1.26.0 — 17th November
Traceable’s eBPF agent’s 1.26.0 release provides the following:
Updates
Add Support for Remote Config Reloads
Added support for remotely triggering configuration reloads, restarts, and fetching debug-related information from the tracer.
Add Support for Streaming Logs to Platform
Introduced support for streaming eBPF and libtraceable logs to the platform. Log streaming follows the telemetry log level defined in the configuration. It can be enabled through the following settings:
logging:
telemetry:
enabled: true
level: LOG_LEVEL_INFOSupported log levels:
TRACEDEBUGINFOWARNERRORCRITICAL
Support for SSL Keylog Based Capture
Added support for SSL keylog based capture across all available OpenSSL versions. A configuration option is available to prefer keylog capture over SSL_read and SSL_write probes.
1.25.5 — 11th November
Traceable’s eBPF agent’s 1.25.5 release provides the following:
Updates
Enable FIPS Compliance by Default
Enable FIPS compliance by default in the ebpf-tracer Docker container. This includes upgrading to Go 1.25 and setting GODEBUG=fips140=on in the Dockerfile.
Resolved Issues
Fix Custom SSL Address Probe for Mounted procfs
Resolved an issue where the custom SSL address probe did not work correctly when procfs was mounted. This affected SSL address detection for certain workloads.
Fix Pod Object Marshaling
Resolved an issue where pod logging included container IDs as JSON keys, resulting in very high cardinality and performance degradation in log indexing systems. Pod logs now use a stable structure with container details nested under a single container object.
Fix for ECS Service Name Fetching
Resolved an issue where ECS service name fetching caused initialization errors due to duplicate service keys during tracer creation.
1.25.4 — 21st October
Traceable’s eBPF agent’s 1.25.4 release provides the following:
Updates
CVE Fixes
Addressed security vulnerabilities CVE-2023-44487 and CVE-2025-58058 to enhance overall system security and stability.
Resolved Issues
Helm/Terraform Fix for OpenShift
Resolved an issue where deploying eBPF through Helm or Terraform on OpenShift environments failed due to an unpopulated hostPID variable. The fix ensures that this variable is properly populated based on the configuration, allowing for a successful deployment.
1.25.3 — 9th October
eBPF’s 1.25.3 release provides the following:
Resolved issue
eBPF Crash Fix Due to Bad Attributes
Fixed a crash that occurred when the eBPF tracer encountered invalid or malformed attributes during processing.
1.25.2 — 1st September
eBPF’s 1.25.2 release provides the following:
Updates
Service Naming Based on AWS Tags
eBPF can now be configured to derive service names from AWS tags. Previously, only Kubernetes labels or ECS were supported. With this release, environment variables and AWS tags are also supported. Only one service naming method can be configured at a time.
Generic Environment Variable Support for Configuration
Introduced support for setting eBPF configuration values through generic environment variables. This follows a consistent naming pattern beginning with EBPF_OVERRIDE_CONFIG__. Subconfigurations are added in uppercase and separated by double underscores (__). This enables flexible overrides without editing configuration files.
Tarball Packaging for eBPF Tracer
eBPF tracer is now available as a tarball package in addition to deb and rpm. This provides compatibility across systems where apt, rpm, or yum may face installation issues. Installation and management are handled via the included install.sh script, with support for configuration overrides, CPU and memory limits, and proxy settings.
Helm and Terraform for eBPF
Starting with this release, separate Helm charts and Terraform modules are published for eBPF, simplifying Kubernetes deployments.
Streaming Data Capture Support for SSE Messages
Added support for capturing Server-Sent Events (SSE) with text/event-stream content type. This feature improves GenAI security monitoring by handling large response bodies while maintaining traceability. Payload size caps and allowed content types can be tuned for deployment needs.
Separate ECS Templates for eBPF
Separate ECS templates are now available for eBPF deployments.
Separate PCF Tiles for eBPF
Separate PCF (Pivotal Cloud Foundry) tiles are now available for eBPF deployments.
Support for GKE Autopilot
Added support for deploying eBPF on GKE Autopilot clusters.
Resolved Issues
HTTP/2 Fixes
Fixed issues related to HTTP/2 handling in the eBPF tracer.
1.24.1 — 7th August
Send span metadata and resource attributes for filter evaluation
Added support for including span metadata and additional resource attributes in filter evaluations. This enables more precise sampling and filtering configurations.
1.24.0 — 19th June
eBPF’s 1.24.0 release provides the following updates:
Updates
Support for Sampling Using spanFilters
Added support for controlling sampling behavior through spanFilters, allowing more granular filtering at the source of trace data.
1.23.0 — 19th May
eBPF’s 1.23.0 release provides the following updates:
Updates
Support for OpenSSL 3.3+
Added compatibility for OpenSSL version 3.3 and above, ensuring continued TLS key capture capabilities with the latest OpenSSL releases.
Resolved Issues
Stat Count Mismatch
Resolved an issue where statistical counters could show mismatched values under certain conditions.
1.22.0 — 30th April
eBPF’s 1.22.0 release provides the following updates:
Resolved issue
Security fix for eBPF vulnerabilities
Addressed eBPF-related vulnerabilities to improve the agent's overall security and stability.
1.21.0 — 31st January
eBPF’s 1.21.0 release provides the following updates
Update
Optimized TLS Probing for Reduced CPU Usage
The eBPF tracer now includes an option to optimize CPU usage for OpenSSL/BoringSSL-based processes. Instead of placing uprobes on the frequently calledSSL_readandSSL_writefunctions, which can lead to high CPU overhead for some processes like Ruby, the tracer can now place probes on the TLS handshake function. This ensures uprobes are executed only once per new TLS connection, significantly reducing performance impact for applications with frequent SSL function calls.Example Configuration:
ssl_keylog_include_rules: - exec_name: rubyUprobes per monitored Process
Introduced support for attaching uprobes on a per-process basis, offering lesser overhead to unmonitored process using shared libraries.