features

euid/suid/fsuid and egid/sgid/fsgid are now supported as predicates in strategy rules.
5.14 kernels are now supported.
memoryProtection and setrlimit are now supported for policies on aarch64 systems.
Some default timeouts have been increased that may affect startup times in some configurations. They may now be re-configured in capsule8-sensor.yaml.
A pre-release of our Perf Sensor may be tested by using the use_perf_sensor_bin configuration value in capsule8-sensor.yaml. This will be the default in future releases, replacing our Go implementation.

bugs

Previously when resource limits were set it would reuse the current cgroup leading to inconsistent behavior. Now when limits are set, the cgroup is deleted and re-created at startup to ensure that the new sensor instance is started with a clean-slate, and not penalized by prior runs. Lastly, the cgroup will be deleted when the Sensor receives a SIGTERM or SIGINT.