v1.1.0 release

Release notes

v1.1.0 release is here! Please consider upgrading. This edition adds some notable features including user space stack traces, the enforcer sensor to easily deny system calls, metrics improvements, and numerous other fixes and improvements. Before upgrading please review deprecated fields and metric updates to check for any changes here that may impact your upgrade.

As always huge thanks to all the contributors, especially the new contributors. Also we appreciate all the bug reports, features requests and feedback from the users. Keep it coming this helps everyone everything from reading docs and just hearing user stories is great. Reach out and file an issue or ping @jrfastab if you have any feedback.

Additionally I wanted to thank @dwindsor, @vparla and their colleagues for detailed bug reports (#2069) and identifying multiple issues that the team was able to fix/improve in this release. 🚀 See the commit list below for details.

Events API and Metrics Changes:

• API: Remove deprecated pod.labels field. Use pod.pod_labels instead. (#1848) by @michi-covalent

• Fix metrics related to monitoring BPF maps and userspace caches. Remove tetragon_map_drops_total (it was duplicating tetragon_errors_total{type="process_cache_evicted"}). Remove tetragon_map_in_use_gauge{map="eventcache"} (event cache is not a BPF map). Replace tetragon_map_in_use_gauge{map="processLru"} with tetragon_process_cache_size (process cache is not a BPF map). (#1950) by @sadath-12

• Metrics with known labels values are initialized to 0 on startup. (#2162) by @lambdanis

  This helps to ensure stable resources usage and metrics queries. This also involves changes in several metrics labels:

  • error_type label on tetragon_handler_errors_total metric is either "unknown_opcode" or "event_handler_failed" instead of the Go type of the error
  • event_type label on tetragon_event_cache*_errors_total metrics is one of the values defined in Tetragon API (tetragon.EventType) instead of the Go type of the event
  • error label on tetragon_event_cache_errors_total metric is "nil_process_pid"
  • error label is removed from tetragon_policyfilter_metrics_total metric

• Metrics for map and cache sizes are improved: (#2291) by @lambdanis

  • tetragon_map_in_use_gauge metric is renamed to tetragon_map_entries and doesn't have total label anymore
  • New tetragon_map_capacity metric exposes the BPF maps capacity
  • New tetragon_event_cache_entries metric measures the event cache size
  • New tetragon_process_cache_size metric measures the process cache size
  • New tetragon_process_cache_capacity metric exposes the process cache capacity

Tracing Policy API Changes:

• TracingPolicy: Replace symbol field (string) with symbols (array of strings) in uprobe spec. If using policies with uprobes, you need to replace the symbol field. (#1975) by @olsajiri

• TracingPolicy: Rename killer to enforcer. If using policies with killers, you need to replace killers with enforcers and action: NotifyKiller with NotifyEnforcer. (#2117) by @olsajiri

• Support user mode stacktraces in events. To enable this feature, set userStackTrace: true in the policy Post action. (#2175) by @anfedotoff

  To distinguish different stacktraces, kernel stacktraces are now enabled with kernelStackTrace policy field (renamed from stackTrace), and posted in kernel_stack_trace event field (renamed from stack_trace).

New Contributors

• @lmb made their first contribution in #1734
• @PhilipSchmid made their first contribution in #1780
• @hungran made their first contribution in #1797
• @sadath-12 made their first contribution in #1915
• @ioandr made their first contribution in #1965
• @rpahli made their first contribution in #2006
• @aohoyd made their first contribution in #1931
• @christian-2 made their first contribution in #2038
• @h3x-eilidh made their first contribution in #2059
• @dwindsor made their first contribution in #1986
• @next-ramses made their first contribution in #2084
• @sfc-gh-gshe made their first contribution in #2144
• @janvi01 made their first contribution in #2115
• @Jianlin-lv made their first contribution in #2222
• @f1ko made their first contribution in #2258
• @yukinakanaka made their first contribution in #2310
• @anfedotoff made their first contribution in #2175
• @strongjz made their first contribution in #2316
• @BonySmoke made their first contribution in #2231
• @zazathomas made their first contribution in #2318
• @alexeysofin made their first contribution in #2262
• @Trung-DV made their first contribution in #2354

Major Changes:

• Tetragon oci hook setup (#1842) by @kkourt
• tetragon: detect execve of anonymous binaries (#499) by @tixxdz
• Introduce an export filter type for process capabilities. (#2107) by @willfindlay
• Introduce redaction filters for censoring sensitive string data in process events. (#2243) by @willfindlay
• tracing: add multi-link uprobe support (#1914) by @olsajiri
• policyfilter: add a containerSelector that allows filtering policies by container name (#2231) by @BonySmoke

Bugfixes:

• Fix a segmentation fault related to filtering out pid information with field filters (#1700) by @willfindlay
• Fix a number of segmentation faults related to field filters. (#1712) by @willfindlay
• pkg/option: add metrics-label-filter flags (#1678) by @Jack-R-lantern
• Do not add a new entry in the execve_map during clone events that we cannot find our parent. Additionally, return early on kernel threads. (#1708) by @tpapagian
• Rework the matchBinaries selector implementation (#1731) by @mtardy
• Fix a few bugs related to field filter configuration and significantly improve performance of field filters. (#1763) by @willfindlay
• Fix a few bugs related to field filter configuration and significantly improve performance of field filters. (#1762) by @willfindlay
• Fix an issue that caused Tetragon to hang when it encounters an error early on in its init phase. (#1770) by @willfindlay
• Adds validation for sock and skb types (#1807) by @kevsecurity
• Fixes prefix and postfix matching for strings longer than the prefix or postfix maximum length (#1806) by @kevsecurity
• helm: Fix templating securityContext and tolerations (#1837) by @lambdanis
• pkg/kernels: Fix large patch numbers (#1870) by @tpapagian
• Fix a regression related to field filters that could cause top-level information to be missing from events. (#1882) by @willfindlay
• bpf: unit tests and fixes for prepend_name function (#1902) by @mtardy
• metrics: Do not return when we cannot find a _stats map (#1949) by @tpapagian
• bpf: read and copy proc exe at execve for matchBinaries (#1926) by @mtardy
• Dockerfile: bump bpftool revision to 7.3.0 (#1972) by @mtardy
• Fix a hang when the event exporter fails to start. (#2119) by @willfindlay
• tetra: avoid panic in the decoder (#2116) by @kkourt
• Set events node_name field to the hostname in the standalone (non-k8s) mode. (#2123) by @lambdanis
• policyfilter: fix issue in container fs scanning under cri-o (#2188) by @kkourt
• metrics: Remove pod from the queue after deleting metrics (#2287) by @lambdanis
• helm: Fix name and selector in operator ServiceMonitor (#2371) by @lambdanis

Minor Changes:

• Add a metric to provide missed events per type (#1674) by @tpapagian
• tetragon: factor kprobes (#1685) by @olsajiri
• tetragon: namespace checks (https://github.com/cilium/tetragon/p...

v1.0.3

What's Changed

• chore(deps): update go (v1.0) by @cilium-renovate in #2021
• chore(deps): update docker.io/library/golang:1.21.6-alpine docker digest to a6a7f1f (v1.0) by @cilium-renovate in #2036
• backport/v1.0/: bugtool gops pprofheap by @tixxdz in #2037
• chore(deps): update docker.io/library/alpine docker tag to v3.19.1 (v1.0) by @cilium-renovate in #2039
• chore(deps): update docker.io/library/golang:1.21.6 docker digest to 7b575fe (v1.0) by @cilium-renovate in #2057
• chore(deps): update go to v1.21.7 (v1.0) (patch) by @cilium-renovate in #2071
• chore(deps): update go (v1.0) by @cilium-renovate in #2082
• chore(deps): update docker.io/library/golang:1.21.7 docker digest to 549dd88 (v1.0) by @cilium-renovate in #2114
• fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security] (v1.0) by @cilium-renovate in #2120
• backports/v1.0/2131 by @willfindlay in #2136
• chore(deps): update module google.golang.org/protobuf to v1.33.0 [security] (v1.0) by @cilium-renovate in #2190
• chore(deps): update go to v1.21.8 (v1.0) (patch) by @cilium-renovate in #2194
• chore(deps): update docker.io/library/golang docker tag to v1.21.8 (v1.0) by @cilium-renovate in #2203
• chore(deps): update docker.io/library/golang:1.21.8 docker digest to 8560736 (v1.0) by @cilium-renovate in #2216
• chore(deps): update docker.io/library/golang:1.21.8-alpine docker digest to d7c6083 (v1.0) by @cilium-renovate in #2238
• backports/willfindlay/1.0/redaction filters by @willfindlay in #2267
• chore(deps): update go to v1.21.9 (v1.0) (patch) by @cilium-renovate in #2298
• chore(deps): update module golang.org/x/net to v0.23.0 [security] (v1.0) by @cilium-renovate in #2297
• chore(deps): update docker.io/library/golang docker tag to v1.21.9 (v1.0) by @cilium-renovate in #2307
• Backport #2144 and #2167 to v1.0 branch by @michi-covalent in #2292
• backports/1.0: exporter: fix hang when exporter fails to start by @willfindlay in #2314
• Prepare for v1.0.3 release by @mtardy in #2254

Full Changelog: v1.0.2...v1.0.3

v1.0.2

What's Changed

• chore(deps): update docker.io/library/golang:1.21.5 docker digest to 2ff79bc (v1.0) by @cilium-renovate in #1898
• fix(deps): update module github.com/containerd/containerd to v1.7.11 [security] (v1.0) by @cilium-renovate in #1905
• chore(deps): update go (v1.0) by @cilium-renovate in #1913
• chore(deps): update docker.io/library/golang docker tag to v1.21.6 (v1.0) by @cilium-renovate in #1969
• v1.0 backport: bpf: fix bugs in the prepend_name function by @mtardy in #1956
• chore(deps): update dependency go to v1.21.6 (v1.0) by @cilium-renovate in #1977
• chore(deps): update docker.io/library/golang:1.21.6 docker digest to 5f5d61d (v1.0) by @cilium-renovate in #1989
• tetragon: prepare for v1.0.2 release by @jrfastab in #1991

Full Changelog: v1.0.1...v1.0.2

v1.0.1

Release info

OSS PRs

Bugfixes:

• Fix a regression related to field filters that could cause top-level information to be missing from events.
• Fix a number of segmentation Add mappings for sock and skb types (bug fix).
• Fix a few bugs related to field filter configuration and significantly improve performance of field filters.
• backports/v1.0: helm: Fix templating securityContext and tolerations

Minor Changes:

• backports/v1.0: Add a metric to provide per-event missed events

Dependency updates:

• chore(deps): update docker.io/library/golang docker tag to v1.21.5 (v1.0)
• chore(deps): update go (v1.0)
• chore(deps): update docker.io/library/alpine docker tag to v3.18.5 (v1.0)
• chore(deps): update docker.io/library/golang:1.21.4 docker digest to 9baee0e (v1.0)
• chore(deps): update go to v1.21.4 (v1.0) (patch)
• chore(deps): update docker.io/library/golang docker tag to v1.21.4 (v1.0)
• chore(deps): update docker.io/library/alpine docker tag to v3.19.0 (v1.0)
• chore(deps): update docker.io/library/golang:1.21.4-alpine docker digest to 70afe55 (v1.0)

What's Changed

• backports/v1.0: Add a metric to provide per-event missed events by @tpapagian in #1702
• filters/fields: do a deep copy before filtering by @willfindlay in #1726
• chore(deps): update go to v1.21.4 (v1.0) (patch) by @cilium-renovate in #1747
• chore(deps): update docker.io/library/golang docker tag to v1.21.4 (v1.0) by @cilium-renovate in #1757
• Backports/v1.0/1762 by @willfindlay in #1763
• chore(deps): update docker.io/library/golang:1.21.4 docker digest to 9baee0e (v1.0) by @cilium-renovate in #1746
• chore(deps): update docker.io/library/alpine docker tag to v3.18.5 (v1.0) by @cilium-renovate in #1826
• chore(deps): update docker.io/library/golang:1.21.4-alpine docker digest to 70afe55 (v1.0) by @cilium-renovate in #1825
• Backports/v1.0/string match fixes by @kevsecurity in #1819
• backports/v1.0: helm: Fix templating securityContext and tolerations by @lambdanis in #1841
• chore(deps): update docker.io/library/golang docker tag to v1.21.5 (v1.0) by @cilium-renovate in #1851
• chore(deps): update docker.io/library/alpine docker tag to v3.19.0 (v1.0) by @cilium-renovate in #1864
• chore(deps): update go (v1.0) by @cilium-renovate in #1869
• backports/v1.0: fieldfilters: fix regression with missing top-level info and add test by @willfindlay in #1883
• Prepare for v1.0.1 release by @kkourt in #1885

Full Changelog: v1.0.0...v1.0.1

v1.0.0

Changes

Breaking Changes:

• export: switch to default permissions on exported JSON to 0600. (#1575) by @tixxdz

Major Changes:

• tetragon: build arm64 tarball (#1484) by @tixxdz
• tetragon:process_exec: display uids/gids credentials and detect privileged execution (#1296) by @tixxdz
• Add a new kernel stack traces alpha feature to kprobes events. (#1429) by @mtardy
• api: add a policy_name field to kprobe, tracepoint and uprobe events (#1574) by @mtardy
• tetragon: Add killer sensor (#1205) by @olsajiri
• helm: Set the feature that implements Namespaced policies and Pod label filters on by default (#1647) by @kkourt

Bugfixes:

• Use a message copy to apply fieldFilters in exec events (#1432) by @tpapagian
• bpf: fix verification error in bpf_execve_event (#1454) by @kkourt
• Add complete k8s object validation and defaults on standalone (#1521) by @mtardy
• tetragon: fix crash in kprobe validation (#1551) by @olsajiri
• bugfix: Use shared string maps in kprobe-multi (#1582) by @tpapagian
• bpf: fix policyfilter issue for existing processes (#1590) by @kkourt
• Fixes a regression on enable/disable sensors that would prevent a sensor from being enabled. (#1562) by @mtardy
• helm: Fix selector labels for the operator deployment (#1644) by @michi-covalent

Minor Changes:

• pkg/metrics: add common go&gRPC prometheus metrics (#1416) by @Jack-R-lantern
• tetragon: Adding lists documentation (#1401) by @olsajiri
• tetragon-oci-hook: fix issue for containerd (#1375) by @kkourt
• tetragon: Add buffer between perf reader and events processing code (#593) by @olsajiri
• helm: update livenessProbe to retry 5 times before failing (#1407) by @willfindlay
• Convert string and char_buf matches to hash look ups (#1408) by @kevsecurity
• tetragon: Add metric to report rate limited events (#1453) by @jrfastab
• tetragon: trace kernel modules operations (#1390) by @tixxdz
• helm: Allow multiple installations of the Tetragon Helm chart (#1400) by @ashishkurmi
• Controller for the Pod Info Custom Resource (#1410) by @prateek041
• doc: add arm64 tarball install (#1496) by @tixxdz
• tetragon: improve how we handle TIDs and GetProcessCopy() (#1256) by @tixxdz
• Add IPv6 support to BPF rate limit (#1458) by @kevsecurity
• cmd: Remove deprecated --config-file flag (#1498) by @lambdanis
• metrics: report metric errors when caching pids (#1502) by @tixxdz
• tracing: check for empty returnArg (#1515) by @kkourt
• tetragon: Hook exit sensor on acct_process (#1509) by @olsajiri
• metrics: Add metrics label filter configuration (#1444) by @nap32
• tetragon: Several observer related cleanups (#1525) by @olsajiri
• Collect tetragon_map_in_use_gauge and tetragon_map_errors_total metrics directly from BPF maps at the scrape time. Expose the tetragon_map_errors_total metrics as a counter instead of a gauge. (#1510) by @lambdanis
• tetragon: Remove sensors on exit not programs (#1514) by @olsajiri
• imagePullPolicy for the operator deployment can be set in tetragonOperator.image.pullPolicy Helm value and defaults to IfNotPresent. (#1544) by @lambdanis
• Implement the ability to filter on event types in the getevents CLI. (#1549) by @darox
• bpf: read the task real parent (#1559) by @tixxdz
• Expose an interface for defining metrics with configurable labels. (#1548) by @lambdanis
• tetragon: Allow to specify rb-* size options with size suffix (#1593) by @olsajiri
• ci:tarball-release: remove unnecessary step about installing go (#1601) by @tixxdz
• ci: add login-action to docker hub (#1602) by @tixxdz
• tetragon: Add helper scripts for stats benchmarks (#1583) by @olsajiri
• systemd fixes (#1636) by @tixxdz
• helm: add service monitor scrape interval config (#1638) by @Jack-R-lantern
• doc: update tetragon daemon flags (#1662) by @tixxdz
• tetragon: Cleanup tgids array before another round of events iteration (#1581) by @olsajiri
• Introduce startup logic to check userspace and BPF struct alignment, and exit with an error message if we detect a mismatch. (#1650) by @willfindlay
• tetragon: Add support to pass options through spec (#1626) by @olsajiri
• helm: add PROCESS_TRACEPOINT to exported events (#1684) by @kkourt

CI Changes:

• CODEOWNERS: multiple fixes and move file in .github (#1449) by @mtardy
• renovate: add release-note/dependency label to PRs (#1435) by @mtardy
• renovate: rename correctly the lvh image name in config (#1474) by @mtardy
• lvh: allow renovate to update kernel images instead of using main (#1470) by @mtardy
• renovate: add both lvh-images/kind and kernel-images (#1476) by @mtardy
• Dockerfile.clang: Don't pin clang patch version (#1530) by @michi-covalent
• renovate: Monitor kubernetes-sigs/bom (#1526) by @michi-covalent
• packages-e2e-tests: Don't fail fast (#1532) by @michi-covalent
• Fix build-images-releases.yml (#1542) by @michi-covalent
• Use 'go install' to install bom (#1534) by @michi-covalent
• setup-go: Get Go version from go.mod (#1536) by @michi-covalent
• build-images-releases.yml: Fix indentation (#1543) by @michi-covalent
• event checker: Don't use the word "failure" for pending checks (#1550) by @michi-covalent
• Renovate: Ignore digest updates for k8s dependencies (#1557) by @lambdanis
• vendor: Pick up github.com/cilium/cilium v1.15.0-pre.1 (#1553) by @michi-covalent
• renovate: fix renovate upgrade of Go toolchain (#1579) by @mtardy
• renovate: fix the way we manually install Go inside the runner (#1584) by @mtardy
• renovate: enable automerge for pin/pinDigest and patch (#1587) by @mtardy
• ci: minor refactor to build-images job (#1611) by @willfindlay
• Add veristat in the CI (#1610) by @mtardy
• gh/vmtests: add 6.1 kernel (#1628) by @kkourt
• ci: fix CI for external contributors (#1649) by @willfindlay
• vmtests: bump timeout and start multiple job for builds (#1671) by @mtardy
• gh: update cosign installer (#1687) by @kkourt
• gh: use cosign sign -y (#1689) by @kkourt
• ci: check docs links fixes and configuration (#1692) by @mtardy

Documentation changes:

• docs: document kernel version and requirement (#1443) by @tixxdz
• docs: fix link in README and remove unreliable link to busybox (#1463) by @mtardy
• docs(tracing-policy) - Grammar and punctuation (#1480) by @jbiggley
• docs: fixes anchor links (#1516) by @prosazhin
• Doc: Tetragon metrics (#1495) by @prateek041
• tetragon: docs, copy Cilium style k8s install (#1561) by @jrfastab
• docs: Fix links to policy YAML files (#1614) by @michi-covalent
• tetragon: docs, minor updates to metrics ...

Release v0.11.0

Upgrade notes

• tracingpolicies* CRDs need to be manually deleted. See #1394 for details.

What's Changed

• fix(deps): update module sigs.k8s.io/controller-tools to v0.12.1 by @cilium-renovate in #1207
• chore(deps): update all k8s pkg go dependencies main (patch) by @cilium-renovate in #1172
• fix(deps): update module github.com/iancoleman/strcase to v0.3.0 by @cilium-renovate in #1236
• docs update by @kkourt in #1233
• metrics: Switch from gauges to counters by @lambdanis in #1220
• chore(deps): update docker.io/library/golang docker tag to v1.20.6 by @cilium-renovate in #1226
• Add _total suffix to counter metrics that didn't have it by @lambdanis in #1208
• fix(deps): update module github.com/cilium/little-vm-helper to v0.0.9 by @cilium-renovate in #1239
• Clang image Dockerfile and workflow improvements and renovate settings tuning by @mtardy in #1221
• chore(deps): update all github action dependencies by @cilium-renovate in #1175
• fix(deps): update module go.uber.org/multierr to v1.11.0 by @cilium-renovate in #1243
• selector fixes by @kkourt in #1246
• Adding Kind property to the openat_write tracingpolicy sample YAML file by @ashishkurmi in #1248
• Infinite ports and CIDRs by @kevsecurity in #1222
• fix replace directives for Cilium v1.13.4 by @rolinh in #1252
• gh/vmtests: use -main for latest version and add bpf-next by @kkourt in #1247
• Let renovate update Go toolchain in a single PR by @mtardy in #1259
• Fix SKB test by @kevsecurity in #1258
• chore(deps): update go to v1.20.6 (minor) by @cilium-renovate in #1261
• fix(deps): update module github.com/cilium/little-vm-helper to v0.0.12 by @cilium-renovate in #1242
• Implement DeleteTracingPolicy functionality by @inliquid in #1253
• tetragon: Check final size for data event by @olsajiri in #1224
• tetragon: Loader fixes by @olsajiri in #951
• Renovate: let renovate update golangci-lint and various fixes by @mtardy in #1263
• fix(deps): update module github.com/opencontainers/runtime-spec to v1.1.0 by @cilium-renovate in #1266
• fix(deps): update kubernetes packages to v0.26.7 (patch) by @cilium-renovate in #1265
• Simplify tetra and tetragon build without CGO, add binary stripping and improve Makefile by @mtardy in #1268
• Update README.md Links by @saintdle in #1270
• deps: remove unused cilium/metallb replace directive by @mtardy in #1269
• e2e tests: remove gexe dependency in cilium management by @mtardy in #1271
• docs: fix a link to contribution guide by @mtardy in #1277
• tetragon: remove unnecessary GetProcessCopy() by @jrfastab in #1254
• tetragon: Add support for multi kprobe override by @olsajiri in #1218
• Handle non-utf8 strings in protobuf structures by @kkourt in #1282
• tetragon: load tracingpolicies from directory by @tixxdz in #995
• contrib: Support upgrade in install-tetragon.sh by @lambdanis in #1280
• chore(deps): update docker.io/library/golang:1.20.6 docker digest to 010a0ff by @cilium-renovate in #1293
• fix(deps): update all go dependencies main (patch) by @cilium-renovate in #1294
• fix(deps): update module github.com/cilium/cilium to v1.13.5 by @cilium-renovate in #1297
• deps: bump cilium/cilium to v1.14.0 by @mtardy in #1299
• pkg/k8s: deps bump cilium/cilium Go dep to v1.14.0 by @mtardy in #1302
• workflows: split static checks to parallelize jobs by @mtardy in #1300
• chore(deps): update module github.com/cilium/controller-tools to v0.12.1 by @cilium-renovate in #1298
• Makefile: Print messages only once by @lambdanis in #1295
• fix(deps): update kubernetes packages to v0.27.4 (patch) by @cilium-renovate in #1303
• kprobes: allow to override security_ hooks by @tixxdz in #1305
• tetragon: kprobe fixes by @olsajiri in #1291
• Copy Helm chart values doc to docs reference by @mtardy in #1288
• use-case: advanced tracing of elf and flat execution by @tixxdz in #1307
• cves:exploit: prevent cve-2023-2640 overlayfs exploit on ubuntu by @tixxdz in #1306
• tetragon: bpf map handlers updates by @jrfastab in #1308
• bugfix: Fix Prefix operator with file type in matchArgs by @tpapagian in #1301
• tetragon: tty monitoring fixes by @olsajiri in #1289
• sensors: harden string parsing from BPF events by @mtardy in #1276
• Add three network policies by @kevsecurity in #1313
• Create metrics registry explicitly instead of using promauto by @lambdanis in #1304
• fix(deps): update module sigs.k8s.io/e2e-framework to v0.2.0 by @cilium-renovate in #1244
• btf: Add support to load symbols from kernel modules by @tpapagian in #1316
• Revert "renovate: fix usage of dot in regexes" by @mtardy in #1322
• fix(deps): update module golang.org/x/sys to v0.11.0 by @cilium-renovate in #1323
• fix(deps): update module google.golang.org/grpc to v1.57.0 by @cilium-renovate in #1324
• generic traceponts: add support for string type by @kkourt in #1314
• tetragon: Add stats support for errors by @jrfastab in #1311
• chore(deps): update go to v1.20.7 (patch) by @cilium-renovate in #1320
• Renovate settings for replace directive deps and cilium/cilium updates by @mtardy in #1330
• tetragon: Remove pkg/bpf/map module by @olsajiri in #1315
• misc fixes by @kkourt in #1317
• refactor: Move readConfig{Dir,File} to the option package by @michi-covalent in #1336
• Move observer_test_helpers.go to a separate package by @lambdanis in #1335
• chore(deps): update renovatebot/github-action action to v39 by @cilium-renovate in #1334
• Add tetragon-operator-config ConfigMap by @michi-covalent in #1337
• chore(deps): update docker.io/library/alpine docker tag to v3.18.3 by @cilium-renovate in #1342
• fix(deps): update module github.com/hashicorp/golang-lru/v2 to v2.0.5 by @cilium-renovate in #1343
• tetragon-oci-hook: improvements by @kkourt in #1076
• matchArgs: Add Not{Equal, Prefix, Postfix} in fd, file, path types by @tpapagian in #1325
• Fix TestKprobeMatchArgsNonPrefix test by @tpapagian in #1347
• use-case: add ProcessCredentials object and track credentials changes at kernel by @tixxdz in #888
• renovate: group Helm chart version bump PRs by @mtardy in #1346
• Fix tetra version injection by @mtardy in #1348
• operator: Move the CRD registration logic to a separate package by @michi-covalent in #1350
• docs: Update the link to the cosign installation page by @michi-covalent in #1352
• tetragon: Do not update sensors.AllPrograms in kprobe sensor by @olsajiri in #1340
• Add tetragon operator deployment into the helm chart by @prateek041 in #1351
• Sock/skb: socket improvements by @kevsecurity in #1358
• tetragon: Remove unnecessary computation line by @olsajiri in #1357...

Release v0.10.0

What's Changed

• Makefile: set GOARCH to TARGET_ARCH only if GOARCH is unset by @mtardy in #880
• tetragon: use latest cilium module (v1.13.1) by @kkourt in #882
• Various Dockerfile cleanups by @mtardy in #843
• tetragon: post action parsing fix by @olsajiri in #879
• TracingPolicy examples: use portable symbols for syscalls by @mtardy in #886
• Docs: update the TracingPolicy reference for arm64 by @mtardy in #884
• fix: injecting Git version into tetragon-operator binary fails by @YTGhost in #890
• tetragon: Move matchBinaries filter to be executed earlier by @olsajiri in #833
• Tetra: split commands set between OS for portability by @mtardy in #883
• helm: recreate daemonset pod when configmap changes by @cjtim in #812
• use binary search to optimize performance by @Lan-ce-lot in #820
• test for retrieving exit code by @zhy76 in #852
• ci: update setup-go@v3 to v4 by @Lan-ce-lot in #864
• fixup server address when port is not present by @willfindlay in #896
• matchArgs improvements by @jrfastab in #901
• build(deps): bump ubuntu from 27cb6e6 to 67211c1 by @dependabot in #877
• build(deps): bump github/codeql-action from 2.1.37 to 2.2.11 by @dependabot in #897
• build(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.1 to 2.0.2 by @dependabot in #908
• Dockerfiles: use ENTRYPOINT instead of CMD by @mtardy in #887
• build(deps): bump google.golang.org/grpc from 1.53.0 to 1.54.0 by @zhy76 in #860
• pkg/encoder: make customized syscalls printers portable and add open/openat by @mtardy in #900
• pkg:observer: during stats printing check if total events is not zero by @tixxdz in #914
• build(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 by @dependabot in #915
• Dependabot: update config for alpine-curl dep and new label name by @mtardy in #916
• build(deps): bump actions/upload-pages-artifact from 1.0.7 to 1.0.8 by @dependabot in #918
• pks/metrics: add syscall metrics by @kkourt in #924
• pkg/metrics: add event for tracing policy metrics by @kkourt in #927
• build(deps): bump golang from 1.20.2 to 1.20.3 by @dependabot in #923
• build(deps): bump actions/checkout from 3.3.0 to 3.5.2 by @dependabot in #926
• Add Flags To Raw Attach by @kevsecurity in #937
• tetragon: deal with duplicated tcpmon_map issue by @kkourt in #938
• tetragon: Add new NoPost and Signal actions by @olsajiri in #885
• Improvements in bugtool and metrics by @kkourt in #929
• tests: fail test when tracingpolicy parsing fails by @willfindlay in #947
• tetragon: Add documentation for Signal and NoPost actions by @olsajiri in #948
• bug-report-template: add an issue template for bug report by @YTGhost in #898
• tetragon: Add fail path for data events get_current_pid_tgid call by @olsajiri in #950
• tetragon: Allow to use data events for char_buf data by @olsajiri in #789
• Docs: add a try Tetragon on Linux getting-started tutorial and FAQ about running Tetragon on Mac by @mtardy in #899
• tetragon: handle process threads in clone and process_{exec|exit} events by @tixxdz in #941
• policyfilter: pod label filter support for tracing policies. by @kkourt in #945
• build(deps): bump peter-evans/close-issue from 2.2.0 to 3.0.1 by @dependabot in #943
• tetragon: we only need to find the BTF file skip creating it by @jrfastab in #961
• tetragon: release memory used for loading programs by @jrfastab in #962
• build(deps): bump github.com/containerd/containerd from 1.6.10 to 1.7.0 by @zhy76 in #904
• dependabot: fix a tag issue with alpine-curl image by @mtardy in #956
• e2e-framework: minor refactors to improve image dumps by @willfindlay in #963
• build(deps): bump golang from 1.20.3 to 1.20.4 by @dependabot in #966
• tetragon: Add support for and filter operation by @olsajiri in #940
• policyfilter: only deal with running containers by @kkourt in #968
• build(deps): bump docker/setup-buildx-action from 2.4.1 to 2.5.0 by @dependabot in #960
• Add documentation in the CRD for maxData and returnCopy flags and update doc by @mtardy in #965
• Add support to load LSM and Tracing programs by @tpapagian in #953
• tetragon: Add support for LT/GT operators for matchReturnArgs by @olsajiri in #949
• build(deps): bump ubuntu from 67211c1 to dfd64a3 by @dependabot in #969
• tetra: transparently handle unix or tcp gRPC socket by @tixxdz in #967
• github: add feature request issue template by @mtardy in #972
• build(deps): bump github.com/prometheus/client_model from 0.3.0 to 0.4.0 by @dependabot in #978
• Cleanup: update golangci-lint and fix new linters alerts by @mtardy in #976
• build(deps): bump library/alpine from 3.17.3 to 3.18.0 by @dependabot in #986
• Revert: tetragon: Switch exit tracepoint to __put_task_struct kprobe by @tpapagian in #987
• docs: add FAQ entry about CGO related issues in pkg/bpf by @mtardy in #981
• logcapture: use T.Log instead of T.Logf by @willfindlay in #988
• exec: Skip tests not comment them out by @tpapagian in #990
• docs: add last two Tetragon KubeCon EU 2023 prez by @mtardy in #993
• bugtool: skip non-object files from lib directory by @kkourt in #977
• fix[helm]: remove useless 'if' around a 'with' by @Vampouille in #944
• build(deps): bump golang.org/x/time from 0.2.0 to 0.3.0 by @dependabot in #985
• docs: add a "install tetra CLI" guide to getting started by @mtardy in #991
• tetragon: Use execve_map_get_noinit cgroup related code by @olsajiri in #984
• docs: add a script to export the generated API doc to references by @mtardy in #1009
• docs: add an FAQ entry about BTF requirement by @mtardy in #1006
• api: add comments on fields for reference docs by @mtardy in #959
• tetragon: Enable parallel build for bpf objects by @olsajiri in #1010
• tetragon: handle process threads in kprobes and tracepoints by @tixxdz in #946
• cleanup: remove mistakenly committed coverage artifacts by @mtardy in #999
• build(deps): bump actions/setup-go from 3.3.0 to 4.0.1 by @dependabot in #1000
• Deprecate the --config-file flag, replace with --tracing-policy and merge pkg/config with pkg/tracingpolicy by @mtardy in #998
• Docs: update docs design by @yasell in #931
• tests: rewrite pkg/sensors/exec:TestExitCode by @mtardy in #1015
• Add sock and skb matchArgs selectors by @kevsecurity in #1008
• docs: add a "deploy Tetragon on Kubernetes" guide and rework the existing systemd and container guides by @mtardy in #992
• docs: fix sticky header, TOC scrolling and add search bar by @yasell in #1026
• dependabot: remove ignore on tag name by @mtardy in #980
• build(deps): bump github.com/fatih/color from 1.14.1 to 1.15.0 by @dependabot in #1021
• Update cilium-builde...

Release refs/tags/v0.10.0-pre.2

Note for maintainers:: Please update the description with the actual release notes (see RELEASE.md for instructions).

What's Changed

• Update README.md by @michi-covalent in #489
• tetragon: Add --rb-size/--rb-size-total options to setup perf ring buffer size by @olsajiri in #480
• pkg:sensors: log loading BPF programs by @tixxdz in #474
• mention LOCAL_CLANG in contributor's dev docs by @dmitris in #503
• build(deps): bump golang from 1.16 to 1.19.2 by @dependabot in #502
• program/loader: properly log verifier errors by @willfindlay in #504
• build(deps): bump actions/download-artifact from 3 to 3.0.1 by @dependabot in #501
• chore: remove binary accidentally checked in by @willfindlay in #508
• Fix a deadlock in eventcache by @tpapagian in #510
• minor README updates by @dmitris in #512
• correct a sentence in 'Deploy Tetragon' by @dmitris in #509
• server: drop events if listener channel is full by @kkourt in #511
• Remove pidMap by @tpapagian in #497
• build: sign Tetragon container images by @sandipanpanda in #517
• Chore: registered probe types by @zhiyu0729 in #519
• chore: sample memfd_create rule by @krol3 in #484
• tetragon: fix graceful shutdown and exit code by @tixxdz in #520
• ci/e2e: fix test failure file exports by @willfindlay in #518
• add kubebuilder validation GetUrl;DnsLookup , it can't get "The Traci… by @sunnoy in #525
• Update automatically generated files by @kevsecurity in #528
• tetragon: Add bpf_printk helper from libbpf by @olsajiri in #514
• vendor: update cilium/ebpf by @willfindlay in #522
• cli: add field filters to the CLI and tetragon configmap by @willfindlay in #513
• tetragon: improve how we read process info during startup by @tixxdz in #523
• tetragon: Switch to clang-14 by @olsajiri in #397
• various fixes motivated by a failure of the raw syscall test by @kkourt in #531
• Fix for execve events that come after clone by @tpapagian in #532
• Make size of event queue configurable by @kevsecurity in #535
• cgroups: add basic cgroups tracking and make it part of the testing framework by @tixxdz in #471
• tetragon: Add ReleasedPinnedBPF option to remove any old progs/maps by @jrfastab in #542
• build(deps): bump docker/build-push-action from 3.1.1 to 3.2.0 by @dependabot in #506
• tetragon: Add v6.0 bpf objects and related fixes by @olsajiri in #537
• vmtests/doc: fix by @kkourt in #547
• build(deps): bump github/codeql-action from 2.1.26 to 2.1.33 by @dependabot in #546
• Makefile.cli: deal with {g,u}id collision by @kkourt in #557
• tests:cgroups: add tests to emulate k8s hierarchies by @tixxdz in #536
• tetragon: fix cobra command line usage by @tixxdz in #565
• tetragon: Add pprof http support by @anjmao in #551
• watcher cleanup by @kkourt in #555
• support for using unix socket for gRPC by @kkourt in #552
• tetragon: fixup generic tracepoint sensor create by @Y-dc in #568
• tetragon: fix initialization deadlock by @kkourt in #574
• build(deps): bump docker/login-action from 2.0.0 to 2.1.0 by @dependabot in #572
• tetragon: Check and remove not compatible map pin paths on loading by @olsajiri in #543
• build(deps): bump github/codeql-action from 2.1.33 to 2.1.36 by @dependabot in #583
• Makefile: Fix potential uid/gid collision by using setpriv by @kkourt in #586
• dockerfile: remove addgroup hubble by @tixxdz in #588
• jsonchecker: retry on EOF/UnexpectedEOF in unmarshaller by @willfindlay in #587
• tetragon: logging improvements for non k8s deployment by @tixxdz in #582
• tests/e2e: make cilium version configurable by @willfindlay in #591
• ci: bump golangci-lint to v1.50.1 by @rolinh in #580
• tetragon: Make sure to read meaningful size data from char_buf args by @Y-dc in #564
• vendor: bump golang-lru to v2 (requires Go >= v1.18 support for generics) by @rolinh in #579
• build(deps): bump actions/checkout from 3.1.0 to 3.2.0 by @dependabot in #592
• ci: replace deprecated set-output directives by @willfindlay in #598
• add Code of Conduct by @xmulligan in #600
• tetragon: Allow full exec path/args retrieval on 4.19 kernels by @olsajiri in #156
• build(deps): bump ubuntu from 34fea4f to 35fb073 by @dependabot in #507
• logging: allow users to know more about the overall status by @tixxdz in #590
• build(deps): bump github/codeql-action from 2.1.36 to 2.1.37 by @dependabot in #596
• sensor cleanups by @kkourt in #581
• eventcache: update PodInfoError on pod error by @kkourt in #609
• build: Generate SBOM during image release by @sandipanpanda in #559
• helm: use a specific conf.d directory for --config-dir by @tixxdz in #599
• build(deps): bump golang from 1.19.2 to 1.19.4 by @dependabot in #607
• build(deps): bump actions/download-artifact from 3.0.1 to 3.0.2 by @dependabot in #610
• loader: support larger verifier log sizes by @willfindlay in #595
• cgroups: ensure that cgroup IDs correlate with execve events by @tixxdz in #541
• tests/e2e: remove GKE auth plugin, it's deprecated by @willfindlay in #606
• ci: use large github runner by @willfindlay in #615
• ci/formatting: various improvements by @willfindlay in #617
• tetragon: Switch exit tracepoint to __put_task_struct kprobe by @olsajiri in #558
• build(deps): bump library/alpine from 3.16.2 to 3.17.1 by @dependabot in #614
• bpf:cgroups: error flags improvements by @tixxdz in #594
• tetragon: Use probe task instead of current in event_exit_send by @olsajiri in #630
• Fix SBOM image signing and update image siganture verification docs by @sandipanpanda in #618
• Minor improvements to the README by @mtardy in #632
• build(deps): bump golang from 1.19.4 to 1.19.5 by @dependabot in #623
• tetragon: disable gops server by default by @tixxdz in #642
• bpf_alignchecker.c: avoid unused var error by @dmitris in #637
• tetragon: Cleanup func_id/id mess in struct msg_generic_kprobe by @olsajiri in #604
• Add skb_adjust_room helper by @kevsecurity in #648
• tetragon: better config handling mechanism by @tixxdz in #635
• tetragon: loader sensor by @olsajiri in #573
• gettid wrapper by @dmitris in #639
• Update Makefile test target dependencies and run test as root by @mtardy in #649
• encoder: pretty print bpf events by @willfindlay in #650
• e2e-framework: force update when adding helm repo by @willfindlay in #644
• tetra: Add a GetFilter var in getevents, add documentation and tests by @mtardy in #643
• CRD examples: Replace invalid TracingPolicy names by @mtardy in #652
• te...

Release v0.9.0

What's Changed

• Update README.md by @michi-covalent in #489
• tetragon: Add --rb-size/--rb-size-total options to setup perf ring buffer size by @olsajiri in #480
• pkg:sensors: log loading BPF programs by @tixxdz in #474
• mention LOCAL_CLANG in contributor's dev docs by @dmitris in #503
• build(deps): bump golang from 1.16 to 1.19.2 by @dependabot in #502
• program/loader: properly log verifier errors by @willfindlay in #504
• build(deps): bump actions/download-artifact from 3 to 3.0.1 by @dependabot in #501
• chore: remove binary accidentally checked in by @willfindlay in #508
• Fix a deadlock in eventcache by @tpapagian in #510
• minor README updates by @dmitris in #512
• correct a sentence in 'Deploy Tetragon' by @dmitris in #509
• server: drop events if listener channel is full by @kkourt in #511
• Remove pidMap by @tpapagian in #497
• build: sign Tetragon container images by @sandipanpanda in #517
• Chore: registered probe types by @zhiyu0729 in #519
• chore: sample memfd_create rule by @krol3 in #484
• tetragon: fix graceful shutdown and exit code by @tixxdz in #520
• ci/e2e: fix test failure file exports by @willfindlay in #518
• add kubebuilder validation GetUrl;DnsLookup , it can't get "The Traci… by @sunnoy in #525
• Update automatically generated files by @kevsecurity in #528
• tetragon: Add bpf_printk helper from libbpf by @olsajiri in #514
• vendor: update cilium/ebpf by @willfindlay in #522
• cli: add field filters to the CLI and tetragon configmap by @willfindlay in #513
• tetragon: improve how we read process info during startup by @tixxdz in #523
• tetragon: Switch to clang-14 by @olsajiri in #397
• various fixes motivated by a failure of the raw syscall test by @kkourt in #531
• Fix for execve events that come after clone by @tpapagian in #532
• Make size of event queue configurable by @kevsecurity in #535
• cgroups: add basic cgroups tracking and make it part of the testing framework by @tixxdz in #471
• tetragon: Add ReleasedPinnedBPF option to remove any old progs/maps by @jrfastab in #542
• build(deps): bump docker/build-push-action from 3.1.1 to 3.2.0 by @dependabot in #506
• tetragon: Add v6.0 bpf objects and related fixes by @olsajiri in #537
• vmtests/doc: fix by @kkourt in #547
• build(deps): bump github/codeql-action from 2.1.26 to 2.1.33 by @dependabot in #546
• Makefile.cli: deal with {g,u}id collision by @kkourt in #557
• tests:cgroups: add tests to emulate k8s hierarchies by @tixxdz in #536
• tetragon: fix cobra command line usage by @tixxdz in #565
• tetragon: Add pprof http support by @anjmao in #551
• watcher cleanup by @kkourt in #555
• support for using unix socket for gRPC by @kkourt in #552
• tetragon: fixup generic tracepoint sensor create by @Y-dc in #568
• tetragon: fix initialization deadlock by @kkourt in #574
• build(deps): bump docker/login-action from 2.0.0 to 2.1.0 by @dependabot in #572
• tetragon: Check and remove not compatible map pin paths on loading by @olsajiri in #543
• build(deps): bump github/codeql-action from 2.1.33 to 2.1.36 by @dependabot in #583
• Makefile: Fix potential uid/gid collision by using setpriv by @kkourt in #586
• dockerfile: remove addgroup hubble by @tixxdz in #588
• jsonchecker: retry on EOF/UnexpectedEOF in unmarshaller by @willfindlay in #587
• tetragon: logging improvements for non k8s deployment by @tixxdz in #582
• tests/e2e: make cilium version configurable by @willfindlay in #591
• ci: bump golangci-lint to v1.50.1 by @rolinh in #580
• tetragon: Make sure to read meaningful size data from char_buf args by @Y-dc in #564
• vendor: bump golang-lru to v2 (requires Go >= v1.18 support for generics) by @rolinh in #579
• build(deps): bump actions/checkout from 3.1.0 to 3.2.0 by @dependabot in #592
• ci: replace deprecated set-output directives by @willfindlay in #598
• add Code of Conduct by @xmulligan in #600
• tetragon: Allow full exec path/args retrieval on 4.19 kernels by @olsajiri in #156
• build(deps): bump ubuntu from 34fea4f to 35fb073 by @dependabot in #507
• logging: allow users to know more about the overall status by @tixxdz in #590
• build(deps): bump github/codeql-action from 2.1.36 to 2.1.37 by @dependabot in #596
• sensor cleanups by @kkourt in #581
• eventcache: update PodInfoError on pod error by @kkourt in #609
• build: Generate SBOM during image release by @sandipanpanda in #559
• helm: use a specific conf.d directory for --config-dir by @tixxdz in #599
• build(deps): bump golang from 1.19.2 to 1.19.4 by @dependabot in #607
• build(deps): bump actions/download-artifact from 3.0.1 to 3.0.2 by @dependabot in #610
• loader: support larger verifier log sizes by @willfindlay in #595
• cgroups: ensure that cgroup IDs correlate with execve events by @tixxdz in #541
• tests/e2e: remove GKE auth plugin, it's deprecated by @willfindlay in #606
• ci: use large github runner by @willfindlay in #615
• ci/formatting: various improvements by @willfindlay in #617
• tetragon: Switch exit tracepoint to __put_task_struct kprobe by @olsajiri in #558
• build(deps): bump library/alpine from 3.16.2 to 3.17.1 by @dependabot in #614
• bpf:cgroups: error flags improvements by @tixxdz in #594
• tetragon: Use probe task instead of current in event_exit_send by @olsajiri in #630
• Fix SBOM image signing and update image siganture verification docs by @sandipanpanda in #618
• Minor improvements to the README by @mtardy in #632
• build(deps): bump golang from 1.19.4 to 1.19.5 by @dependabot in #623
• tetragon: disable gops server by default by @tixxdz in #642
• bpf_alignchecker.c: avoid unused var error by @dmitris in #637
• tetragon: Cleanup func_id/id mess in struct msg_generic_kprobe by @olsajiri in #604
• Add skb_adjust_room helper by @kevsecurity in #648
• tetragon: better config handling mechanism by @tixxdz in #635
• tetragon: loader sensor by @olsajiri in #573
• gettid wrapper by @dmitris in #639
• Update Makefile test target dependencies and run test as root by @mtardy in #649
• encoder: pretty print bpf events by @willfindlay in #650
• e2e-framework: force update when adding helm repo by @willfindlay in #644
• tetra: Add a GetFilter var in getevents, add documentation and tests by @mtardy in #643
• CRD examples: Replace invalid TracingPolicy names by @mtardy in #652
• tetragon: tarball deployment by @tixxdz in #647
• ci: pin docker buildx version to ...

Release v0.8.4

What's Changed

• Update README.md by @michi-covalent in #489
• tetragon: Add --rb-size/--rb-size-total options to setup perf ring buffer size by @olsajiri in #480
• pkg:sensors: log loading BPF programs by @tixxdz in #474
• mention LOCAL_CLANG in contributor's dev docs by @dmitris in #503
• build(deps): bump golang from 1.16 to 1.19.2 by @dependabot in #502
• program/loader: properly log verifier errors by @willfindlay in #504
• build(deps): bump actions/download-artifact from 3 to 3.0.1 by @dependabot in #501
• chore: remove binary accidentally checked in by @willfindlay in #508
• Fix a deadlock in eventcache by @tpapagian in #510
• minor README updates by @dmitris in #512
• correct a sentence in 'Deploy Tetragon' by @dmitris in #509
• server: drop events if listener channel is full by @kkourt in #511
• Remove pidMap by @tpapagian in #497
• build: sign Tetragon container images by @sandipanpanda in #517
• Chore: registered probe types by @zhiyu0729 in #519
• chore: sample memfd_create rule by @krol3 in #484
• tetragon: fix graceful shutdown and exit code by @tixxdz in #520
• ci/e2e: fix test failure file exports by @willfindlay in #518
• add kubebuilder validation GetUrl;DnsLookup , it can't get "The Traci… by @sunnoy in #525
• Update automatically generated files by @kevsecurity in #528
• tetragon: Add bpf_printk helper from libbpf by @olsajiri in #514
• vendor: update cilium/ebpf by @willfindlay in #522
• cli: add field filters to the CLI and tetragon configmap by @willfindlay in #513
• tetragon: improve how we read process info during startup by @tixxdz in #523
• tetragon: Switch to clang-14 by @olsajiri in #397
• various fixes motivated by a failure of the raw syscall test by @kkourt in #531
• Fix for execve events that come after clone by @tpapagian in #532
• tetragon: Add ReleasedPinnedBPF option to remove any old progs/maps by @jrfastab in #544
• [backport] unix socket for gRPC by @kkourt in #585
• backports/v0.8: tests/e2e: make cilium version configurable by @willfindlay in #605
• vmtests: use large github runner by @kevsecurity in #621
• Make size of event queue configurable by @kevsecurity in #620
• Backports/v0.8: tetragon: Allow full exec path/args retrieval on 4.19 kernels by @tixxdz in #626
• Backports/v0.8: cgroups: add basic cgroups tracking and make it part of the testing framework by @tixxdz in #627
• backports/v0.8: tests/e2e: remove GKE auth plugin, it's deprecated by @willfindlay in #633
• Backports/v0.8: cgroups fixes and tests backport by @tixxdz in #629
• Backports/v0.8: tetragon: main agent and logging fixes by @tixxdz in #631
• Backports/v0.8: backport generic tracepoint fix and better configuration handling by @tixxdz in #657
• Backports/v0.8: backport tarball deployment, print bpf events and CRD fixes by @tixxdz in #658
• backports/v0.8: ci: pin docker buildx version to v0.9.1 by @willfindlay in #660
• backports/v0.8: e2e-framework: force update when adding helm repo by @willfindlay in #645
• tetragon: Switch exit tracepoint to __put_task_struct kprobe by @olsajiri in #672
• Backport:v0.8 Add start time to event cache object by @kevsecurity in #725
• Backport:v0.8 Handle multiple URL and DNS selectors correctly by @kevsecurity in #726
• Backport:v0.8 Fix multiple file match bugs by @kevsecurity in #727

New Contributors

• @zhiyu0729 made their first contribution in #519
• @krol3 made their first contribution in #484
• @sunnoy made their first contribution in #525

Full Changelog: v0.8.3...v0.8.4