v0.23.0

Docker Image

• docker pull docker.io/aquasec/tracee:0.23.0

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.23.0
• docker pull docker.io/aquasec/tracee:aarch64-0.23.0

What's Changed

• chore(ci): update release amis by @geyslan in #4269
• fix(build): set GOTOOLCHAIN="auto" for alpine by @geyslan in #4271
• fix: release snapshot target arch by @rscampos in #4274
• Process execute failed by @OriGlassman in #4233
• update go.sum and go.mod with grpc change by @OriGlassman in #4280
• fix: process_execute_failed use correct lru by @OriGlassman in #4283
• Remove irrelevant context from uprobe based events by @oshaked1 in #4284
• chore: use 6.2.0-1018-aws kernel by @geyslan in #4275
• update syscall table: lookup_dcookie is removed by @OriGlassman in #4286
• container enrichment fixes and improvements by @NDStrahilevitz in #4276
• chore(k8s): prepare v0.22.1 release by @rscampos in #4295
• chore!: rollback proctree to simple LRU by @geyslan in #4299
• Fix timespec_t args not being submitted to userspace by @oshaked1 in #4301
• Events flags embedding by @geyslan in #4191
• feat(time)!: epoch timestamps as standard by @NDStrahilevitz in #4252
• sched_process_exec: don't drop event in capture exec by @OriGlassman in #4310
• chore: deactive performance gate by @NDStrahilevitz in #4309
• chore(deps): bump github.com/open-policy-agent/opa from 0.64.1 to 0.68.0 by @dependabot in #4315
• chore: sig helper clone metadata by @rscampos in #4317
• fix(tests): possible goroutine leak by @geyslan in #4306
• chore(tests): increase Tracee startup timeout by @geyslan in #4318
• Documentation patch by @ShohamBit in #4303
• Revert "chore: sig helper clone metadata" by @rscampos in #4319
• Revert "perf: benchmark improve sig GetMetadata" by @rscampos in #4320
• Revert "chore(sig): define signature metadata statically" by @rscampos in #4321
• chore(k8s): prepare v0.22.2 release by @rscampos in #4322
• change argv to args by @ShohamBit in #4304
• chore: remove deprecated debug-shell by @geyslan in #4308
• fix(proctree): possible sync.Once data race by @geyslan in #4307
• fix(ebpf): set pipeline chan size from config by @geyslan in #4329
• chore(ci): add possibility of ff merging via ui by @geyslan in #4333
• chore(types): add Zero field to ArgMeta by @geyslan in #4340
• Handle zero-value types for unavailable fields - ArgMeta by @geyslan in #4336
• remove policy and capture form docs by @ShohamBit in #4343
• Signatures helpers improvement by @geyslan in #4345
• feat: remove default usage of parse-arguments by @geyslan in #4331
• feat(events): add chmod_common event by @OriGlassman in #4339
• register normalizeTimeArg processor only when proctree is on by @geyslan in #4332
• Fix arg zero parse types and core typo by @geyslan in #4357
• fix: print err when parseArgument() fails by @geyslan in #4355
• feat(ebpf): restrict set_fs_pwd to (f)chdir syscall by @OriGlassman in #4359
• feat(events): change log level in hooked_syscall by @OriGlassman in #4366
• fix(events): check if init finished in hidden kernel module by @OriGlassman in #4367
• /proc parsing refactor by @geyslan in #4364
• changed process filter to scope filters by @ShohamBit in #4371
• fix(mount): reintroduce root path requirement by @NDStrahilevitz in #4328
• chore(k8s): prepare v0.22.3 release by @rscampos in #4374
• analyze: enable sigs consuming sigs by @NDStrahilevitz in #4327
• fix(engine): restrict finding feedback by @NDStrahilevitz in #4377
• fix(events): fix slice out of bounds in hidden_kernel_module by @OriGlassman in #4379
• chore(k8s): prepare v0.22.4 release by @geyslan in #4382
• Refactor filter matching by @yanivagman in #4376
• fix(epbf): fix behavior of has_prefix() and add strncmp() by @oshaked1 in #4394
• perf: remove sys_enter/exit dependency from default event set by @yanivagman in #4389
• feat(helpers): GetProtoHTTPRequestByName/GetProtoHTTPResponseByName by @rscampos in #4392
• Refactor: Restructure event and rename context by @yanivagman in #4390
• refactor: Rename event parameters to fields by @yanivagman in #4398
• Add suspicious_syscall_source event by @oshaked1 in #3953
• chore(api): bump grpc and protoc versions by @geyslan in #4405
• chore(grpc): bump api to latest 715b629 by @geyslan in #4407
• chore(api): add EventCounts to GetMetricsResponse by @geyslan in #4408
• Perf event writes metric by @geyslan in #4334
• fix(tests): possible out of range in integration by @geyslan in #4305
• feat(test): e2e integration test for new helpers by @rscampos in #4354
• Refactor policy by @yanivagman in #4400
• Analyze legacy output by @NDStrahilevitz in #4385
• fix(epbf): fix incorrect parsed syscall name by @oshaked1 in #4402
• fix(build): fix build checkers for goimports by @geyslan in #4417
• fix hidden_kernel_module history scan for kernels >6.2 by @OriGlassman in #4378
• fix: Remove unnecessary check for syscall wrapper in sys_enter tracepoint by @yanivagman in #4236
• chore(k8s): prepare v0.22.5 release by @geyslan in #4421
• Add security_path_notify test to PR workflow by @oshaked1 in #3926
• chore(GH): pin ubuntu (22.04) version for gh runners by @rscampos in #4428
• chore(deps): bump golang.org/x/crypto from 0.26.0 to 0.31.0 by @dependabot in #4429
• Data filter in kernel by @rscampos in #4324
• fix: optimize proctree memory consumption by @geyslan in #4384
• fix(ci): add runner type to release workflows by @geyslan in #4436
• chore: add kernel 6.8 and 6.10 in matrix images by @rscampos in #4434
• chore(ebpf): refactor reset_event_args_buf to mark entries as invalid by @rscampos in #4437
• fix(ci): set 2XLARGE runner type to x86_64 by @geyslan in #4438
• Refactor: Remove Rego signature support by @yanivagman in #4426
• fix release tarball static binaries & make daily building faster by @geyslan in #4444
• fix(ebpf): adjust inode struct to kernel v6.11 by @rscampos in #4457
• chore(test): use cat cmd to trigger magic_write event by @rscampos in #4454
• chore: pin ubuntu:latest for gh runners / trigger magic_write event by @rscampos in #4455
• Revert "feat(helpers): unparsed flag helpers" by @yanivagman in #4462
• Revert to using raw argument values in engine stage by @y...

v0.22.6

Docker Image

• docker pull docker.io/aquasec/tracee:0.22.6

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.22.6
• docker pull docker.io/aquasec/tracee:aarch64-0.22.6

What's Changed

• [v0.22.0] feat(time)!: epoch timestamps as standard by @NDStrahilevitz in #4507
• [v0.22.6] clock time fix and libbpf/libbpfgo bumps by @geyslan in #4595
• [v0.22.6] fix release tarball static binaries & make daily building faster by @geyslan in #4597
• [v0.22.6] chore(go.mod): bump api to latest 6968a8b by @geyslan in #4598
• [v0.22.6] fix(build): update Makefile.release by @geyslan in #4599

Full Changelog: v0.22.5...v0.22.6

v0.22.5

Docker Image

• docker pull docker.io/aquasec/tracee:0.22.5

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.22.5
• docker pull docker.io/aquasec/tracee:aarch64-0.22.5

What's Changed

• [v0.22.5] Refactor: Restructure event and rename context by @geyslan in #4415
• [v0.22.5] bump api to latest 622ea3a & change api by @geyslan in #4418
• [v0.22.5] Perf event writes metric by @geyslan in #4420
• backport: fix(events): fix hidden_kernel_module history scan for kernels >6.2 by @OriGlassman in #4422
• [v0.22.5] chore(k8s): prepare v0.22.5 release by @geyslan in #4423

Full Changelog: v0.22.4...v0.22.5

v0.22.4

Docker Image

• docker pull docker.io/aquasec/tracee:0.22.4

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.22.4
• docker pull docker.io/aquasec/tracee:aarch64-0.22.4

v0.22.3

Docker Image

• docker pull docker.io/aquasec/tracee:0.22.3

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.22.3
• docker pull docker.io/aquasec/tracee:aarch64-0.22.3

v0.22.2

Docker Image

• docker pull docker.io/aquasec/tracee:0.22.2

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.22.2
• docker pull docker.io/aquasec/tracee:aarch64-0.22.2

v0.22.1

Docker Image

• docker pull docker.io/aquasec/tracee:0.22.1

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.22.1
• docker pull docker.io/aquasec/tracee:aarch64-0.22.1

v0.22.0

⚡️ Release notes and discussion: https://github.com/aquasecurity/tracee/discussions/4272 ⚡️

Docker Image

• docker pull docker.io/aquasec/tracee:0.22.0

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.22.0
• docker pull docker.io/aquasec/tracee:aarch64-0.22.0

What's Changed

• Fix release action by @geyslan in #4136
• fix(ci): dev tag is the latest snapshot by @geyslan in #4137
• chore(ci): use dev tag for docker image building by @geyslan in #4138
• chore: install last version of golang by @rscampos in #4139
• chore: golang binary move to tmp by @rscampos in #4140
• fix(ci): make release rule to have prerequisites by @geyslan in #4141
• Create Makefile format-pr rule by @geyslan in #4142
• Bumps to fix cve-2024-24790 by @geyslan in #4143
• fix(build): mv gh release logic to release rule by @geyslan in #4145
• feat(events): add security_task_setrlimit by @OriGlassman in #4148
• fix(build): fix release build by @geyslan in #4150
• Added event containing full payload for all packets by @oshaked1 in #4122
• Fix Integration Tests by @geyslan in #4157
• chore(logger): safe guard before locking by @geyslan in #4160
• chore: rem logger and errfmt as deps from env pkg by @geyslan in #4129
• chore: make dependencies manager a singleton by @geyslan in #4161
• fix: generic kubernetes containerd path pattern by @NDStrahilevitz in #4155
• Tidying Policy Manager by @geyslan in #4165
• fix(events): ftrace_hook: address tabs in input lines by @OriGlassman in #4110
• fix(pipeline): add ebpf caps in stack addres query by @NDStrahilevitz in #4169
• fix(tests): remove named pipe if it exists by @geyslan in #4171
• feat(events): create tracee_info event by @rscampos in #4166
• Fix deps deadlock by @geyslan in #4173
• Policies tidying more by @geyslan in #4168
• Caps concurrency fix by @geyslan in #4175
• Fix(events): don't remove fork excess args by @rscampos in #4167
• fix(proctree): fix clock type differences by @rscampos in #4117
• feat(caps): base ebpf capabilities by @NDStrahilevitz in #4178
• chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 by @dependabot in #4180
• Packet capture context by @oshaked1 in #4072
• chore: introduce eventFlags to policy manager by @geyslan in #4179
• chore(cap): check if cap is supported before set/unset by @rscampos in #4185
• fix(build): add the include to 3rdparty libbpf during libbpfgo compilation by @rscampos in #4186
• chore(build): trigger tracee tests on Makefile changes by @rscampos in #4187
• chore: use libbpfgo to check bpf helper func by @rscampos in #4184
• chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 in /api by @dependabot in #4188
• fix: inner error inside check for ebpf func by @rscampos in #4189
• feat(ebpf): configurable pipeline channel size by @NDStrahilevitz in #4182
• chore(ebpf): optimize filldir64 program by @NDStrahilevitz in #4183
• fix(controlplane): filter unnecessary enriches by @NDStrahilevitz in #4193
• feat(ebpf): add security_settime64 by @OriGlassman in #4201
• fix: Ensure correct event dependency for process_execute_failed by @yanivagman in #4203
• fix: Prevent loading syscall-specific BPF programs for non-syscall events by @yanivagman in #4202
• feat(ebpf): add prev_comm for sched_process_exec by @OriGlassman in #4206
• chore: release bpf object memory by @rscampos in #4209
• chore(deps): bump github.com/docker/docker from 26.1.3+incompatible to 26.1.4+incompatible by @dependabot in #4215
• fix: necessary to Init engine before Start by @rscampos in #4222
• fix: TRACE_RET_FUNC macro by @yanivagman in #4216
• chore(parsers): optimize ParseMmapProt by @geyslan in #4200
• improve flag parsing performance by @geyslan in #4197
• fix: set engine to nil - sig benchmark by @rscampos in #4234
• chore(sig): define signature metadata statically by @rscampos in #4237
• chore(deps): bump github.com/docker/docker from 26.1.4+incompatible to 26.1.5+incompatible by @dependabot in #4240
• feat(ebpf): use bpf_task_pt_regs when available by @OriGlassman in #4238
• feat: add syscall helper macros by @yanivagman in #4243
• feat(ebpf): make security_socket_setsockopt not rely on sys_enter/exit by @OriGlassman in #4224
• remove e2e tests for kernels 5.4 and 4.18 on ARM by @OriGlassman in #4247
• fix(ebpf): use correct syscall id for compat by @OriGlassman in #4245
• feat(ebpf): make security_file_open not rely on sys_enter/exit by @OriGlassman in #4226
• feat(ebpf): remove sys_enter/exit dependency from security_socket_con… by @OriGlassman in #4220
• feat(ebpf): make security_socket_accept not rely on sys_enter/exit by @OriGlassman in #4213
• feat(ebpf): make mem_prot_alert not rely on sys_enter/exit by @OriGlassman in #4227
• feat(ebpf): make security_socket_bind not rely on sys_enter/exit by @OriGlassman in #4225
• feat(ebpf): make set_fs_pwd not rely on sys_enter/exit by @OriGlassman in #4228
• chore: pin go tools versions by @geyslan in #4251
• perf: benchmark improve sig GetMetadata by @rscampos in #4223
• chore: update AMI matrix images by @rscampos in #4250
• Improve save_args_to_submit_buf by @geyslan in #4217
• feat(ebpf): add path&ctime to module_load event by @OriGlassman in #4235
• fix(ebpf): fix compilation warning sockfd_addr by @OriGlassman in #4254
• process_execute_failed: don't rely on sys_enter by @oshaked1 in #4259
• Generic syscall kprobes by @yanivagman in #4256
• Proctree improvements (RSS/Performance) by @geyslan in #4261
• optimize parser options check by @geyslan in #4199
• Changelog optimization by @geyslan in #4242
• fix: improve performance of readStringVarFromBuff by @geyslan in #4194
• improve flag parsing performance continuation by @geyslan in #4198
• fix(build): parallel build (libbpf wise) by @geyslan in #4196
• Provide manual files in release image/archive by @geyslan in #4230
• fix(build): cyclic dependency in makefile by @geyslan in #4262
• chore: remove leftover from #4262 by @geyslan in #4265
• chore(k8s): prepare v0.22.0 release by @rscampos in #4267

Full Changelog: v0.21.0...v0.22.0

v0.21.0

⚡️ Release notes and discussion: https://github.com/aquasecurity/tracee/discussions/4147 ⚡️

Docker Image

• docker pull docker.io/aquasec/tracee:0.21.0

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.21.0
• docker pull docker.io/aquasec/tracee:aarch64-0.21.0

What's Changed

• fix: e2e-net-tests should use unified binary by @josedonizetti in #3842
• Docs: fixed the typo by @Tej-Singh-Rana in #3859
• GitHub actions chore by @geyslan in #3864
• chore: remove gob printer by @josedonizetti in #3841
• feat: allow webhook configuration via helm values by @ndegory in #3832
• grpc: add direction to packet metadata by @josedonizetti in #3861
• grpc: update packet metadata by @josedonizetti in #3862
• chore: bump opa to 0.61.0 by @josedonizetti in #3868
• Use EXECUTION_TYPE label for github self host runner by @sharon-amir in #3875
• fix(tests): unattended upgrades still running sometimes by @geyslan in #3877
• fix(docs): kubectl configmap command by @geyslan in #3880
• fix: bump opa to v0.61.0 by @josedonizetti in #3887
• chore: add labels for grpc and api by @josedonizetti in #3890
• fix(ebpf): fix hidden_kernel_module not found symbol by @OriGlassman in #3834
• fix: improve performance of magic_write event by @yanivagman in #3899
• fix(derive): keep symbols_collision state between events by @AlonZivony in #3894
• helm: config go template only if passed by @josedonizetti in #3884
• ebpf: don't send magic_write with zero bytes by @yanivagman in #3901
• fix(events): fix ftrace_hook by @OriGlassman in #3896
• chore: change github run id format by @geyslan in #3902
• fix(tests): e2e-install-deps.sh wait for unlock by @geyslan in #3910
• Fix proc info lru by @yanivagman in #3918
• chore: use map instead of stack to store task_info by @yanivagman in #3920
• Improve bpf policies config access by @geyslan in #3906
• Change inotify_watch event to security_path_notify by @oshaked1 in #3913
• chore(deps): bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible by @dependabot in #3925
• Concurrency issue at analyze by @rscampos in #3907
• Optimize init program by @yanivagman in #3923
• refactor: move to the new pyroscope package by @06kellyjac in #3927
• fix: make check-pr compliant with different shells by @geyslan in #3929
• chore: ensure unattended-upgrades killing by @geyslan in #3934
• chore!: remove gob support from tracee-rules by @geyslan in #3939
• fix(filters): handle syscall arg by @geyslan in #3893
• fix: preallocate ids for signatures upon load by @AlonZivony in #3941
• chore(deps): bump google.golang.org/protobuf to v1.33.0 by @hangrymuppet in #3946
• fix: security_socket_connect wrong fd by @yanivagman in #3951
• Invert Policies inner maps key pair by @geyslan in #3955
• Opa bump by @geyslan in #3957
• chore: set xtrace on e2e-install-deps.sh script by @geyslan in #3958
• Add ArgVal signature helper by @oshaked1 in #3954
• chore(policy): add policiesMapByName to Policies by @geyslan in #3956
• Dependencies tree manager by @AlonZivony in #3931
• chore: various co-re fixes by @yanivagman in #3952
• fix(dependencies): allow multiple removes of same event by @AlonZivony in #3961
• fix: add missing nodeSelector and tolerations to tracee-operator by @ndegory in #3944
• Add Iterator generic interface, debut it in Policies by @geyslan in #3963
• Run x86_64 & aarch64 builds in parallel by @hangrymuppet in #3962
• chore(ci): run x86_64 & aarch64 builds in parallel by @geyslan in #3968
• chore: make Cloner generic by @geyslan in #3966
• fix: capture io by @yanivagman in #3972
• chore: remove OPT_PROCESS_INFO by @yanivagman in #3975
• fix: update vagrant file to download kubectl by @rscampos in #3977
• chore(ci): bump actions versions by @geyslan in #3969
• Fix Policies Cloning by @geyslan in #3971
• Add timestamp docker tag for dev image by @hangrymuppet in #3959
• chore(ci): labeler v5.0.0 is inconsistent by @geyslan in #3978
• Libbpfgo bump by @geyslan in #3970
• fix: show argv on failed execve events by @yanivagman in #3922
• fix(analyze): bind flags with viper by @AlonZivony in #3981
• fix: wrong print_mem_dump errors about args filter by @AlonZivony in #3895
• Fix helm install option webhook by @rscampos in #3984
• fix(ebpf): use debug error level instead of error by @geyslan in #3985
• refactor: Improve API used by ebpf programs by @yanivagman in #3982
• fix: vagrantfile url for opa download by @rscampos in #3990
• chore(deps): bump golang.org/x/net from 0.17.0 to 0.23.0 in /api by @dependabot in #3991
• chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in #3992
• fix(ebpf): check if engineOutput is closed by @geyslan in #3994
• chore: refactor equality computation by @geyslan in #3997
• Chore at large by @geyslan in #3979
• Wait for apt locks by @geyslan in #4000
• Rename context filters to scope filters by @yanivagman in #3995
• Helm webhook custom templates by @ndegory in #3942
• fix: proper fragment delimiters in webhook URL by @ndegory in #3943
• fix event definitions api by @josedonizetti in #4004
• grpc: update definitions api by @josedonizetti in #4006
• chore(k8s): prepare v0.21.0 release by @geyslan in #4007
• [v0.21.0] fix(events): fix process_execute_failed missing symbol for new kernels by @geyslan in #4011
• fix(events): hidden_kernel_module - change history scan behaviour by @OriGlassman in #4020
• feat(proctree): control procfs query by config by @AlonZivony in #4022
• [v0.21.0] capture: fixes and tests by @NDStrahilevitz in #4023
• [v0.21.0] fix: network event context by @NDStrahilevitz in #4029
• fix(ebpf): use kprobes for execute_finished by @AlonZivony in #4030
• fix: avoid logging warnings for non-ELF so loading by @AlonZivony in #4037
• v0.21.0:chore(events): decrease SO loader error log level to debug by @AlonZivony in #4041
• fix: remove invalid "format" event from docs by @yanivagman in #4042
• 0.21.0/fix(tests): fix goroutines leakage in integration tests by @AlonZivony in #4052
• [v0.21.0] Revert "chore(k8s): prepare v0.21.0 release (#4007)" by @geyslan in #4055
• chore(helm): rename helm field config file (#4018) by @geyslan ...

v0.20.0

⚡️ Release notes and discussion: https://github.com/aquasecurity/tracee/discussions/3869 ⚡️

Docker Image

• docker pull docker.io/aquasec/tracee:0.20.0

Docker Images (per architecture)

• docker pull docker.io/aquasec/tracee:x86_64-0.20.0
• docker pull docker.io/aquasec/tracee:aarch64-0.20.0

What's Changed

• docs(mkdocs): rename crs to cri in menu by @rafaeldtinoco in #3671
• Add verify-docs job by @geyslan in #3672
• rebase of #3638 by @rafaeldtinoco in #3683
• Fix readme by @rafaeldtinoco in #3686
• chore(container): same default events as k8s deployment by @rafaeldtinoco in #3687
• fix(ebpf): use ts as fd_arg_path_map key by @geyslan in #3674
• fix(finding): add missing fields by @NDStrahilevitz in #3694
• refactor(engine): feed engine with signatures events by @AlonZivony in #3681
• feat(signatures): add simple proctree datasource envelope by @AlonZivony in #3692
• Make filtered aggregation possible by @geyslan in #3677
• feature(types): add packet metadata type by @NDStrahilevitz in #3708
• Packet direction flag by @NDStrahilevitz in #3706
• minor fix on top of #3707 by @rafaeldtinoco in #3709
• probes: improve probes by having specific getters by @rafaeldtinoco in #3710
• feat(types): time relevant info for proctree by @AlonZivony in #3712
• docs: add discussion template for adopters by @AnaisUrlichs in #3702
• Feature/proctree query time by @AlonZivony in #3691
• Feature: DNS Cache datasource by @NDStrahilevitz in #3679
• chore: rename Context to EventContext by @geyslan in #3716
• Pin pandoc version to 3.1.2 by @geyslan in #3720
• libbpfgo bump to v0.6.0-libbpf-1.3 by @geyslan in #3713
• make #3715 pass doc verification by @rafaeldtinoco in #3721
• chore(ci): bump changed-files to v40.2.0 by @geyslan in #3723
• bugfix(ebpf): avoid errors upon hash calc fail by @AlonZivony in #3733
• fix: webhook template should support sprig funcs by @josedonizetti in #3724
• feature: add ctime to containers data source by @NDStrahilevitz in #3728
• chore(release): use go1.20 for releasing by @rafaeldtinoco in #3740
• chore: fix typo by @josedonizetti in #3736
• fix(release): tracee-container alpine version to 3.18 by @rafaeldtinoco in #3744
• Network: add net_tcp_connect event with DNS support by @rafaeldtinoco in #3738
• chore: refer to man pages by @geyslan in #3749
• feature: pluggable datasources by @josedonizetti in #3737
• Bugfix/parse finding type correctly by @AlonZivony in #3760
• Writeable datasource types by @NDStrahilevitz in #3759
• feature(api): add data source grpc service by @NDStrahilevitz in #3761
• chore(api): fix typo by @NDStrahilevitz in #3762
• chore(makefile): fix doube-quoted version string by @rafaeldtinoco in #3764
• feat(ebpf): optimize sendmsg/recvmsg kprobes by @NDStrahilevitz in #3766
• feature(event): create net_flow_tcp_begin event by @rafaeldtinoco in #3750
• fix(network): fix http request/response events by @rafaeldtinoco in #3770
• chore: update proto types by @josedonizetti in #3772
• chore(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #3773
• fix(ebpf): adjust inode struct to kernel v6.6 by @NDStrahilevitz in #3769
• feat(types): improve datasource write api by @NDStrahilevitz in #3763
• fix: filter dispatching to signatures by @NDStrahilevitz in #3729
• feature: Add name and properties to Threat, and add Threat to Event definition. by @josedonizetti in #3742
• feature: writeable data source by @NDStrahilevitz in #3725
• Improve performance of exec-hash by @NDStrahilevitz in #3752
• fix: create pid file under install-path by @NDStrahilevitz in #3775
• feature: add signature name to event definition by @josedonizetti in #3743
• add Struct type and detect.FindingData by @josedonizetti in #3776
• Fix dynamic data arguments by @josedonizetti in #3777
• chore(derive/http): change log level when packets are malformed by @NDStrahilevitz in #3780
• Types protected finding by @NDStrahilevitz in #3782
• Protected finding data by @NDStrahilevitz in #3779
• chore(deps): bump tj-actions/changed-files from 40.2.0 to 41.0.0 in /.github/workflows by @dependabot in #3788
• fix: use thread safe wrapper for ksyms table by @NDStrahilevitz in #3786
• fix: triggeredBy should print event on table output by @josedonizetti in #3792
• fix(doc): contribution document link by @yasindce1998 in #3794
• Pin revive version by @geyslan in #3796
• fix(ebpf): fix hidden_kernel_module error in some kernels by @OriGlassman in #3797
• fix(events): restore dependency in hooked_syscall by @NDStrahilevitz in #3784
• Introduce Policies versioning (map of maps) by @geyslan in #3305
• Update Golang in all Project by @rafaeldtinoco in #3806
• chore(docs): specify distros and versions support by @rafaeldtinoco in #3808
• Remove BPF map macros by @geyslan in #3735
• Fix event data structure by @josedonizetti in #3812
• Fix symbol multi addrs by @rafaeldtinoco in #3802
• chore(ci): add mantic 6.6 AMIs by @geyslan in #3810
• fix(capture): restore absolute time in pcap frames by @AlonZivony in #3800
• Update api types by @josedonizetti in #3814
• feat(signatures): expose signatures helpers as Go module by @AlonZivony in #3765
• chore(deps): bump github.com/containerd/containerd from 1.7.0 to 1.7.11 by @dependabot in #3816
• Make policies config versioned by @geyslan in #3809
• chore: remove replace of signatures helpers by @AlonZivony in #3819
• grpc: fix nil arguments by @josedonizetti in #3823
• chore: remove clang march flag by @geyslan in #3831
• chore: increase vb resources by @geyslan in #3833
• fix: skip timestamp normalizing in derived events by @NDStrahilevitz in #3835
• fix: change missing probe log level by @josedonizetti in #3836
• chore(deps): bump github.com/opencontainers/runc from 1.1.7 to 1.1.12 by @dependabot in #3837
• Fix ArgsNum by @geyslan in #3839
• Fix typo in kubernetes install guide by @logicfox in #3846
• Various cgroup and mounting fixes and optimizations by @NDStrahilevitz in #3829
• fix(processors): change args values by name by @AlonZivony in #3838
• Set exec-hash default option by @geyslan in #3852
  ...