Download links and release notes for official builds are provided here.

Getting started

In general, you should stay on the latest major release unless you require a feature or fix from a subsequent maintenance release. We recommend that you upgrade to new major releases as they become available. For more information, see the Twistlock support lifecycle.

The bell icon in Console automatically notifies you when new recommended builds are available:

update bell

Twistlock includes various open source components, which may change between releases. Before installing Twistlock, review the components and licenses listed in twistlock-oss-licenses.pdf. This document is included with every download Changes to components or licenses between releases are highlighted.

19.07 Update 2 (19.07.363)

Type

Maintenance release

Release date

5 September 2019

SHA256 digest

3518e794a32b832a9548a0b84691042c2756be462977c25dfb8fcd6586c7bca1

Improvements, fixes, and performance enhancements
  • Fixes a typo in an audit message.

  • Fixes how licenses are counted and displayed under Manage > System > License.

  • Fixes an issue where setting the scan interval to 0 for registries caused continual scanning, rather than disabling registry scanning.

  • Fixes an issue where Twistlock didn’t rescan new images in the registry if the tag was unchanged.

  • Fixes an issue with how vulnerability databases are parsed, normalized, and added to the Twistlock Intelligence Stream.

  • Fixes an issue with Defender DaemonSet deploy command from Manage > Defenders > Deploy that didn’t properly use the specified image pull secret.

  • Fixes an issue where the publish step for the Jenkins plugin always showed vulnerabilities with and without fixes, even if the scan step specified only vulnerabilities with fixes. The publish step now has a separate checkbox to limit results to just those with fixes.

  • Fixes a false positive for an Apache Struts vulnerability. Twistlock Labs worked with the upstream provider to fix their data feed.

  • Fixes an issue where Twistlock failed to scan images that exposed all ports.

  • Adds an incident ID field to syslog events for runtime incidents.

  • Changes the value in the log_type field for image, container, and host syslog compliance events from "containerCompliance" to "compliance".

Previous supported releases

19.07 Update 1 (19.07.358)

Type

Maintenance release

Release date

19 August 2019

SHA256 digest

d531c5cc57864014167540b37683526056a504857f1c3b4dbc140661694891fd

Improvements, fixes, and performance enhancements
  • Fixes an issue with entering values for NodeSelector in the Defender DaemonSet deployment page (Manage > Defenders) in Twistlock Console.

  • Fixes registry scan issues with IBM Bluemix.

  • Fixes an issue with Defender crashing when scanning registries.

  • Fixes an issue with CNNF where it couldn’t handle Kubernetes objects metadata with asterisks.

  • Fixes an issue with missing CVEs in the layers view.

  • Fixes an issue in CNNF where you couldn’t see or download learned connections.

  • Fixes an issue with a false positive for the jq package on Alpine 3.10. The fix was implemented in the Intelligence Stream, so it’s available for all supported versions of Twistlock.

  • Fixes an issue in the API, where the filterBaseImage query parameter for /api/v1/images/download wasn’t working when set to 'true'.

  • Fixes an issue in the layers tool where vulnerabilities in Java packages weren’t reported in the right layer.

  • Updates open source packages used in Twistlock Console.

  • Fixes an HTML injection vulnerability identified in the Twistlock Console that can lead to DOM-based XSS attacks under certain configurations.

  • Fixes a memory leak with service profiles.

19.07 (19.07.353)

Type

Major release

Release date

17 July 2019

SHA256 digest

abd4f7be7ea3f091d8b96d5e803a2dc4efa3144c2284e66914ec54e023670ece

Major new features
  • Substantial improvements to Cloud Native Network Firewall (CNNF):

    • Better rule structure, which uses sources and destinations from a new user-defined library of network objects.

    • All learned connnections are now tabulated in a central location.

    • Import and export support for single rules, or entire policies, including learned connections.

  • Adds support for CNNF for Windows hosts.

  • Expands and enhances Twistlock’s forensics capabilities. Adds a new timeline tool for visualizing and inspecting forensic data. Expands the scope of data collected by the Twistlock forensics system.

  • Improves the "trusted images" security control. Twistlock now automatically learns which images should be trusted, and lets you expand and augment the learned policy with rules. Updates Console’s UI to clearly delineate between trusted and untrusted images in views throughout the product, including scan reports.

  • Adds support for deploying and managing Defender DaemonSets from the Console UI.

  • Introduces a new Radar for AWS Lambda serverless functions, which lets you visualize what functions have been deployed, how they’re triggered, the services they use, and the permissions they’ve been granted to interact with those services. Includes overlays for vulnerability and compliance issues.

  • Introduces a new map-based Radar that lets you visualize which cloud native services have been deployed from which cloud provider.

  • Adds a new alert type that triggers when new cloud native services (registries, serverless functions, clusters, etc) are found in your environment.

  • Improves the ability to find nodes in Radar with enhanced search and filter capabilities.

  • Improves Vulnerability Explorer by adding a new risk factor (package in use). Also, improves CVE scoring so that values more clearly highlight differences in severity of CVEs in the Top 10 list.

  • Adds compliance checks (designed by Twistlock Labs) for serverless functions.

  • Adds compliance checks for Windows, which act as a quick validation mechanism for existing Windows features.

  • Adds support for automatically distributing registry and serverless scan jobs across available Defenders for more robust deployments and better scan performance.

  • Adds support for Jenkins on Windows to scan Windows images.

Improvements, fixes, and performance enhancements
  • Adds timestamps to vulnerability findings in scan reports. For container images, scan reports show the age of a vuln based on when it was discovered, and the age based on when it was published to the world. For hosts, scan reports show the age based on when a vuln was published to the world.

  • Adds a "global", dismissable pop-up scan progress bar that can appear in the top right corner of any Console page to show the status of a scan. You no longer need to go to a specific "Monitor" page in Console to find out the status of a scan.

  • Adds support for the prevent action for CNNF for hosts.

  • Improves runtime defense for processes. Defender can take action, according to your policy, when a pre-existing binary is modified and tries to execute.

  • Adds support to the Twistlock Jenkins plugin to use the proxy settings specified in your Jenkins HTTP proxy configuration.

  • Improves the Twistlock Intelligence Stream for Windows Adds CVSS data for Windows vulnerabilities, which enables analysis by risk factors.

  • Improves vulnerability scanning for Windows, including detecting which version of .NET is installed, so that the right CVEs are reported.

  • Improves Twistlock scalability by updating how Defender-Console messaging works.

  • Consolidates all releveant log data for Twistlock Defender on Windows into a single file. The Defender log file downloaded from the Console UI now includes both Defender logs and the relevant data from the Windows Event Log (where Twistlock’s runtime defense logs are stored).

  • Adds support for secrets management for Central Console when Projects are enabled. Note that scale Projects connected to Central Console don’t inherit secrets from Central Console. Tenant projects continue to support secrets management, which works independently and in isolation from Central Console.

  • Fixes a privilege escalation issue in Twistlock.

  • Adds support to 'twistcli scan' for simultaneously sending results to a file/stdout and Twistlock Console (where it can be reviewed under Monitor > Vulnerabilities > Twistcli).

Deprecated
  • EulerOS CVE feed has been removed from the Twistlock Intelligence Stream.

Breaking changes
  • In 19.03, Twistlock supported Windows Server 2016 Core only. In 19.07, Twistlock added support for Windows Server 2019 and Windows Server 2019 Core. To support these new platforms, the Twistlock Intelligence Stream has been updated. Because all versions of Console share the same Intelligence Stream, and because new logic is required to properly evaluate the threat data against protected resources, previous versions of Console (19.03 and older) will show false positives for Windows vulns until upgraded to 19.07. CNNF for hosts rules are not automatically migrated when upgrading from 19.03 to 19.07. They are deleted and must be recreated. CNNF for containers rules are automatically migrated from 19.03 to 19.07.

  • When upgrading to 19.07, CNNF for container rules with the alert effect aren’t fully migrated forward. Destination ports must be manually re-specified.

  • When upgrading to 19.07, rules in disabled CNNF policies aren’t migrated forward. This can occur if CNNF was previously enabled, and you created rules, then later disabled CNNF.

  • Starting in 19.07, host runtime rules let you specify per-app effects for capabilities. When upgrading from 19.03 to 19.07, the following changes are made to your host runtime rules when migrating them forward:

    • Per-capabilities effects, explicitly allowed capabilities, and explicitly denied capabilities (i.e. everything under the Capabilities tab in the host runtime rule) is deleted.

    • New capabilities per service rules are initialized empty.

    • Capabilities effect is initialized to alert.

  • If you’re using custom runtime rules or custom compliance rules in a scale Project, you must delete these rules before upgrading to 19.07. In 19.07, these features are disabled for scale Projects. If the rules aren’t deleted before upgrading, and they cause errors, you won’t be able to delete them from the upgraded Console.

  • After upgrading the Twistlock Jenkins plugin, it automatically uses the proxy settings configured in your Jenkins setup. In previous versions, the Twistlock Jenkins plugin ignored these proxy settings.

  • After upgrading to 19.07, the container forensic event previously called "Process Spawned" is called "Runtime Audit".

  • When upgrading to 19.07, all Jenkins and twistcli scan reports are dropped to accomadate a new table structure.

  • If you’re using the Twistlock API to configure which registries Twistlock should scan, update your scripts to use PUT /api/v1/settings/registry rather than POST /api/v1/settings/registry. The PUT endpoint in 19.07 works exactly the same way as the POST endpoint in 19.03. The new 19.07 POST endpoint lets you add a single registry at a time to the list of registries to scan, whereas the PUT endpoint completely overwrites the previous list with a new list (which is the way POST worked in 19.03).

Notes
  • Twistlock Console’s average memory consumption has increased in 19.07. In 19.07, we migrated to the Go 1.12 runtime, and changes in the new runtime’s garbage collection routine is the cause for the higher memory consumption. On Linux platforms, the runtime now uses MADV_FREE to release unused memory. Although more efficient, it can result in higher reported RSS. The kernel reclaims the unused memory when it’s needed.

  • OpenShift v4 uses CRI-O as the underlying container engine by default. Hosts running without Docker Engine cannot be configured to scan registries.

19.03 Update 3 (19.03.321)

Type

Maintenance release

Release date

6 May 2019

SHA256 digest

c153edca574d7dce0a83bc4a7ced902149a4449582accc71e356bff9339e21db

If you’ve continually upgraded Twistlock from version 2.4 or older, and you’re now upgrading from version 18.11 to 19.03, you must run a manual step before upgrading. For more information, see the Twistlock 19.03 upgrade instructions.
Improvements, fixes, and performance enhancements
  • Fixes an issue with excessive noise in Host Radar by ignoring duplicate services. CoreOS creates new services for various system events, such as SSH connections and core dumps. For example, a systemd-coredump@<ID> service is created for every core dump. These are now ignored.

  • Fixes Ruby on Rails false positives.

  • Fixes RHEL false positives.

  • Fixes an issue with expiration dates for CVE exceptions in vulnerability rules. Previously, the effect was only enforced when the expiration date was unset or expired.

  • Fixes an issue with vulnerability rules that use the twistlock-ciplugin magic string, where if the action for explicitly specified CVEs was set to alert, builds would still be failed.

  • Fixes an issue in the Twistlock Jenkins plugin where multiple Jenkins parameters weren’t properly handled when used together to specify which image to scan.

  • Fixes Console to automatically log out of inactive sessions.

  • Adds support for scanning Microsoft Nano Server 1803 images.

  • Fixes an issue where custom compliance checks didn’t get pushed to scale projects.

  • Adds support for multi-value, comma-separated strings for User Agent in CNAF rules. Note that special characters are not supported.

19.03 Update 2 (19.03.317)

Type

Maintenance release

Release date

11 April 2019

SHA256 digest

1aa81dbbe7881a3b936f9f1ed0450ba51045b4a92372d1f9ae7b6b7dc1f63bae

If you’ve continually upgraded Twistlock from version 2.4 or older, and you’re now upgrading from version 18.11 to 19.03, you must run a manual step before upgrading. For more information, see the Twistlock 19.03 upgrade instructions.
Improvements, fixes, and performance enhancements
  • Fixes an issue with downloading container forensics data.

  • Fixes an issue with CNNF where an invalid TCP option can crash Defender.

  • Fixes an issue with Monitor > Runtime > Container Models > CSV downloading the wrong CSV file.

  • Adds support for wildcard prefixes to match all subdomains in DNS filters.

  • Fixes an issue with CNAF where rules are not applied to containers without repo tags.

  • Fixes an install issue with the AWS Marketplace instance for Twistlock Enterprise Edition.

  • Fixes an issue with Host Radar where connections to external networks aren’t validated against the app in the rule.

  • Fixes an issue where custom rule audits report an empty value for proc.user when action is set to Prevent.

  • Fixes an install issue for stand-alone Defender that connects to a Console in a Docker Swarm cluster.

  • Fixes an issue where a CSV file with a large data set can’t be downloaded from Console.

  • Fixes an issue with Event Viewer where the event count is wrong.

  • Fixes an issue where a typo in one JIRA alert profile causes all JIRA alert profiles to fail.

19.03 Update 1 (19.03.311)

Type

Maintenance release

Release date

25 March 2019

SHA256 digest

d79b45ccee84fd7e7919f560a44aa03249f2934116b78a5a68a2767f60e19867

If you’ve continually upgraded Twistlock from version 2.4 or older, and you’re now upgrading from version 18.11 to 19.03, you must run a manual step before upgrading. For more information, see the Twistlock 19.03 upgrade instructions.
Improvements, fixes, and performance enhancements
  • Fixes an issue where if proxy settings are enabled, Defender crashes when deployed as a DaemonSet in Kubernetes and OpenShift clusters.

  • Fixes an issue where a JIRA alert configured with dynamic labels that don’t exist in JIRA causes all JIRA alerts to fail. In this update, just the improperly configured alert profile fails, and it fails with a Console UI warning.

  • Improves Twistlock’s performance when the registry is very large.

  • Fixes an issue where alerts were generated for images that have been deleted from the registry. The new logic bypasses computing vulnerabilities for images that haven’t been scanned for more than 24 hours.

  • Fixes an issue where the vulnerabilities introduced by a package can be attributed to the wrong layer in the layers tool.

  • Fixes an issue with integrating Twistlock and AWS Security Hub.

  • Adds an option in the Jenkins plugin to run the Twistlock scanner inside the container to be scanned. This option is designed for pipeline builds that use the Kubernetes plugin. Use it when Jenkins slave pods don’t have access to the Docker socket.

  • Fixes a false positive for CVE-2018-3760 in the sprockets gem version 3.7.2.

  • Fixes CVE false positives for Java 8 (1.8.0_202).

19.03 (19.03.307)

Type

Major release

Release date

19 March 2019

SHA256 digest

86ef424999999019ef02fed2c73021a9fd8cd4c28e8eb64f69cd9e7f287d892d

If you’ve continually upgraded Twistlock from version 2.4 or older, and you’re now upgrading from version 18.11 to 19.03, you must run a manual step before upgrading. For more information, see the Twistlock 19.03 upgrade instructions.
Major new features
  • Adds support for writing expressions, and adding those expressins to rules, that identify discrete runtime behaviors. These are known as custom runtime rules, and can be used in both host and container runtime policies.

  • Extends Twistlock’s runtime protection to hosts with new features, including log inspection, application baselines, and CNAF for hosts.

  • Adds the capability to assign users and groups to specific collections for least-privilege access to data.

  • Adds a host view in Radar.

  • Adds support for file integrity monitoring on hosts.

  • Adds support for collecting forensics data for hosts.

  • Introduces dedicated, separate vulnerability and compliance policies for containers and hosts.

  • Streamlines vulnerability policy rules. Adds support for specifying rules that both alert and block at different thresholds. Adds support for grace periods.

  • Lets you integrate Kubernetes auditing with Twistlock, and then create rules that parse events, and raise alerts.

  • Consolidates all runtime events (container, host, firewall) into a single page called Event Viewer.

  • Provides detailed info for resources found by the cloud discovery scan.

  • Cloud discovery scan now finds the following additional resources: Google GKE clusters, Azure AKS clusters, and Azure Container Instances (ACI).

  • Adds compliance checks to assess AWS accounts against the CIS AWS Foundations Benchmark.

  • Adds support for generating Helm charts for Console and Defender directly from twistcli.

  • Adds support for dynamically routing JIRA alerts (project key, assignee) using labels from the resource that triggered the alert.

  • Improves Twistlock’s support for proxies. Lets you specify CA certs for TLS intercept proxies, and lets your provide credentials to authenticate with proxies.

  • Introduces RASP Defender, a Defender type that can be embedded into Docker containers. Handles scenarios where your containers run in highly constrained environments, such as Fargate, Azure Container Instances (ACI), and serverless functions.

  • Adds support for integrating IBM Security advisor with a wizard.

Improvements, fixes, and performance enhancements
  • Adds the ability to disable/enable policy rules.

  • Provides a mechanism for uploading Console and Defenfer log files to Twistlock support directly from the Console UI.

  • Adds an indicator on Radar to show the last time Intelligence Stream data was downloaded.

  • Shows license count for each of the different Defender types: Container Defender, Host Defender, and RASP Defender.

  • Adds validated support for multiple Availability Zone deployments on AWS with the EFS file system.

  • Adds support for specifying traffic flows in CNNF rules with labels.

  • Makes various tools and components downloadable directly from the Console UI: twistcli, Defender container image, Jenkins plugin.

  • Adds the ability to download forensics data for any container. Previously, container forensics data was available from an incident in Incident Explorer.

  • Allows you to disable automatic runtime learning.

  • Fixes intermittent connection failures to the Intelligence Stream because of TLS handshake timeouts.

  • Adds support for embedding RASP Defender into Lambda functions as a layer.

  • Adds signficant improvements to the API docs.

  • Limits the number of CNAF firewalls spawned per Defender to five to protect against excessive resource usage from misconfiguring CNAF.

  • Fixes an issue with how tabs are laid out when the browser window size is small.

  • Makes all relevant twistcli commands project-aware with a --project flag.

  • Fixes an issue with DNS monitoring for Swarm.

  • Fixes an issue with creating collections with the serverless function filter.

  • Adds the ability to reorder rules by dragging and dropping them.

  • Fixes an issue where Twistlock couldn’t scan nanoserver images that don’t include PowerShell.

Deprecated
  • Nothing to report.

Breaking changes
  • As a result of separating vulnerability and compliance policies into separate host and container policies, rules your rules will be migrated forward when upgrading from 18.11 to 19.03. Rules with resources targeting hosts (either specifically or with a wildcard, as long as not empty) are copied to new host policy. If the rule targets only hosts (the rest of the resource are empty), it is removed from the container policy.

  • Fargate Defender is now known as RASP Defender. If you deployed Fargate Defender with 18.11, you must recreate your runtime rules when you upgrade to 19.03. In 19.03, you can whitelist process and networking activity only. Blacklisting has been deprecated.

  • CNAF for Fargate rules are dropped when upgrading to 19.03 due to a substantial schema change. Recreate your rules after upgrading.

Unsupported end of life releases

18.11 Update 3 (18.11.128)

Type

Maintenance release

Release date

4 February 2019

SHA256 digest

6cb0d5d0c0f3c858307fd3564ba000ac33e8792e8c29d027c283d4b10650b186

Improvements, fixes, and performance enhancements
  • Fixes an issue with Incident Explorer, where clicking on rule links returned 404 Not Found errors.

  • Fixes the list of host services. Previously, non-systemd services were erroneously enumerated.

  • Fixes an issue with compliance rules not being enforced when targeting specific images by label.

  • Fixes an issue with the Twistlock runC proxy hanging when docker exec is run against a container. The issue could be seen when exec’ing into containers in Jenkins pipeline pods to run commands in Kubernetes clusters protected by Defenders.

  • Fixes a regression where anonymous (no credentials required) connections to SMTP servers for email alerts no longer worked.

  • Fixes a false positive in the Intelligence Stream, where CVE-2018-6954 appeared as a vulnerability in Ubuntu 18.04 images, even though it was fixed in 237-3ubuntu10.9.

  • Fixes an issue with the subsystem that detects port scanning.

  • Adds a container count to the CSV download in Monitor > Vulnerabilities > Images so that you can determine how many actively running containers have been instantiated from a given image.

  • Optimizes the way Twistlock correlates process and file system events.

  • Increases the timeout for running custom compliance checks to 10 seconds.

  • Various internal improvements.

18.11 Update 2 (18.11.119)

Type

Maintenance release

Release date

8 January 2019

SHA256 digest

76fba6def70df83cf508345ef71271fb1432056cb290b2883d205341b5e188b6

Improvements, fixes, and performance enhancements
  • Fixes a regression where you can’t modify passwords for local users.

  • Increases the number of retries and add a back-off mechanism to retry commands submitted to runC.

  • Adds support for running Defender inside nested virtualization (Docker in Docker). Specifically addresses Kubernetes on Mesos setups.

  • Adds support for scanning mixed registries that contain both Linux and Windows images.

  • Fixes an issue where alert labels weren’t appended to CNAF and CNNF audits sent to syslog.

  • Fixes an issue where alert labels weren’t appended to CNAF and CNNF audits in the CSV download file.

  • Fixes an issue where alert labels weren’t appended to container runtime audits in the CSV download file.

  • Fixes an issue where alert labels weren’t appended to container runtime audits downloaded via the Twistlock API.

  • Fixes an issue where alert labels weren’t appended to container runtime events sent to syslog.

  • Fixes an issue where alert labels weren’t appended to incident audits sent to syslog.

  • Fixes an issue where alert labels weren’t appended to incidents in the CSV download file.

  • Fixes an issue where alert labels weren’t appended to incidents downloaded via the Twistlock API.

  • Fixes an issue where alert labels weren’t appended to twistcli scans in either stdout or CSV scan report downloads.

  • Fixes an issue where alert labels weren’t appended to Jenkins CSV scan report downloads.

  • Fixes an issue where alert labels weren’t appended to container scan reports sent to syslog.

  • Fixes an issue where enabling DNS monitoring in Twistlock broke DNS queries from running containers.

  • Fixes an issue where webhook alerts could produce unparsable JSON.

  • Fixes an image in the Console UI, where the image profile tabs overflow.

  • Updates packages in the Console and Defender container images.

  • Adds the signature for the Linux.Wirenet malware to the Twistlock Intelligence Stream.

  • Fills in the description field for AWS Security Hub runtime alerts.

  • Fixes an issue in the Console UI where duplicate entries in the SAN table caused the table to appear empty.

  • Adds support for sending syslog messages over the network to a remote server.

  • Fixes an issue where the Defender status for container scanning showed "Failed to update container info profile not found", and newly deployed containers weren’t showing up on Radar.

  • Adds support to autodiscover Artifactory repositories when Artifactory is set up to be accessed through a reverse proxy using the subdomain method.

  • Fixes an issue in the Layers tool where third party packages (NodeJS, Python, etc) weren’t reported in the right layer of the image.

Breaking changes
  • When you upgrade to Update 2, any registry scan settings that specified "JFrog Artifactory" as the registry version is converted to "Docker Registry v2". In earlier versions, selecting "JFrog Artifactory" was equivalent to selecting "Docker Registry v2". Starting with Update 2, "JFrog Artifactory" configures Twistlock to autodiscover all Docker repositories in Artifactory when Artifactory is set up to be accessed through a reverse proxy with the subdomain method.

18.11 Update 1 (18.11.103)

Type

Maintenance release

Release date

17 December 2018

SHA256 digest

3ba1d45e35ec5229f0a366e90aaf7a12ab310820c06c395bc24f536198e3857b

Improvements, fixes, and performance enhancements
  • Fixes the setting Manage > Defenders > Manage > Advanced Setting > Always enable Defender runc proxy > On so that it persists even after a Defender restart.

  • Fixes broken TLS cert directive.

  • Fixes the number of incidents shown in Radar’s one week view.

  • Fixes an issue with Console where the user is logged out when trying to generate a protected Fargate task.

  • Fixes an issue where Defender fails to scan images when the docker daemon is set to '--userns-remap=default'.

  • Fixes an issue where you cannot integrate with CyberArk Vault because Console requires credentials.

  • Fixes an issue with merging Twistlock configurations when upgrading.

  • Shows the auth type (basic auth, LDAP, or SAML) for each user under Manage > Authentication > Users,

  • Fixes false negatives for struts2-core vulnerabilities.

  • Addresses runtime protection false positives.

  • Fixes issues with scanning Windows container images.

  • Fixes Intelligence Stream for Windows Server Core vulnerabilities.

  • Adds ability to sort on "tag" in registry scans

  • Adds support for simultaneous intregration of both SAML and LDAP.

18.11 (18.11.96)

Type

Major release

Release date

28 November 2018

SHA256 digest

2e18a5850a4075627fd03ee538d94ab1f2d302536d286c23b312ce986f8c462c

Major new features
  • Radar is now the primary view in Console. Many UI and UX performance improvements. You can now drill down and inspect all Twistlock data without leaving the Radar view.

  • Cloud compliance scans and reports all the registries, serverless functions, and other cloud-native technologies in your AWS, Azure, and Google Cloud accounts. Configure Twistlock to secure these resources with a single click.

  • Radar now reports data about the service accounts and associated permissions for all Kubernetes and OpenShift resources.

  • Support for Istio. Radar shows where Istio is deployed and provides deep intelligence about the service mesh configuration. New compliance checks ensure Istio is configured securely.

  • Adds support Pivotal Cloud Foundry (PCF). PCF Defender scans the droplets in your blobstores for vulnerabilities.

  • Serverless Defender v2. Adds support for DNS based network egress defense. Integrated with all Twistlock alert providers. Besides twistcli, Serverless Defender can now be embedded into your functions from the Deploy Defender UI in Console.

  • Fargate Defender v2. Dynamic policy update. Fargate Defender can now be deployed with CNAF as an application firewall in front of your tasks. Support for alerting and integration with Incident Explorer.

  • Adds a centralized store for managing the various credentials used throughout the product (i.e. to scan registries, serverless functions).

  • Adds support for Prometheus. Twistlock can be now added as a Prometheus target with a large number of metrics.

  • Supports integration with IBM Cloud Security Advisor as an alert provider.

  • Supports integration with AWS Security Hub as an alert provider.

  • Adds support for PagerDuty as an alert channel.

  • Adds support for generic webhooks as an alert channel.

  • Detects when secrets are exposed in serverless functions (sensitive information available in clear text environment variables or private keys stored in functions).

  • Improved performance in DNS based network egress filtering.

  • Intelligently thottles container, host, CNAF, and CNNF audits displayed in the Console UI. Surfaces a cross section of the representative and most important audits.

  • Supports logging to stdout.

  • Twistcli can now scan Linux images on macOS and Windows hosts.

  • Add support for EulerOS as both a host OS and a container base layer. Twistlock can be deployed on EulerOS hosts. All Twistlock protection capabilities (vulnerability and compliance scanning and runtime features) are enabled for EulerOS containers. Vulnerability management for EulerOS.

  • API documentation is now derived directly from the Twistlock source code.

Improvements, fixes, and performance enhancements
  • On DC/OS and Marathon, the Defender application deployment file can now be generated with twistcli.

  • Show CVSS score for CVEs in the twistcli scan results.

  • Defender DaemonSet YAML configuration is now generated with the dnsPolicy set to ClusterFirstWithHostNet so the Defender can use the cluster’s DNS service to resolve Console’s name.

  • Collects more detailed information in defender.log to aid in troubleshooting.

  • Further refines the learning algorithm for runtime models.

  • For SAML integrations: Fix how Twistlock tells the IdP where to direct the response when a user access Console is behind a load balancer on a different port.

  • Adds a filter for risk factors in the scan reports.

  • For vulnerabilities on RHEL-based systems, the risk factors in the scan reports are now taken directly from the Red Hat OVAL feed.

  • Secrets can now be injected with non-root permissions in containers that run as non-root users.

  • Email alerts now show the host’s fully qualified domain name rather than it’s short name

  • Adds support for ADFS with Windows authentication method.

  • Makes Twistlock userID case insensitive to support ADFS, whose NameID is also case insensitive.

Deprecated
  • Nothing to report.

Breaking changes
  • If you are using Fargate Defender, you must manually update it. Update your task definition to use Fargate Defender from this release of Twistlock. Twistlock does not support mixed version environments for Fargate Defender.

  • Listening ports in CNAF rules are now mandatory in 18.11. Before upgrading to 18.11, export your 2.5 CNAF rules, fix the exported rules to define listening ports, upgrade to 18.11, then import your fixed rules.

  • If you’re using the API, see the 18.11 porting guide.

  • In 18.11, the Block effect in CNAF rules has been replaced with the Prevent action. After upgrading from 2.5 to 18.11, you must manually reconfigure any CNAF block rules. Otherwise, no action will be enforced. Open each CNAF block rule, select the Prevent action, and save it.

2.5 Update 4 (2.5.140)

Type

Maintenance release

Release date

19 November 2018

SHA256 digest

1f98d5d380bb326dc7d9eef9702cf092823d510e2a38ce8b90d313ccbd655bcd

Improvements, fixes, and performance enhancements
  • Corrects a problem with displaying custom labels in syslog output

2.5 Update 3 (2.5.127)

Type

Maintenance release

Release date

27 September 2018

SHA256 digest

69fd6b358abb1e9af821665a28766da057322d5c9b6983c5bc9c8482c5e5cf77

Improvements, fixes, and performance enhancements
  • Fix false positive in Java JAR org.wildfly.openssl_wildfly-openssl-java:1.0.2.Final.

  • Fix false positive in Alpine 3.8 package jq-1.6_rc1-r1 false positive for CVE-2016-4074. Issue caused by a type in Alpine’s CVE database. Submitted a patch upstream to Alpine’s maintainers and compensated for the issue in the Twistlock Intelligence Stream.

  • Fix issue with Trusted images (By Origin) not being properly identified as trusted when scanned in the registry.

  • Fix an issue where it’s not possible to upload an Intelligence Feed tarball generated by twistcli on Windows.

  • Update Intelligence Streamt to retrieve NodeJS package vulnerabilities from the new feed at npmjs.org. The Node Security Platform service shuts down on Sept 30, 2018.

  • Fix an issue where Kubernetes liveness probes fail under load.

  • Improve how we report RedHat vulnerability data. No longer report package vulnerabilities that are marked as 'Not Affected' and/or only affect non-supported target arches (i.e. ARM). This level of detail is not available in RedHat’s OVAL field.

  • Include custom labels (also known as alert labels) in the CSV image and container reports.

2.5 Update 2 (2.5.121)

Type

Maintenance release

Release date

10 September 2018

SHA256 digest

c5cc828c28b452637d7b24e45722f2fdbaa7f1cd6aaf5f55eb18cb30f0d5fe43

Improvements, fixes, and performance enhancements
  • Add support for running 'twistcli images scan' when Defender is in TCP listening mode.

  • Fix a regression where Twistlock would scan only a max of 100 registries.

  • Fix possible nilref on CNNF audits.

  • Refine CIS compliance check 41 ('image running as root') to catch USER root and User 0.

  • In previous versions of Twistlock, the deployment YAML twistcli emits for Console always assumes Console will run as root. Add a new optional parameter to twistcli to generate a securityContext with runAsUser: 2674 instead.

  • Fortify how Twistlock profiles the Postgres container and detects weak settings.

  • Fix an issue with the CSV download for image layers, where the mapping of CVEs to layers is incorrect.

  • Fix an issue where Manage > Collections in the Console UI only shows the first 13 collections. Add pagination to this view, and add scrolling to the Collection selector.

  • Address issue with MongoDB where validate should be called on collections. Otherwise, Console can return wrong data, places like dashboard stats, radar stats, license checks (defender count) when Console was stopped ungracefully.

  • Fix false positives in Python packages.

  • Fix broken links to the doc site from the Console help system.

  • Fix how CVE-2016-7055 is parsed from NVD and applied to images that contain openssl.

  • Fix an issue where the mini-radar in the Incident view uses the filter from the main radar, which meant that you could miss applicable detail if the container/image involved in the incident is currently filtered out. The incident-specific radar now ignores the general filter and shows all connections to/from the image involved in the incident.

  • Fix an issue where the CIS-515 compliance check is reported automatically if --pids-limit flag used in a docker command. CIS-515 now properly checks if --pid=host is used.

  • Improve the error message when embedding the Fargate defender into a task definition to explicitly state when the entrypoint parameter cannot be found. Task definitions must have an entrypoint.

  • Fix how Radar is rendered when containers have containers have a very long names so that containers names are still legible.

  • Fix an issue where registry images are improperly flagged with compliance issue 'image should be created with a user'.

  • Fix an issue you cannot create a manual backup when running Twistlock Console on Azure.

  • Fix some issues related to the CIS Distribution Independent Linux Benchmark checks for CoreOS.

  • Fix an issue with Console where if it loses a connection with the IS, then reestablishes the connection, it fails to clear the error message in the UI.

  • In order for Defender to be fully functional, its version must now exactly match Console’s version. When upgrading Console, be sure to also upgrade all your Defenders at the same time. Defenders running an earlier version can continue to protect your node using cached policies, but communication with Console is very limited. For more information, see the Upgrade article.

2.5.103

Type

Maintenance release

Release date

29 August 2018

SHA256 digest

8eec743a3a1601f026919cc326a9a88967ae545c128692af40fdcd5ad860cd44

Improvements, fixes, and performance enhancements
  • Corrects a problem with Defender installation in environments using certain SELinux configurations.

2.5.102

Type

Maintenance release

Release date

15 August 2018

SHA256 digest

46c2bab27268dc329333ec7dc0e20cd0b486e910c0dfa5afc2743ad8cc8a2b4f

Improvements, fixes, and performance enhancements
  • Fix a false positive for a CVE being reported on Apache Tomcat 7.0.90.

  • Fix a permissions issue with Fargate Defender files being accessed from customer containers created with non-root users.

  • Fix a false positive for CVEs being reported on PostgreSQL.

  • Better model Foreman and Puppet containers, and reduce spurious audits, by letting them listen on arbitrary ports.

  • Download Ubuntu vulnerability feed from git instead of bzr. Canonical recently moved the source control systems for their CVE data from bzr to git.

  • Fix an issue with Radar where the reported incoming ports for some container images is muddled.

  • Improve the way we resolve Java packages to report vulnerabilities.

  • Fix the Intelligence Stream to address false negatives for Apache Tomcat JAR packages.

  • Fix vulnerability reports to show the full path for JARs and binaries.

  • Fix false positives and negatives for CVE reporting by implementing higher resolution version range prefix matching to avoid conflicts with other versions with same prefix.

  • Fix an issue with accurately reporting Java Jenkins vulnerabilities. Add a mechanism that finds the smallest end version (inclusive or exclusive) to match all versions before a specified global version.

  • Fixed false negative on image scans containing vulnerable Apache Struts JAR file.

  • Fix as issue with column filters for tables in the UI, where an empty (but selectable) filter is displayed and selectable.

  • Fix false positives in Window’s Server 2016, windowsservercore, and .NET images.

  • Fix alerts so that they properly match when you select individual rules (instead of matching against the entire policy).

  • Enable installing Twistlock when a host has SELinux disabled, but Docker has SELinux enabled. In general, this is not a recommended server configuration.

  • Add an indicator to scan reports to show when Twistlock’s Intelligence Stream doesn’t have vulnerability data for the OS being scanned. Useful for explaining why a given resource (host, image, etc) shows zero vulnerabilities.

  • Fortify the Twistlock Intelligence Stream for Alpine-based images.

  • Enable search for specific images by image name under 'Monitor > Vulnerabilities > Twistcli Scans'

  • Fix Radar, which can display a lot of connections that do not actually exist.

Breaking changes
  • When you upgrade to this maintenance release, all previous twistcli and Jenkins scan reports will be dropped. You will also need to upgrade your Jenkins plugin. The Jenkins plugin version must always exactly match the Console version.

  • When you upgrade, Radar will be cleared and relearned. This is required to clean out all invalid, non-existent connections.

2.5.91

Type

Major release

Release date

30 July 2018

SHA256 digest

0b5f15255a06acdff5732fffef0f2e52ee87786e7316b5bfdacc5b9963a4e5f1

Major new features
  • Support runtime protection for Fargate with a new Fargate Defender.

  • Support runtime protection for serverless functions (AWS Lambda) with a new Serverless Defender.

  • Add support for process and file system monitoring (runtime sensors) on CoreOS.

  • Improve the backup and restore flow. Backups can now be made directly from in the Console UI. Restores can be made from either the Console UI or twistcli.

  • Add support for running Twistlock on Kubernetes with CRI-Containerd.

  • Add support for email alerts for compliance issues.

  • Improve product architecture for collecting and analyzing forensics data at scale in a distributed environment.

  • Refactor 'twistcli console install' for better usability.

  • Add support for Azure Key Vault, AWS System Manager Parameter Store, and AWS Secrets Manager as secrets stores.

  • Incident Explorer v3. Improve Incident Explorer user interface and expand the data we collect for incident response and forensics scenarios.

  • Make the UI role-aware. Users are restricted to viewing and interacting with only the Console UI pages, tabs, and controls that their role permits.

  • Add checks for the CIS Distribution Independent Linux benchmark.

  • Improve reporting for compliance results. For compliance results that fail, show the result of the check (i.e. why it failed). Improve descriptions, including the exact section number in the CIS benchmark for each given check. Add the ability to report both passed and failed compliance checks.

  • Add support for writing your own compliance checks for container images with custom scripts.

  • Clean up twistlock.cfg, streamlining the options to a minimum set.

  • Provide a 14 day grace period after a license expires, then disable the product. Update the UI to display the time to expiration once the grace period has started.

  • Radar v3. Improve Radar’s UX.

  • Add support for Azure AD and ADFS as SAML IdPs.

  • Add support for integrating Twistlock with Google Cloud Security Command Center.

Improvements, fixes, and performance enhancements
  • Auditor role can now create collections.

  • Improve vulnerability detection in Java jar files.

  • Add ability to login using any defined attribute in OpenLDAP.

  • Fix Console help links to properly redirect to article subsections.

  • Internal improvement: Overhaul the table component for better consistency across the Console UI.

Deprecated
  • Since nearly all our customers use the built in RBAC provided by their orchestrator, Twistlock no longer includes its own built in RBAC for Kubernetes.

  • Removed the Twistlock compliance check 'Image contains banned process'.

  • Deprecated support for RedHat Atomic Host becasue RedHat is dropping support for it in OpenShift 3.10. See here for more information.

  • Deprecated support for RHEL 6 (it’s not supported by RedHat) and Debian Wheezy (it is now EOL).

Breaking changes
  • If your Console has been continually upgraded from version 2.0 to version 2.4, follow steps in Upgrade to 2.5 before upgrading to version 2.5.

  • Due to a refactor to CNAF (bug fix), when upgrading to 2.5, the ports list in your CNAF rules (under the Advanced tab) will be dropped. The rest of your CNAF rules will remain in tact.

  • When upgrading to 2.5, any scan reports under Monitor > Vulnerabilities > Twistcli Scans will be dropped.

  • To accommodate new CNNF capabilities, profiles and Radar will be regenerated after upgrade.

  • Scanning for malware within archives is no longer enabled by default.

  • Due to a refactor, Windows Defenders cannot be upgraded from the Console UI. Instead, rerun the install script.

  • The image path for Docker Hub images has changed from "docker.io/<IMAGE>" to simply "<IMAGE>", so image filters that have docker.io in the path no longer match. After upgrading to version 2.5, verify that any existing rules that filter on image name for Docker Hub images are updated to reflect this change.

  • The -b option for twistlock.sh has been deprecated, and it no longer works. It will be removed in a future release. You shoud now use twistcli restore to restore Console from a backup file.

2.4.106

Type

Maintenance release

Release date

21 May 2018

SHA256 digest

891e43d1b439cdbf31ba5caf981854b4e0ec275c6d8fa0221e7791c2d540578b

Improvements, fixes, and performance enhancements
  • Add keep-alive for websockets between Central Console and supervisor Consoles.

  • Periodically clean up unused entities.

  • Refactor some CNNF internals.

  • Add AWS GovCloud region for serverless scanning.

  • Fix to our Intelligence Stream for Alpine vulnerability data.

  • For host service models, removed duplicated dhclient profile.

  • For host service models, added baseline capabilities for more services.

  • Fixed issue with exporting layers CSV from registry scans

  • Added support for exporting CSV for Jenkins and twistcli scans.

  • Fixed issue with trying to install Console on Swarm from the Twistlock registry using twistcli.

  • Eliminate false positives by supporting apps that connect on random outgoing ports.

  • Fix an issue with Defender failing to upgrade.

  • Fix an issue where the Container Audits page in Console occasionally hangs.

  • For host runtime, fixed a false positive.

  • Fix an issue with image scanning where we ignore a Maven exclusion and report a vulnerability on the wrong dependency.

Breaking changes
  • Twistlock API: The state parameter passed to the POST /api/v1/profiles/id/learn endpoint has changed. Previously, you needed set state to active to manually put a runtime model into active mode. The value active has been deprecated and replaced with manualActive. Starting with 2.4.106, you must set state to manualActive to put a runtime model into active mode.

2.4.95

Type

Maintenance release

Release date

24 April 2018

SHA256 digest

1bc15eb76eeee18acf6d8f5550f8adfe31f5ede6e4b9f6a4141779ab5f5cec1a

Improvements, fixes, and performance enhancements
  • Eliminate false positives by determining when an agent’s use of random ports for outgoing communication is valid. Previously, many runtime audits were generated because the runtime model created during the learning phase captured only a subset of all ports that could be used.

  • Fix an issue where creating a host runtime rule with the action set to prevent doesn’t work on Linux servers.

  • Fix an issue where the response field in host audits are marked as alert when they are actually prevent.

  • Fix an issue where CNAF ceases to protect a container after the container is restarted.

  • Fix an issue where CNAF fails when a container, such as nginx, listens on both IPv6 and IPv4 interfaces on the same port.

  • Address vulnerabilities in the Twistlock Console container image.

  • Enable detection of OpenShift vulnerabilities.

  • Fix an issue where vulnerability rules that ignore specific CVEs and target ciplugin (i.e. Jenkins and twistcli) are erroneously applied system-wide.

  • Fix display issues in Jenkins scans where sometimes zero vulnerabilities are reported in the Jenkins dashboard, but Console displays a list of vulnerabilities (and vice versa).

  • Add custom labels to CSV output for images.

  • Fix an issue where runtime rules that whitelist a DNS domain still trigger an audit.

  • Address false postives for known bad domains.

  • Fix an issue with webhooks not triggering Docker Hub image scans.

  • Update logic to properly hide Kubernetes orchestration containers.

  • Fix the way we resolve jar dependencies in pom.xml files. Eliminates false positives in our vulnerability scans.

  • Fix the "More Details" link color in Incident Explorer for better readability.

  • Move the History tab (under Monitor > Access > Hosts) to be the first tab, and select it by default.

  • Add a query parameter to /api/v1/registry called imageID that lets you query scan reports registry images by image ID.

  • Fortify our coverage for vulnerabilities in Alpine.

  • Misc bug fixes.

2.4.88

Type

Major release

Release date

30 March 2018

SHA256 digest

11d22d6ce110fa418a6c9f5d00210452ee21481a06a02cfbff0d9d2bf97c6778

Major new features
  • Add support for multi-tenancy and infinite scale with a feature called Projects. Multiple Consoles can be deployed and managed from a single master Console.

  • Add support for containerd/runC for Kubernetes deployments.

  • Add support for runtime protection on Windows.

  • Add support to protect any host with our runtime defense tools. As part of this feature, Defender can now run on hosts that do not have Docker installed.

  • Improve host runtime protection. Reduce the false positives in the original v1 implementation.

  • For Incident Explorer, document each incident type, including details about how to investigate and mitigate the issue.

Improvements, fixes, and performance enhancements
  • Refactor the Vulnerability Explorer presentation layer to more clearly present vulnerability information.

  • Refactor the Compliance Explorer presentation layer to more clearly present vulnerability information.

  • Add support for more than one Defender to be designated as a registry scanner.

  • Increase the number of Defenders that a single Console can support to 1000.

  • The twistcli utility now runs on Windows. All twistcli functions now work the same way across all supported platforms (Linux, macOS, and Windows).

  • Add support to whitelist CVEs across an entire installation.

  • Makes all custom feeds (vulnerabilities, IP rep lists, malware) atomically updatable with CRUD support for individual items both from the API and UI.

  • Besides trusting images by SHA hash or point of origin (registry/repo), you can now also trust images by base layer.

  • The Jenkins plugin now lets you specify a grace period for newly discovered CVEs to give the dev team to resolve the issue before the build is automatically failed.

  • You can now annotate audits with any arbitrary, customer defined, Docker or Kubernetes label. This gives you a way to integrate organization-specific data, such as division name or asset tag number, into your IT management and security flows. You can also trigger alerts based on email addresses in a specified label.

  • Jenkins and twistcli scan reports are now available for viewing in the Console UI.

  • You can specify how often values for secrets are refreshed and resynced from the secrets store.

  • Add support for scanning the IBM Bluemix registry.

  • Released a substantially improved doc site.

Deprecated
  • Basic encryption of environment vars in docker inspect results; full secrets injection capabilities are provided in the Secrets Manager feature

Breaking changes
  • The latest Jenkins versions (>=2.107) introduced platform changes that can cause intermittment problems with the Twistlock plugin. Full support for latest Jenkins versions will be provided in an upcoming 2.4 update.

  • When deploying Defender, the UNIX socket listening mode is no longer available. All of Defender’s functionality is now built into None mode (except role-based access control). For RBAC, select the TCP listening mode.

  • Vulnerability or Compliance based blocking on image creation is no longer supported.

2.3.98

Type

Maintenance release

Release date

30 Jan 2018

SHA256 digest

41d1d481de77149be8459cbc28e681b31fff6b401cd037a5a2ec6944b81caa5d

Improvements, fixes, and performance enhancements
  • Adds the --embedded flag to twistcli, which runs a scan from inside the container.

  • Fixes an issue where custom malware detection fails.

  • Fixes an issue where Radar is missing data for Docker Swarm deployments.

  • Fixes a broken link to download software updates from Console’s dashboard.

  • Fixes an issue where Defender crashes when you try to scan in image in Amazon EC2 Container Registry and you have not provided valid credentials (IAM or access key + secret key).

  • Fixes an issue if a rule contains both the prevent and block action (i.e. set process to block, file system to prevent) and the rule is triggered.

  • Fixes a false positive with the glibc library. For Debian and Ubuntu distros, we now show all instances of a source package.

  • Fixes the search bar in the Manage > Defenders > Manage page.

  • Fixes an issue where CNAF incorrectly detects an HTTPS port as HTTP.

Breaking changes
  • For Twistlock Console that has been upgraded from 1.7 to 2.2, follow the instructions in Upgrade from 1.7 to 2.3 before upgrading to 2.3.

2.3.87

Type

Maintenance release

Release date

15 Jan 2018

SHA256 digest

02d0fca219a282f4eb3255f76d852bc9a7da1ddf17e9b33eba12cd24d5f8b55f

Improvements, fixes, and performance enhancements
  • Fixes an issue with a large number of errors from host file system events.

  • Fixes an issue with errors and sluggishness when viewing host/images/registry/containers after upgrading from Twistlock 2.2.100 to 2.3.

  • Fixes risk score colors in Vulnerability Explorer.

  • Fixes an issue with saving port ranges in runtime rules.

  • Fixes an issue with the Intelligence Stream, where Console would report an error about failing to close intelligence connection write tcp i/o timeout.

  • Fixes issues with formatting the CVE description in Vulnerability Explorer.

  • For OpenLDAP integration, you can now specify a custom attribute for the user identifier.

  • Fixes an issue where local LDAP users fail to authenticate.

  • Fixes spurious audits from Defender when serverless function scanning is enabled.

  • Fixes a regression where you cannot perform basic auth with an LDAP user.

  • Fixes a layout issue in the dialog box for creating/modifying compliance rules.

  • Fixes how twistlock.sh removes old Defenders.

  • Addresses a false positive in horizontal port scanning.

  • Addresses a false positive: Skip DNS learning for DNS services.

Breaking changes
  • For Twistlock Console that has been upgraded from 1.7 to 2.2, follow the instructions in Upgrade from 1.7 to 2.3 article before upgrading to 2.3.

2.3.78

Type

Major release

Release date

26 Dec 2017

SHA256 digest

35e4aba6b9c012fa388fa023316b00dcb8249a28ee03dd903cab21b85a1aaeaa

Major new features
  • Enhanced runtime defense based on Twistlock Labs research

  • Serverless security

  • Per layer vulnerability analysis

  • Deeper risk analytics in Vulnerability Explorer

  • Enterprise grade CNAF

  • Enhanced app aware system call defense

  • Built in compliance templates for PCI, HIPAA, GDPR, and NIST SP 800-190

  • Enhanced logging and syslog data streams

Improvements, fixes, and performance enhancements
  • Twistlock is now officially Kubernetes Certified

  • Support for secrets injection into Swarm services

  • Windows runtime defense (beta)

  • Use of CSS Grid layout throughout the UI, enabling it to gracefully scale to any layout and orientation

  • Enhanced info, including country of origin data, for destination IPs in audit logs and in radar

  • Systemwide Twistlock user activity audit log with detailed change tracking for all events

  • Support for for HSTS and HPKP and marking session ID cookie as secure

  • Added ability to define vulnerability management rules that incorporate vendor fix status

  • Added support for busybox vulnerability detection

  • Enables renaming of rules systemwide

  • Enables ability to set push alerts in CI plugins

  • Scoring (L/M/H) of all compliance checks, 'thermometer' graphics in compliance results, and explicit listing of CIS benchmark versions in compliance rules

  • Improved secrets detection, capable of identifying all types of private keys (RSA, DH, ECC) across PKCS12 and PEM file types, regardless of extension

  • Moved settings menu to top level UI, reorganized top level settings to improve discoverability

  • Added DHS AIS threat data to TATP stream

  • Added revocation checking for custom certificates

Deprecated

None

Breaking changes
  • In previous versions of Twistlock (2.2 and earlier), install options for Console on Kubernetes/OpenShift were set in twistlock.cfg. Those options can no longer be set in twistlock.cfg, and are now available instead as parameters that can be passed to twistlock console install. Details for upgrading Twistlock Console from 2.2 to 2.3 can be found here.

  • Twistlock now uses the CSS Grid layout broadly throughout the UI. Microsoft Edge only supports Grid (unprefixed) on Windows 10 Insider builds version 1703 16237 and higher (https://developer.microsoft.com/en-us/microsoft-edge/platform/status/gridupdate/?q=grid). Grid is already supported on commercially supported versions of Safari and Chrome.

  • For Twistlock Console that has been upgraded from 1.7 to 2.2, follow the instructions in Upgrade from 1.7 to 2.3 article before upgrading to 2.3.

2.2.100

Type

Maintenance release

Release date

9 Nov 2017

SHA256 digest

60657db222976d0b78291da66cffa2e22451e414bc6f07e7bd9f56232e02edc4

Improvements, fixes, and performance enhancements
  • Disambiguation of internal cluster IP ranges and external ranges to automatically include intra-cluster traffic in the mesh model

  • Adds ability to explicitly allow outbound IP ranges in models

  • Introduces dynamic IP port allocation enforcement, to automatically handle scenarios where a given image may listen on random ports at each runtime; Twistlock dynamically tunes the model per container to learn ranges used during each individual runtime

  • Changes model and radar propagation from multicast to unicast; as models are created on nodes, nodes share them with Console and Console redistributes them only to hosts that have those same images, including with just-in-time distribution as images are run on new nodes.

  • Multiple internal data structure improvements to support 500 large, active hosts per Console

  • Automatic handling of scenarios where a given binary within an image unpacks and runs additional binaries at runtime; Twistlock learns the hierarchical relationships between packages and contents and tunes model to include them

  • Disables alerting in default host runtime defense rule

  • Restored --include-files option in twistcli

  • Enables user login against Active Directory Domain Controllers with the Global Catalog role

  • Adds support for registry scanning against additional ECR regions

  • Changes Console log rotation to every 4 hours

2.2.92

Type

Maintenance release

Release date

18 Oct 2017

SHA256 digest

45db00c21eaf7cbd5740ac743656561da6236a7db05979b07529119ebe7f5e69

Improvements, fixes, and performance enhancements
  • Updates the version of SQLite used in Defender to fix CVE-2017-10989

  • Fixes an issue where you can’t search host audit events by service name

  • Improves host runtime learning and model generation

  • Corrects a problem with managing Collections in Safari

  • Corrects a problem in the Jenkins plugin with pipeline syntax generation

  • Corrects a problem with scanning images based on Windows Server Core

  • Reduces false postives and improves customer experience for high connection rate audit events

  • Fixes SSL handshake error with Defender when using custom certs

  • Fixes a vulnerability scan report error when OS package and library package have the same name

  • Fixes an issue with blocking specific images based on vulnerability severity

  • Internal optimizations to eliminate log spam, fix a race condition, etc

2.2.87

Type

Maintenance release

Release date

2 Oct 2017

SHA256 digest

304faae359a873b920f6b36dfa26166ee6951b9f8785288bfd5dd67b3bc8f536

Improvements, fixes, and performance enhancements
  • Fixes issues with vulnerability reporting for opensuse images (especially the severity), ubuntu and bad dockerfile

  • Fixes issue with onebox deployment with selinux on RHEL

  • Supports vulnerability and compliance blocking for images from public and private registries

  • Fixes issues with upgrading K8s deployment.

2.2.81

Type

Major release

Release date

18 Sep 2017

SHA256 digest

2e04fa905c82c15c7dcaba2ed82f22fee257e62b3c4e08e7ff3c97f193f83ff0

Major new features
  • Cloud Native Network Firewall

  • Incident Explorer

  • Runtime defense for container hosts

  • Native deployment on Swarm

  • Integrated Slack and JIRA alerting

  • Native deployment on Swarm

  • Compliance monitoring and enforcement for Kubernetes

Improvements, fixes, and performance enhancements
  • Integrated log viewer and upload for support cases

  • Kubernetes namespaces and Docker Swarm services are displayed as 'layers' on radar, allowing multi select to focus on specific parts of your environment

  • Console exclusively uses TLS 1.2 and >=256 bit ciphers

  • Added option to map LDAP users by samAccountName

  • Centralized and simplified alerting configuration

  • Added option to enforce strict TLS checks when running Twistlock installation scripts

  • Added support for Shibboleth IdP

  • Improved Alpine CVE detection via new upstream CVE source

  • Full support for Amazon Linux, including runtime and vulnerability management

  • Full support for SuSE, including runtime and vulnerability management

  • Optional verbose terminal output for compliance and vulnerability blocking, listing full details of reason for block

  • Discrete blocking of processes and file system writes at runtime

  • Support for IAM role authentication to ECR

  • Single consolidated command line tool (twistcli) for setup, configuration, and offline scanning

  • Detection of ECC keys embedded in images

  • Display of last update time and full CVE details in CVE viewer; moved viewer under /monitor

  • Default hardening of local accounts within Twistlock, anti-hammering protections for authentication

  • Display of IP reputation list categories in each alert involving a suspicious IP

  • Significant improvements to the curation and freshness of upstream IP reputation list feeds, resulting in more accurate and time relevant IP based threat detection

Deprecated
  • Support for TLS <1.2, <256 bit ciphers

  • Support for Kerberos integration for access control scenarios; customers can still integrate with Active Directory for authentication to both the Twistlock Console and access rules, but Kerberos is no longer supported as an authentication protocol

  • Support for the TeamCity plugin; the vast majority of our customers use Jenkins for CI and with the improvements to the developer experience for scanning with twistcli, we’re going to focus all our native CI plugin work around Jenkins and on twistcli automation for any other CI tool. The TeamCity plugin from 2.1 will still be supported for the remainder of the 2.1 support lifecycle. If you currently use the plugin and would like assistance moving to twistcli, please just open a support case and we’ll be happy to help.

Breaking changes
  • Twistlock’s UI now uses the CSS Grid layout. Microsoft Edge only supports Grid (unprefixed) on Windows 10 Insider builds version 1703 16237 and higher (https://developer.microsoft.com/en-us/microsoft-edge/platform/status/gridupdate/?q=grid). Grid is already supported on commercially supported versions of Safari and Chrome.

  • 2.2 includes significant improvements to the Alert Profile schema, with a greatly simplified configuration experience. Existing alert profiles are not compatible with this schema and are not preserved on upgrade. If you’re using per-rule alert profiles you’ll need to reassociate them with rules after upgrading using the new centralized configuration.

2.1.93

Type

Maintenance release

Release date

24 July 2017

SHA256 digest

be6a404f52c3e6ebdbc121f4ffc75c4ea6a012cb58faa92eb224c3fea731efe2

Improvements, fixes, and performance enhancements
  • Corrects problem with OEM licensing

  • Corrects problem when scanning images using deprecated Docker image spec format

  • Corrects problem with Jenkins plugin when using LDAP authentication

  • Additional XFS protections for Console web interface

  • Improvements to risk scoring algorithm in Vulnerability Explorer

  • Corrects problems with Console web UI after upgrade from previous build

  • Improves support for large AWS ECR repositories

2.1.89

Type

Maintenance release

Release date

7 July 2017

SHA256 digest

4621e36ba9896a5e5d2bf443a5e64ae04df0c7cfb0cd7928551d520fc55e1821

Improvements, fixes, and performance enhancements
  • Corrects a problem with debug log collection

  • Improves UI layout on horizontally constrained displays

  • Improves CVE detection in some scenarios using RHEL based images

  • Adds option to run all install scripts with strict certificate validation

  • Adds Shibboleth IdP support for SAML integration

  • Optimizations for Ping Identity for SAML integration

2.1.83

Type

Major release

Release date

26 June 2017

SHA256 digest

e657cf5cef94d66420a27a512519d62f377df6f8cb61810e99b6c1d86e303e7a

Major new features
  • Cloud Native App Firewall

  • Vulnerability Explorer

  • Twistlock Collections

  • Compliance Enforcement in Jenkins

  • Secrets Manager

  • Vulnerability Push Alerts

  • New dashboard

Improvements, fixes, and performance enhancements
  • Native macOS version of twistctl

  • Lengthened registry scan timeout to handle very large (20K+ image) registries

  • Console runs with a defined user account

  • CVSS 3.0 scoring across the product

  • Normalized pattern matching syntax between CI plugins and rest of product

  • Encrypted storage of all user provided certificates

  • Support for G Suite SAML IdP for logon to Console

  • Selective scanning of specific registry paths within UI

  • Copy, import, and export rules within the product and across Twistlock installations

  • Integrated view of image composition and history directly within product UI

  • Ability to manually start and stop model learning

  • Significant tuning of model generation algorithm to better manage images with infrequent or time triggered processes

  • Automatically publish results of builds failed by the Twistlock plugin to the Jenkins UI

  • Syslog format improvements

Deprecated
  • Support for Internet Explorer; on Windows platforms, Twistlock supports Chrome and Edge

  • Support for DNS round robin access to an HA cluster; all HA clusters must be accessed via a load balancer or nodes can be individually specified at Defender install time

Breaking changes
  • Because of changes in the database schema, only alphanumeric characters and spaces are supported in rule names. Any existing rules using non-alphanumeric characters will be changed during the upgrade to replace those characters with spaces. No other changes to the rules, including settings or ordering, are performed.

  • Enabling Kubernetes access control features from twistlock.cfg is deprecated. Specifically, this setting: KUBERNETES_ENABLED=true. If this feature was enabled in a 2.0 installation, after upgrading to 2.1, customers need to visit the /configure/access/kubernetes in the Console to enable the feature. The -j switch to twistlock.sh, which normally preserves previous configuration settings specifically excludes this on upgrade to 2.1.

  • Custom certs for Console in twistlock.cfg (This is available in Console itself. Please see this article)

  • Deprecated ldap setting in twistlock.cfg. It is configurable via Twistlock Console itself.

Learn more about what’s new in 2.1 in our Tech Newsletter: https://cdn.twistlock.com/docs/TechNews/Twistlock_Jun17_2_1.pdf

2.0.67

Type

Maintenance release

Release date

12 Jun 2017

SHA256 digest

8f268bd3a79b7478aeceef55319950db084844b336be5bfb5fb7c1f287439d4e

Improvements, fixes, and performance enhancements
  • Adds support for additional SAML token structures

2.0.65

Type

Maintenance release

Release date

15 May 2017

SHA256 digest

fc981b1cfdb311a772ef9d28a91c6b7c2bd8b1cec3e91c080cc2658c0f4043ad

Improvements, fixes, and performance enhancements
  • Corrects a problem when using custom certificates for Console browser access

  • Corrects a problem with access rule filtering

  • Corrects a problem when accessing the Intelligence Stream through a proxy

  • In a k8s deployment, ensures pods persistent across host failure

  • Corrects a problem when using twistscan to scan images using NPM packages

  • Lengthens timeout for registry scan to 600s

  • Enabled running Console as non-root user by default

  • Enabled deletion of built in admin account

  • Provides clean error message when updating a user with no password set

2.0.55

Type

Maintenance release

Release date

1 May 2017

SHA256 digest

791b61c769d106841954f632d09614388e334efd798d0eccec51c778b9062c35

Improvements, fixes, and performance enhancements
  • Corrects an intermittent problem with Mongo initialization after upgrade

  • Broadcasts runtime models to all Defenders to ensure consistency when multiple Defenders are adding to the model simultaneously

  • Corrects a problem with empty Jenkins dashboard portliest

  • Invalidates access token at Console logout

  • Updates protection for Twistlock key material

  • Corrects problem with SAML redirection during logon

  • Corrects problem when using custom certificates for Console​

  • Improves CPU performance in network runtime monitoring

2.0.41

Type

Major release

Release date

10 April 2017

SHA256 digest

0a4b072635f9d6edcaa40109539dc66d5d89b937e4a893fc6bb9996019d6056e

Major new features
  • Greatly enhanced Runtime Radar view aligned with Kubernetes and with ‘Google Maps’ style data overlays for vulnerabilities, compliance, and runtime audits

  • Support for Console running on K8S (pre-Stateful Sets)

  • New Twistlock brand and color palette across UI

  • Compliance Explorer

  • Smart card authentication to Console

  • Automated system call modeling for Java

  • Support for Jenkins Pipeline

  • Ability to modify Defender type from Console

  • Added new commercial vulnerability feed for Python components

  • Twistlock image availability in major cloud marketplaces (AWS, Azure, GCP)

  • Support for SELinux capability in Defenders on Daemon Sets

  • Host scanning with Daemon Set

  • Automated inter-container IP filtering

  • Added package license details to image scan results

  • Added compliance checks for the detection of secrets embedded in images and environment vars

Improvements, fixes, and performance enhancements
  • Support for downloading non CSV format report. (response to /download API)

  • Changes to wildcard (*) behaviour in rules and policies

  • Detection of host CVEs, including Docker Engine via binary analysis

  • Support for SELinux in Defender

  • Added filesystem paths to runtime models and rules

  • Support for additional products in app specific network profiling

  • Fixes an issue where not all host configuration CIS were showing in Console.

  • Docker CIS 1.13 support

  • Access control support for all Docker 17.03 and Kube 1.6 actions

  • Certificate encryption at rest

  • Enforce ASN1 properties on defender certs

Deprecated
  • Wildcard usage in the beginning and middle of string. (Ex: ubu or Ubu )

  • Twistlock Version upgrade from >2 previous versions (Ex: 1.5 → 1.7)

  • Intel TXT support

Breaking changes
  • Because of changes to implement rule consistency across the product, customers using Trusted Images may need to update their lists to add a wildcard asterisk to each label. In the past, blank labels were assumed to mean ‘applies to all labels’, but this behavior has been changed in 2.0 to be consistent with the rest of the product where wildcards have to be explicitly set. See Rule ordering and Pattern matching article for more details.

1.7.79

Type

Maintenance release

Release date

8 Mar 2017

SHA256 digest

8dd1e2e7192101c9f2fa741493e4890d7a67567fa1ea3d5237a68155f4e1fb97

Improvements, fixes, and performance enhancements
  • Fixes an issue with image scanning

1.7.78

Type

Maintenance release

Release date

2 Mar 2017

SHA256 digest

a742045518fe738130a7a91fab4563684276acfb588989c74d24196c416b6067

Improvements, fixes, and performance enhancements
  • Corrects a problem with explicitly defined egress and ingress ports in network runtime rules.

1.7.75

Type

Maintenance release

Release date

28 Feb 2017

SHA256 digest

698aa90307ea763750ae9a12e596a367a8139e95fd870e43715128a20b214f37

Improvements, fixes, and performance enhancements
  • On Tue 28 Feb, Twistlock was notified by a customer of a security vulnerability related to authentication to the Console. This problem affects all customers using LDAP authentication, with either OpenLDAP or Active Directory. The vulnerability can result in users being able to escalate privileges, including to administrative roles. The root cause of the problem is in the method used by a 3rd party library to sanitize authentication input provided at logon.

Twistlock recommends all customers immediately upgrade to 1.7.75 which corrects this problem. For any customers that would like assistance with the upgrade, please simply open a support ticket.

1.7.74

Type

Maintenance release

Release date

27 Feb 2017

SHA256 digest

5317e216be4f982c13989c79e0104f4273ce3387f5105a2c63f226a312ee23f8

Improvements, fixes, and performance enhancements
  • Enables SMTP alerting when the SMTP relay uses self signed certificates.

1.7.73

Type

Maintenance release

Release date

21 Feb 2017

SHA256 digest

bf4a4effa5e3749b2eb3e0eb2261ff2e7eddc83e5b83ae65eaccdb590c644486

Improvements, fixes, and performance enhancements
  • Corrects a problem with removing scanned images pulled from registries with malformed paths

1.7.72

Type

Maintenance release

Release date

20 Feb 2017

SHA256 digest

8e3841fca2473192f2ff1a2b8ccba5ad977d9e42b1d3912d04b84c9599bb3064

Improvements, fixes, and performance enhancements
  • Corrects a problem when using alert profiles with open SMTP relays.

1.7.70

Type

Maintenance release

Release date

09 Feb 2017

SHA256 digest

b5fb40a381f6b81c0ca3025d477b61dd1dc4e87941c942a95844cc06b4aaa6d5

Improvements, fixes, and performance enhancements
  • Corrects a problem with uploading custom malware and IP feeds

  • Adds ability to scan multiple POM files in single flat JAR

  • Fixes issue with downloading CSV report in Safari browser

  • Fixes error when pulling offline updates

1.7.67

Type

Maintenance release

Release date

26 Jan 2017

SHA256 digest

f6cd88c7b9a6e7e9621e4e9d9f02ed6e2d0b0970fab843896783d696a2ae5923

Improvements, fixes, and performance enhancements
  • Adds additional vulnerability detection coverage for 'flat' JARs and JavaScript components packaged without manifests.

  • Corrects a problem with updating Intelligence Stream data offline

  • Adds vendor fix status to exported dataset when downloading vulnerabilities in CSV format

1.7.64

Type

Maintenance release

Release date

23 Jan 2017

SHA256 digest

7ca51e681f7ddd1c998b92cb998cc86e592473c85bc78d5c66b1748864890fbf

Improvements, fixes, and performance enhancements
  • Corrects a problem with displaying only a single vulnerability category when a component is impacted by more than one.

  • Corrects a problem with the connectivity indicator showing a green state when proxy settings are incorrect.

  • Enables scanning of Red Hat images with the Jenkins plugin on non-Red Hat operating systems without installing yum.

  • Corrects a problem where scanning may hang when images include links to fifo nodes and other invalid file system artifacts.

  • Enables Daemon Set deployment with SELinux policies.

1.7.58

Type

Maintenance release

Release date

19 Jan 2017

SHA256 digest

7c5885768303f2e0ff69fe689bb8b290fa9c40031edf1148c490e15eeed01451

Improvements, fixes, and performance enhancements
  • Fixes a problem in the Jenkins plugin encountered when scanning images with no vulnerabilities. The fix is specific to the Jenkins plugin itself, and all changes are self contained in the twistlock-jenkins-plugin.hpi file; customers already running 1.7.56 do not need to upgrade Console or Defender and can just install the new plugin within Jenkins.

1.7.56

Type

Major release

Release date

16 Jan 2017

SHA256 digest

2dd42cfe74a3ea9188f2b045049716e2a8979aeeb6960a58f55cefca6c064d8c

Major new features
  • Integrated, context sensitive, support content throughout every page in the UI

  • Support for Daemon Set deployment

  • Automated profiling of network ports

  • Support for encryption of environment variables

  • Detection of product vulnerabilities from binary (unpackaged) installation

  • Introduction of granular vulnerability management rules (by severity and specific CVEs)

  • Advanced Runtime Defense features with autonomous learning.

  • Support for Windows images

Improvements, fixes, and performance enhancements
  • Support for running on Google Container-VM image

  • Support for installing Defenders on hosts with >64 character names

  • Improvements to Defender → Console keep alive mechanisms for environments with aggressive egress filtering

  • Improved sorting, filtering, and searching across the UI

  • Support for creating ‘local’ Twistlock users when LDAP integration is enabled

  • Configurable timeout for Console sessions (e.g. ‘logoff after 15 minutes of inactivity’)

  • Statically configurable trust lists for customer provided certificates (e.g. only allow the certificate with thumbprint XYZ to be used by user ABC)

  • Support for Maven style projects with the Jenkins plugin

  • Corrected a problem with Intelligence Stream status indicator when using HTTPS proxy

  • Corrected a problem with LDAPS connectivity and multi-tiered leaf certificates

  • Corrected a problem with some compliance checks on 3rd party packaged Docker Engine

  • Added support for specifying the SAN for standalone kubectl usage

Deprecated
  • Configure tab in UI. Replaced by Settings icon.

  • Integrity groups feature. Replaced by Trusted Images.

Read more about it in our Tech Newsletter: https://cdn.twistlock.com/docs/TechNews/Twistlock_Jan17_1_7.pdf

1.6.81

Type

Maintenance release

Release date

5 Dec 2016

SHA256 digest

0c1b4566f0b3d0544b959d446bcc1653668fb68a2d5e81e0174c6946e46a5145

Improvements, fixes, and performance enhancements
  • Fixes an issue with the logging driver

  • Fixes and issue with image scanning on SELinux enabled hosts.

1.6.79

Type

Maintenance release

Release date

30 Nov 2016

SHA256 digest

e1131c51cb36cbb4001d8793bd28dc9cd6251a60ebd50247fe3ad3dec3fe1d10

Improvements, fixes, and performance enhancements
  • Fixes an issue with SELinux policy.

1.6.78

Type

Maintenance release

Release date

21 Nov 2016

SHA256 digest

6f0ddae3219f23c0afece4693fdc4ad7da999fa59beeb8b67b239133374ae941

Improvements, fixes, and performance enhancements
  • Fixes a problem where Docker connection is corrupted when killing defender.

  • Support for generating defender certificates when hostname is longer than 64 characters.

  • Improvement to network monitoring with image names showing the repository and tag

  • Resolves problem with Twistlock 1.6 installation on Ubuntu 14 with Docker 1.9

  • Adds log-rotation for DB logs and removes verbose logging from mongo container

  • Adds minor string updates to the UI

  • Adds relative file paths to vulnerable packages to image vulnerability details

  • Fixes an issue with high memory usage when using docker socket

1.6.67

Type

Major release

Release date

2 Nov 2016

SHA256 digest

91db0d7f3450b3b6a1093971a2638d21664f7368a0e9e042b4b603efd5196493

Major new features
  • Runtime radar

  • Simple, built in high availability mode

  • Scanning for 0 day vulnerabilities provided by Exodus Intel

  • Risk tree API - given a set of CVEs, show all the images impacted, what hosts they’re on, and what containers they’re running in

  • Trigger scans via web hook notifications

  • Custom vulnerability scanning for PHP and Node packages and arbitrary binaries and scripts by hash

  • Full configuration state preservation during upgrades

Improvements, fixes, and performance enhancements
  • Integrated authentication to your support portal. Click the book icon on the upper right to automatically be logged on to your support site; this is the first step in enabling support deep links throughout our UI

  • Compliance feature support extended to all scored recommendations in the CIS Docker 1.12 Benchmark

  • Support for managing Console and Defender with systemd

  • Smart image scan

  • Improved filtering experience for all tables throughout product

  • More precise detection of Red Hat CVEs even when not published in Red Hat’s official OVAL feed

Deprecated
  • API changes to consistently use plural names, as Docker does. The following list has the deprecated names on the left and the new names on the right:

    • /cert/client-cert.sh → /certs/

    • /audit/x → /audits/

    • /policy/ → /policies/

    • /group → /groups

    • /user → /users

  • Removed /health (duplicative) from API:

    • /health/containers → /containers

    • /health/images → /images

Read more about it in our Tech Newsletter : https://cdn.twistlock.com/docs/TechNews/Twistlock_Nov16_1_6.pdf

1.5.56

Type

Maintenance release

Release date

5 Oct 2016

SHA256 digest

3f67717c3523d9c4acf88a10095087cb72e546750ae4088c8844575342ef2751

Notes

None

Fixes
  • Fixes a problem where the intersystem communication port is not properly remapped when configured in twistlock.cfg

1.5.55

Type

Maintenance release

Release date

3 Oct 2016

SHA256 digest

447c9449c9d28fe031aa8d638d91290541f9cb6143ac1f21c1bedc3f8cd460c8

Notes

None

Fixes
  • minor fixes for Jenkins plugin

1.5.52

Type

Maintenance release

Release date

30 Sep 2016

SHA256 digest

741047889853a0965cabd672a0388a9e736cfcee0684e940e72f822b35df82eb

Notes

None

Fixes
  • fix for Jenkins plugin to correct values calculated for new and fixed vulnerabilities on Red Hat based distros

1.5.48

Type

Maintenance release

Release date

14 Sep 2016

SHA256 digest

e5baf88536365c785a63c4a32a90ba8f147ee123f19a0affbc363f62e21cde5b

Notes

None

Fixes
  • fix for Jenkins plugin to correct NullPointerException due to breaking changes in Jenkins' plug in framework

1.5.47

Type

Maintenance release

Release date

11 Sep 2016

SHA256 digest

13a546c79935a0c4b72e1eaa04fc24b3058f97724c0e2e551df51a6764c2915c

Notes

None

Fixes
  • minor new features for Twistlock Scanner

1.5.46

Type

Maintenance release

Release date

6 Sep 2016

SHA256 digest

e7b03492abff9a90307446f78c4c66e52b1a3c82265b59ea8279f254878e45b5

Notes

None

Fixes
  • resolves problem with upgrade from Twistlock 1.4

  • improvements to scanning performance with very large and deep repositories on GCR

1.5.42

Type

Maintenance release

Release date

30 Aug 2016

SHA256 digest

c53e479c2dc140153c210655d74abcedc49c5625ba21d3b8a8fcfb9411b01934

Notes

None

Fixes
  • resolves problem with CSV download option in some browsers

  • adds additional methods for CVE matching when image layer manifests contain un-initialized creation times

  • corrects problem where Defenders show as disconnected if Console container restarts

  • corrects problem when using Image integrity groups with repos that require authentication

  • corrects problem installing 1.5 Defender on CoreOS

  • Adds minor additional functionality to twistlock-scanner

1.5.39

Type

Major release

Release date

21 Aug 2016

SHA256 digest

ab2d5a50f2cd28c5b3cb086e50d6d5073011bb1e08eae96eadedfa6f8d173738

Notes
  • Major new features:

  • Standalone vulnerability scanner

  • Built in alerting

  • Configurable syscall profiles

  • Expanded Twistlock management roles

  • App specific network intelligence ​* In depth data on specific CVEs directly within Twistlock

Improvements, fixes, and performance enhancements
  • Support for pagination in catalog API across all registry providers

  • Support for catalog API in GCR

  • Support for ‘NOT’ expressions in rule filters; put a minus sign in front of a resource name and the the filter will not apply to that name; for example, if you create a rule and have -foo* in the container resource list, the rule will apply to all containers not named foo*

  • Multiple fixes for ‘local socket’ deployments used to protect nodes in Mesos and Kubernetes clusters

  • Fixes for Jenkins plugin running in a master / slave configuration

  • Fixes for CSV download option

  • Fixes for adding individual LDAP users to admin role

  • Fixes for OpenLDAP authentication when using UIDs to lookup users

  • Configurable build fail thresholds for the Jenkins plugin based on CVSS severity levels (e.g. ‘fail builds if high severity vulnerabilities are found’)

Deprecated

Read more about it in our Tech Newsletter https://cdn.twistlock.com/docs/TechNews/Twistlock_Aug16_1_5.pdf

1.4.56

Type

Maintenance release

Release date

28 Jul 2016

SHA256 digest

dfe335b957eb2ec048cbab9a01fe155a37e4c6505f4bccdf1ac1cf8eb1722817

Notes
  • Improvements to socket support in orchestrated environments using DC/OS or Kubernetes

  • Fix for problem deleting LDAP users from role assignment

1.4.48

Type

Maintenance release

Release date

29 Jun 2016

SHA256 digest

d6965ba75721d78d66ca2411653103913ee5d0c71f3eeb50bccc159b076c2926

Notes
  • Improves CVE detection in images

  • More targeted access control enforcement for DC / OS and Kubernetes

1.4.45

Type

Major release

Release date

15 Jun 2016

SHA256 digest

a37b1fec63f990a329a3eee65f048cee39d92079ee5738eec0cbb441a1d3f497

Notes

None

Major new features
Improvements, fixes, and performance enhancements
  • Support for IE 11 ​* Enhanced support for additional SAML providers, including OpenAM

  • Centralized collection and auditing of Docker events, sshd events, and sudo events from across all your clusters

  • Reorganization of the UI into access, trust (vulnerability management, image integrity, compliance), and runtime areas to simplify navigation

  • Improved pre-installation checks

  • Support for Docker labels in access control rules

  • Multiple fixes for Kubernetes integration

  • Multiple fixes for Kerberos integration

  • Fix for CSV download bug

  • Additional CIS checks added for compliance, including all CIS 1.11 benchmark checks

  • Support for Jenkins 2.x

Upgrade notes

The backend logic for compliance and vulnerability rules has been refactored to significantly improve scalability and to accommodate XCCDF support. Unfortunately, existing rules are not compatible with this new data structure and must be re-created. Specifically, if you have rules that check for specific compliance settings or vulnerabilities, they will be deleted during the upgrade to 1.4 and must be manually re-created. Please make sure to note specific settings in any rules you’ve set up so they can be accurately replaced after the upgrade. If you have many rules and would like assistance automating this process, please open a support case.

Read more about it here in our Tech Newsletter: https://cdn.twistlock.com/docs/TechNews/Twistlock_Jun16_1_4.pd

1.3.73

Type

Maintenance release

Release date

24 Apr 2016

SHA256 digest

421e7170461c9ad0c6d008951fde52f25daa1a9e62f835ca60a4a6a72ab3e3c8

Notes
  • Jenkins and TeamCity plugins move out of the Defender container…​ This enables integration with these CI tools when they’re running inside of containers themselves

  • Fixed Swarm upgrade code path to preserve health after upgrades

  • Added ability to suppress vulnerabilities by canonical name

  • Moved build distribution process to new content distribution network…​ Builds are now provided as a direct link to a single package including all components

1.3.65

Type

Major release

Release date

11 Apr 2016

Notes

None

New features
  • Access Control for Docker Swarm

  • Runtime Defense for system calls

  • Compliance

  • Malware scanning in images

  • SAML integration

  • TeamCity plugin

  • Significant new data visualizations throughout the UI

Improvements, fixes, and performance enhancements
  • Updating the Intelligence Stream in offline environments

  • Configurable user certificate validity periods

  • Certified base images are replaced with Trust; the hardening check for them now validates that images are part of a valid Trust Group

  • Simplified licensing experience at first logon; you now are automatically redirected to the license page before accessing other parts of the UI

  • Tested support for scaling to 300 Defenders : Console

  • Containers with detected runtime anomalies are put into an automatically managed exclusion list (called ‘Blocked containers’) to prevent them from being accidentally restarted

  • ​Enhanced details about CVE sources, including individual last update times per source

Read more about it in our Tech Newsletter: https://cdn.twistlock.com/docs/TechNews/Twistlock_April16_1_3.pdf

1.2.84

Type

Maintenance release

Release date

15 Mar 2016

Notes
  • Fixed problem with timeouts using wget or curl with proxy support enabled

1.2.83

Type

Maintenance release

Release date

10 Mar 2016

Notes
  • Added support for bypassing proxies for specific destinations

  • Increased timeout of registry scan to 30s

1.2.82

Type

Maintenance release

Release date

7 Mar 2016

Notes
  • Added support for authentication in v1 registries

  • Fixed proxy support with support for more comprehensive proxy definition settings

1.2.79

Type

Maintenance release

Release date

23 Feb 2016

Notes
  • Added detection for source packages in Debian and Ubuntu, which in some cases substantially increases the number of vulnerabilities detected per image

  • Added CVSS score to CVE page, use NIST’s NVD CVSS score as the standard score across all areas of the product (in previous releases, some parts of Twistlock would use distro specific CVSS scores, which created inconsistent results)

  • Fixes images/containers ID filtering in health request; the API can again be used to query for the health status of a specific image using the full name (registry/repository:tag) or the image ID; wild cards can also be used

  • Fixes initial timestamp generation when scanning containers (ensures scan timestamp is created before Defender is queried)

1.2.76

Type

Major release

Release date

9 Feb 2016

Notes
  • Trust groups

  • Jenkins plug-in

  • Added: enhanced Kubernetes support, including ability to filter rules based on pod labels

  • Added: runtime defense for file systems, detecting malicious files written by containers

  • Added: ability to import custom threat data, such as malicious file signatures and IP addresses into Twistlock

  • Added: ability to whitelist CVEs; for example, if you’ve determined the threat isn’t applicable to your environment or you’ve implemented an alternative mitigation

  • Added: search CVE database

  • Added: support for scanning registries on AWS EC2 Container Registry and Google Container Registry

Read more about it in our Tech Newsletter: https://cdn.twistlock.com/docs/TechNews/Twistlock_Feb16_1_2.pdf

1.1

Type

Major release

Release date

17 Dec 2015

Read more about it in our Tech Newsletter: https://cdn.twistlock.com/docs/TechNews/Twistlock_Dec15_1_1.pdf

1.0

Type

Major release

Release date

22 Nov 2015