Releases: k8sstormcenter/pixie
Release list
Vizier v0.14.19-aeprod27
Pixie Vizier Release:
AE evidence_manifest build (PR 78, stacked on 77→73→68)
Adds POST /dx/evidence_manifest → forensic_db.dx_evidence_manifest on top
of the dx_evidence_graph rename. Full vizier image set.
Vizier v0.14.19-aeprod26
Pixie Vizier Release:
AE dx_evidence_graph rename build — CORRECTED (PR 77, stacked on PR 73)
Rebuild of aeprod25, which was built from d19fe47 where the rename was
NOT committed (only BUILD.bazel landed; the 7 renamed files were unstaged
by the pre-commit lint stash). This tag points at 2a9d070, which carries
the full rename:
- table dx_attack_graph → dx_evidence_graph
- view → dx_evidence_graph_malignant
- endpoint /dx/attack_graph → /dx/evidence_graph
Vizier v0.14.19-aeprod25
Vizier v0.14.19-aeprod24
Vizier v0.14.19-aeprod23
Pixie Vizier Release:
AE follow-up auth RC + 13 CodeRabbit Go fixes
Cuts an RC on top of aeprod22 (cb81ecd) with all 13 verified
CodeRabbit findings on PR 68 addressed:
🔴 Real bugs (data-integrity / DoS):
- controller: handle() snapshots + rolls back c.active on sink.Write
failure so a failed persist can't leave a phantom anchor for
pushPixieRows to fan out against. - fastencode: NaN/+Inf/-Inf floats now trigger encoding/json fallback
instead of emitting invalid JSON and poisoning the whole batch. - streaming/writer: flush keeps the row buffer on failure (retry)
and the shutdown flush uses context.Background() so the final
drain isn't fast-failed. - control/server: decode() wraps body in MaxBytesReader (4 MiB) —
oversized JSON can no longer OOM the operator even with a valid JWT.
🟠 Behavior / contract corrections:
- isOperatorManagedScript: exact builtin-name match, no "ch-" prefix.
- chhttp.QueryStream: separate no-timeout client (Timeout covered
body reads → silent truncation). - passthrough: tickConcurrent skip-branch records reconcile row
for parity with the legacy path. - oracle_test: COLLECT: labelled break stops the busy-spin on
deadline expiry.
🟡 Cleanup / pinning:
- control test: new t_end<=0 + inverted/zero window assertions.
- pixieapi: TODO marking bounded leak.
- sink: pixie write log demoted Info→Debug.
- sink integration_test: per-table 15s ctx.
- trigger: PollLimit doc matches behavior.
Local gates:
build (go) : exit 0 across all touched pkgs.
test (go) : 14/14 AE pkgs green; new rollback contract pinned.
lint (CI image) : OKAY (0 Errors, 0 Warnings).
Supersedes aeprod22 (cb81ecd).
Vizier v0.14.19-aeprod22
Pixie Vizier Release:
AE follow-up auth RC (cb81ecd)
Re-cut after sweeping merge-regression fixes:
- 9 runner-label fixes across release/mirror/perf workflows.
- bazel/ui.bzl restored (yarn PATH + STABLE_BUILD_TAG allowlist sed).
- 28 fork-cloud config files restored (private/cockpit/, terraform/,
.sops.yaml, private/skaffold_cloud.yaml). - Trigger differential oracle + auth surface from e187dc3.
See cb81ecd commit message for the full audit log.
Vizier v0.14.19-prod1
Vizier v0.14.19-aeprod21
Vizier v0.14.19-aeprod20
Pixie Vizier Release:
AE aeprod20: #53 + control-auth + CodeRabbit followup fixes (for dx-agent regression test)
Vizier v0.14.19-aeprod19
Pixie Vizier Release:
AE review pass + outstanding CodeRabbit Go-code items
Cuts the first AE image with the user-review-4536971862 fixes and the
remaining CodeRabbit Go-code oversights:
User review 4536971862:
- pixie.go: justify api-key-vs-JWT split (cloud requires api-key,
vizier-internal uses JWT — same pattern as cloud_connector/vizhealth). - queryfor escape hardening: escapePxL now neutralises \n, \r, \t,
NUL so a malicious Target.Pod/Namespace can't terminate the PxL
literal and inject a new statement. Added TestQueryFor_RejectsInjection
with 7 adversarial inputs. - passthrough/reconcile_test: 2 new tests drive the FULL chain
(loop -> real sink.ClickHouseHTTP -> httptest CH) and assert the
recorder catches CH silent-drop + 500 errors.
CodeRabbit:
- r3379377432: control HTTP listener wrapped in http.Server with
Read/Write/Idle timeouts. - r3379377607: direct-mode dial uses pxapi.WithDirectTLSSkipVerify
(PR #49 b523ce3) instead of the brittle env-gated WithDisableTLSVerification. - r3379377645: streaming filter no longer leaks timer goroutines on
deltaCh close. - r3426923299: sink.Record capped at 2s timeout so a stalled CH can't
pin scanner/passthrough/controller hot paths.
Plus aeprod18+1 lint pass: restored '@px' load prefix in cmd/BUILD.bazel,
ScriptId -> ScriptID, errcheck on chhttp_test, gazelle drift on e2e +
trigger BUILD.bazel, yaml/document-start + indentation + commas in
load-test fixtures.