Skip to content

Releases: falcosecurity/libs

0.22.2

05 Nov 09:47
@leogr leogr
0.22.2
16c0267

Choose a tag to compare

View all tags
0.22.2 Latest
Latest

MIN_DRIVER_API
MIN_DRIVER_SCHEMA

v0.22.2

Released on 2025-11-05

Minor Changes

  • update: upgrade container plugin to v0.4.1 [#2710] - @leogr

Bug Fixes

  • fix(userspace/libsinsp): correct fallback for arg-less proc.* fields [#2704] - @leogr

Statistics

MERGED PRS NUMBER
Not user-facing 0
Release note 2
Total 2

Release Manager @leogr

Contributors

leogr
Assets 2
Loading

0.22.1

20 Oct 10:53
@ekoops ekoops
0.22.1
1a8b912

Choose a tag to compare

View all tags
0.22.1

MIN_DRIVER_API
MIN_DRIVER_SCHEMA

v0.22.1

Released on 2025-10-20

Bug Fixes

  • fix: avoid libc incompatibilities by removing RTLD_DEEPBIND when loading plugins [#2698] - @leogr

Statistics

MERGED PRS NUMBER
Not user-facing 0
Release note 1
Total 1

Release Manager @ekoops

Contributors

ekoops
Loading

9.0.0+driver

16 Oct 13:34
@ekoops ekoops
9.0.0+driver
5666ef4

Choose a tag to compare

View all tags
9.0.0+driver

API
SCHEMA

Latest Compatible Kernel

Driver Testing Matrix amd64

KERNEL CMAKE-CONFIGURE KMOD BUILD KMOD SCAP-OPEN BPF-PROBE BUILD BPF-PROBE SCAP-OPEN MODERN-BPF SCAP-OPEN
amazonlinux2-4.19 🟢 🟢 🟢 🟢 🟢 🟡
amazonlinux2-5.10 🟢 🟢 🟢 🟢 🟢 🟢
amazonlinux2-5.15 🟢 🟢 🟢 🟢 🟢 🟢
amazonlinux2-5.4 🟢 🟢 🟢 🟢 🟢 🟡
amazonlinux2022-5.15 🟢 🟢 🟢 🟢 🟢 🟢
amazonlinux2023-6.1 🟢 🟢 🟢 🟢 🟢 🟢
archlinux-6.0 🟢 🟢 🟢 🟢 🟢 🟢
archlinux-6.7 🟢 🟢 🟢 🟢 🟢 🟢
centos-3.10 🟢 🟢 🟢 🟡 🟡 🟡
centos-4.18 🟢 🟢 🟢 🟢 🟢 🟢
centos-5.14 🟢 🟢 🟢 🟢 🟢 🟢
fedora-5.17 🟢 🟢 🟢 🟢 🟢 🟢
fedora-5.8 🟢 🟢 🟢 🟢 🟢 🟢
fedora-6.2 🟢 🟢 🟢 🟢 🟢 🟢
oraclelinux-3.10 🟢 🟢 🟢 🟡 🟡 🟡
oraclelinux-4.14 🟢 🟢 🟢 🟢 🟢 🟡
oraclelinux-5.15 🟢 🟢 🟢 🟢 🟢 🟢
oraclelinux-5.4 🟢 🟢 🟢 🟢 🟢 🟡
ubuntu-4.15 🟢 🟢 🟢 🟢 🟢 🟡
ubuntu-5.8 🟢 🟢 🟢 🟢 🟢 🟡
ubuntu-6.5 🟢 🟢 🟢 🟢 🟢 🟢

Driver Testing Matrix arm64

KERNEL CMAKE-CONFIGURE KMOD BUILD KMOD SCAP-OPEN BPF-PROBE BUILD BPF-PROBE SCAP-OPEN MODERN-BPF SCAP-OPEN
amazonlinux2-5.4 🟢 🟢 🟢 🟢 🟢 🟡
amazonlinux2022-5.15 🟢 🟢 🟢 🟢 🟢 🟢
fedora-6.2 🟢 🟢 🟢 🟢 🟢 🟢
oraclelinux-4.14 🟢 🟢 🟢 🟡 🟡 🟡
oraclelinux-5.15 🟢 🟢 🟢 🟢 🟢 🟢
ubuntu-6.5 🟢 🟢 🟢 🟢 🟢 🟢

v9.0.0+driver

Released on 2025-10-16

Breaking Changes ⚠️

  • feat(driver/modern_bpf)!: remove forgotten pwrite64_e prog [#2626] - @ekoops
  • feat!: add PPME_SYSCALL_CLOSE_E fd param to PPME_SYSCALL_CLOSE_X [#2475] - @ekoops
  • feat!: drop rename{,at,at2} enter evts gen, testing and parsing code [#2599] - @ekoops
  • feat!: drop splice enter events gen, testing and parsing code [#2599] - @ekoops
  • feat!: drop munmap enter events gen, testing and parsing code [#2599] - @ekoops
  • feat!: drop mmap/mmap2 enter events gen, testing and parsing code [#2599] - @ekoops
  • feat!: drop fcntl enter events gen, testing and parsing code [#2599] - @ekoops
  • feat!: drop symlink{,at} enter events gen, testing and parsing code [#2599] - @ekoops
  • feat!: drop setuid enter events gen, testing and parsing code [#2594] - @terror96
  • feat!: drop ptrace enter events gen, testing and parsing code [#2594] - @terror96
  • feat!: drop mkdir enter events gen, testing and parsing code [#2594] - @terror96
  • feat!: drop mkdirat enter events gen, testing and parsing code [#2594] - @terror96
  • feat!: drop fchdir enter events gen, testing and parsing code [#2594] - @terror96
  • feat!: drop llseek enter events gen, testing and parsing code [#2591] - @ekoops
  • feat!: drop lseek enter events gen, testing and parsing code [#2591] - @ekoops
  • feat!: drop select enter events gen, testing and parsing code [#2591] - @ekoops
  • feat!: drop poll enter events gen, testing and parsing code [#2591] - @ekoops
  • feat!: drop epoll_wait enter events gen, testing and parsing code [#2591] - @ekoops
  • feat!: drop fstat64 enter events gen, testing and parsing code [#2591] - @ekoops
  • feat!: drop lstat64 enter events gen, testing and parsing code [#2591] - @ekoops
  • feat!: drop stat64 enter events gen, testing and parsing code [#2591] - @ekoops
  • feat!: drop fstat enter events gen, testing and parsing code [#2591] - @ekoops
  • feat!: drop lstat enter events gen, testing and parsing code [#2590] - @ekoops
  • feat!: drop stat enter events gen, testing and parsing code [#2590] - @ekoops
  • feat!: drop futex enter events gen, testing and parsing code [[#2590](https:...
Read more

Contributors

ekoops
Loading

0.22.0

17 Oct 08:41
@ekoops ekoops
0.22.0
5666ef4

Choose a tag to compare

View all tags
0.22.0

MIN_DRIVER_API
MIN_DRIVER_SCHEMA

v0.22.0

Released on 2025-10-17

Breaking Changes ⚠️

  • chore!: drop remaining evt.dir refs in default output fmt and tests [#2681] - @ekoops
  • feat(userspace/libsinsp)!: drop custom connect enter events handling [#2677] - @ekoops
  • feat(userspace/libsinsp/parsers)!: drop redundant connect_x code [#2673] - @ekoops
  • feat!: mark {MESOS,TRACER,K8S}_E as old and TRACER_X` as unused [#2669] - @ekoops
  • feat(userspace/libsinsp)!: filter out syscall enter events [#2667] - @ekoops
  • fix(userspace/libsinsp)!: make filtered evts handling consistent [#2666] - @ekoops
  • feat!: make PPME_SOCKET_{SEND,RECV}MMSG_X "scap converter"-managed [#2665] - @ekoops
  • feat!: drop unused events in scap converter [#2661] - @ekoops
  • feat(userspace/libsinsp)!: filter out PPME_SYSCALL_OPEN_E events [#2662] - @ekoops
  • feat!: stabilize EF_TMP_CONVERTER_MANAGED as EF_CONVERTER_MANAGED [#2659] - @ekoops
  • feat(userspace/libsinsp)!: drop unused parser's reset verdict param [#2658] - @ekoops
  • feat!: prevent event propagation to upper layers for C_ACTION_STORE [#2657] - @ekoops
  • feat!: merge CONVERSION_{COMPLETED,SKIP} into `CONVERSION_PASS [#2657] - @ekoops
  • feat!: let the scap converter drop some uneeded old enter events [#2657] - @ekoops
  • feat!: don't reserve any byte for empty parameters values [#2655] - @ekoops
  • feat!: drop scap files' enter events not eligible for scap conversion [#2653] - @ekoops
  • feat!: make PPME_SYSCALL_EXECVE{AT,_19}_E "scap converter"-managed [#2650] - @ekoops
  • feat!: make PPME_SYSCALL_OPENAT_2_{E,X} "scap converter"-manage [#2649] - @ekoops
  • feat!: make PPME_SYSCALL_OPENAT2_{E,X} "scap converter"-managed [#2649] - @ekoops
  • feat!: make PPME_SYSCALL_CREAT_{E,X} "scap converter"-managed [#2649] - @ekoops
  • feat!: make PPME_SYSCALL_OPEN_{E,X} "scap converter"-managed [#2649] - @ekoops
  • feat(driver)!: add EF_OLD_VERSION to majority of enter events [#2645] - @ekoops
  • feat!: make PPME_CONTAINER_{E,X} "scap converter"-managed [#2644] - @ekoops
  • feat!: make PPME_CONTAINER_JSON_{E,X} "scap converter"-managed [#2642] - @ekoops
  • feat!: make SCHEDSWITCH_1_{E,X} "scap converter"-managed [#2641] - @ekoops
  • feat!: make PPME_SYSCALL_PROCEXIT_{E,X} "scap converter"-managed [#2641] - @ekoops
  • feat!: make PPME_SYSCALL_NEWSELECT_{E,X} "scap converter"-managed [#2641] - @ekoops
  • feat!: make PPME_SYSCALL_OPENAT_{E,X} "scap converter"-managed [#2641] - @ekoops
  • feat!: make PPME_SYSCALL_BPF_{E,X} "scap converter"-managed [#2641] - @ekoops
  • feat!: make PPME_SYSCALL_UMOUNT_{E,X} "scap converter"-managed [#2641] - @ekoops
  • feat!: make PPME_SYSCALL_DUP_{E,X} "scap converter"-managed [#2641] - @ekoops
  • feat!: make PPME_SYSCALL_IOCTL_2_{E,X} "scap converter"-managed [#2641] - @ekoops
  • feat!: make PPME_SYSCALL_BRK_1_{E,X} "scap converter"-managed [#2641] - @ekoops
  • feat(userspace/libsinsp)!: drop deprecated mesos-related filterchecks [#2632] - @ekoops
  • feat!: drop deprecated evtin.* and tracer.* filterchecks support [#2621] - @ekoops
  • feat!: drop brk enter events gen, testing and parsing code [#2589] - @ekoops
  • feat(userspace/libsinsp)!: defer sinsp evt params null-encoding logic [#2558] - @ekoops
  • feat(userspace/libsinsp)!: remove sinsp::get_thread_ref() [#2402] - @ekoops
  • feat(userspace/libsinsp)!: make sinsp_parser::reset() const [#2403] - @ekoops
  • feat(userspace/libsinsp)!: make some sinsp_parser methods const [#2403] - @ekoops

Major Changes

  • feat(sinsp): add plugin required schema version check [#2660] - @irozzo-1A
  • feat(libsinsp): implement timed reset for proc lookup counters [#2483] - @deepskyblue86
  • new(userspace/libsinsp): add a sinsp_filtercheck_static class. [#2405] - @FedeDP

Minor Changes

  • feat!(userspace/libsinsp): remove unused sinsp ptr in tinfo factory [#2525] - @ekoops
  • build: upgrade container plugin to v0.4.0 [#2693] - @leogr
  • update: evt.dir is now deprecated [#2651] - @leogr
  • cleanup(userspace/libsinsp): drop sinsp_parser::m_tmp_events_buffer. [#2570] - @FedeDP
  • update: upgrade container plugin to v0.2.6 [#2471] - @leogr
  • update(cmake): update tbb to v2022.1.0. [#2452] - @FedeDP
  • chore(build): update container plugin to 0.2.4 [#2416] - @LucaGuerra

Bug Fixes

  • fix(userspace/libsinsp): fix extraction of the directory value [#2647] - @terror96
  • fix: check that get_fields function returnes at least one field in plugins with extraction capabilities [#2672] - @irozzo-1A
  • fix(userspace/libsinsp): avoid thread table mem leak when parsing vfork (or equivalent clone/clone3 with CLONE_VFORK) exit from caller process [#2640] - @leogr
  • fix(cmake): Properly quote zlib CFLAGs [#2577] - @bleggett

Non user-facing changes

Read more

Contributors

ekoops
Loading

0.22.0-rc2

14 Oct 14:14
@ekoops ekoops
0.22.0-rc2
f8a31dd

Choose a tag to compare

View all tags
0.22.0-rc2 Pre-release
Pre-release 
fix(userspace/libsinsp): avoid setting evt fdinfo in fch* parsers

Setting the event's fdinfo by leveraging the event's fd parameter is
already done in `sinsp_parser::reset()` and can be avoided the
`fchmod/fchown` exit event parsers. This means completely remove this
parsers.

Signed-off-by: Leonardo Di Giovanna <[email protected]>
Loading

0.22.0-rc1

13 Oct 12:21
@ekoops ekoops
0.22.0-rc1
6948383

Choose a tag to compare

View all tags
0.22.0-rc1 Pre-release
Pre-release 
docs(release.md): specify expection for tag names

Signed-off-by: Leonardo Di Giovanna <[email protected]>
Loading

0.21.0

19 May 09:24
@FedeDP FedeDP
0.21.0
1dcb369

Choose a tag to compare

View all tags
0.21.0

MIN_DRIVER_API
MIN_DRIVER_SCHEMA

v0.21.0

Released on 2025-05-19

Breaking Changes ⚠️

  • new(userspace/libsinsp)!: use timestamper in usergroup mgr [#2368] - @ekoops
  • feat(userspace/libsinsp)!: remove sinsp::add_thread() [#2391] - @ekoops
  • feat(userspace/libsinsp)!: remove sinsp::remove_thread() [#2391] - @ekoops
  • feat(userspace/libsinsp)!: avoid arg copy in sinsp::set_thread_pool [#2392] - @ekoops
  • feat(userspace/libsinsp)!: constify set_track_connection_status() [#2392] - @ekoops
  • feat(userspace/libsinsp)!: drop syslog support [#2393] - @ekoops
  • feat(userspace/libsinsp)!: remove unused sinsp_dumper::m_inspector [#2385] - @ekoops
  • feat(userspace/libsinsp)!: drop unused sinsp_dumper APIs [#2383] - @ekoops
  • feat(userspace/libsinsp)!: use refs in sinsp_parser's public APIs [#2380] - @ekoops
  • feat(userspace/libsinsp)!: introduce parser verdict [#2374] - @ekoops
  • feat(userspace/libsinsp)!: isolate sinsp_thread_manager from sinsp [#2371] - @ekoops
  • feat(userspace/libsinsp)!: remove unused sinsp_evt::clone_event() [#2377] - @ekoops
  • feat(userspace/libsinsp)!: use timestamper in thread mgr [#2366] - @ekoops
  • feat(userspace/libsinsp)!: remove unused sinsp public APIs [#2369] - @ekoops
  • feat(userspace/libsinsp)!: make sinsp_parser::erase_fd() private [#2364] - @ekoops
  • feat(userspace/libsinsp)!: remove dependency on parser from thread mgr [#2359] - @ekoops
  • feat(userspace/libsinsp)!: remove unused m_ts from erase_fd_params [#2361] - @ekoops
  • feat(userspace/libsinsp)!: avoid string copy in get_field_accessor() [#2355] - @ekoops
  • feat(userspace/libsinsp)!: isolate immutable sinsp_threadinfo deps [#2335] - @ekoops
  • feat(userspace/libsinsp)!: isolate mutable sinsp_threadinfo deps [#2335] - @ekoops
  • feat(userspace/libsinsp)!: remove unused sinsp public APIs [#2335] - @ekoops
  • feat(userspace/libsinsp)!: extract thread mgr accessors/tables logics [#2356] - @ekoops
  • feat(libsinsp/userspace)!: reduce fdtable's params resources waste [#2352] - @ekoops
  • feat(userspace/libsinsp)!: pass notify into set_user signature [#2347] - @ekoops
  • feat(userspace/libsisnp)!: pass notify into set_group signature [#2347] - @ekoops
  • feat(userspace/libsinsp)!: move server ports accounting in thread mgr [#2351] - @ekoops
  • feat(userspace/libsinsp)!: pass ipv4 server ports as func parameter [#2350] - @ekoops
  • BREAKING CHANGE: update *_to_string signatures [#2349] - @ekoops
  • feat(userspace/libsinsp)!: move large_envs_enabled into signature [#2345] - @ekoops
  • feat(libsinsp)!: move fd filtering logic out of add_fd_from_scap [#2342] - @ekoops
  • feat(userspace/libsinsp)!: move host and port res flag into signature [#2344] - @ekoops
  • feat(userspace/libsinsp)!: make sinsp::m_table_registry private [#2340] - @ekoops
  • feat(userspace/libsinsp)!: remove sinsp::build_threadinfo() [#2319] - @ekoops
  • feat(userspace/libsinsp)!: remove sinsp::build_fdinfo() [#2311] - @ekoops
  • feat(userspace/libsinsp)!: unexpose sinsp's m_input_plugin* [#2316] - @ekoops
  • update(userspace/libsinsp,test,build)!: drop container manager [#2207] - @FedeDP
  • update(build)!: drop MINIMAL_BUILD [#2207] - @FedeDP

Major Changes

Minor Changes

  • update(libsinsp): support indexed proc.args access [#2382] - @incertum
  • chore(userspace/libsinsp): properly escape = characters in condition expressions when printing the condition as a string. [#2324] - @mstemm

Bug Fixes

  • fix(libsinsp/filter): support syscall.type in event code search [#2331] - @jasondellaluce
  • fix(userspace/libsinsp): allow plugin filterchecks args to be both index or key [#2280] - @FedeDP
  • fix(userspace/libsinsp): do not immediately process async events whose timestamp is in the future in case a SCAP_TIMEOUT is received [#2250] - @FedeDP

Non user-facing changes

  • update(cmake): bump container plugin to 0.2.3. [#2409] - @FedeDP
  • fix(userspace/libscap): avoid a possible read past end of buffer. [#2401] - @FedeDP
  • refactor(userspace/libsinsp): cleanup sinsp_parser::reset() [#2384] - @ekoops
  • fix(test/e2e): rewrite assert_events to avoid ending too soon sinsp-example log matching [#2395] - @FedeDP
  • update(cmake): bumped container plugin to 0.2.2. [#2394] - @FedeDP
  • fix(ci): download custom container plugin from workflow. [#2390] - @FedeDP
  • fix(test/e2e): properly flush remaining queue once sinsp process leaves. [#2388] - @FedeDP
  • fix(userspace/libpman): fix modern bpf engine hot-reload. [#2389] - @FedeDP
  • new(ci): run e2e tests with podman socket too. [#2386] - @FedeDP
  • fix(userspace/libsinsp): avoid bogus error in process_recvmsg_ancilla… [#2381] - @FedeDP
  • update(cmake): updated container plugin to 0.2.1. [#2379] - @FedeDP
  • chore(deps): Bump the actions group with 2 updates [#2376] - @dependabot[bot]
  • fix(ci): fixed drivers_ci fedora container usage. [#2370] - @FedeDP
  • ci: remove duplicate clang line in e2e_ci.yml [#2378] - @ekoops
  • feat(userspace/libsinsp): use factory in evt proc's build_fdinfo() [[#2373](https://github.com/falcosecurity/libs/pull...
Read more

Contributors

FedeDP
Loading

8.1.0+driver

19 May 07:42
@FedeDP FedeDP
8.1.0+driver
bd2b9aa

Choose a tag to compare

View all tags
8.1.0+driver

API
SCHEMA

Latest Compatible Kernel

Driver Testing Matrix amd64

KERNEL CMAKE-CONFIGURE KMOD BUILD KMOD SCAP-OPEN BPF-PROBE BUILD BPF-PROBE SCAP-OPEN MODERN-BPF SCAP-OPEN
amazonlinux2-4.19 🟢 🟢 🟢 🟢 🟢 🟡
amazonlinux2-5.10 🟢 🟢 🟢 🟢 🟢 🟢
amazonlinux2-5.15 🟢 🟢 🟢 🟢 🟢 🟢
amazonlinux2-5.4 🟢 🟢 🟢 🟢 🟢 🟡
amazonlinux2022-5.15 🟢 🟢 🟢 🟢 🟢 🟢
amazonlinux2023-6.1 🟢 🟢 🟢 🟢 🟢 🟢
archlinux-6.0 🟢 🟢 🟢 🟢 🟢 🟢
archlinux-6.7 🟢 🟢 🟢 🟢 🟢 🟢
centos-3.10 🟢 🟢 🟢 🟡 🟡 🟡
centos-4.18 🟢 🟢 🟢 🟢 🟢 🟢
centos-5.14 🟢 🟢 🟢 🟢 🟢 🟢
fedora-5.17 🟢 🟢 🟢 🟢 🟢 🟢
fedora-5.8 🟢 🟢 🟢 🟢 🟢 🟢
fedora-6.2 🟢 🟢 🟢 🟢 🟢 🟢
oraclelinux-3.10 🟢 🟢 🟢 🟡 🟡 🟡
oraclelinux-4.14 🟢 🟢 🟢 🟢 🟢 🟡
oraclelinux-5.15 🟢 🟢 🟢 🟢 🟢 🟢
oraclelinux-5.4 🟢 🟢 🟢 🟢 🟢 🟡
ubuntu-4.15 🟢 🟢 🟢 🟢 🟢 🟡
ubuntu-5.8 🟢 🟢 🟢 🟢 🟢 🟡
ubuntu-6.5 🟢 🟢 🟢 🟢 🟢 🟢

Driver Testing Matrix arm64

KERNEL CMAKE-CONFIGURE KMOD BUILD KMOD SCAP-OPEN BPF-PROBE BUILD BPF-PROBE SCAP-OPEN MODERN-BPF SCAP-OPEN
amazonlinux2-5.4 🟢 🟢 🟢 🟢 🟢 🟡
amazonlinux2022-5.15 🟢 🟢 🟢 🟢 🟢 🟢
fedora-6.2 🟢 🟢 🟢 🟢 🟢 🟢
oraclelinux-4.14 🟢 🟢 🟢 🟡 🟡 🟡
oraclelinux-5.15 🟢 🟢 🟢 🟢 🟢 🟢
ubuntu-6.5 🟢 🟢 🟢 🟢 🟢 🟢

v8.1.0+driver

Released on 2025-05-19

Major Changes

  • new(driver/modern_bpf,userspace/libpman): support multiple programs for each event [#2255] - @FedeDP

Minor Changes

Bug Fixes

  • fix(driver): fix driver and bpf makefile for linux 6.13. [#2329] - @FedeDP
  • fix(driver/bpf): fixed small verifier bug in old bpf probe. [#2281] - @FedeDP
  • fix(driver): avoid kmod crash when a CPU gets enabled at runtime [#2252] - @FedeDP

Non user-facing changes

Statistics

MERGED PRS NUMBER
Not user-facing 5
Release note 5
Total 10

Release Manager @FedeDP

Contributors

FedeDP
Loading

0.21.0-rc2

13 May 09:25
@FedeDP FedeDP
0.21.0-rc2
bd2b9aa

Choose a tag to compare

View all tags
0.21.0-rc2 Pre-release
Pre-release 
cleanup(modern_bpf): address review comments

Signed-off-by: Luca Guerra <[email protected]>
Co-authored-by: Andrea Terzolo <[email protected]>
Loading

0.21.0-rc1

08 May 11:00
@FedeDP FedeDP
0.21.0-rc1
c0b1aea

Choose a tag to compare

View all tags
0.21.0-rc1 Pre-release
Pre-release 
new(libsinsp): introduce proc.aargs field

Signed-off-by: Melissa Kilby <[email protected]>
Loading