Falco - 0.32.1

| Packages | Download |
| -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
| rpm | |
| deb | |
| tgz | |
| rpm-arm64 | |
| deb-arm64 | |
| tgz-arm64 | |

| Images |
| --------------------------------------------------------------------------- |
| docker pull docker.io/falcosecurity/falco:0.32.1 |
| docker pull public.ecr.aws/falcosecurity/falco:0.32.1 |
| docker pull docker.io/falcosecurity/falco-driver-loader:0.32.1 |
| docker pull docker.io/falcosecurity/falco-no-driver:0.32.1 |

Major Changes

• new(falco): add gVisor support [#2078] - @LucaGuerra
• new(docker,scripts): add multiarch images and ARM64 packages [#1990] - @FedeDP

Minor Changes

• update(build): Switch from RSA/SHA1 to RSA/SHA256 signature in the RPM package [#2044] - @vjjmiras
• refactor(userspace/engine): drop macro source field in rules and rule loader [#2094] - @jasondellaluce
• build: introduce DRIVER_VERSION that allows setting a driver version (which may differ from the falcosecurity/libs version) [#2086] - @leogr
• update: add more info to --version output [#2086] - @leogr
• build(scripts): publish deb repo has now a InRelease file [#2060] - @FedeDP
• update(userspace/falco): make plugin init config optional and add --plugin-info CLI option [#2059] - @jasondellaluce
• update(userspace/falco): support libs logging [#2093] - @jasondellaluce
• update(falco): update libs to 0.7.0 [#2119] - @LucaGuerra

Bug Fixes

• fix(userspace/falco): ensure that only rules files named with -V are loaded when validating rules files. [#2088] - @mstemm
• fix(rules): use exit event in reverse shell detection rule [#2076] - @alacuku
• fix(scripts): falco-driver-loader script will now seek for drivers in driver/${ARCH}/ for x86_64 too. [#2057] - @FedeDP
• fix(falco-driver-loader): building falco module with DKMS on Flatcar and supporting fetching pre-built module/eBPF probe [#2043] - @jepio

Rule Changes

• rule(Redirect STDOUT/STDIN to Network Connection in Container): changed priority to NOTICE [#2092] - @leogr
• rule(Java Process Class Download): detect potential log4shell exploitation [#2041] - @pirxthepilot

Non user-facing changes

• remove kaizhe from falco rule owner [#2050] - @Kaizhe
• docs(readme): added arm64 mention + packages + badge. [#2101] - @FedeDP
• new(circleci): enable integration tests for arm64. [#2099] - @FedeDP
• chore(cmake): bump plugins versions [#2102] - @Andreagit97
• fix(docker): fixed deb tester sub image. [#2100] - @FedeDP
• fix(ci): fix sign script - avoid interpreting '{*}$argv' too soon [#2075] - @vjjmiras
• fix(tests): make tests run locally (take 2) [#2089] - @LucaGuerra
• fix(ci): creates ~/sign instead of ./sign [#2072] - @vjjmiras
• fix(ci): sign arm64 rpm packages. [#2069] - @FedeDP
• update(falco_scripts): Change Flatcar dynlinker path [#2066] - @jepio
• fix(scripts): fixed path in publish-deb script. [#2062] - @FedeDP
• fix(build): docker-container buildx engine does not support retagging images. Tag all images together. [#2058] - @FedeDP
• fix(build): fixed publish-docker-dev job context. [#2056] - @FedeDP
• Correct linting issue in rules [#2055] - @stephanmiehe
• Fix falco compilation issues with new libs [#2053] - @alacuku
• fix(scripts): forcefully create packages dir for debian packages. [#2054] - @FedeDP
• fix(build): removed leftover line in circleci config. [#2052] - @FedeDP
• fix(build): fixed circleCI artifacts publish for arm64. [#2051] - @FedeDP
• update(docker): updated falco-builder to fix multiarch support. [#2049] - @FedeDP
• fix(build): use apt instead of apk when installing deps for aws ecr publish [#2047] - @FedeDP
• fix(build): try to use root user for cimg/base [#2045] - @FedeDP
• update(build): avoid double build of docker images when pushing to aws ecr [#2046] - @FedeDP
• chore(k8s_audit_plugin): bump k8s audit plugin version [#2042] - @Andreagit97
• fix(tests): make run_regression_tests.sh work locally [#2020] - @LucaGuerra
• Circle CI build job for ARM64 [#1997] - @odidev

Statistics

| Merged PRs | Number |
| --------------- | ------ |
| Not user-facing | 25 |
| Release note | 16 |
| Total | 41 |

Release Manager @LucaGuerra