Tetragon - Browse /v1.7.0 at SourceForge.net

The interactive file manager requires Javascript. Please enable it or use sftp or scp.
You may still browse the files here.

Name	Modified	Size	InfoDownloads / Week
Parent folder
tetra-darwin-amd64.tar.gz	2026-04-29	29 Bytes	0
tetra-darwin-amd64.tar.gz.sha256sum	2026-04-29	100 Bytes	0
tetra-darwin-arm64.tar.gz	2026-04-29	29 Bytes	0
tetra-darwin-arm64.tar.gz.sha256sum	2026-04-29	100 Bytes	0
tetra-linux-amd64.tar.gz	2026-04-29	16.8 MB	0
tetra-linux-amd64.tar.gz.sha256sum	2026-04-29	99 Bytes	0
tetra-linux-arm64.tar.gz	2026-04-29	14.7 MB	0
tetra-linux-arm64.tar.gz.sha256sum	2026-04-29	99 Bytes	0
tetra-windows-amd64.tar.gz	2026-04-29	14.7 MB	0
tetra-windows-amd64.tar.gz.sha256sum	2026-04-29	101 Bytes	0
tetra-windows-arm64.tar.gz	2026-04-29	12.7 MB	0
tetra-windows-arm64.tar.gz.sha256sum	2026-04-29	101 Bytes	0
tetragon-v1.7.0-amd64.tar.gz	2026-04-29	80.6 MB	0
tetragon-v1.7.0-amd64.tar.gz.sha256sum	2026-04-29	95 Bytes	0
tetragon-v1.7.0-arm64.tar.gz	2026-04-29	75.8 MB	0
tetragon-v1.7.0-arm64.tar.gz.sha256sum	2026-04-29	95 Bytes	0
README.md	2026-04-29	32.9 kB	0
v1.7.0 source code.tar.gz	2026-04-29	34.6 MB	1
v1.7.0 source code.zip	2026-04-29	47.2 MB	0
Totals: 19 Items		297.1 MB	1

total: 738 commits, prs: 253 pr commits: 738

Upgrade notes

Read the upgrade notes carefully before upgrading Tetragon. Depending on your setup, changes listed here might require a manual intervention. See the Stack Traces documentation for stack trace migration.

Helm Values

Change the default server-address of the agent to from localhost:54321 to /var/run/tetragon/tetragon.sock. This socket is also available for root users under the same path on the node. Update this address in all third-party programs that connect to the agent.

Events (protobuf API)

The legacy stacktrace-tree API has been removed: GetStackTraceTree gRPC, tetra stacktrace-tree CLI command, and related types (GetStackTraceTreeRequest, GetStackTraceTreeResponse, stack.proto). Use TracingPolicy with kernelStackTrace and userStackTrace in the Post action to get stack traces in ProcessKprobe events. See the Stack Traces documentation and examples/tracingpolicy/stack_traces.yaml.
The already-deprecated EnableTracingPolicy and DisableTracingPolicy gRPC methods have been actually enforced to return an error when used. For now, enable-deprecated-tracingpolicy-grpc option has been introduced to restore the old behavior. The next release will remove the deprecated methods.

Metrics

Kprobe and uprobe merge metrics have been consolidated. The following metrics were removed:
tetragon_generic_kprobe_merge_errors_total
tetragon_generic_kprobe_merge_ok_total They are replaced by tetragon_generic_kprobe_merge_total which includes a status label with values ok or error. The new metric also includes labels curr_type, prev_type (either enter or exit), curr_fn, and prev_fn.

Changes

Major changes

tetragon: Add support to retrieve environment variables (https://github.com/cilium/tetragon/pull/4184) by @olsajiri
tracingpolicy: add matchParentBinaries selector (https://github.com/cilium/tetragon/pull/4254) by @kobrineli
celbpf: evaluate CEL expressions in bpf (https://github.com/cilium/tetragon/pull/4504) by @kkourt
tetragon: Add fentry sensor (https://github.com/cilium/tetragon/pull/4039) by @olsajiri
Add support for spec.hostSelector (https://github.com/cilium/tetragon/pull/4814) by @tpapagian

Bugfixes

Fix memory leaks in process and event caches (https://github.com/cilium/tetragon/pull/4255) by @mtardy
feat: allow LSM funcs to be overridden on SLE (https://github.com/cilium/tetragon/pull/4158) by @holyspectral
helm: Handle tetragon.enabled value properly (https://github.com/cilium/tetragon/pull/4285) by @michi-covalent
bug: Avoid overwritten slogLeveler (https://github.com/cilium/tetragon/pull/4287) by @sayboras
Fix LSM sensor failing to load with --enable-cgidmap due to tg_cgtracker_map size mismatch (https://github.com/cilium/tetragon/pull/4391) by @ariosmon
fix(pkg/sensors): fixed ret{k,u}probe_calls map builder invocation. (https://github.com/cilium/tetragon/pull/4397) by @FedeDP
elf: handle spaces found in arm64 stapsdt (https://github.com/cilium/tetragon/pull/4426) by @andrewstrohman
fix(pkg/sensors): fixed {k,u}retprobe args merge helper. (https://github.com/cilium/tetragon/pull/4494) by @FedeDP
uprobe: add support for monitor mode and stats (https://github.com/cilium/tetragon/pull/4662) by @kkourt
fix(grpc/exec): fix RefDec in exit's eventcache path (https://github.com/cilium/tetragon/pull/4593) by @dwindsor
logger: do not ignore time-stamped formats (https://github.com/cilium/tetragon/pull/4667) by @kkourt
fix(pkg/sensors): skip nested ptr detection for indexed array access. (https://github.com/cilium/tetragon/pull/4519) by @FedeDP
add set action stats (https://github.com/cilium/tetragon/pull/4762) by @kkourt
helm: fix rthooks container resources not being applied (https://github.com/cilium/tetragon/pull/4766) by @PhilipSchmid
tetragon: policies can now be loaded even if kptr_restrict is equal to 2 (https://github.com/cilium/tetragon/pull/4765) by @FedeDP
bpf: Fix mnt_namespace RHEL7 fallback writing to wrong field (https://github.com/cilium/tetragon/pull/4785) by @sayboras
Fix tetragon_overhead_program_seconds_total metric to correctly report seconds instead of nanoseconds (https://github.com/cilium/tetragon/pull/4830) by @danilovid
fix(bpf): define _MULTI_KPROBE macro when needed. (https://github.com/cilium/tetragon/pull/4849) by @FedeDP
Fix a infinite loop when using range notation with math.MaxUint64 as upper bound (https://github.com/cilium/tetragon/pull/4848) by @3u13r
pkg/tetragoninfo: read previously ignored value returned by errors.Join in encode configuration function. (https://github.com/cilium/tetragon/pull/4901) by @mtardy
pkg/policyfilter: copy Pod labels to avoid mutations (https://github.com/cilium/tetragon/pull/4916) by @mtardy
fix: handle matchBinaries NotIn when execve_map misses process (#4641) (https://github.com/cilium/tetragon/pull/4654) by @mann-ds
fix: handle matchBinaries NotIn when execve_map misses process (#4641)
bpf: zero stale pkey and flags in event_find_curr_probe
tests: add matchBinaries NotIn tests for perfring and early-exec cases
Add tetragon_process_cache_early_deletions_total metric to improve observability of process cache GC early deletions. (https://github.com/cilium/tetragon/pull/4884) by @lbcristaldo

Minor changes

pkg/sensors: reduce socktrack map memory footprint (https://github.com/cilium/tetragon/pull/4211) by @kyledong-suse
new(pkg/elf): add usdt_args_arm64 impl. (https://github.com/cilium/tetragon/pull/4203) by @FedeDP
new(bpf,pkg,docs): use tracefs instead of debugfs. (https://github.com/cilium/tetragon/pull/4252) by @FedeDP
Add uretprobe support for uprobes, like kprobes, which means supports for return, returnArg and args.returnCopy. (https://github.com/cilium/tetragon/pull/4193) by @FedeDP
tetragon: support (u)int8/16 selectors (https://github.com/cilium/tetragon/pull/4171) by @andrewstrohman
tetragon: arm fixes (https://github.com/cilium/tetragon/pull/4290) by @olsajiri
uprobe: support for resolve: (https://github.com/cilium/tetragon/pull/4286) by @andrewstrohman
uprobe: support match args (https://github.com/cilium/tetragon/pull/4296) by @andrewstrohman
tetragon: Display error when usdt probe is not found in binary (https://github.com/cilium/tetragon/pull/4313) by @olsajiri
new: retprobes events cache size option (https://github.com/cilium/tetragon/pull/4266) by @FedeDP
tetragon: kprobe/uprobe registers data retrieval (https://github.com/cilium/tetragon/pull/4267) by @olsajiri
tester-progs: make clean should remove libs too (https://github.com/cilium/tetragon/pull/4361) by @andrewstrohman
new: monitor only mode (https://github.com/cilium/tetragon/pull/4316) by @FedeDP
tetragon: assorted fixes (https://github.com/cilium/tetragon/pull/4376) by @olsajiri
metrics: new node_name label (https://github.com/cilium/tetragon/pull/4382) by @AritraDey-Dev
new(cmd/tetra): add explain command for standalone CRD documentation (https://github.com/cilium/tetragon/pull/4362) by @AritraDey-Dev
tetragon: unloader fixes (https://github.com/cilium/tetragon/pull/4400) by @olsajiri
tetragon/windows: Case insensitive Windows Paths for processes (https://github.com/cilium/tetragon/pull/4423) by @ExceptionalHandler
Tetragon on Windows now reports Windows process image_paths in lowercase only
Add a separate configuration option for enabling ancestors for ProcessLoader events (https://github.com/cilium/tetragon/pull/4421) by @t0x01
pkg/btf : Add resolution of array (https://github.com/cilium/tetragon/pull/4409) by @tdaudi
support uprobe register override on arm64 (https://github.com/cilium/tetragon/pull/4443) by @andrewstrohman
tetragon: assorted fixes (https://github.com/cilium/tetragon/pull/4390) by @olsajiri
tetragon: split process event tail call (https://github.com/cilium/tetragon/pull/4439) by @olsajiri
procevents: Fix container enrichment for plain Docker containers by supporting additional cgroup path patterns (e.g., /docker/<id>). (https://github.com/cilium/tetragon/pull/4503) by @puwun
fix data source pt_regs resolve on arm64 (https://github.com/cilium/tetragon/pull/4499) by @andrewstrohman
Added tetragon_debug_events_total metric to separate non-critical issues from actual errors. (https://github.com/cilium/tetragon/pull/4416) by @AritraDey-Dev
selectors: minor fixes (https://github.com/cilium/tetragon/pull/4526) by @kkourt
api/ops: Add missing MSG_OP_GENERIC_USDT to OpCodeStrings (https://github.com/cilium/tetragon/pull/4543) by @sayboras
tetragon: remove v6.12 variant and introduce config variables (https://github.com/cilium/tetragon/pull/4524) by @olsajiri
tetragon: add support to preload user strings (https://github.com/cilium/tetragon/pull/4489) by @olsajiri
Add regex support for namespace filtering in export allow/deny lists (https://github.com/cilium/tetragon/pull/4554) by @AritraDey-Dev
bpf: break up arg filter tail call to increase instruction budget (https://github.com/cilium/tetragon/pull/4527) by @andrewstrohman
tetragon: add current_task resolve support for uprobes (https://github.com/cilium/tetragon/pull/4551) by @olsajiri
fix: Change kernel config detection failure to info level (https://github.com/cilium/tetragon/pull/4545) by @dangome3
cgroup: Check cgroup level with tracking level (https://github.com/cilium/tetragon/pull/4540) by @sayboras
process cache: add a metric for capacity evictions (https://github.com/cilium/tetragon/pull/4574) by @kkourt
fix(pkg/sensors): uprobe and usdt sensors configure cgtracker map (https://github.com/cilium/tetragon/pull/4576) by @FedeDP
tetragon: Do not process stack data when it's not present (https://github.com/cilium/tetragon/pull/4575) by @olsajiri
tetragon: Do proper error path cleanup in uprobeAttachExtra (https://github.com/cilium/tetragon/pull/4604) by @olsajiri
Fix issue with returnCopy (https://github.com/cilium/tetragon/pull/4608) by @andrewstrohman
tetragon: add support for substring operators (https://github.com/cilium/tetragon/pull/4393) by @olsajiri
gRPC info (https://github.com/cilium/tetragon/pull/4583) by @kkourt
Enable uprobe preload arg reading for "args" config and for arm64 (https://github.com/cilium/tetragon/pull/4546) by @andrewstrohman
fix data source pt_regs + resolve (https://github.com/cilium/tetragon/pull/4638) by @andrewstrohman
Added support for all selectors (like argument matching) in uprobe policies. (https://github.com/cilium/tetragon/pull/4565) by @AritraDey-Dev
bpf: use the correct index for pt_regs config (https://github.com/cilium/tetragon/pull/4642) by @andrewstrohman
docs: add missing index field to data section examples (https://github.com/cilium/tetragon/pull/4640) by @dangome3
Revert "fix(pkg/sensors): fixed {k,u}retprobe args merge helper." (https://github.com/cilium/tetragon/pull/4633) by @andrewstrohman
Adds process cache and execve map dumps to tetra bugtool generated tarball (https://github.com/cilium/tetragon/pull/4610) by @dangome3
Enable sleep-able USDT argument reading (https://github.com/cilium/tetragon/pull/4606) by @andrewstrohman
tetragon: assorted fixes (https://github.com/cilium/tetragon/pull/4635) by @olsajiri
Revert "ci: Fix package e2e tests GHA" (https://github.com/cilium/tetragon/pull/4686) by @andrewstrohman
add uprobe preload + resolve test (https://github.com/cilium/tetragon/pull/4666) by @andrewstrohman
handle resolve of NULL pointers (https://github.com/cilium/tetragon/pull/4327) by @andrewstrohman
helm: rename clusterrolebinding template to .yaml (https://github.com/cilium/tetragon/pull/4631) by @shuv-amp
uprobe: fix metadata marking of preload arg (https://github.com/cilium/tetragon/pull/4694) by @andrewstrohman
Add FileType and NotFileType selectors to filter events by file type (e.g., pipes, sockets, or regular files). (https://github.com/cilium/tetragon/pull/4609) by @AritraDey-Dev
selectors: add selectors macros syntactic sugar (https://github.com/cilium/tetragon/pull/4548) by @kobrineli
tetragon: string related fixes (https://github.com/cilium/tetragon/pull/4692) by @olsajiri
feat : Add support to resolve attributes in kernel modules (https://github.com/cilium/tetragon/pull/4569) by @tdaudi
tetragon: Fix substring filter to match all possible spec values (https://github.com/cilium/tetragon/pull/4703) by @olsajiri
bpf: improve arg index masking (https://github.com/cilium/tetragon/pull/4607) by @andrewstrohman
Bugtool now supports collecting extra files registered by the daemon at startup via a separate JSON manifest file. (https://github.com/cilium/tetragon/pull/4704) by @will-isovalent
Introduces WaitCRDsWithResync function with cache pre-check, configurable resync period, cancel context aware, and eliminates SharedIndexInformer race conditions by avoiding RemoveInformer calls. (https://github.com/cilium/tetragon/pull/4706) by @shpalani
Fixed NotEqual operator for integer matchArgs with multiple values (https://github.com/cilium/tetragon/pull/4624) by @AritraDey-Dev
Document kernel compatibility issue for security_path_truncate on kernels 6.2+ and add compact encoder support for security_file_truncate. (https://github.com/cilium/tetragon/pull/4679) by @AritraDey-Dev
tetragon: tracing tests cleanup (https://github.com/cilium/tetragon/pull/4742) by @olsajiri
celbpf: support multi-kprobes (https://github.com/cilium/tetragon/pull/4717) by @kkourt
Removed legacy stacktrace-tree API. Use TracingPolicy with kernelStackTrace/userStackTrace for stack traces. (https://github.com/cilium/tetragon/pull/4749) by @proxymoroniic
new: log-file option (https://github.com/cilium/tetragon/pull/4378) by @FedeDP
new: event log grpc service (https://github.com/cilium/tetragon/pull/4508) by @FedeDP
Makefile: don't rely on PWD (https://github.com/cilium/tetragon/pull/4737) by @andrewstrohman
bpf: add error metrics for stale override/offload map entries (https://github.com/cilium/tetragon/pull/4787) by @sayboras
updates google.golang.org/grpc to v1.79.3 (https://github.com/cilium/tetragon/pull/4777) by @dangome3
bpf: enable __builtin_memcmp() macro definition (https://github.com/cilium/tetragon/pull/4786) by @sayboras
feat: Extract uprobe target names and offsets from stripped go binaries (https://github.com/cilium/tetragon/pull/4721) by @dwindsor
cel: add uprobe support and make filter not match if arg could not be read (https://github.com/cilium/tetragon/pull/4728) by @andrewstrohman
Add global --max-recv-size flag to tetra CLI to configure the maximum gRPC receive message size (default 10MB, up from 4MB). (https://github.com/cilium/tetragon/pull/4798) by @will-isovalent
Add support for security_bpf_map_create (Linux 6.9+) in the compact encoder and example policies to replace the renamed security_bpf_map_alloc hook. (https://github.com/cilium/tetragon/pull/4752) by @hayama17
tetragon: Remove the bpf_kfunc tag check from detectKfunc (https://github.com/cilium/tetragon/pull/4809) by @olsajiri
Added pre-validation for tracepoints and LSM hooks to reject invalid TracingPolicies before BPF resources are created. (https://github.com/cilium/tetragon/pull/4708) by @AritraDey-Dev
consolidate kprobe and uprobe merge logic and metrics into a unified format. (https://github.com/cilium/tetragon/pull/4757) by @AritraDey-Dev
tetragon: Load properly on kernels without module support (https://github.com/cilium/tetragon/pull/4834) by @olsajiri
tracingpolicy: specify limit for MatchBinaries in a single selector in the CRD (https://github.com/cilium/tetragon/pull/4850) by @kkourt
tetragon/windows: Fix process_exit event on Windows (https://github.com/cilium/tetragon/pull/4859) by @ExceptionalHandler
tetragon: Fail properly in OffsetFromAddr function (https://github.com/cilium/tetragon/pull/4866) by @olsajiri
Revert "tetragon/windows: Fix process_exit event on Windows" (https://github.com/cilium/tetragon/pull/4865) by @ExceptionalHandler
Expose Tetragon Agent over UNIX domain socket instead of localhost (https://github.com/cilium/tetragon/pull/4882) by @3u13r
hubble-fgs/windows: Fix process_exit event on Windows (https://github.com/cilium/tetragon/pull/4880) by @ExceptionalHandler
tracing: add policy information when logging errors in event parsing (https://github.com/cilium/tetragon/pull/4890) by @kkourt
uprobe-test-1: have libs relative to binary (https://github.com/cilium/tetragon/pull/4881) by @kkourt
Fix null spec.{pod, container, host}Selectors (https://github.com/cilium/tetragon/pull/4889) by @tpapagian
fix : add enum support for resolve (https://github.com/cilium/tetragon/pull/4800) by @tdaudi
Handle NULL pointers for string args (https://github.com/cilium/tetragon/pull/4863) by @andrewstrohman
Load programs that reference kfuncs when an external BTF file is used. (https://github.com/cilium/tetragon/pull/4895) by @andrewstrohman
refactor: Replace ebpf.Map with program.Map for policy filter (https://github.com/cilium/tetragon/pull/4501) by @sayboras
Simplify workload selectors (https://github.com/cilium/tetragon/pull/4917) by @tpapagian
celbpf: remove arg indirection (https://github.com/cilium/tetragon/pull/4908) by @andrewstrohman
feat: add support for AF_UNIX socket path via sockaddr_un (https://github.com/cilium/tetragon/pull/3980) by @AshishNaware
- Added decoding support for sockaddr_un in security_socket_connect events.
- Tetragon can now extract and emit UNIX socket paths from AF_UNIX addresses.
- Supports observability into socket-based interactions like containerd.sock and docker.sock.
- Selectors support Family and Equal, NotEqual, Prefix, NotPrefix on the path
- Requires linux 5.11+
usdt: configure sensor's selector maps (https://github.com/cilium/tetragon/pull/4927) by @andrewstrohman
helm/tetragon: expose tetragon.sock to host (https://github.com/cilium/tetragon/pull/4922) by @3u13r
ReturnArgAction now only accepts TrackSock/UntrackSock for kprobe return args; unsupported values like Post are rejected to prevent silent no-ops. (https://github.com/cilium/tetragon/pull/4601) by @shuv-amp

CI changes

workflows: fix release image display digest step (https://github.com/cilium/tetragon/pull/4233) by @mtardy
fix(pkg/btf): fix FindBTFStruct to return first found btf type in case of multiple matches (https://github.com/cilium/tetragon/pull/4264) by @FedeDP
link-checkers: ignore certificate related issues (https://github.com/cilium/tetragon/pull/4295) by @mtardy
tetragon: enable loader test (https://github.com/cilium/tetragon/pull/4320) by @olsajiri
workflows: run static checks on every PR without exceptions (https://github.com/cilium/tetragon/pull/4326) by @mtardy
Makefile.cli: make CLI compilation parallelizable (https://github.com/cilium/tetragon/pull/4317) by @mtardy
fix(pkg/testutils): fix flakiness in progs::TestExec. (https://github.com/cilium/tetragon/pull/4344) by @FedeDP
selectors: skip TestNamespaceValueStr on EACCES (https://github.com/cilium/tetragon/pull/4355) by @kkourt
tetragon/windows: Upgrade CI to use efw 1.0.0-rc1 (https://github.com/cilium/tetragon/pull/4356) by @ExceptionalHandler
tests:pkg/sensors: Use JsonTestExpect() for negative tests (https://github.com/cilium/tetragon/pull/4352) by @GGh41th
renovate: allow to update k8s related deps (https://github.com/cilium/tetragon/pull/4468) by @mtardy
ci: Add LTS 6.18 kernel image version in vmtests.yml (https://github.com/cilium/tetragon/pull/4495) by @sayboras
tetragon: Fix TestMatchBinariesFollowChildrenUpdate test (https://github.com/cilium/tetragon/pull/4496) by @olsajiri
docs: Exclude nakryiko.com from automated link checker to prevent false positives (https://github.com/cilium/tetragon/pull/4510) by @puwun
Refactor and cleanup Windows CI (https://github.com/cilium/tetragon/pull/4520) by @ygvalent
vmtests: Migrate logrus to slog (https://github.com/cilium/tetragon/pull/4538) by @sayboras
ci: Add check to ensure errmetrics file IDs are in sync (https://github.com/cilium/tetragon/pull/4561) by @sayboras
https://github.com/cilium/tetragon/pull/4658 (https://github.com/cilium/tetragon/pull/4658) by @sayboras
ci/e2e: Fallback to load images from registry (https://github.com/cilium/tetragon/pull/4657) by @sayboras
ci: bump RHEL8 version to RHEL 8.10 (https://github.com/cilium/tetragon/pull/4655) by @sayboras
chore: Remove TestFastK8S in skip (https://github.com/cilium/tetragon/pull/4567) by @sayboras
policytest: new testing framework for Tetragon (https://github.com/cilium/tetragon/pull/4639) by @kkourt
parameters for policytests (https://github.com/cilium/tetragon/pull/4756) by @kkourt
renovate: Bump golang to 1.25 for all stable versions (https://github.com/cilium/tetragon/pull/4788) by @sayboras
build(renovate): enable shell executor for post-upgrade commands (https://github.com/cilium/tetragon/pull/4804) by @dangome3
cleanup(ci): avoid x-compilation in packages-e2e-tests CI. (https://github.com/cilium/tetragon/pull/4858) by @FedeDP
chore(ci): try to improve reliability of windows smoke tests. (https://github.com/cilium/tetragon/pull/4891) by @FedeDP
ci: remove azure apt mirrors (https://github.com/cilium/tetragon/pull/4894) by @dangome3

Documentation changes

docs: update sysdump command from old cilium-cli to cilium (https://github.com/cilium/tetragon/pull/4240) by @AritraDey-Dev
Docs: Correct Network Monitoring event details (https://github.com/cilium/tetragon/pull/4214) by @AritraDey-Dev
docs: improve the contributor guide submit a pull request section (https://github.com/cilium/tetragon/pull/4246) by @mtardy
chore: add users.md file for tetragon adopters (https://github.com/cilium/tetragon/pull/4276) by @paularah
fix(docs): correct apiVersion and kind casing in TracingPolicy examples (https://github.com/cilium/tetragon/pull/4288) by @littlejo
docs: Enhance kernel configuration FAQ with 'tetra probe config' guidance (https://github.com/cilium/tetragon/pull/4248) by @AritraDey-Dev
Chore: Remove Kubecon NA 2025 banner (https://github.com/cilium/tetragon/pull/4341) by @thisisobate
Add Reddit to USERS.md (https://github.com/cilium/tetragon/pull/4368) by @xmulligan
docs: Update runtime-hooks installation instructions (https://github.com/cilium/tetragon/pull/4386) by @dangome3
docs: add FAQ entry for kernel lockdown and improve warning message (https://github.com/cilium/tetragon/pull/4381) by @dangome3
Reflect support for the followChildren NotIn operator in documentation (https://github.com/cilium/tetragon/pull/4441) by @t0x01
Correction of cgroup-rate mentioned limitations (https://github.com/cilium/tetragon/pull/4457) by @avi028
docs: document socket tracking limitations including LRU map overflow risks and socket sharing behavior (https://github.com/cilium/tetragon/pull/4521) by @puwun
docs: add a snippet for details on installing Tetragon on Talos Linux v1.12.0+ (https://github.com/cilium/tetragon/pull/4547) by @BobyMCbobs
docs: Fix outdated TracingPolicy selector limitations (Max Selectors: 8 -> 5, Max MatchArg Values: 1 -> 4) (https://github.com/cilium/tetragon/pull/4549) by @puwun
docs: add kernel version-specific selector limitations (https://github.com/cilium/tetragon/pull/4553) by @puwun
[docs]: Add section on matchBinaries behavior with shebang scripts (https://github.com/cilium/tetragon/pull/4577) by @ariosmon
Chore: Add KubeCon EU 2026 to Announcement banner (https://github.com/cilium/tetragon/pull/4585) by @thisisobate
docs: add namespace access monitoring use case (https://github.com/cilium/tetragon/pull/4588) by @puwun
docs: document argument types for kprobes and tracepoints (https://github.com/cilium/tetragon/pull/4626) by @puwun
docs: add warning about hooking to syscalls (https://github.com/cilium/tetragon/pull/4767) by @ferozsalam
Chore: Remove KubeCon EU 2026 Banner (https://github.com/cilium/tetragon/pull/4831) by @thisisobate

Dependency updates

chore(deps): update docker.io/golangci/golangci-lint docker tag to v2.6.0 (main) (https://github.com/cilium/tetragon/pull/4275) by @cilium-renovate[bot]
chore(deps): update docker.io/golangci/golangci-lint docker tag to v2.8.0 (main) (https://github.com/cilium/tetragon/pull/4492) by @cilium-renovate[bot]
chore(deps): update all github action dependencies (main) (https://github.com/cilium/tetragon/pull/4486) by @cilium-renovate[bot]
chore(deps): update all lvh-images main (main) (patch) (https://github.com/cilium/tetragon/pull/4648) by @cilium-renovate[bot]
deps: Update github.com/cilium/ebpf to v0.21.0 (https://github.com/cilium/tetragon/pull/4790) by @tpapagian

Misc changes

Starting v1.7 development (https://github.com/cilium/tetragon/pull/4239) by @mtardy
chore(bpf): use macro for string_maps (https://github.com/cilium/tetragon/pull/4243) by @Andreagit97
bpf: uprobes: remove stale comment (https://github.com/cilium/tetragon/pull/4262) by @kkourt
tetragon: improve ring reliability in tests (https://github.com/cilium/tetragon/pull/4263) by @kevsecurity
tetragon: Limit sys_close events in test (https://github.com/cilium/tetragon/pull/4269) by @kevsecurity
feat: align the argument types for k8s context (https://github.com/cilium/tetragon/pull/4213) by @kemingy
new(pkg/sensors): add a ListCollections method on sensors Manager. (https://github.com/cilium/tetragon/pull/4289) by @FedeDP
rthooks: Add mounts in CreateContainer (https://github.com/cilium/tetragon/pull/4301) by @tpapagian
Migrated metrics to use pkg/metrics helpers (https://github.com/cilium/tetragon/pull/4222) by @AritraDey-Dev
CODEOWNERS: update team names (https://github.com/cilium/tetragon/pull/4329) by @mtardy
new(pkg/sensors): expose GetPolicyTags helper. (https://github.com/cilium/tetragon/pull/4334) by @FedeDP
cleanup(pkg/sensors): use ebpf MapSpec.Compatible(). (https://github.com/cilium/tetragon/pull/4333) by @FedeDP
Revert "fix(deps): update all go dependencies main" (https://github.com/cilium/tetragon/pull/4335) by @FedeDP
Add umode_t in validation (https://github.com/cilium/tetragon/pull/4337) by @tpapagian
tetragon/windows: Use ringbuf implementation from ebpf go library (https://github.com/cilium/tetragon/pull/4357) by @ExceptionalHandler
Remove duplicate from k8s definition (https://github.com/cilium/tetragon/pull/4360) by @tpapagian
tetragon: handle test events sequentially (https://github.com/cilium/tetragon/pull/4291) by @kevsecurity
Fix: Add exponential backoff to controller manager connection retry (https://github.com/cilium/tetragon/pull/4395) by @shpalani
proc: Fix Binary.End in execve map during proc parsing (https://github.com/cilium/tetragon/pull/4438) by @tpapagian
Increase test coverage for policyconf mode handling and policy stats (tests only). (https://github.com/cilium/tetragon/pull/4419) by @sglushko
tetragon: factor some execve tests (https://github.com/cilium/tetragon/pull/4427) by @olsajiri
BPF: zero cleanup_key on exec (https://github.com/cilium/tetragon/pull/4466) by @kevsecurity
tests: fix flaky pkg.bugtool.TestFindMaps (https://github.com/cilium/tetragon/pull/4485) by @mtardy
fix(tests): Unit Test for LSM CGroup Tracking Map Fix (https://github.com/cilium/tetragon/pull/4418) by @ariosmon
fix(tests): Adjust skeleton test timeouts to reduce flakyness (https://github.com/cilium/tetragon/pull/4417) by @dangome3
Tetragon: Perf ring testutil exit on error (https://github.com/cilium/tetragon/pull/4511) by @kevsecurity
clang-format: combine update and install lines (https://github.com/cilium/tetragon/pull/4525) by @will-isovalent
make: Allow custom kind-config file (https://github.com/cilium/tetragon/pull/4539) by @sayboras
split process_pid_tid_mismatch error metric into exec,clone, and exit types. (https://github.com/cilium/tetragon/pull/4536) by @AritraDey-Dev
go: Replace net.IP with netip.Addr (https://github.com/cilium/tetragon/pull/4550) by @sayboras
metrics: Keep in sync with bpf/errmetrics/fileids.h (https://github.com/cilium/tetragon/pull/4557) by @sayboras
chore: Add sloglint in golangci-lint (https://github.com/cilium/tetragon/pull/4566) by @sayboras
Standardize error metric labels to error. (https://github.com/cilium/tetragon/pull/4537) by @AritraDey-Dev
fix: Improve file synchronization checks in fileids-check.sh (https://github.com/cilium/tetragon/pull/4596) by @sayboras
new(pkg/sensors): expose LinkPin (https://github.com/cilium/tetragon/pull/4603) by @FedeDP
Adjusting raw_syscalls policy to use syscall type (https://github.com/cilium/tetragon/pull/4600) by @bar234
fix(pkg/sensors): force __base__ sensor to be unloaded last. (https://github.com/cilium/tetragon/pull/4664) by @FedeDP
fix(process/cache): balance parent refcount ops during LRU eviction (https://github.com/cilium/tetragon/pull/4634) by @dwindsor
bpf: Fix with_errmetrics_ptr to handle NULL pointers (https://github.com/cilium/tetragon/pull/4663) by @sayboras
Fixed flakiness and panics in the TestFindContainer integration test. (https://github.com/cilium/tetragon/pull/4653) by @AritraDey-Dev
operator: Replace hasAllRequiredFields requeue loop with a predicate (https://github.com/cilium/tetragon/pull/4645) by @mlguerrero12
(https://github.com/cilium/tetragon/pull/4280) by @calghar
test: Fix the defined but not used variable in arm (https://github.com/cilium/tetragon/pull/4687) by @sayboras
cleanup(pkg/observer): use sync.Once in getDefaultObserver(). (https://github.com/cilium/tetragon/pull/4672) by @FedeDP
lint: Fix string concatenation issue in loop (https://github.com/cilium/tetragon/pull/4709) by @sayboras
fix: startup logging to consistently honor configured log level and format (https://github.com/cilium/tetragon/pull/4734) by @mann-ds
cleanup(pkg,docs): drop deprecated KeyCompatibilitySyscall64SizeType. (https://github.com/cilium/tetragon/pull/4722) by @FedeDP
rthooks release issue template (https://github.com/cilium/tetragon/pull/4769) by @kkourt
bugtool: decouple pprof stats from gops (https://github.com/cilium/tetragon/pull/4779) by @kkourt
revert: tetragon: Add debug interface to track cgroups to workload/ns mappings (https://github.com/cilium/tetragon/pull/4764) by @mtardy
cleanup(pkg): deny calls to already-deprecated gRPC methods. (https://github.com/cilium/tetragon/pull/4813) by @FedeDP
update(contrib/tester-progrs): ignore pclntab-(un)stripped. (https://github.com/cilium/tetragon/pull/4819) by @FedeDP
nok8s: build without k8s (https://github.com/cilium/tetragon/pull/4265) by @kkourt
renovate: add gomodVendor to postUpdateTasks (https://github.com/cilium/tetragon/pull/4832) by @dangome3
chore(deps): Reorder renovate post-upgrade tasks (https://github.com/cilium/tetragon/pull/4853) by @dangome3
Dockerfile: use BuildKit cache mounts (https://github.com/cilium/tetragon/pull/4854) by @3u13r
nok8s: add support for labels in tracing policies (https://github.com/cilium/tetragon/pull/4886) by @kkourt
cleanup: drop TracingPolicyNamespaced interface (https://github.com/cilium/tetragon/pull/4885) by @FedeDP
Fix drop-privileges (https://github.com/cilium/tetragon/pull/4905) by @tpapagian
chore: go1.26 syntax updates (https://github.com/cilium/tetragon/pull/4904) by @FedeDP
cleanup: remove unused packages lock/tgsyscall/vtuplefilter (https://github.com/cilium/tetragon/pull/4902) by @mtardy
Warn on HostSelector != nil in TracingPolicyNamespaced (https://github.com/cilium/tetragon/pull/4896) by @tpapagian
Fix build on latest main (https://github.com/cilium/tetragon/pull/4919) by @tpapagian
go.mod: pin controller-runtime to latest commit instead of replace (https://github.com/cilium/tetragon/pull/4921) by @mtardy
feat(helm): allow rthooks-specific affinity override (https://github.com/cilium/tetragon/pull/4909) by @timown
nok8s: don't return an error for label filters (https://github.com/cilium/tetragon/pull/4925) by @kkourt
Prepare for v1.7.0 release (https://github.com/cilium/tetragon/pull/4929) by @kkourt

Other changes

Add support for running tracing policies on kind clusters (https://github.com/cilium/tetragon/pull/4668) by @dangome3

Source: README.md, updated 2026-04-29

Tetragon Files

eBPF-based Security Observability and Runtime Enforcement