10.0.0+driver

Driver Testing Matrix amd64

KERNEL	CMAKE-CONFIGURE	KMOD BUILD	KMOD SCAP-OPEN	MODERN-BPF SCAP-OPEN
amazonlinux2-5.10	🟢	🟢	🟢	🟢
amazonlinux2-5.15	🟢	🟢	🟢	🟢
amazonlinux2-5.4	🟢	🟢	🟢	🟡
amazonlinux2022-5.15	🟢	🟢	🟢	🟢
amazonlinux2023-6.1	🟢	🟢	🟢	🟢
archlinux-6.0	🟢	🟢	🟢	🟢
archlinux-6.7	🟢	🟢	🟢	🟢
centos-3.10	🟢	🟢	🟢	🟡
centos-4.18	🟢	🟢	🟢	🟢
centos-5.14	🟢	🟢	🟢	🟢
fedora-5.17	🟢	🟢	🟢	🟢
fedora-5.8	🟢	🟢	🟢	🟢
fedora-6.2	🟢	🟢	🟢	🟢
oraclelinux-3.10	🟢	🟢	🟢	🟡
oraclelinux-4.14	🟢	🟢	🟢	🟡
oraclelinux-5.15	🟢	🟢	🟢	🟢
oraclelinux-5.4	🟢	🟢	🟢	🟡
ubuntu-5.8	🟢	🟢	🟢	🟡
ubuntu-6.5	🟢	🟢	🟢	🟢

Driver Testing Matrix arm64

KERNEL	CMAKE-CONFIGURE	KMOD BUILD	KMOD SCAP-OPEN	MODERN-BPF SCAP-OPEN
amazonlinux2-5.4	🟢	🟢	🟢	🟡
amazonlinux2022-5.15	🟢	🟢	🟢	🟢
fedora-6.2	🟢	🟢	🟢	🟢
oraclelinux-4.14	🟢	🟢	🟢	🟡
oraclelinux-5.15	🟢	🟢	🟢	🟢
ubuntu-6.5	🟢	🟢	🟢	🟢

v10.0.0+driver

Released on 2026-04-20

Breaking Changes ⚠️

• chore!: drop legacy eBPF probe support (c5ea0da) [#2960] - @ekoops

Non user-facing changes

• fix(driver): compile support for s390 compat support conditionally [#2961] - @ekoops
• chore(driver/modern_bpf): add v7.0 to bpf validator config [#2908] - @ekoops
• feat: add support for 32-bits encoded fds/pids [#2883] - @ekoops
• fix(driver/modern_bpf): fix events submission and accounting [#2925] - @ekoops
• chore: bump schema version to 4.3.0 and API version to 9.1.0 [#2922] - @ekoops
• docs(driver/modern_bpf/programs/attached/iterators): add README.md [#2910] - @ekoops
• feat(driver/modern_bpf): add support for synchronously fetching files [#2903] - @ekoops
• feat(driver/modern_bpf): add support for synchronously fetching tasks [#2902] - @ekoops
• chore(driver/modern_bpf): add sleepable helpers for task-related paths [#2901] - @ekoops
• chore(driver/modern_bpf): add some new helpers for BPF iterators [#2894] - @ekoops
• update(driver): update syscalls tables and driver report. [#2770] - @github-actions[bot]

Statistics

MERGED PRS	NUMBER
Not user-facing	11
Release note	1
Total	12

Release Manager @ekoops

10.0.0-rc2+driver

fix(driver): compile support for s390 compat support conditionally

Commit https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8e0b986c59c67e08ada646249f834655a9e6da16
removed 31-bit code support for s390 and any related macro, so compile
out from kmod the check involving the usage of the dropped
`_TIF_31BIT` macro if this is not available on the kernel against
which we compile.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

0.24.0

v0.24.0

Released on 2026-04-20

Breaking Changes ⚠️

• fix(libsinsp)!: now sinsp_dumper::written_events() return type is uint64_t to match the documented behavior [#2904] - @leogr
• chore!: scap_linux_proc_get(), scap_proc_get() and .get_proc() callbacks don't return a pointer to the threadinfo anymore [#2863] - @ekoops
• chore!: sinsp_thread_manager and sinsp_thread_manager_factory constructors changed [#2863] - @ekoops
• chore!: flip sinsp_thread_manager::add_thread() second argument meaning [#2858] - @ekoops
• chore!: drop gVisor engine [#2832] - @ekoops
• chore!: drop legacy BPF probe [#2829] - @ekoops
• chore!: sync with latest kernel-testing action [#2824] - @ekoops
• chore(userspace/libsinsp)!: pass targetbuf_size as size_t [#2771] - @ekoops

Major Changes

• feat(libsinsp): add sinsp_filter_factory::filter_fieldclass_info::as_json() [#2837] - @legobrick

Minor Changes

• chore: scap_print_event and scap_print_info are now declared in scap_print.h [#2871] - @ekoops
• feat!(userspace/libsinsp/parsers): make process_event() const [#2773] - @ekoops
• feat!(userspace/libsinsp/parsers): make event_cleanup() static [#2773] - @ekoops

Bug Fixes

• fix: prevent integer overflow in thread memory calculations (VMSIZE, VMRSS) [#2930] - @Debasish-87
• fix: respect CMake cross-compilation settings in bundled dependency and modern_bpf builds, and add amd64-to-arm64 Linux cross-build CI coverage [#2895] - @MatthewClarkMay
• fix(userspace/libscap/linux): fix file descriptor leak in scap_linux_get_threadlist by ensuring taskdir_p is closed in the error path [#2926] - @Debasish-87
• fix(driver/modern_bpf): fix verifier issue on kernel 6.19+ [#2893] - @irozzo-1A
• fix(userspace/libsinsp): fall back to /proc/self/root when /proc/1/root is inaccessible [#2891] - @leogr
• fix(userspace/libsinsp): skip NSS lookup for unresolved UID/GID to prevent segfault with third-party NSS modules [#2881] - @leogr
• fix: now arg-less proc.a* fields return values from ancestor lineage as space-separated list when used by output formatters [#2877] - @leogr
• fix(userspace/libsinsp): prevent thread table memory leak from non-vfork out-of-order clone events on busy multi-CPU systems [#2854] - @sunilhonest
• fix(userspace/libscap): prevent out-of-bounds reads in scap_event_getinfo(), scap_event_has_large_payload(), scap_event_decode_params(), and get_param_len_size() and validate parameter data bounds in scap_event_decode_params() [#2865] - @leogr

Non user-facing changes

• ci(latest-kernel): quote kernel release [#2955] - @ekoops
• fix(libsinsp): store an actual std::string in dynamic_struct [#2957] - @gnosek
• ci(latest-kernel): fix YAML output formatting for kernel version [#2956] - @ekoops
• perf(libsinsp): sinsp_table_owner optimizations [#2951] - @gnosek
• fix(userspace/libpman): avoid closing fds returned by bpf_{program,map}__fd() [#2945] - @ekoops
• fix(driver): replace usage of pgprot_val() as lvalue [#2943] - @ekoops
• fix(userspace/libpman): avoid closing map fds in pman_get_metrics_v2() [#2942] - @ekoops
• fix: honor BPF_ITERATOR_SUPPORT and ensure BPF iterator global state is cleaned [#2941] - @ekoops
• cleanup(libsinsp): optimize dynamic_table storage [#2923] - @gnosek
• perf(userspace/libscap/linux): rewrite scap_fd_handle_regular_file [#2928] - @ekoops
• fix(driver/ppm_param_helpers): use static inline to fix C linkage [#2927] - @irozzo-1A
• fix(driver/ppm_param_helpers): include boolean type definitions [#2924] - @ekoops
• fix(userspace/libpman): fix libbpf APIs return value handling [#2921] - @ekoops
• chore(userspace/libsinsp/examples): improve logging and add --fetch-silently option [#2913] - @ekoops
• cleanup(libsinsp): make table accessors non-generic [#2905] - @gnosek
• test(userspace/libsinsp/examples): add fetch APIs test options [#2912] - @ekoops
• test(libsinsp_e2e): add file checks in process_scap_proc_get [#2911] - @ekoops
• feat: add support for kernel iterator metrics [#2909] - @ekoops
• feat(userspace/libpman): add support for synchronously fetching files [#2907] - @ekoops
• feat(userspace/libpman): add support for synchronously fetching tasks [#2906] - @ekoops
• cleanup(libsinsp): untangle table/entry class hierarchy [#2848] - @gnosek
• chore(driver): add preliminary support for BPF iterator evts building [#2896] - @ekoops
• chore(userspace): disable auto-loading for unsup BPF iterator progs [#2892] - @ekoops
• chore(userspace/libpman): add support probing for BPF iterators [#2890] - @ekoops
• chore: add feature flag and debugging support for BPF iterators [#2889] - @ekoops
• chore(driver): add additional support for PT_{PORT,IPV4ADDR,IPV6ADDR} [#2888] - @ekoops
• feat(userspace): add fetch APIs to libpman and wire it with linux platform [#2886] - @ekoops
• chore(driver/modern_bpf): introduce dedicated helper to extract ppid [#2885] - @ekoops
• fix(libscap/savefile): add proc table refresh callbacks to scap_read_init [#2884] - @irozzo-1A
• chore(driver/modern_bpf): add auxmap__store_{task_exe,}_file_path() [#2882] - @ekoops
• feat(userspace/libscap): add fetch_* APIs in linux vtable [#2874] - @ekoops
• fix(.github): use pulls.list API for fork PR validation in workflow_run comments [#2880] - @leogr
• chore(userspace/libscap): pass tid as param while gathering files [#2873] - @ekoops
• fix(userspace/plugin): add missing free operations [[#2872](https://github.com/falcosecurity/libs/pull/...

10.0.0-rc1+driver

chore(driver/modern_bpf): increase number of bpfvalidator parallel VMs

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

0.24.0-rc1

chore(driver/modern_bpf): increase number of bpfvalidator parallel VMs

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

0.23.2

v0.23.2

Released on 2026-04-08

Bug Fixes

• fix(libsinsp): add FTR_STORAGE transformer for plugin fields in unary check expressions to prevent stale extract cache data [#2935] - @max-frank

Non user-facing changes

• fix(modern_bpf): skip syscall -1 [#2938] - @gnosek

Statistics

MERGED PRS	NUMBER
Not user-facing	1
Release note	1
Total	2

Release Manager @ekoops

0.23.1

v0.23.1

Released on 2026-01-14

Non user-facing changes

• ci(release-body.yml): use correct ekoops/actions-github-release commit [#2781] - @ekoops
• chore(cmake): bump the container plugin version to 0.6.0 [#2780] - @irozzo-1A
• fix(libsinsp): arg index default value = -1 [#2774] - @therealbobo
• fix(userspace/libsinsp/parsers): guard against invalid cmsg_len values [#2768] - @ekoops

Statistics

MERGED PRS	NUMBER
Not user-facing	4
Release note	0
Total	4

Release Manager @ekoops

9.1.0+driver

Driver Testing Matrix amd64

KERNEL	CMAKE-CONFIGURE	KMOD BUILD	KMOD SCAP-OPEN	BPF-PROBE BUILD	BPF-PROBE SCAP-OPEN	MODERN-BPF SCAP-OPEN
amazonlinux2-5.10	🟢	🟢	🟢	🟢	🟢	🟢
amazonlinux2-5.15	🟢	🟢	🟢	🟢	🟢	🟢
amazonlinux2-5.4	🟢	🟢	🟢	🟢	🟢	🟡
amazonlinux2022-5.15	🟢	🟢	🟢	🟢	🟢	🟢
amazonlinux2023-6.1	🟢	🟢	🟢	🟢	🟢	🟢
archlinux-6.0	🟢	🟢	🟢	🟢	🟢	🟢
archlinux-6.7	🟢	🟢	🟢	🟢	🟢	🟢
centos-3.10	🟢	🟢	🟢	🟡	🟡	🟡
centos-4.18	🟢	🟢	🟢	🟢	🟢	🟢
centos-5.14	🟢	🟢	🟢	🟢	🟢	🟢
fedora-5.17	🟢	🟢	🟢	🟢	🟢	🟢
fedora-5.8	🟢	🟢	🟢	🟢	🟢	🟢
fedora-6.2	🟢	🟢	🟢	🟢	🟢	🟢
oraclelinux-3.10	🟢	🟢	🟢	🟡	🟡	🟡
oraclelinux-4.14	🟢	🟢	🟢	🟢	🟢	🟡
oraclelinux-5.15	🟢	🟢	🟢	🟢	🟢	🟢
oraclelinux-5.4	🟢	🟢	🟢	🟡	🟡	🟡
ubuntu-5.8	🟢	🟢	🟢	🟢	🟢	🟡
ubuntu-6.5	🟢	🟢	🟢	🟢	🟢	🟢

Driver Testing Matrix arm64

KERNEL	CMAKE-CONFIGURE	KMOD BUILD	KMOD SCAP-OPEN	BPF-PROBE BUILD	BPF-PROBE SCAP-OPEN	MODERN-BPF SCAP-OPEN
amazonlinux2-5.4	🟢	🟢	🟢	🟢	🟢	🟡
amazonlinux2022-5.15	🟢	🟢	🟢	🟢	🟢	🟢
fedora-6.2	🟢	🟢	🟢	🟢	🟢	🟢
oraclelinux-4.14	🟢	🟢	🟢	🟡	🟡	🟡
oraclelinux-5.15	🟢	🟢	🟢	🟡	🟡	🟢
ubuntu-6.5	🟢	🟢	🟢	🟢	🟢	🟢

v9.1.0+driver

Released on 2025-12-23

Breaking Changes ⚠️

• feat!: default to sched_process_exec tracepoint on all architectures [#2726] - @ekoops
• feat(driver)!: bump drivers' minimum required kernel version to 3.10 [#2722] - @ekoops

Bug Fixes

• fix(driver): address UBSAN violation related to Flexible Array Member. [#2760] - @irozzo-1A

Non user-facing changes

• fix(driver/bpf): fix misc issues with legacy ebpf and clang20 [#2728] - @iurly
• feat(driver): add filename parameter to PPME_SYSCALL_EXECVE_19_X [#2735] - @ekoops
• ci(drivers_ci): move drivers build for s390x to dedicated runner [#2725] - @ekoops
• fix: clone CLONE_CHILD_IN_PIDNS not rendered [#2717] - @deepskyblue86
• test(drivers/syscall_exit/execveat_x): fix comm assertion [#2702] - @ekoops

Statistics

MERGED PRS	NUMBER
Not user-facing	5
Release note	3
Total	8

Release Manager @ekoops

0.23.0

v0.23.0

Released on 2025-12-23

Breaking Changes ⚠️

• cleanup(sinsp)!: remove sinsp_threadinfo::get_parent_thread [#2689] - @gnosek
• cleanup(sinsp)!: move get_ancestor_process to the thread_manager [#2689] - @gnosek
• cleanup(sinsp)!: move traverse_parent_state to thread_manager [#2689] - @gnosek
• cleanup(sinsp)!: move remove_child_from_parent to thread_manager [#2689] - @gnosek
• cleanup(sinsp)!: move get_ancestor_field_as_string to thread_manager [#2689] - @gnosek
• cleanup(sinsp)!: remove sinsp_threadinfo->get_container_ip [#2689] - @gnosek
• cleanup(sinsp)!: remove users/groups handling from threadinfo [#2689] - @gnosek
• cleanup(sinsp)!: remove the last use of tinfo->get_container_id [#2689] - @gnosek

Bug Fixes

• fix(libsinsp): expose main thread fd table [#2133] - @mrgian

Non user-facing changes

• fix(userspace/libsinsp): prevent infinite loop in ancillary data pars… [#2764] - @fremmi
• sync: cherry-pick for release/0.23.x [#2766] - @ekoops
• ci(reusable_kernel_tests): bump kernel-testing action and images tag [#2762] - @ekoops
• chore(userspace/libsinsp): remove unused update-cri-proto file [#2753] - @ekoops
• clean(libsinsp): do not abuse std::shared_ptr for creating table entries [#2747] - @irozzo-1A
• ci: add install-cmake composite action [#2751] - @ekoops
• chore(libsinsp): add missing dependencies to sinsp_test_support [#2750] - @irozzo-1A
• ci: install bpftool from released package if available [#2749] - @ekoops
• ci: add install-bpftool composite action [#2748] - @ekoops
• ci: use make through cmake [#2746] - @ekoops
• ci: replace ubuntu-22.04* with ubuntu-24.04* [#2744] - @ekoops
• clean(libsinsp): use the correct union member in extract_key<int64_t> [#2745] - @irozzo-1A
• ci: replace ubuntu-latest with ubuntu-24.04 [#2743] - @ekoops
• chore(libsinsp): add target to build library for sinsp integration tests [#2740] - @irozzo-1A
• ci(perf.yml): use python venv to run gbench result comparison [#2738] - @ekoops
• fix(userspace/libscap/engine/savefile): fix converter debug log lines [#2737] - @ekoops
• ci(reusable_kernel_tests.yaml): switch to new kernel testing framework [#2732] - @ekoops
• chore(sinsp): clean-up syscall latency related code [#2730] - @irozzo-1A
• cleanup(userspace): Fix various Visual C++ warnings [#2729] - @geraldcombs
• fix(userspace/libpman): fix bpf helper probe error handling [#2720] - @ekoops
• userspace: Make Cflags in our .pc files more strict [#2691] - @geraldcombs
• perf(sinsp): sinsp_thread_manager::get_field_accessor [#2705] - @deepskyblue86
• cleanup(userspace): Use 64-bit format constants where needed [#2692] - @geraldcombs
• cleanup(sinsp)!: clarify get_thread_ref vs find_thread [#2694] - @gnosek
• ci(reusable_e2e_tests): install bpftool using released package [#2701] - @ekoops
• chore: add '/kind sync` to PR template [#2700] - @ekoops
• ci(worflows/release-body): fix latest release fetching [#2697] - @ekoops

Statistics

MERGED PRS	NUMBER
Not user-facing	27
Release note	17
Total	44

Release Manager @ekoops

0.23.0-rc2

fix(userspace/libsinsp): prevent infinite loop in ancillary data pars…