1. Docs
  2. Changes and releases
  3. Security

Security

  • Security rbac-operator v0.42.0

    Added

    • Added support for read-all-customer-groups bindings.

    Changed

    • Change ownership to Team Shield
  • Security kyverno-policies v0.23.0

    Added

    • Add supplemental security and best practices policies:
      • check-resources-request-and-limits-ratio
      • check-serviceaccount-secrets
      • disallow-gitrepo-volume
      • disallow-latest-tag
      • prevent-bare-pods
      • require-container-requests-and-limits
      • require-emptydir-requests-and-limits
      • require-pod-probes
      • restrict-binding-clusteradmin
      • restrict-binding-system-groups
      • restrict-sa-automount-sa-token
  • Security trivy-app v0.13.2

    Changed

    • Narrow down CiliumNetworkPolicy egress rule to match DNS service only.
    • Narrow down CiliumNetworkPolicy ingress rule to allow traffic from namespace.
  • Security kyverno-app v0.19.0

    Changed

    • Update kyverno to upstream version v1.13.4.
    • Use GVK for specifying Kinds in core-policies.
    • Add runAsGroup to container security contexts.
  • Security kyverno-policies v0.22.0

    Changed

    • Update to upstream Kyverno Policies version 1.13.4.

    Added

    • Add supplemental policies restrict-external-ips, require-ro-rootfs, and enable upstream policy require-non-root-groups.
    • Add supplemental policy to generate default deny-all Network Policies in newly created namespaces.
  • Security falco-app v0.10.0

    Changed

    • Update Falco to upstream version 0.40.0
  • Security athena v1.13.1

    Removed

    • Removed unused chart value .secret.firestoreServiceAccountKey and .secret.
  • Security cert-manager-app v3.9.0

    Changed

    • Updates Cert-manager Chart to Upstream 1.16.2

    Added

    • Adds new sync method based on Vendir to sync from upstream
  • Security exception-recommender v0.2.0

    Added

    • Add AutomatedException feature.

    Changed

    • Disable logger development mode to avoid panicking
    • Disable PSPs and CRD install job.
  • Security athena v1.13.0

    Removed

    • Removed analytics functionality, kept GraphQL API and optional Helm values for compatibility reasons.

    Changed

    • Changed ownership to Team Shield

This part of our documentation refers to our vintage product. The content may be not valid anymore for our current product. Please check our new documentation hub for the latest state of our docs.