This release adds 2 notable features for engineering teams evaluating rollout.
Published 3mo
Network Security
✓ No known CVEs patched
✓ No known CVEs patched in this version
Topics
bpf
bpf-lsm
cloud-native-security
container-security
ebpf
helm
+9 more
incident-response
kubernetes-security
linux-kernel
linux-security
observability
policy-enforcement
prometheus
runtime-security
workload-securi
Affected surfaces
auth
rbac
Summary
AI summaryOptional LSM hook loading now degrades safely when kernel BTF hook IDs are missing.
Full changelog
Highlights
- Added VERIFIED_EXEC runtime dependency trust hardening.
- Added posture contract/evaluation improvements for production readiness.
- Strengthened enforce gating behavior and evidence outputs.
Added
- Runtime dependency protection paths for VERIFIED_EXEC enforcement.
- Capability/posture evaluation tooling and readiness evidence updates.
- Expanded docs for policy semantics and production deployment posture.
Fixed
- Optional LSM hook loading now degrades safely when kernel BTF hook IDs are unavailable.
- Daemon event loop now handles
EINTRwithout premature shutdown. - Chaos ringbuf overflow E2E made deterministic and more diagnosable.
CI / Validation
- E2E reliability improved (ringbuf chaos path stabilized).
- Release/readiness evidence and posture checks updated.
Upgrade Notes
- No breaking CLI changes.
- For
version=4protected-resource policies, enforce gating remains fail-closed by default when required capabilities are unavailable.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About ErenAri/Aegis-BPF
All releases →Related context
Related tools
Beta — feedback welcome: [email protected]