What's Changed

Fixed

• path_rename lsm hook for kernel >= 5.19
• BREAKING: threat logger module rename
• docker container ID parsing with cgroupfs driver
• BREAKING: Event display format removing additional line
• rules DSL quoted strings
• filtering test

Added

• detect image layer directory for podman
• ci: integration test using architest
• ci: bundle the installer in the release
• syslog priority
• add uid and gid to event header and process map
• allow threats to be logged as JSON
• new metadata fields for the rules (category, severity, description)
• include riscv64gc in pulsar-install.sh

Changed

• BREAKING: xtask: switch to xtask surun command to improve running as root in development
• BREAKING: use elf_check instead of elf_check_enabled in file-system-monitor
• BREAKING: new modules API, modules need to simply implement a trait
• ci: run workflows on all pull requests, not only the ones to main branch
• improved BPF features detection
• ci: use cross-rs even for native builds
• BREAKING: xtask: unify test and cross subcommands
• prefer rustls over OpenSSL for static builds

Removed

• wrong telnet rule

Check out the changelog for details on all the changes and fixes.