What's Changed

• NVSHAS-10117: backport the changes for NVSHAS-9979-9987 to 5.3.5 by @williamlin-suse in #2126
• NVSHAS-10117: backport the changes for NVSHAS-9979-9987 to 5.3.5 by @williamlin-suse in #2127
• fix: switch to alpine base image by @holyspectral in #2128
• chore(NVSHAS-10130):update neuvector/neuvector base_image tag for 5.3.5 build release by @gfsuse in #2131

Full Changelog: v5.3.4...v5.3.5

What's Changed

• NVSHAS-10060: Response rules for the target CRD group are not deleted by @williamlin-suse in #2079
• chore: add yaml support by @pohanhuangtw in #2081
• NVSHAS-9968-9990: support setting default admin account's default password by @williamlin-suse in #2084
• NVSHAS-10070: Creating multiple response rule fail on some cluster by @williamlin-suse in #2091
• NVSHAS-9899: NeuVector Process Profile Alerts for Java Services conta… by @williamlin-suse in #2088
• NVSHAS-10063: namespace user with runtime_policy(w) permission cannot… by @williamlin-suse in #2092
• NVSHAS-10006: Group export is empty for namespace users by @williamlin-suse in #2093
• NVSHAS-10066: First time login does not show link for bootstrap helpe… by @williamlin-suse in #2094
• NVSHAS-10073: Add a new field for exported admission control rules in… by @williamlin-suse in #2095
• NVSHAS-10076:Fix SSL SNI parser by adding boundary checks to prevent illegal memory access by @gfsuse in #2097
• NVSHAS-10080: Cannot create a federal response rule for Admission event by @williamlin-suse in #2100
• fix: admission converter dependency by @pohanhuangtw in #2105
• fix: cis-benchmark file detection, replace with -e, fix cis-rke2-1.8 by @pohanhuangtw in #2028
• fix: NVSHAS-10071 policy enforcement issue by @holyspectral in #2106
• NVSHAS-10079: fix goroutine crash in system.go by @kyledong-suse in #2108
• chore: move to api package by @pohanhuangtw in #2109
• NVSHAS-9918: add option for strict group mode by @gfsuse in #2107
• NVSHAS-10031: Improve connection report sending by @kyledong-suse in #2111
• chore(NVSHAS-10097):fix traffic action and security event level by @gfsuse in #2113
• NVSHAS-10054: Do not always reset k8s ValidatingWebhookConfiguration … by @williamlin-suse in #2117
• NVSHAS-9761: Harbor registry with s3 storage backend repository scan … by @williamlin-suse in #2115
• chore(NVSHAS-10100):enforce policy and correct security event level for strict group mode by @gfsuse in #2116
• chore(NVSHAS-10105):fix traffic action by @gfsuse in #2118
• feat: support reading go stdlib by @pohanhuangtw in #2120
• chore(NVSHAS-10112): refine restrictive group mode behavior by @gfsuse in #2121
• NVSHAS-10049: Follow up on the NV scan JFrog Subdomain mode issue by @williamlin-suse in #2119
• chore(NVSHAS-10119):generate warning security event under strict group mode when traffic flows from a group in discover mode to a group in monitor mode by @gfsuse in #2122
• NVSHAS-9553-9979-9987 by @williamlin-suse in #2124

Full Changelog: v5.4.6...v5.4.7

What's Changed

• NVSHAS-10019: fix typo in TCP.SYN.Flood log by @gfsuse in #2035
• chore(deps): update dependency go to v1.24.5 by @renovate-rancher[bot] in #2036
• chore(deps): update module golang.org/x/sys to v0.34.0 by @renovate-rancher[bot] in #2039
• chore(deps): update module golang.org/x/sync to v0.16.0 by @renovate-rancher[bot] in #2038
• chore(deps): update module golang.org/x/net to v0.42.0 by @renovate-rancher[bot] in #2041
• NVSHAS-10001: Protect/Monitor enforcements 'linger' after group deletion by @williamlin-suse in #2043
• update minimum-go-version to 1.24.0 by @williamlin-suse in #2046
• chore(config): migrate renovate config by @renovate-rancher[bot] in #2045
• New step to automate update upgrade-responder by @Anarkis in #2040
• Revert "NVSHAS-9653: learning wrong process rules" by @holyspectral in #2050
• chore(deps): pin dependencies by @renovate-rancher[bot] in #2049
• NVSHAS-9974:fix condition checks in D2M and M2P to correctly interpret group name suffixes by @gfsuse in #2055
• NVSHAS-10018: Neuvector is not scanning all images in GitLab Registry by @williamlin-suse in #2054
• chore(deps): update module github.com/containerd/containerd/v2 to v2.1.4 by @renovate-rancher[bot] in #2057
• chore(deps): update github/codeql-action action to v3.29.5 by @renovate-rancher[bot] in #2056
• chore(deps): update module google.golang.org/grpc to v1.74.2 by @renovate-rancher[bot] in #2047
• chore(deps): update module github.com/golang-jwt/jwt/v5 to v5.3.0 by @renovate-rancher[bot] in #2044
• NVSHAS-10001: Federation operation failed 'invalid data' when configu… by @williamlin-suse in #2062
• chore: bump toolchain to 1.24.6 by @pohanhuangtw in #2072
• NVSHAS-10043: Improve link and address subscription with options by @kyledong-suse in #2071
• fix: NVSHAS-9981 update zero-drift behavior by @holyspectral in #2070
• NVSHAS-6733: Export response rules as CRD by @williamlin-suse in #2073
• NVSHAS-10057: Response rule import always fails by @williamlin-suse in #2077
• NVSHAS-10060: Response rules for the target CRD group are not deleted by @williamlin-suse in #2080
• NVSHAS-9968-9990: support setting default admin account's default password by @williamlin-suse in #2085
• NVSHAS-10063: namespace user with runtime_policy(w) permission cannot… by @williamlin-suse in #2087
• NVSHAS-9899: NeuVector Process Profile Alerts for Java Services conta… by @williamlin-suse in #2086

New Contributors

• @Anarkis made their first contribution in #2040

Full Changelog: v5.4.5...v5.4.6

What's Changed

• fix(controller): make admission control rules test endpoint accessible with read permission by @lentus in #1970
• NVSHAS-9791: read runtime dependency not dev dependency by @pohanhuangtw in #1960
• NVSHAS-9953:Resolve crash issue identified via core file analysis by @gfsuse in #1975
• NVSHAS-9952: Remove 'signature' from usage report because NV no longe… by @williamlin-suse in #1974
• NVSHAS-9958:fix implicit deny logic from host subnet by @gfsuse in #1980
• chore(deps): update github/codeql-action action to v3.28.18 by @renovate-rancher in #1977
• chore(deps): update module google.golang.org/grpc to v1.72.1 by @renovate-rancher in #1976
• chore(deps): update github.com/codeskyblue/go-sh digest to c29da58 by @renovate-rancher in #1971
• chore(deps): update module github.com/containerd/containerd/v2 to v2.1.1 by @renovate-rancher in #1982
• NVSHAS-9946: Display issue with Admission Control alert for Credentia… by @williamlin-suse in #1981
• NVSHAS-9949: [Harbor][Incorrect user/pw] It still scan images even in… by @williamlin-suse in #1984
• chore(deps): update module google.golang.org/grpc to v1.72.2 by @renovate-rancher in #1985
• NV9964: Scan fails due to its scan report size by @jayhuang-suse in #1987
• NVSHAS-9960: Scanners not working by @williamlin-suse in #1986
• chore(deps): update alpine docker tag to v3.22 by @renovate-rancher in #1993
• chore(deps): update github actions by @renovate-rancher in #1992
• chore(deps): update module github.com/vishvananda/netlink to v1.3.1 by @renovate-rancher in #1972
• NVSHAS-9969: concurrent map writes results in enforcer component restart by @williamlin-suse in #1991
• chore(deps): update module golang.org/x/sync to v0.15.0 by @renovate-rancher in #1999
• chore(deps): update dependency go to v1.24.4 by @renovate-rancher in #1997
• chore(deps): update module google.golang.org/grpc to v1.73.0 by @renovate-rancher in #2000
• chore(deps): update module golang.org/x/net to v0.41.0 by @renovate-rancher in #1998
• NVSHAS-9928:Adjust SYN flood metering parameters to better handle traffic burst and reduce false positives. by @gfsuse in #1996
• NVSHAS-9911: remove mis-leading info by @pohanhuangtw in #2002
• NVSHAS-9860: ensure that learning-related connections are always sent to the controller for network policy learning by @gfsuse in #2003
• chore(deps): update github/codeql-action action to v3.29.0 by @renovate-rancher in #2005
• NVSHAS-9883: quay.io is unable to use wildcard properly by @pohanhuangtw in #2006
• chore(deps): update module github.com/containerd/containerd/v2 to v2.1.2 by @renovate-rancher in #2007
• NVSHAS-9964: Scan fails after upgrading NeuVector to 5.4.1 due to rep… by @williamlin-suse in #2010
• chore(deps): update module github.com/urfave/cli/v2 to v2.27.7 by @renovate-rancher in #2011
• NVSHAS-9964: Scan fails after upgrading NeuVector to 5.4.1 due to rep… by @williamlin-suse in #2014
• NVSHAS-9942: Images scans for customer images are failing by @pohanhuangtw in #2016
• NVSHAS-9993: Replace md5 by sha256 by @williamlin-suse in #2015
• chore(deps): update module github.com/containerd/containerd/v2 to v2.1.3 by @renovate-rancher in #2019
• chore(dep): upgrade to BCI 15.7 by @holyspectral in #2020
• NVSHAS-9998: Cannot export group from Neuvector federated master by @williamlin-suse in #2022
• NVSHAS-9940: NV scan JFrog Subdomain mode issue by @williamlin-suse in #2021
• Update dependencies for 5.4.5 by @holyspectral in #2025
• chore: switch to obs opa by @holyspectral in #2029
• chore: fix build error by @holyspectral in #2030
• chore(deps): update github/codeql-action action to v3.29.2 by @renovate-rancher in #2026
• NVSHAS-10010: Improve SYN flood detection by considering source IP by @gfsuse in #2031

Full Changelog: v5.4.4...v5.4.5