0.27.1

New features

• Support minimal build (no kubernetes, kernel module, eBPF, or container support): -DMINIMAL_BUILD=On
• Support static linking with musl on Alpine Linux: -DMUSL_OPTIMIZED_BUILD=On

Bug fixes

• Improve startup times on systems with lots of containers [#1676]
• Fix paths reported in *at events [#1680, #1695]
• Build fixes for eBPF with recent kernel [#1690]
• Fix Lua out of memory errors with large captures in Sysdig Inspect [#1694]

0.27.0

New features

• Userspace instrumentation support (#1636); see https://github.com/falcosecurity/pdig for more information
• renameat2 support
• Add new filter for open+create/create with exec permissions (#1637)
• Add parent pid to v_procs chisel (#1640)

Bug fixes

• Assorted build fixes (#1672, #1663 and more)

0.26.7

Bug fixes

• Fixed build error with kernels too old to support ktime_get_real (#1624)
• Fixed support for Fedora 32 and GCC 10 (#1620)
• Lowered cgroup limit size for ARM(#1622)
• Fixed compile errors on Linux 5.6 due to timespec/timeval (#1621)
• Changed timeout parameter for curl_multi_wait to avoid error return with libcurl >= 7.69.0 (#1616)
• Fixed return value checks for bpf_probe_read_str() (#1612)
• Fixed compile on Windows (#1604)

0.26.6

Bug fixes

• Rewrite the probe builder (#1576)
• Build fixes for 5.4+ kernels (#1595)
• Use Debian Stable as the base container image (#1605)
• All the fixes incorporated in 0.26.5 (that didn't get artifacts released for tooling reasons)

New features

• Support for s390x and ppc64le architectures

0.26.5

Bug fixes

• Fixed segfault that happens at startup (#1475, #1528)
• Fixed memory leaks from certain thread/socket operations (#1491)
• Fixed handling of SEND_SIG_NOINFO in the eBPF driver (#1493)
• Fixed a regression in reading certain partial container events from scap files (#1513)
• Updated use of Kubernetes APIs to support v1.16 (#1521)
• Fixed rare driver deadlock that could occur during a context switch (#1522)
• Fixed EPEL repo link in the install script (#1534)
• Added more detail to probe loader error message (#1541)

0.26.4

Bug fixes

• Fixed docker builds (#1492)

Internal changes

• Prevent double-definition of ASSERT macro (#1490)

0.26.3

New Features

• Added fillers for chmod syscalls (#1472)
• Added support for reporting cpu usage per docker cpuset (#1473)

Bug fixes

• Fixed build error on older Linux kernels (#1477)
• Fixed driver build for RHEL 7.7/4.13+ w/CONFIG_VIRT_CPU_ACCOUNTING_GEN (#1471)
• Fixed cmake to look for pkg-config before building grpc (#1470)
• Fixed printing of strings (#1466)
• readv input parsing improvements (#1463)

Internal changes

• Fixed comment about scap minor version (#1476)

0.26.2

New features

• Suport Kubernetes liveness/readiness probes [#1320]

Bug fixes

• Fix kernel panic when tracing signals that use SEND_SIG_NOINFO [#1460]
• Add prebuilt probes for CoreOS on OpenShift 4
• Fix eBPF probe for ChromiumOS [#1431]
• Fix edge cases in handling clone() and prlimit() system calls [#1401, #1465]
• Stability and performance fixes

0.26.1

Bug fixes

• Changes to build the kmod with 5.1 kernels [#1413]
• Explicitly disable psl to address build failures on MAC OS [#1417]

Internal changes

• Fix handling of container metadata in "infra" events [#1418]

0.26.0

New features

• Perform docker metadata fetches asynchronously: When new containers are discovered, fetch metadata about the container asynchronously, which should significantly reduce the likelihood of dropped system call events. [#1326] [#1378] [#1374] [#1381] [#1373] [#1382] [#1388] [#1389] [#1384] [#1392] [#1396] [#1411]
• Add field to display time in ISO 8601 UTC [#1317] [#1360]
• Performance improvements of ring buffer processing [#1372]
• Support major/minor device numbers for fd events [#1315] #1383]
• Add the ability to prepend encoded log severity in the log message [#1327]
• Raise the iov limit in eBPF [#1390]
• Changes to pull user event logging out into a separate component. [#1375]
• Log a debug message when looking up an IP address of an incomplete container [#1398]
• Support cri-o container metadata caching [#1399]
• Logging API with lazy parameter evaluation [#1394]
• Support BPM container type [#1319]

Bug fixes

• Fix bug in fullcapture range check [#1386]
• Allow chisels to receive the full content of big buffers. [#1361]
• start the analyzer before forcing next for a scap file [#1366]
• Create a grpc_channel_registry for all channels [#1369]
• Modified the behavior of fullcapture port range [#1370]
• Check file before dereferencing [#1397]
• Fix build for older kernels (<3.9) [#1400]
• Added -fno-stack-protector to avoid clang errors [#1401]
• Addl loop prevention for traverse_parent_state [#1411]

Internal changes

• Add interfaces for async metrics collection [#1346]
• Use epel 7-11 (7-9 is no longer available) [#1362]
• Make some global variables related to fetching container state thread-local [#1356]
• Allow downloading prebuilt modules without SSL verification [#1358]
• add test helper to container manager. [#1365]
• Cleanup old docker images after building a new ebpf-probe-builder [#1367]
• valgrind clean for analyzer end to end test [#1387]
• flush flags change to new namespace, add code enabling easy use of sinsp_threadinfo in std::set/map [#1395]
• add friend class for unit testing [#1406]