Releases: CheckPointSW/charts
2.33.1: fixed Flow Logs agents deployment on ARM64 nodes
Fixed Flow Logs agents deployment on ARM64 nodes
Full Changelog 2.33.0...2.33.1
2.33.0: Image Assurance 2.37.0: Quay Registry scanning support
Image Assurance 2.37.0:
- Quay Container Registry scanning support
- By default scan more images in base image repositories of Container Registries
Full Changelog: 2.32.0...2.33.0
Helm 2.32.0: ARM64 support, credentials update improvement
- ARM64 support: ARM64 support is now available for all agents, except Runtime Protection blade and Shiftleft environment
- ECS scanner: supporting customer certificates for Container Registries scan from ECS via CG_REG_CA_CERTIFICATE environment variable
- Labels Unification: standardized labeling across all components
- Agents restart on credential change: all agents will be restarted when credentials or cluster ID is updated
- Telemetry Enhancements
Agents versions
- Inventory 1.15.0
- Image Assurance 2.36.0
- Admission Control: Enforcer 2.13.0, Policy 1.9.0
- Runtime Policy 1.9.0
- Flow Logs (Intelligence) 0.15.0
Full Changelog: 2.31.0...2.32.0
2.31.0: Runtime Protection daemon 1.16.3: docker with cgroups v2 support
Runtime Protection daemon 1.16.3:
- add cgroupv2 support for docker container runtime
Full Changelog: 2.30.0...2.31.0
2.30.0: GKE Image Streaming, enhancements, RKE2 and K3s support
Image Assurance 2.30.0
- Added GKE Image Streaming support for GKE 1.28.9 and higher
- Enhancement in case of containerd service restart
Runtime Protection 1.16.2
- Added Rancher RKE2 and K3s support
Admission Control Enforcer 2.12.0
- Enhancement
All
- Added some standard K8s and helm labels
Full Changelog: 2.29.0...2.30.0
2.29.0: Runtime Protection daemon 1.16.2: enhancements
Runtime Protection daemon 1.16.2
- Improved File Reputation Blade for Reduced False Positives
- Improved memory management
Full Changelog: 2.28.0...2.29.0
2.28.0: GitHub Registry, reduce URLs for Image Assurance
Image Assurance 2.29.0:
- Release Github Container Registry Scanning support
- Reduced the number of URLs that need to be accessed by the agents (relevant for Scan Engine Version 2.0.0 only). CloudGuard agents must have connectivity to these region-specific URLs:
Region | URLs accessed by Image Assurance agents |
---|---|
United States (US) | https://api-cpx.dome9.com, https://api.dome9.com |
Europe (EU) | https://api-cpx.eu1.dome9.com, https://api.eu1.dome9.com |
Australia (AU) | https://api-cpx.ap2.dome9.com, https://api.ap2.dome9.com |
Canada (CA) | https://api-cpx.cace1.dome9.com, https://api.cace1.dome9.com |
India (IN) | https://api-cpx.ap3.dome9.com, https://api.ap3.dome9.com |
Singapore (SG) | https://api-cpx.ap1.dome9.com, https://api.ap1.dome9.com |
Security enhancements - all agents:
- Image Assurance 2.29.0
- Admission Control: Enforcer 2.11.0 & Policy 1.8.0
- Inventory 1.14.0
- Flow-logs 0.14.0
- Runtime Policy 1.8.0
Full Changelog: 2.27.1...2.28.0
2.27.1: helm adjustments for GKE Autopilot
When onboarding on GKE autopilot, please append the following to the helm command: --set platform=gke.autopilot
Full Changelog: 2.27.0...2.27.1
2.27.0: Runtime Protection: K8s events on terminating container
Runtime Protection daemon 1.14.0
- Added creating Kubernetes events when a container is terminated by CloudGuard Runtime Protection
- Changed ClusterRole permissions to enable Kubernetes events publishing
Full Changelog: 2.26.0...2.27.0
2.26.0: RP file reputation, Fedora Core OS
Runtime Protection: daemon 1.11.5, probe 0.30.2-cp-6
- Improved File Reputation Blade for Reduced False Positives
- Support Fedora Core OS
Full Changelog: 2.25.0...2.26.0