You are viewing documentation for Falco version: v0.36.2

Falco v0.36.2 documentation is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest version.

Featured Image for Falco 0.31.1
Luca Guerra

Falco 0.31.1

Today we announce the release of Falco 0.31.1 ๐Ÿฆ…!

Novelties ๐Ÿ†•

Let's review some of the highlights of the new release.

New features

This release allows you to use multiple --cri command-line options (#1893) to specify multiple CRI socket paths. Note that Falco will only connect to the first one in order that successfully connects!

Speaking of command-line options, various changes are happening under the hood to improve the online help and to make it easier for contributors to add and modify options (#1886 #1903 #1915).

The update to the drivers version b7eb0dd brings in many improvements including proper detection of execveat, bugfixes for podman and support for the clone3 and copy_file_range system calls. In addition, the necessary extra arguments to entry system calls have been added to improve security of Falco event parsing as described below.

Security Content ๐Ÿ”’

Falco is now more resilient to TOCTOU type attacks that could lead to rule bypass (CVE-2022-26316). For more information, read the security advisory. Thanks to Xiaofei 'Rex' Guo and Junyuan Zeng for reporting this issue!

Default rules update

This release also includes modifications to the default ruleset, including a brand new rule to detect CVE-2021-4034 (Polkit Local Privilege Escalation) and false positive fixes (#1825, #1832)!


Try it!

As usual, in case you just want to try out the stable Falco 0.31.1, you can install its packages following the process outlined in the docs:

Do you rather prefer using the container images? No problem at all! ๐Ÿณ

You can read more about running Falco with Docker in the docs.

You can also find the Falcosecurity container images on the public AWS ECR gallery:

What's next ๐Ÿ”ฎ

Falco 0.32.0 is anticipated to be released in May 2022!

As usual, the final release date will be discussed during the Falco Community Calls.

Let's meet ๐Ÿค

As always, we meet every week in our community calls, if you want to know the latest and the greatest you should join us there!

If you have any questions

Thanks to all the amazing contributors!

Enjoy! ๐ŸŽ‰๐Ÿ”’

Luca