1.25.2 — 1st September
eBPF’s 1.25.2 release provides the following:
Updates
Service Naming Based on AWS Tags
eBPF can now be configured to derive service names from AWS tags. Previously, only Kubernetes labels or ECS were supported. With this release, environment variables and AWS tags are also supported. Only one service naming method can be configured at a time.
Generic Environment Variable Support for Configuration
Introduced support for setting eBPF configuration values through generic environment variables. This follows a consistent naming pattern beginning with EBPF_OVERRIDE_CONFIG__. Subconfigurations are added in uppercase and separated by double underscores (__). This enables flexible overrides without editing configuration files.
Tarball Packaging for eBPF Tracer
eBPF tracer is now available as a tarball package in addition to deb and rpm. This provides compatibility across systems where apt, rpm, or yum may face installation issues. Installation and management are handled via the included install.sh script, with support for configuration overrides, CPU and memory limits, and proxy settings.
Helm and Terraform for eBPF
Starting with this release, separate Helm charts and Terraform modules are published for eBPF, simplifying Kubernetes deployments.
Streaming Data Capture Support for SSE Messages
Added support for capturing Server-Sent Events (SSE) with text/event-stream content type. This feature improves GenAI security monitoring by handling large response bodies while maintaining traceability. Payload size caps and allowed content types can be tuned for deployment needs.
Separate ECS Templates for eBPF
Separate ECS templates are now available for eBPF deployments.
Separate PCF Tiles for eBPF
Separate PCF (Pivotal Cloud Foundry) tiles are now available for eBPF deployments.
Support for GKE Autopilot
Added support for deploying eBPF on GKE Autopilot clusters.
Resolved Issues
HTTP/2 Fixes
Fixed issues related to HTTP/2 handling in the eBPF tracer.
1.24.1 — 7th August
Send span metadata and resource attributes for filter evaluation
Added support for including span metadata and additional resource attributes in filter evaluations. This enables more precise sampling and filtering configurations.
1.24.0 — 19th June
eBPF’s 1.24.0 release provides the following updates:
Updates
Support for Sampling Using spanFilters
Added support for controlling sampling behavior through spanFilters, allowing more granular filtering at the source of trace data.
1.23.0 — 19th May
eBPF’s 1.23.0 release provides the following updates:
Updates
Support for OpenSSL 3.3+
Added compatibility for OpenSSL version 3.3 and above, ensuring continued TLS key capture capabilities with the latest OpenSSL releases.
Resolved Issues
Stat Count Mismatch
Resolved an issue where statistical counters could show mismatched values under certain conditions.
1.22.0 — 30th April
eBPF’s 1.22.0 release provides the following updates:
Resolved issue
Security fix for eBPF vulnerabilities
Addressed eBPF-related vulnerabilities to improve the agent's overall security and stability.
1.21.0 — 31st January
eBPF’s 1.21.0 release provides the following updates
Update
Optimized TLS Probing for Reduced CPU Usage
The eBPF tracer now includes an option to optimize CPU usage for OpenSSL/BoringSSL-based processes. Instead of placing uprobes on the frequently calledSSL_readandSSL_writefunctions, which can lead to high CPU overhead for some processes like Ruby, the tracer can now place probes on the TLS handshake function. This ensures uprobes are executed only once per new TLS connection, significantly reducing performance impact for applications with frequent SSL function calls.Example Configuration:
ssl_keylog_include_rules: - exec_name: rubyUprobes per monitored Process
Introduced support for attaching uprobes on a per-process basis, offering lesser overhead to unmonitored process using shared libraries.