--- title: "eBPF" slug: "ebpfrn25" updated: 2025-11-19T11:22:19Z published: 2025-11-19T11:22:19Z --- > ## Documentation Index > Fetch the complete documentation index at: https://traceabledocs.document360.io/llms.txt > Use this file to discover all available pages before exploring further. # eBPF ## 1.26.0 — 17th November Traceable’s eBPF agent’s 1.26.0 release provides the following: ### Updates #### Add Support for Remote Config Reloads Added support for remotely triggering configuration reloads, restarts, and fetching debug-related information from the tracer. #### Add Support for Streaming Logs to Platform Introduced support for streaming eBPF and libtraceable logs to the platform. Log streaming follows the telemetry log level defined in the configuration. It can be enabled through the following settings: ```plaintext logging:  telemetry:    enabled: true    level: LOG_LEVEL_INFO ``` Supported log levels: - `TRACE` - `DEBUG` - `INFO` - `WARN` - `ERROR` - `CRITICAL` #### Support for SSL Keylog Based Capture Added support for SSL keylog based capture across all available OpenSSL versions. A configuration option is available to prefer keylog capture over `SSL_read` and `SSL_write` probes. --- ## 1.25.5 — 11th November Traceable’s eBPF agent’s 1.25.5 release provides the following: ### Updates #### Enable FIPS Compliance by Default Enable FIPS compliance by default in the ebpf-tracer Docker container. This includes upgrading to Go 1.25 and setting GODEBUG=fips140=on in the Dockerfile. ### Resolved Issues #### Fix Custom SSL Address Probe for Mounted procfs Resolved an issue where the custom SSL address probe did not work correctly when procfs was mounted. This affected SSL address detection for certain workloads. #### Fix Pod Object Marshaling Resolved an issue where pod logging included container IDs as JSON keys, resulting in very high cardinality and performance degradation in log indexing systems. Pod logs now use a stable structure with container details nested under a single container object. #### Fix for ECS Service Name Fetching Resolved an issue where ECS service name fetching caused initialization errors due to duplicate service keys during tracer creation. --- ## 1.25.4 — 21st October Traceable’s eBPF agent’s 1.25.4 release provides the following: ### Updates #### CVE Fixes Addressed security vulnerabilities CVE-2023-44487 and CVE-2025-58058 to enhance overall system security and stability. ### Resolved Issues #### Helm/Terraform Fix for OpenShift Resolved an issue where deploying eBPF through Helm or Terraform on OpenShift environments failed due to an unpopulated `hostPID` variable. The fix ensures that this variable is properly populated based on the configuration, allowing for a successful deployment. --- ## 1.25.3 — 9th October eBPF’s 1.25.3 release provides the following: ### Resolved issue #### eBPF Crash Fix Due to Bad Attributes Fixed a crash that occurred when the eBPF tracer encountered invalid or malformed attributes during processing. --- ## 1.25.2 — 1st September eBPF’s 1.25.2 release provides the following: ### Updates #### Service Naming Based on AWS Tags eBPF can now be configured to derive service names from AWS tags. Previously, only Kubernetes labels or ECS were supported. With this release, environment variables and AWS tags are also supported. Only one service naming method can be configured at a time. #### Generic Environment Variable Support for Configuration Introduced support for setting eBPF configuration values through generic environment variables. This follows a consistent naming pattern beginning with `EBPF_OVERRIDE_CONFIG__`. Subconfigurations are added in uppercase and separated by double underscores (`__`). This enables flexible overrides without editing configuration files. #### Tarball Packaging for eBPF Tracer eBPF tracer is now available as a tarball package in addition to deb and rpm. This provides compatibility across systems where apt, rpm, or yum may face installation issues. Installation and management are handled via the included `install.sh` script, with support for configuration overrides, CPU and memory limits, and proxy settings. #### Helm and Terraform for eBPF Starting with this release, separate Helm charts and Terraform modules are published for eBPF, simplifying Kubernetes deployments. #### Streaming Data Capture Support for SSE Messages Added support for capturing Server-Sent Events (SSE) with `text/event-stream` content type. This feature improves GenAI security monitoring by handling large response bodies while maintaining traceability. Payload size caps and allowed content types can be tuned for deployment needs. #### Separate ECS Templates for eBPF Separate ECS templates are now available for eBPF deployments. #### Separate PCF Tiles for eBPF Separate PCF (Pivotal Cloud Foundry) tiles are now available for eBPF deployments. #### Support for GKE Autopilot Added support for deploying eBPF on GKE Autopilot clusters. ### Resolved Issues #### HTTP/2 Fixes Fixed issues related to HTTP/2 handling in the eBPF tracer. --- ## 1.24.1 — 7th August #### Send span metadata and resource attributes for filter evaluation Added support for including span metadata and additional resource attributes in filter evaluations. This enables more precise sampling and filtering configurations. --- ## 1.24.0 — 19th June eBPF’s 1.24.0 release provides the following updates: ### Updates #### Support for Sampling Using spanFilters Added support for controlling sampling behavior through `spanFilters`, allowing more granular filtering at the source of trace data. --- ## 1.23.0 — 19th May eBPF’s 1.23.0 release provides the following updates: ### **Updates** #### **Support for OpenSSL 3.3+** Added compatibility for OpenSSL version 3.3 and above, ensuring continued TLS key capture capabilities with the latest OpenSSL releases. ### **Resolved Issues** #### **Stat Count Mismatch** Resolved an issue where statistical counters could show mismatched values under certain conditions. --- ## 1.22.0 — 30th April eBPF’s 1.22.0 release provides the following updates: ### Resolved issue #### Security fix for eBPF vulnerabilities Addressed eBPF-related vulnerabilities to improve the agent's overall security and stability. --- ## 1.21.0 — 31st January eBPF’s 1.21.0 release provides the following updates ### Update - **Optimized TLS Probing for Reduced CPU Usage** The eBPF tracer now includes an option to optimize CPU usage for OpenSSL/BoringSSL-based processes. Instead of placing uprobes on the frequently called `SSL_read` and `SSL_write` functions, which can lead to high CPU overhead for some processes like Ruby, the tracer can now place probes on the TLS handshake function. This ensures uprobes are executed only once per new TLS connection, significantly reducing performance impact for applications with frequent SSL function calls. **Example Configuration:** ```yaml ssl_keylog_include_rules:  - exec_name: ruby ``` - **Uprobes per monitored Process** Introduced support for attaching uprobes on a per-process basis, offering lesser overhead to unmonitored process using shared libraries.