GRR v1.16.2: No Likey Leaky

• fixes a mount leak in our experimental bpm support

GRR v1.16.1

release v1.16.1

GRR v1.16.0

this release has a bug on startup in some cases. A patch version will be coming soon. We encourage people to avoid this version for now.

GRR v1.15.1

• Adds additional masked directory paths for defense-in-depth
• Fixes some possible leaks in error cases for processes with a custom image

GRR v1.15.0: Containerd Your Enthusiasm

• Experimental Containerd support!

  • Opt-in using experimental_containerd_mode property
  • Still uses runc directly to run processes in and get status of created containers for now

• The gdn binary now knows how to report its version using the -v flag

• We've created a document tracking the current relative state of security-by-default in various container tools: https://docs.google.com/spreadsheets/d/1MgG8RkCpc_QkoMQ7BFd6RhRKAXszAhTICtf56QG4Sc8/edit#gid=0 (feedback welcome on anything we've gotten wrong!)

GRR v1.14.0: Veni, Vidi, Vendi

Minor updates

• Log warnings from network plugin (cloudfoundry/guardian#116)
• Tested with Xenial stemcells
• We no longer emit the StoreUsage metric from Groot, since this had stopped meaning anything sensible and had broken tests in Xenial (cloudfoundry/grootfs@c015687)
• Under the covers we've taken a large hacksaw to our vending strategy and tidied things up massively

GRR v1.13.3

• Reverts Golang version temporarily to 1.9 (due to a bug in TLS in 1.10)
• Adds experimental logging.format.timestamp property
• Fixes an issue where the xfs store did not have ftype=1 set due to an old version of xfsprogs in the stemcell, causing issues with deleted files in docker images. (#77)
  • Note: this fix will only apply after a recreate/new stemcell is deployed, we recommend users of docker image-based containers perform a bosh recreate or deploy with a new stemcell to get this fix

GRR v1.13.2

• Fixes a bug where the deprecated graph_cleanup_threshold_in_mb property (which should still be respected if set to a value other than -1), was not respected if set to 0
• Adds an option to explicitly disable swap limits (NOTE: please only use this if swap is disabled in the kernel) #73

GRR v1.13.1

• Fixes a regression around bind mounts in v1.13

1.13.0 - Please don't use this release.

Please don't use this release. It introduces a bug in bind mounts that is likely to cause problems for most clients. Expect a patch release very soon. Apologies for the inconvenience!

• Fixes for CVE-2018-1277
• Fixes for Grootfs startup issues in slower environments
• Pids.max and Pids.nr are now reported in Metrics