RATATOSKRATATOSK
ログイン

リリース

CNCF graduated・incubatingプロジェクトのリリースノートのAI分析。

プロジェクト: Falco解除 ×

Falco

Security2026年6月11日

Falco 0.44.1 adds BPF iterator control and fixes multiple BPF-related issues via a libs bump. Minimal release focused on stability for deployments using kernel-level tracing.

  • breakingUpdate libs and kernel driver together

    This release bumps libs to 0.25.4 and driver to 10.2.0+driver. If you pin kernel driver versions separately from Falco, ensure you update both in the same maintenance window. Mismatched versions can cause syscall capture failures or silent data loss.

  • enhancementControl BPF iterator behavior if you hit performance or compatibility issues

    Falco 0.44.1 introduces a config option to disable BPF iterators. If you run Falco on kernels with problematic BPF iterator implementations or see high CPU usage tied to iterator overhead, test disabling them. Check your Falco logs and metrics after upgrading to confirm the fix resolves any BPF-related instability you were seeing in 0.44.0.

主な変更 (3)
  • Add disabling option for BPF iterators in userspace Falco configuration
  • Bump libs to 0.25.4 and driver to 10.2.0+driver to resolve BPF iterator bugs
  • Support for both x86_64 and aarch64 packages across rpm, deb, and tgz formats
原文

Falco

Security2026年5月26日

Falco 0.44.0 drops three long-deprecated features (gRPC output, gVisor engine, legacy BPF probe) and adds expressive rule engine improvements. Deployments using any of these must migrate before upgrading.

  • securityfalco-webui restricted to local access — check external tooling

    The falco-webui Docker service now restricts access to localhost only. If you had it exposed on a broader interface, that changes on upgrade. This is a net positive for most deployments, but verify any tooling or dashboards that reached the webui over the network still work after the upgrade.

  • breakingThree features dropped — check your config before upgrading

    Three major removals land in this release: gRPC output/server, gVisor engine, and the legacy BPF probe. If you rely on gRPC-based output consumers, you need an alternative output path (e.g., JSON over HTTP, or a sidecar) before upgrading. gVisor users must switch to a supported engine. Legacy BPF users should move to the modern eBPF probe. Audit your current config for any of these before touching 0.44.0 in production.

  • enhancementRicher rule syntax — review custom rules for validation errors

    The rule engine now supports oneof/allof/anyof string comparator modifiers, and rules can use list transformer exceptions. These let you write tighter, more expressive detection rules without duplicating conditions. If you maintain custom rules, review whether these can replace existing workarounds. Also, Falco now validates unknown keys in rules — so rule files with typos or unsupported fields will produce warnings or errors instead of silently being ignored.

主な変更 (7)
  • gRPC output/server support removed — migrate output consumers before upgrading
  • gVisor engine support removed — move to a supported engine if applicable
  • Legacy BPF probe removed — switch to modern eBPF probe
  • New string comparator modifiers (oneof/allof/anyof) in the rule engine
  • Unknown-key validation in rules: malformed rules now surface errors
  • falco-webui Docker service restricted to localhost access only
  • capture_events and capture_filesize stop conditions added for capture files
原文

Falco

Security2026年4月9日

Falco 0.43.1 is a minimal patch release bumping libs to 0.23.2 and the container plugin to 0.6.4. No functional changes, no bug fixes — purely a dependency update.

  • enhancementUpdate if you care about container plugin fixes in 0.6.4

    This release exists primarily to ship the container plugin 0.6.4 update alongside libs 0.23.2. If your environment relies on container metadata enrichment in Falco rules, check the container plugin 0.6.4 changelog for fixes that may affect your alerting fidelity. Otherwise, upgrading from 0.43.0 is low risk and low urgency — treat it as a routine dependency bump.

主な変更 (4)
  • libs bumped from previous version to 0.23.2
  • container plugin bumped to 0.6.4
  • driver remains at 9.1.0+driver
  • single merged PR, all user-facing
原文