Releases: CheckPointSW/charts
2.20.0: RP File Reputation on GKE COS; fluentbit removal; misc.
Image Assurance | 2.21.0
- improvements for slow networks and large images
RuntimeProtection | runtime-daemon 1.6.2, runtime-probe 0.30.2-cp-3, runtime-cos-compat 0.0.9
- Google COS support in File Reputation engine
- Security enhancements
- FluentBit container removal from runtime-daemon Pod
- Profiling engine improvements - better detection of startup event
All features
- FluentBit removal
Full Changelog: 2.19.1...2.20.0
2.20.0 ea: RP File Reputation on GKE COS; fluentbit removal; misc
Image Assurance | 2.21.0
- improvements for slow networks and large images
RuntimeProtection | runtime-daemon 1.6.2, runtime-probe 0.30.2-cp-3, runtime-cos-compat 0.0.9
- Google COS support in File Reputation engine
- Security enhancements
- FluentBit container removal from runtime-daemon Pod
- Profiling engine improvements - better detection of startup event
All features
- FluentBit removal
Full Changelog: 2.19.0-ea...2.20.0-ea
2.19.1: IA: JFrog Artifactory auto-discovery, CRI v1; RP enhancements
Image Assurance 2.20.1
- Support JFrog Artifactory auto-discovery
- When onboarding an Artifactory instance to CloudGuard you should provide the base URL of the Artifactory instance and CloudGuard will scan images of all discovered sub-registries
- Agents load updated registry credentials and CA bundle without restarting the deployment
- CRI: support v1 API following v1alpha2 removal
- CRI-O/Openshift: support nodes without podman on nodes, do not use podman if possible
Runtime Protection - daemon 1.0.0, probe 0.28.0-cp-7
- logging enhancement
- telemetry enhancement
- security enhancement
Full Changelog: 2.18.0...2.19.1
2.19.0 ea: IA: Artifactory auto-discovery, CRI v1; RP enhancements
Image Assurance 2.20.0
- Support JFrog Artifactory auto-discovery
- When onboarding an Artifactory instance to CloudGuard you should provide the base URL of the Artifactory instance and CloudGuard will scan images of all discovered sub-registries
- Agents load updated registry credentials and CA bundle without restarting the deployment
- CRI: support v1 API following v1alpha2 removal
- CRI-O/Openshift: support nodes without podman on nodes, do not use podman if possible
Runtime Protection - daemon 1.0.0
- logging enhancement
- telemetry enhancement
- security enhancement
Full Changelog: 2.18.0-ea...2.19.0-ea
2.18.0: auto-detect EKS + k3s, linux amd64 node selector, more
- Auto-detection: added k3s (Rancher) and improved for EKS.
- Add containerRuntimeSocket helm parameter for runtime socket path.
- Run pods only on Linux amd64 nodes - default node selector updated.
- Fix helm install warning when setting environment variables for a pod.
Full Changelog: 2.17.0...2.18.0
2.18.0 ea: auto-detect EKS + k3s, linux amd64 node selector, more
- Auto-detection: added k3s (Rancher) and improved for EKS.
- Add containerRuntimeSocket helm parameter for runtime socket path.
- Run pods only on Linux amd64 nodes - default node selector updated.
- Fix helm install warning when setting environment variables for a pod.
Full Changelog: 2.17.0-ea...2.18.0-ea
2.17.0: new registries scan, IA list batching, RP limited GA
Image Assurance 2.18.1:
- Registry images list is sent in batches, allowing to support large registries with many repositories
- Supporting image scanning in additional registry types
- Harbor
- JFrog Artifactory
- Google Artifact Registry
- Supporting registries with Self generated certificates
- Increase images scan rate
Runtime Protection: daemon 0.0.822, policy 1.3.0
- Limited General Availability (GA) for Runtime Protection, including
- Malicious Signatures engine
- File Reputation engine
- Behavioral Profiling (as Public Preview)
All features
- Inventory 1.8.0 and Flow Logs 0.8.0: minor improvements
Full Changelog: 2.16.0...2.17.0
2.17.0 ea: new registries scan, IA list batching, RP limited GA
Image Assurance 2.18.1:
- Registry images list is sent in batches, allowing to support large registries with many repositories
- Supporting image scanning in additional registry types
- Harbor
- JFrog Artifactory
- Google Artifact Registry
- Supporting registries with Self generated certificates
- Increase images scan rate
Runtime Protection: daemon 0.0.822, policy 1.3.0
- Limited General Availability (GA) for Runtime Protection, including
- Malicious Signatures engine
- File Reputation engine
- Behavioral Profiling (as Public Preview)
All features
- Inventory 1.8.0 and Flow Logs 0.8.0: minor improvements
Full Changelog: 2.16.0-ea...2.17.0-ea
2.16.0: credentials from secret, Rancher, RP on EKS & OpenShift, AC fix
-
Admission Control:
enforcer 2.3.0: fix System Event error message of "the agent has suffered a loss of connectivity which lasts for 24 hours"
policy 1.2.2: fix -
Runtime Protection:
probe 0.28.0-cp-6: support automated installation of kernel headers on EKS, fix installation on OpenShift -
All features:
Support Rancher/k3s via manually setting ‘platform’ helm flag
Support specifying CloudGuard credentials via a Kubernetes secret
Improve concurrency of rolling updates of daemonsets
Full Changelog: 2.15.1...2.16.0
2.16.0 ea: credentials from secret, Rancher, RP on EKS & OpenShift, AC fix
-
Admission Control:
enforcer 2.3.0: fix System Event error message of "the agent has suffered a loss of connectivity which lasts for 24 hours"
policy 1.2.2: fix -
Runtime Protection:
probe 0.28.0-cp-6: support automated installation of kernel headers on EKS, fix installation on OpenShift -
All features:
Support Rancher/k3s via manually setting ‘platform’ helm flag
Support specifying CloudGuard credentials via a Kubernetes secret
Improve concurrency of rolling updates of daemonsets
Full Changelog: 2.15.1-ea...2.16.0-ea