Docs / update changelog for 1.1.1 #1030
Conversation
|
@jrcheli @michalbiesek @iapaddler @seanvaleo Just to be sure ...
I tried to answer these below here #1030 (comment) -- John |
website/src/pages/docs/changelog.md
Outdated
|
|
||
| ### New Features and Improvements | ||
|
|
||
| - [#1017](https://github.com/criblio/appscope/issues/1017) AppScope downloadable assets now include [AWS Lambda Layers](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-concepts.html#gettingstarted-concepts-layer) for x86 and for ARM, along with their respective MD5 checksums. |
There was a problem hiding this comment.
1017 is the wrong issue number for the New Features and Improvements entry... I think it should be #964 instead.
BTW, putting a the link to the lambda docs here is brilliant... bravo!
There was a problem hiding this comment.
Oops, copypasta error, fixing, thanks!
| - `MD5 checksum`: [https://cdn.cribl.io/dl/scope/1.1.1/linux/x86_64/aws-lambda-layer-x86_64.zip.md5](https://cdn.cribl.io/dl/scope/1.1.1/linux/x86_64/aws-lambda-layer-x86_64.zip.md5) | ||
| - `AWS Lambda Layer for ARM`: [https://cdn.cribl.io/dl/scope/1.1.1/linux/aarch64/aws-lambda-layer-aarch64.zip](https://cdn.cribl.io/dl/scope/1.1.1/linux/aarch64/aws-lambda-layer-aarch64.zip) | ||
| - `MD5 checksum`: [https://cdn.cribl.io/dl/scope/1.1.1/linux/aarch64/aws-lambda-layer-aarch64.zip.md5](https://cdn.cribl.io/dl/scope/1.1.1/linux/aarch64/aws-lambda-layer-aarch64.zip.md5) | ||
|
|
There was a problem hiding this comment.
-
Re: MD5 checksums... I think we shouldn't call out the MD5 checksums here, since we didn't call them out for the for the
/scopeassets above. 🤷♂️ -
The lambda links aren't quite right... These are the correct links:
https://cdn.cribl.io/dl/scope/1.1.1/linux/x86_64/aws-lambda-layer.zip
https://cdn.cribl.io/dl/scope/1.1.1/linux/aarch64/aws-lambda-layer.zip
If it helps, I was able to test them by replacing "1.1.1" with "1.1.1-tc1" just for the sake of the test.
There was a problem hiding this comment.
Fixed, thanks John!
website/src/pages/docs/changelog.md
Outdated
|
|
||
| ### Fixes | ||
|
|
||
| - [#1017](https://github.com/criblio/appscope/issues/1017) AppScope now correctly handles the single-byte message that web clients sometimes send before their ClientHello message. This enables AppScope to correctly produce HTTP events when you scope a server with TLS enabled. |
There was a problem hiding this comment.
This is totally on me, but we might want to change this text in the known issue and change log. What we ultimately learned was that the web client wasn't actually sending an extra single-byte message to the server. This was the way I described the known issue, but in fixing it, we learned that the server was "peeking" at the first byte of data, before processing it normally, so it looked to us like an extra received byte from the perspective of our library that is running inside the server process.
See if you can make something from this mess. =)
AppScope now correctly handles the "peek" flag in interposed functions that receive network data. Before this change, received data could be double counted which could confound AppScope's protocol detection. Specifically, this fix enables AppScope to correctly produce HTTP events when scoping a server that uses "peek" flags.
website/src/pages/docs/changelog.md
Outdated
| ### Fixes | ||
|
|
||
| - [#1017](https://github.com/criblio/appscope/issues/1017) AppScope now correctly handles the single-byte message that web clients sometimes send before their ClientHello message. This enables AppScope to correctly produce HTTP events when you scope a server with TLS enabled. | ||
| - [#1006](https://github.com/criblio/appscope/issues/1006) AppScope now correctly instruments the child processes of an sshd process started by a server. Prior to this, AppScope already instrumented the parent sshd process by interposing the `execve` system call. Now, in order to instrument the child sshd processes too, AppScope also interposes the `execv` system call, and overrides some of the sandboxing that sshd normally imposes using `setrlimit`. Changing `setrlimit` settings enables AppScope to perform actions required by AppScope's configured backend and transport, such as establishing connections, creating threads, and creating files. |
There was a problem hiding this comment.
I'm wondering if it's possible to shorten things starting with the second sentence?
Don't feel bound to this, but I would say "Prior to this, AppScope was missing child sshd processes because it was not interposing the execv system call. It was also necessary to override some of the sandboxing imposed by setrlimit so AppScope could function properly."
|
Here's how I would answer your questions above, @abetones ...
|
Thanks, John, I've clarified the assets section to reflect this. |
|
Looks great to me! Merging! |
No description provided.