Release 1.1.3

Maintenance Release

Assets are available attached to the release here and via Docker and the Cribl CDN at the links below.

• Docker: cribl/scope:1.1.3
• x86: https://cdn.cribl.io/dl/scope/1.1.3/linux/x86_64/scope
• ARM: https://cdn.cribl.io/dl/scope/1.1.3/linux/aarch64/scope

Fixes

• #1067 When you run scope attach and then select an ID that's beyond the range of the resulting list, AppScope now handles this gracefully, and the AppScope CLI no longer crashes.
• #1080 On an M1 Mac, trying to scope a Go static executable in a Docker container emulating x86_64 Linux results in an address mapping conflict between the Go executable and the emulator. AppScope now handles this limitation by allowing the Go executable to run un-scoped. With this fix, the Go executable no longer segfaults.

Pre-Release 1.1.3-rc0

Maintenance Release

Assets are available attached to the release here and via Docker and the Cribl CDN at the links below.

• Docker: cribl/scope:1.1.3-rc0
• x86: https://cdn.cribl.io/dl/scope/1.1.3-rc0/linux/x86_64/scope
• ARM: https://cdn.cribl.io/dl/scope/1.1.3-rc0/linux/aarch64/scope

Release 1.1.2

Maintenance Release

Assets are available attached to the release here and via Docker and the Cribl CDN at the links below.

• Docker: cribl/scope:1.1.2
• x86: https://cdn.cribl.io/dl/scope/1.1.2/linux/x86_64/scope
• ARM: https://cdn.cribl.io/dl/scope/1.1.2/linux/aarch64/scope

New Features and Improvements

• #1025 The process start message (the start.msg event) now includes a total of four identifiers. By itself, the new UUID process ID is unique for a given machine. In principle, UUID together with the new Machine ID constitutes a tuple ID that is unique across all machine namespaces. Here's a summary of the IDs available in AppScope 1.1.2:

  • UUID (new in AppScope 1.1.2), with key uuid and a value in canonical UUID form. UUID is a universally-unique process identifier, meaning that no two processes will ever have the same UUID value on the same machine.
  • Machine ID (new in AppScope 1.1.2), with key machine_id and a value that AppScope obtains from /etc/machine-id. The machine ID uniquely identifies the host, as described in the man page. When /etc/machine-id is not available (e.g., in Alpine, or in a container), AppScope generates the machine ID using a repeatable MD5 hash of the host's first MAC address. Two containers on the same host can have the same machine ID.
  • Process ID, with key pid and a value that is always unique at any given time, but that the machine can reuse for different processes at different times.
  • ID, with key id and a value that concatenates (and may truncate) the scoped app's hostname, procname, and command. This value is not guaranteed to be unique.

• #1037 You can now run scope service on Linux distros that use the OpenRC init manager (e.g., Alpine), as well as on distros that use systemd (which was already supported). See the CLI reference.

Fixes

• #1035 The scope service command no longer ignores the -c (--cribldest), -e (--eventdest), and -m (--metricdest) options.

Pre-Release 1.1.2-rc0

Maintenance Release

Assets are available attached to the release here and via Docker and the Cribl CDN at the links below.

• Docker: cribl/scope:1.1.2-rc0
• x86: https://cdn.cribl.io/dl/scope/1.1.2-rc0/linux/x86_64/scope
• ARM: https://cdn.cribl.io/dl/scope/1.1.2-rc0/linux/aarch64/scope

Release 1.1.1

Maintenance Release

Assets are available attached to the release here and via Docker and the Cribl CDN at the links below.

• Docker: cribl/scope:1.1.1
• x86: https://cdn.cribl.io/dl/scope/1.1.1/linux/x86_64/scope
• ARM: https://cdn.cribl.io/dl/scope/1.1.1/linux/aarch64/scope

New Features and Improvements

• #964 AppScope downloadable assets now include AWS Lambda Layers for x86 and for ARM, along with their respective MD5 checksums.

Fixes

• #1017 AppScope now correctly handles the "peek" flag in interposed functions that receive network data. Before this change, when a server "peeked" at the first byte of data, AppScope counted that byte twice, which broke protocol detection. This fix enables AppScope to correctly produce HTTP events when scoping a server that uses "peek" flags.
• #1006 AppScope now correctly instruments the child processes of an sshd process started by a server. To do this, AppScope interposes both the execve and execv system calls, and overrides some of the sandboxing that sshd normally imposes using setrlimit. Interposing execv is new, and gives AppScope visibility into sshd child processes. Changing setrlimit settings enables AppScope to perform actions required by AppScope's configured backend and transport, such as establishing connections, creating threads, and creating files.

Pre-Release 1.1.1-rc0

Maintenance Release

Assets are available attached to the release here and via Docker and the Cribl CDN at the links below.

• Docker: cribl/scope:1.1.1-rc0
• x86: https://cdn.cribl.io/dl/scope/1.1.1-rc0/linux/x86_64/scope
• ARM: https://cdn.cribl.io/dl/scope/1.1.1-rc0/linux/aarch64/scope

New Features and Improvements

• #964 AppScope downloadable assets now include AWS Lambda Layers for x86 and for ARM, along with their respective MD5 checksums.

Fixes

• #1017 AppScope now correctly handles the "peek" flag in interposed functions that receive network data. Before this change, when a server "peeked" at the first byte of data, AppScope counted that byte twice, which broke protocol detection. This fix enables AppScope to correctly produce HTTP events when scoping a server that uses "peek" flags.
• #1006 AppScope now correctly instruments the child processes of an sshd process started by a server. To do this, AppScope interposes both the execve and execv system calls, and overrides some of the sandboxing that sshd normally imposes using setrlimit. Interposing execv is new, and gives AppScope visibility into sshd child processes. Changing setrlimit settings enables AppScope to perform actions required by AppScope's configured backend and transport, such as establishing connections, creating threads, and creating files.

Pre-Release 1.1.1-tc1

This is a test release to verify changes made in #964.
Not intended to be useful for more than evaluating new lambda build product.

Pre-Release 1.1.1-tc0

This is a test release to verify changes made in #964.
Not intended to be useful for more than evaluating new lambda build product.

Release 1.1.0

Minor Release

Assets are available attached to the release here and via Docker and the Cribl CDN at the links below.

• Docker: cribl/scope:1.1.0
• x86: https://cdn.cribl.io/dl/scope/1.1.0/linux/x86_64/scope
• ARM: https://cdn.cribl.io/dl/scope/1.1.0/linux/aarch64/scope

New Features and Improvements

AppScope 1.1.0 introduces improved capabilities for scoping Go applications:

• #637 Support for Go 1.17 and Go 1.18.
• #904 Support for HTTP2 when scoping Go executables.
• #667 AppScope's own internal libc, which resolves problems we'd seen when scoping Go apps that handle signals.

Usability improvements include:

• #917 Individual on/off control for all classes of metric data using metric watch types, via the config file or environment variables. Since event watch types already existed, this means that you can now turn all classes of events and metrics on or off individually.
• #812 Metric and event schemas now include more informative definitions.
• #969 The start message (start.msg) event which AppScope sends when log level is info or debug is now documented in the schema.
• #938 A new SCOPE_ERROR_SIGNAL_HANDLER environment variable, provided for situations where a scoped app is crashing. Setting this variable to true sends backtrace information to the log, which can help you diagnose problems.
• #498 AppScope can now accept remote commands over UNIX sockets or non-TLS TCP connections.
• #970, #988 Better controls for redacting binary data that would otherwise show up in AppScope output. In the AppScope library, SCOPE_ALLOW_BINARY_CONSOLE can now be set using the environment variable (prior to 1.1.0, the only available method) or in the config file. For the library, its default value has been changed from false to true. Meanwhile, the CLI still defaults to allowbinary=false, because allowing binary data in CLI output makes sense only in rare cases.

Fixes

• #781 Delivery of data as processes exit is now more consistent.
• #918 When AppScope reports its configuration (upon start of a new scoped process), it now includes the formerly missing cribl section describing Cribl backend configuration.

Pre-Release 1.1.0-rc2

Pre-release

Assets are available attached to the release here and via Docker Hub and the Cribl CDN at the links below.

• Docker: cribl/scope:1.1.0-rc2
• x86: https://cdn.cribl.io/dl/scope/1.1.0-rc2/linux/x86_64/scope
• ARM: https://cdn.cribl.io/dl/scope/1.1.0-rc2/linux/aarch64/scope