9.1.0+driver

Driver Testing Matrix amd64

KERNEL	CMAKE-CONFIGURE	KMOD BUILD	KMOD SCAP-OPEN	BPF-PROBE BUILD	BPF-PROBE SCAP-OPEN	MODERN-BPF SCAP-OPEN
amazonlinux2-5.10	🟢	🟢	🟢	🟢	🟢	🟢
amazonlinux2-5.15	🟢	🟢	🟢	🟢	🟢	🟢
amazonlinux2-5.4	🟢	🟢	🟢	🟢	🟢	🟡
amazonlinux2022-5.15	🟢	🟢	🟢	🟢	🟢	🟢
amazonlinux2023-6.1	🟢	🟢	🟢	🟢	🟢	🟢
archlinux-6.0	🟢	🟢	🟢	🟢	🟢	🟢
archlinux-6.7	🟢	🟢	🟢	🟢	🟢	🟢
centos-3.10	🟢	🟢	🟢	🟡	🟡	🟡
centos-4.18	🟢	🟢	🟢	🟢	🟢	🟢
centos-5.14	🟢	🟢	🟢	🟢	🟢	🟢
fedora-5.17	🟢	🟢	🟢	🟢	🟢	🟢
fedora-5.8	🟢	🟢	🟢	🟢	🟢	🟢
fedora-6.2	🟢	🟢	🟢	🟢	🟢	🟢
oraclelinux-3.10	🟢	🟢	🟢	🟡	🟡	🟡
oraclelinux-4.14	🟢	🟢	🟢	🟢	🟢	🟡
oraclelinux-5.15	🟢	🟢	🟢	🟢	🟢	🟢
oraclelinux-5.4	🟢	🟢	🟢	🟡	🟡	🟡
ubuntu-5.8	🟢	🟢	🟢	🟢	🟢	🟡
ubuntu-6.5	🟢	🟢	🟢	🟢	🟢	🟢

Driver Testing Matrix arm64

KERNEL	CMAKE-CONFIGURE	KMOD BUILD	KMOD SCAP-OPEN	BPF-PROBE BUILD	BPF-PROBE SCAP-OPEN	MODERN-BPF SCAP-OPEN
amazonlinux2-5.4	🟢	🟢	🟢	🟢	🟢	🟡
amazonlinux2022-5.15	🟢	🟢	🟢	🟢	🟢	🟢
fedora-6.2	🟢	🟢	🟢	🟢	🟢	🟢
oraclelinux-4.14	🟢	🟢	🟢	🟡	🟡	🟡
oraclelinux-5.15	🟢	🟢	🟢	🟡	🟡	🟢
ubuntu-6.5	🟢	🟢	🟢	🟢	🟢	🟢

v9.1.0+driver

Released on 2025-12-23

Breaking Changes ⚠️

• feat!: default to sched_process_exec tracepoint on all architectures [#2726] - @ekoops
• feat(driver)!: bump drivers' minimum required kernel version to 3.10 [#2722] - @ekoops

Bug Fixes

• fix(driver): address UBSAN violation related to Flexible Array Member. [#2760] - @irozzo-1A

Non user-facing changes

• fix(driver/bpf): fix misc issues with legacy ebpf and clang20 [#2728] - @iurly
• feat(driver): add filename parameter to PPME_SYSCALL_EXECVE_19_X [#2735] - @ekoops
• ci(drivers_ci): move drivers build for s390x to dedicated runner [#2725] - @ekoops
• fix: clone CLONE_CHILD_IN_PIDNS not rendered [#2717] - @deepskyblue86
• test(drivers/syscall_exit/execveat_x): fix comm assertion [#2702] - @ekoops

Statistics

MERGED PRS	NUMBER
Not user-facing	5
Release note	3
Total	8

Release Manager @ekoops

0.23.0

v0.23.0

Released on 2025-12-23

Breaking Changes ⚠️

• cleanup(sinsp)!: remove sinsp_threadinfo::get_parent_thread [#2689] - @gnosek
• cleanup(sinsp)!: move get_ancestor_process to the thread_manager [#2689] - @gnosek
• cleanup(sinsp)!: move traverse_parent_state to thread_manager [#2689] - @gnosek
• cleanup(sinsp)!: move remove_child_from_parent to thread_manager [#2689] - @gnosek
• cleanup(sinsp)!: move get_ancestor_field_as_string to thread_manager [#2689] - @gnosek
• cleanup(sinsp)!: remove sinsp_threadinfo->get_container_ip [#2689] - @gnosek
• cleanup(sinsp)!: remove users/groups handling from threadinfo [#2689] - @gnosek
• cleanup(sinsp)!: remove the last use of tinfo->get_container_id [#2689] - @gnosek

Bug Fixes

• fix(libsinsp): expose main thread fd table [#2133] - @mrgian

Non user-facing changes

• fix(userspace/libsinsp): prevent infinite loop in ancillary data pars… [#2764] - @fremmi
• sync: cherry-pick for release/0.23.x [#2766] - @ekoops
• ci(reusable_kernel_tests): bump kernel-testing action and images tag [#2762] - @ekoops
• chore(userspace/libsinsp): remove unused update-cri-proto file [#2753] - @ekoops
• clean(libsinsp): do not abuse std::shared_ptr for creating table entries [#2747] - @irozzo-1A
• ci: add install-cmake composite action [#2751] - @ekoops
• chore(libsinsp): add missing dependencies to sinsp_test_support [#2750] - @irozzo-1A
• ci: install bpftool from released package if available [#2749] - @ekoops
• ci: add install-bpftool composite action [#2748] - @ekoops
• ci: use make through cmake [#2746] - @ekoops
• ci: replace ubuntu-22.04* with ubuntu-24.04* [#2744] - @ekoops
• clean(libsinsp): use the correct union member in extract_key<int64_t> [#2745] - @irozzo-1A
• ci: replace ubuntu-latest with ubuntu-24.04 [#2743] - @ekoops
• chore(libsinsp): add target to build library for sinsp integration tests [#2740] - @irozzo-1A
• ci(perf.yml): use python venv to run gbench result comparison [#2738] - @ekoops
• fix(userspace/libscap/engine/savefile): fix converter debug log lines [#2737] - @ekoops
• ci(reusable_kernel_tests.yaml): switch to new kernel testing framework [#2732] - @ekoops
• chore(sinsp): clean-up syscall latency related code [#2730] - @irozzo-1A
• cleanup(userspace): Fix various Visual C++ warnings [#2729] - @geraldcombs
• fix(userspace/libpman): fix bpf helper probe error handling [#2720] - @ekoops
• userspace: Make Cflags in our .pc files more strict [#2691] - @geraldcombs
• perf(sinsp): sinsp_thread_manager::get_field_accessor [#2705] - @deepskyblue86
• cleanup(userspace): Use 64-bit format constants where needed [#2692] - @geraldcombs
• cleanup(sinsp)!: clarify get_thread_ref vs find_thread [#2694] - @gnosek
• ci(reusable_e2e_tests): install bpftool using released package [#2701] - @ekoops
• chore: add '/kind sync` to PR template [#2700] - @ekoops
• ci(worflows/release-body): fix latest release fetching [#2697] - @ekoops

Statistics

MERGED PRS	NUMBER
Not user-facing	27
Release note	17
Total	44

Release Manager @ekoops

0.23.0-rc2

fix(userspace/libsinsp): prevent infinite loop in ancillary data pars…

9.1.0-rc1+driver

chore(libscap/engine/bpf): improve error logging

Right now if perf_event_mmap() fails, it will buffer some diagnostic
info using scap_errprintf(), spelling out which of the two mmap()
calls failed. However, upon detecting a failure, the calling function
will also call scap_errprintf() and therefore overwrite the previous log
line. This change:

a) adds the actual values passed to mmap() to the log line, so get a bit
more context

b) suppresses the subsequent scap_errprintf() invocation so to surface
the orignal log line instead.

Signed-off-by: Gerlando Falauto <gerlando.falauto@sysdig.com>

0.23.0-rc1

chore(libscap/engine/bpf): improve error logging

Right now if perf_event_mmap() fails, it will buffer some diagnostic
info using scap_errprintf(), spelling out which of the two mmap()
calls failed. However, upon detecting a failure, the calling function
will also call scap_errprintf() and therefore overwrite the previous log
line. This change:

a) adds the actual values passed to mmap() to the log line, so get a bit
more context

b) suppresses the subsequent scap_errprintf() invocation so to surface
the orignal log line instead.

Signed-off-by: Gerlando Falauto <gerlando.falauto@sysdig.com>

0.22.2

v0.22.2

Released on 2025-11-05

Minor Changes

• update: upgrade container plugin to v0.4.1 [#2710] - @leogr

Bug Fixes

• fix(userspace/libsinsp): correct fallback for arg-less proc.* fields [#2704] - @leogr

Statistics

MERGED PRS	NUMBER
Not user-facing	0
Release note	2
Total	2

Release Manager @leogr

0.22.1

v0.22.1

Released on 2025-10-20

Bug Fixes

• fix: avoid libc incompatibilities by removing RTLD_DEEPBIND when loading plugins [#2698] - @leogr

Statistics

MERGED PRS	NUMBER
Not user-facing	0
Release note	1
Total	1

Release Manager @ekoops

9.0.0+driver

Driver Testing Matrix amd64

KERNEL	CMAKE-CONFIGURE	KMOD BUILD	KMOD SCAP-OPEN	BPF-PROBE BUILD	BPF-PROBE SCAP-OPEN	MODERN-BPF SCAP-OPEN
amazonlinux2-4.19	🟢	🟢	🟢	🟢	🟢	🟡
amazonlinux2-5.10	🟢	🟢	🟢	🟢	🟢	🟢
amazonlinux2-5.15	🟢	🟢	🟢	🟢	🟢	🟢
amazonlinux2-5.4	🟢	🟢	🟢	🟢	🟢	🟡
amazonlinux2022-5.15	🟢	🟢	🟢	🟢	🟢	🟢
amazonlinux2023-6.1	🟢	🟢	🟢	🟢	🟢	🟢
archlinux-6.0	🟢	🟢	🟢	🟢	🟢	🟢
archlinux-6.7	🟢	🟢	🟢	🟢	🟢	🟢
centos-3.10	🟢	🟢	🟢	🟡	🟡	🟡
centos-4.18	🟢	🟢	🟢	🟢	🟢	🟢
centos-5.14	🟢	🟢	🟢	🟢	🟢	🟢
fedora-5.17	🟢	🟢	🟢	🟢	🟢	🟢
fedora-5.8	🟢	🟢	🟢	🟢	🟢	🟢
fedora-6.2	🟢	🟢	🟢	🟢	🟢	🟢
oraclelinux-3.10	🟢	🟢	🟢	🟡	🟡	🟡
oraclelinux-4.14	🟢	🟢	🟢	🟢	🟢	🟡
oraclelinux-5.15	🟢	🟢	🟢	🟢	🟢	🟢
oraclelinux-5.4	🟢	🟢	🟢	🟢	🟢	🟡
ubuntu-4.15	🟢	🟢	🟢	🟢	🟢	🟡
ubuntu-5.8	🟢	🟢	🟢	🟢	🟢	🟡
ubuntu-6.5	🟢	🟢	🟢	🟢	🟢	🟢

Driver Testing Matrix arm64

KERNEL	CMAKE-CONFIGURE	KMOD BUILD	KMOD SCAP-OPEN	BPF-PROBE BUILD	BPF-PROBE SCAP-OPEN	MODERN-BPF SCAP-OPEN
amazonlinux2-5.4	🟢	🟢	🟢	🟢	🟢	🟡
amazonlinux2022-5.15	🟢	🟢	🟢	🟢	🟢	🟢
fedora-6.2	🟢	🟢	🟢	🟢	🟢	🟢
oraclelinux-4.14	🟢	🟢	🟢	🟡	🟡	🟡
oraclelinux-5.15	🟢	🟢	🟢	🟢	🟢	🟢
ubuntu-6.5	🟢	🟢	🟢	🟢	🟢	🟢

v9.0.0+driver

Released on 2025-10-16

Breaking Changes ⚠️

• feat(driver/modern_bpf)!: remove forgotten pwrite64_e prog [#2626] - @ekoops
• feat!: add PPME_SYSCALL_CLOSE_E fd param to PPME_SYSCALL_CLOSE_X [#2475] - @ekoops
• feat!: drop rename{,at,at2} enter evts gen, testing and parsing code [#2599] - @ekoops
• feat!: drop splice enter events gen, testing and parsing code [#2599] - @ekoops
• feat!: drop munmap enter events gen, testing and parsing code [#2599] - @ekoops
• feat!: drop mmap/mmap2 enter events gen, testing and parsing code [#2599] - @ekoops
• feat!: drop fcntl enter events gen, testing and parsing code [#2599] - @ekoops
• feat!: drop symlink{,at} enter events gen, testing and parsing code [#2599] - @ekoops
• feat!: drop setuid enter events gen, testing and parsing code [#2594] - @terror96
• feat!: drop ptrace enter events gen, testing and parsing code [#2594] - @terror96
• feat!: drop mkdir enter events gen, testing and parsing code [#2594] - @terror96
• feat!: drop mkdirat enter events gen, testing and parsing code [#2594] - @terror96
• feat!: drop fchdir enter events gen, testing and parsing code [#2594] - @terror96
• feat!: drop llseek enter events gen, testing and parsing code [#2591] - @ekoops
• feat!: drop lseek enter events gen, testing and parsing code [#2591] - @ekoops
• feat!: drop select enter events gen, testing and parsing code [#2591] - @ekoops
• feat!: drop poll enter events gen, testing and parsing code [#2591] - @ekoops
• feat!: drop epoll_wait enter events gen, testing and parsing code [#2591] - @ekoops
• feat!: drop fstat64 enter events gen, testing and parsing code [#2591] - @ekoops
• feat!: drop lstat64 enter events gen, testing and parsing code [#2591] - @ekoops
• feat!: drop stat64 enter events gen, testing and parsing code [#2591] - @ekoops
• feat!: drop fstat enter events gen, testing and parsing code [#2591] - @ekoops
• feat!: drop lstat enter events gen, testing and parsing code [#2590] - @ekoops
• feat!: drop stat enter events gen, testing and parsing code [#2590] - @ekoops
• feat!: drop futex enter events gen, testing and parsing code [[#2590](https:...

0.22.0

v0.22.0

Released on 2025-10-17

Breaking Changes ⚠️

• chore!: drop remaining evt.dir refs in default output fmt and tests [#2681] - @ekoops
• feat(userspace/libsinsp)!: drop custom connect enter events handling [#2677] - @ekoops
• feat(userspace/libsinsp/parsers)!: drop redundant connect_x code [#2673] - @ekoops
• feat!: mark {MESOS,TRACER,K8S}_E as old and TRACER_X` as unused [#2669] - @ekoops
• feat(userspace/libsinsp)!: filter out syscall enter events [#2667] - @ekoops
• fix(userspace/libsinsp)!: make filtered evts handling consistent [#2666] - @ekoops
• feat!: make PPME_SOCKET_{SEND,RECV}MMSG_X "scap converter"-managed [#2665] - @ekoops
• feat!: drop unused events in scap converter [#2661] - @ekoops
• feat(userspace/libsinsp)!: filter out PPME_SYSCALL_OPEN_E events [#2662] - @ekoops
• feat!: stabilize EF_TMP_CONVERTER_MANAGED as EF_CONVERTER_MANAGED [#2659] - @ekoops
• feat(userspace/libsinsp)!: drop unused parser's reset verdict param [#2658] - @ekoops
• feat!: prevent event propagation to upper layers for C_ACTION_STORE [#2657] - @ekoops
• feat!: merge CONVERSION_{COMPLETED,SKIP} into `CONVERSION_PASS [#2657] - @ekoops
• feat!: let the scap converter drop some uneeded old enter events [#2657] - @ekoops
• feat!: don't reserve any byte for empty parameters values [#2655] - @ekoops
• feat!: drop scap files' enter events not eligible for scap conversion [#2653] - @ekoops
• feat!: make PPME_SYSCALL_EXECVE{AT,_19}_E "scap converter"-managed [#2650] - @ekoops
• feat!: make PPME_SYSCALL_OPENAT_2_{E,X} "scap converter"-manage [#2649] - @ekoops
• feat!: make PPME_SYSCALL_OPENAT2_{E,X} "scap converter"-managed [#2649] - @ekoops
• feat!: make PPME_SYSCALL_CREAT_{E,X} "scap converter"-managed [#2649] - @ekoops
• feat!: make PPME_SYSCALL_OPEN_{E,X} "scap converter"-managed [#2649] - @ekoops
• feat(driver)!: add EF_OLD_VERSION to majority of enter events [#2645] - @ekoops
• feat!: make PPME_CONTAINER_{E,X} "scap converter"-managed [#2644] - @ekoops
• feat!: make PPME_CONTAINER_JSON_{E,X} "scap converter"-managed [#2642] - @ekoops
• feat!: make SCHEDSWITCH_1_{E,X} "scap converter"-managed [#2641] - @ekoops
• feat!: make PPME_SYSCALL_PROCEXIT_{E,X} "scap converter"-managed [#2641] - @ekoops
• feat!: make PPME_SYSCALL_NEWSELECT_{E,X} "scap converter"-managed [#2641] - @ekoops
• feat!: make PPME_SYSCALL_OPENAT_{E,X} "scap converter"-managed [#2641] - @ekoops
• feat!: make PPME_SYSCALL_BPF_{E,X} "scap converter"-managed [#2641] - @ekoops
• feat!: make PPME_SYSCALL_UMOUNT_{E,X} "scap converter"-managed [#2641] - @ekoops
• feat!: make PPME_SYSCALL_DUP_{E,X} "scap converter"-managed [#2641] - @ekoops
• feat!: make PPME_SYSCALL_IOCTL_2_{E,X} "scap converter"-managed [#2641] - @ekoops
• feat!: make PPME_SYSCALL_BRK_1_{E,X} "scap converter"-managed [#2641] - @ekoops
• feat(userspace/libsinsp)!: drop deprecated mesos-related filterchecks [#2632] - @ekoops
• feat!: drop deprecated evtin.* and tracer.* filterchecks support [#2621] - @ekoops
• feat!: drop brk enter events gen, testing and parsing code [#2589] - @ekoops
• feat(userspace/libsinsp)!: defer sinsp evt params null-encoding logic [#2558] - @ekoops
• feat(userspace/libsinsp)!: remove sinsp::get_thread_ref() [#2402] - @ekoops
• feat(userspace/libsinsp)!: make sinsp_parser::reset() const [#2403] - @ekoops
• feat(userspace/libsinsp)!: make some sinsp_parser methods const [#2403] - @ekoops

Major Changes

• feat(sinsp): add plugin required schema version check [#2660] - @irozzo-1A
• feat(libsinsp): implement timed reset for proc lookup counters [#2483] - @deepskyblue86
• new(userspace/libsinsp): add a sinsp_filtercheck_static class. [#2405] - @FedeDP

Minor Changes

• feat!(userspace/libsinsp): remove unused sinsp ptr in tinfo factory [#2525] - @ekoops
• build: upgrade container plugin to v0.4.0 [#2693] - @leogr
• update: evt.dir is now deprecated [#2651] - @leogr
• cleanup(userspace/libsinsp): drop sinsp_parser::m_tmp_events_buffer. [#2570] - @FedeDP
• update: upgrade container plugin to v0.2.6 [#2471] - @leogr
• update(cmake): update tbb to v2022.1.0. [#2452] - @FedeDP
• chore(build): update container plugin to 0.2.4 [#2416] - @LucaGuerra

Bug Fixes

• fix(userspace/libsinsp): fix extraction of the directory value [#2647] - @terror96
• fix: check that get_fields function returnes at least one field in plugins with extraction capabilities [#2672] - @irozzo-1A
• fix(userspace/libsinsp): avoid thread table mem leak when parsing vfork (or equivalent clone/clone3 with CLONE_VFORK) exit from caller process [#2640] - @leogr
• fix(cmake): Properly quote zlib CFLAGs [#2577] - @bleggett

Non user-facing changes

• update(event_processor)!: new build_threadinfo API [#2499] - @deepskyblue86
• chore(deps): Bump actions/upload-pages-artifact from 3.0.1 to 4.0.0 [#2583] - @dependabot[bot]
• chore(deps): Bump actions/checkout from 4.3.0 to 5.0.0 [#2582] - @dependabot[bot]
• fix: fix event's fdinfo setting for some event types [#2688] - @ekoops
• fix...

0.22.0-rc2

fix(userspace/libsinsp): avoid setting evt fdinfo in fch* parsers

Setting the event's fdinfo by leveraging the event's fd parameter is
already done in `sinsp_parser::reset()` and can be avoided the
`fchmod/fchown` exit event parsers. This means completely remove this
parsers.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>