ROX-7230: You can now use deployment and namespace annotations to define where Red Hat Advanced Cluster Security for Kubernetes sends violation notifications when configuring your notifiers. Notifications can be sent to Slack, Microsoft Teams, Email, and others.
ROX-7534: With the Red Hat Advanced Cluster Security for Kubernetes Operator, you can now configure the enforcement behavior of the admission controller as part of the custom resource setting.
ROX-7561: Red Hat Advanced Cluster Security for Kubernetes now supports kernel modules for Ubuntu 16.04 LTS with extended security maintenance (ESM).
ROX-6326: Previously, users with a large number of namespaces would receive
sporadic 504 gateway errors when sending requests to the
/v1/namespaces/ endpoint. Red Hat Advanced Cluster Security for Kubernetes includes the updated endpoint, which supports pagination to fix this issue.
Release date: August 26, 2021
ROX-7850: Due to a bug in the previous RHACS Operator image, configuring the proxy support in the Operator Lifecycle Manager would incorrectly send internal traffic through the proxy. The bug caused internal communication failure, and the RHACS services would fail to start. The updated image uses the fully qualified domain names for RHACS services to fix this issue.
ROX-7872: The updated Operator image sets the memory limit to 1 GiB and memory requests to 200 MiB to address out-of-memory issues when using the RHACS Operator at scale.
Release date: September 22, 2021
ROX-8008: Previously, you could not use URN-based IdP Issuers while configuring SAML identity providers. This has been fixed.
ROX-8033: Due to how Red Hat Advanced Cluster Security for Kubernetes previously addressed its internal service endpoints, OpenShift clusters with enabled proxy failed to download the correct kernel probes.
ROX-8034: Previously, if you were using backported 5.11 kernels for Ubuntu 20.04, the Collector sometimes failed on upgrade due to a change in the Ubuntu kernel build.
ROX-6258: Red Hat Advanced Cluster Security for Kubernetes now prefixes the optional security context constraint name with
stackrox to avoid global naming conflicts.
ROX-7318: Previously, violations for
port forwards and
exec events did not contain information about the user who performed the action that generated the events. The violations now include the user context.
ROX-7449: Cluster init bundles contain the secrets required for internal Red Hat Advanced Cluster Security for Kubernetes services to communicate with each other. You can rotate secrets by deleting these, but doing so can cause outages. Red Hat Advanced Cluster Security for Kubernetes now includes an updated deletion workflow that gives a warning about the possible impact of deletion on the environment.
ROX-7684: The OpenShift Compliance Operator uses RPM only for querying, and it does not install any packages. Red Hat Advanced Cluster Security for Kubernetes includes a policy exception for this pod by default to reduce the violations count.
Includes Central, Sensor, Admission Controller, and Compliance.
Scans images and nodes.
Stores image scan results and vulnerability definitions.
Collects runtime activity in Kubernetes or OpenShift Container Platform clusters.