancher in #1957
- fix: improve the error logging by @pohanhuangtw in #1958
- chore(deps): update dependency go to v1.24.3 by @renovate-rancher in #1959
- chore(deps): update module golang.org/x/oauth2 to v0.30.0 by @renovate-rancher in #1955
- chore(deps): update module github.com/containerd/containerd/v2 to v2.1.0 by @renovate-rancher in #1963
- chore(deps): update actions/setup-go action to v5.5.0 by @renovate-rancher in #1961
- docs: fix api docs for the admission control rules test endpoint by @lentus in #1968
Full Changelog: v5.4.3...v5.4.4
v5.4.4 Release Candidate 2
v5.4.4-rc2 docs: fix api docs for the admission control rules test endpoint
v5.4.4 Release Candidate 1
v5.4.4-rc1 NVSHAS-9927 Add a new filter option for risk page
v5.4.3 Release
What's Changed
- NVSHAS-9669: Overall security score through REST API by @williamlin-suse in #1687
- NVSHAS-9700/NVSHAS-9699 Retool logic for parseDotNetPackage by @Acmarr in #1689
- NVSHAS-7982:support federated DLP/WAF sensor by @gfsuse in #1682
- NVSHAS-9653: learning wrong process rules by @jayhuang-suse in #1693
- [NVSHAS-9681] Scanner Registration Timeout Issue: Increased database slots from 256 to 512. by @pohanhuangtw in #1694
- [NVSHAS-9681] Scanner Registration Timeout Issue: Increased database slots from 256 to 512. by @pohanhuangtw in #1695
- [NVSHAS-9707] Bump up crypto version to 0.31 by @pohanhuangtw in #1698
- fix: NVSHAS-9705 disable consul gRPC server by @holyspectral in #1697
- update default CODEOWNERS by @holyspectral in #1705
- feat: NVSHAS-9490 support controller SLSA L3 by @holyspectral in #1692
- NVSHAS-9710: Add feed rating in Risk Page by @jeffhuang4704 in #1708
- fix: NVSHAS-9705 disable consul gRPC server by @holyspectral in #1701
- NVSHAS-9696: Inconsistent colour indication of assets on risk page by @jeffhuang4704 in #1709
- NVSHAS-9649: Container link produces 404 response code in security event by @jeffhuang4704 in #1711
- NVSHAS-9216:redistribute network policy when host id is changed by @gfsuse in #1715
- NVSHAS-9726: add scanner proxy url flag to monitor fork exec by @alopez-suse in #1719
- Revert "NVSHAS-9726: add scanner proxy url flag to monitor fork exec" by @jayhuang-suse in #1723
- chore: bump x/net to 0.33.0 by @holyspectral in #1720
- [NVSHAS-9507] Fix jfrog url parsing bug by @pohanhuangtw in #1724
- NVSHAS-9740: Dashboard: Improve your score produces 405 error by @williamlin-suse in #1731
- NVSHAS-9751: add not-listed family process rule alert by @jayhuang-suse in #1734
- NVSHAS-9752: replace md5 keys by sha256 by @jayhuang-suse in #1733
- NVSHAS-9247 / 9326 / 9441 - Only scan cached images in harbor proxy cache projects by @angelkestin in #1736
- Update consul version to 1.16.4p1 by @kyledong-suse in #1727
- NVSHAS-9755: Request to Display Environment Variable Names Alongside … by @williamlin-suse in #1740
- NVSHAS-9756: disable file monitor by @jayhuang-suse in #1743
- NVSHAS-9763 Use upstream grpc by @holyspectral in #1742
- fix: allow ut to run with ubuntu-latest runner by @holyspectral in #1744
- NVSHAS-9248: record network policy with match counters and last matched timestamp by @gfsuse in #1745
- NVSHAS-4717: Using the name referral for common group in CRD export by @williamlin-suse in #1751
- NVSHAS-9854: Remove unmaintained tar.go from NV by @kyledong-suse in #1752
- NVSHAS-9584: Add extraction related functions by @kyledong-suse in #1754
- NVSHAS-9753: Prevent Rancher user disable Authentication of OpenShift… by @williamlin-suse in #1753
- NVSHAS-9777: Webhook JSON with duplicated 'level' keys by @williamlin-suse in #1756
- adjust license information by @jeffhuang4704 in #1755
- NVSHAS-9772: Memory mgt with golang API: slices.Clone() by @jayhuang-suse in #1749
- NVSHAS-9584: Use customized file size limit for extraction functions by @kyledong-suse in #1758
- NVSHAS-9759: Add timestamp in /v1/system/score/metrics by @kyledong-suse in #1760
- NVSHAS-9759: Add timestamp in RESTConversationReportEntry by @kyledong-suse in #1763
- NVSHAS-9325: NV Protect harden improvement by @jayhuang-suse in #1759
- fix: remove nstools by @holyspectral in #1732
- NVSHAS-9756: File Monitor Performance Optimization by @jayhuang-suse in #1764
- NVSHAS-9729 Incorrect count of CVE in StatefulSet resources by @jeffhuang4704 in #1765
- Add initial Renovate configuration by @renovate-rancher in #1769
- chore(deps): update github.com/neuvector/k8s digest to 43bcf20 by @renovate-rancher in #1770
- chore(deps): update k8s.io/utils digest to 24370be by @renovate-rancher in #1771
- Bump up coreos/clair v2.1.0 to quay/clair v2.1.8 by @kyledong-suse in #1773
- NVSHAS-9325 follow-up: misc fix by @jayhuang-suse in #1772
- chore(deps): update module github.com/mattn/go-sqlite3 to v1.14.24 by @renovate-rancher in #1775
- chore(deps): update module github.com/urfave/cli/v2 to v2.27.5 by @renovate-rancher in #1776
- chore(deps): update module github.com/vishvananda/netns to v0.0.5 by @renovate-rancher in #1777
- chore(deps): update module github.com/fsnotify/fsnotify to v1.8.0 by @renovate-rancher in #1783
- [NVSHAS-9784] NV returning 404 during Jfrog image repository scanning by @pohanhuangtw in #1762
- chore: update apline version for docker bench by @pohanhuangtw in #1785
- chore: update CODEOWNERS to skip files under root by @holyspectral in #1784
- chore(deps): update module github.com/jonboulle/clockwork to v0.5.0 by @renovate-rancher in #1788
- chore(deps): update module github.com/opencontainers/runtime-spec to v1.2.0 by @renovate-rancher in #1789
- chore(deps): update module github.com/aws/aws-sdk-go to v1.55.6 by @renovate-rancher in #1781
- chore(deps): update module golang.org/x/net to v0.34.0 by @renovate-rancher in #1795
- chore(deps): update module github.com/stretchr/testify to v1.10.0 by @renovate-rancher in #1793
- chore: cleanup not used file by @holyspectral in #1791
- chore(deps): update module github.com/beevik/etree to v1.5.0 by @renovate-rancher in #1782
- chore(deps): update module github.com/containerd/containerd to v1.7.25 by @renovate-rancher in #1774
- chore(deps): update module github.com/vishvananda/netlink to v1.3.0 by @renovate-rancher in #1794
- chore(deps): update module github.com/hashicorp/go-version to v1.7.0 by @renovate-rancher in #1786
- chore(deps): update module golang.org/x/sys to v0.30.0 by @renovate-rancher in #1803
- chore(deps): update module golang.org/x/sync to v0.11.0 by @renovate-rancher in #1802
- chore(deps): update module github.com/pquerna/cachecontrol to v0.2.0 by @renovate-rancher in #1792
- chore(deps): update module github.com/alitto/pond to v1.9.2 by @renovate-rancher in #1780
- chore(deps): update module golang.org/x/oauth2 to v0.26.0 by @renovate-rancher in #1801
- NVSHAS-9783:fix issue reported by coredump file by @gfsuse in #1808
- chore(deps): update module github.com/cenkalti/rpc2 to v1 by @renovate-rancher in #1811
- Nvshas 9326 - Handle paginated repository lists from harbor api by @alopez-suse in #1761
- [NVSHAS-9668] Support cis benchmark in RKE2 env by @pohanhuangtw in #1813
- chore(deps): update module golang.org/x/net to v0.35.0 by @renovate-rancher in #1820
- chore(deps): update registry.suse.com/bci/golang docker tag to v1.23 by @renovate-rancher in #1807
- chore: pin golang version used in lint by @holyspectral in #1822
- NVSHAS-9810: dispatcher's caller should not hold cacher's mutex. by ...
v5.4.3 Release Candidate 3
Revert "NVSHAS-9828: improvement for short-lived pods" This reverts commit 1291769fb9d2ab781b92864bc8c3595ddc6016eb.
v5.4.3 Release Candidate 2
fix: incorrect version format In 5.4.2, the version format in golang space missed a v prefix. This commit fixed the issue.