Release 1.3.3

Maintenance Release

Assets are available via Docker and the Cribl CDN at the links below.

• Docker: cribl/scope:1.3.3
• x86: https://cdn.cribl.io/dl/scope/1.3.3/linux/x86_64/scope
• ARM: https://cdn.cribl.io/dl/scope/1.3.3/linux/aarch64/scope
• AWS Lambda Layer for x86: https://cdn.cribl.io/dl/scope/1.3.3/linux/x86_64/aws-lambda-layer.zip
• AWS Lambda Layer for ARM: https://cdn.cribl.io/dl/scope/1.3.3/linux/aarch64/aws-lambda-layer.zip

To obtain the MD5 checksum for any file above, add .md5 to the file path.

Assets other than AWS Lambda Layers are available in the Docker container tagged cribl/scope:1.3.3.

Improvements

AppScope 1.3.3 removes our support for two Go versions that the Go project no longer supports: 1.9 and 1.10. This makes the AppScope code less complicated and more robust. Related issue: #1452.

Fixes

• 1461 In libc musl environments, attaching to an already-running but idle process now works normally. (Idle means not producing events at that moment.)

  • Before this fix, commands that rely on the IPC mechanism and/or the presence of a running periodic thread (e.g., scope ps, scope inspect, scope update) would not work, because AppScope's periodic thread would not start. For example, attaching AppScope to the Nginx master process running in an Alpine container, you would be unable to use the CLI to interact with the process. (This problem existed only in libc musl environments.)

• 1412 Node.js apps compiled as Position Independent Executables (PIE) no longer seg fault when scoped.

Pre-Release 1.4.0-tc1

Merge pull request #1413 from criblio/feature/prom-server-1398

Prometheus Exporter

Pre-Release 1.4.0-tc0

This is intended to include an updated inspect command as described here.

Release 1.3.2

Maintenance Release

Assets are available via Docker and the Cribl CDN at the links below.

• Docker: cribl/scope:1.3.2
• x86: https://cdn.cribl.io/dl/scope/1.3.2/linux/x86_64/scope
• ARM: https://cdn.cribl.io/dl/scope/1.3.2/linux/aarch64/scope

New Features and Improvements

AppScope 1.3.2 introduces support for Go version 1.20.

Fixes

• #1409 The scope k8s command now preloads the application image into the k8s cluster, avoiding failed to call webhook errors.
• #1365 The scope k8s command now calls an up-to-date version of a k8s library needed for obtaining signed certificates from the k8s Certificate Authority. This fixes a problem where running in newer versions of k8s produced the server doesn't have a resource type "certificatesigningrequests" errors.
• #1408 On older (pre-1.1.24) versions of Alpine and other distributions based on musl libc, the scope run command now works as expected, and no longer encounters secure_getenv: symbol not found errors.
• #1170 The way AppScope runs pcre2 functions internally is improved, fixing various problems including Go crashes under certain conditions.
• #1147 Docker no longer crashes when scoped. (This bug appears only in pre-1.3 versions of AppScope.)

Release 1.3.2-rc0

Maintenance Release

Assets are available via Docker and the Cribl CDN at the links below.

• Docker: cribl/scope:1.3.2-rc0
• x86: https://cdn.cribl.io/dl/scope/1.3.2-rc0/linux/x86_64/scope
• ARM: https://cdn.cribl.io/dl/scope/1.3.2-rc0/linux/aarch64/scope

Release 1.3.1

Maintenance Release

Assets are available attached to the release here and via Docker and the Cribl CDN at the links below.

• Docker: cribl/scope:1.3.1
• x86: https://cdn.cribl.io/dl/scope/1.3.1/linux/x86_64/scope
• ARM: https://cdn.cribl.io/dl/scope/1.3.1/linux/aarch64/scope

Security Fixes

Update dependencies to resolve security concerns about vulnerabilities CVE-2022-41721, CVE-2022-41723, CVE-2022-41717 that were resolved in recent Go library updates.

Release 1.3.0

Minor Release

Assets are available attached to the release here and via Docker and the Cribl CDN at the links below.

• Docker: cribl/scope:1.3.0
• x86: https://cdn.cribl.io/dl/scope/1.3.0/linux/x86_64/scope
• ARM: https://cdn.cribl.io/dl/scope/1.3.0/linux/aarch64/scope

New Features and Improvements

AppScope 1.3.0 introduces features that support analyzing crashes, obtaining snapshots of processes, troubleshooting transports, and dynamically managing configs. Meanwhile, AppScope's architecture, connection and payload handling, container-awareness and CLI are all improved.

AppScope 1.3.0 introduces support for:

• Instrumenting Go executables on ARM.
• Scoping apps running in LXC and LXD containers.

The Crash Analysis and Snapshot Features

Whenever a scoped app crashes, AppScope can obtain a core dump, a backtrace (i.e., stack trace), or both, while capturing supplemental information in text files.

AppScope can generate a snapshot file containing debug information about processes that are running normally or crashing, unscoped or scoped.

Troubleshooting Transports and Dynamically Managing Configs

AppScope now uses inter-process communication (IPC) to interact with processes in new ways. These include determining whether the process is scoped or not. If the process is scoped, AppScope can:

• Determine the status of the transport AppScope is trying to use to convey events and metrics to a destination. This helps troubleshoot "Why am I getting no events or metrics?" scenarios.
• Retrieve or dynamically update (modify) the AppScope config currently in effect.

Improved Handling of Connections

AppScope now uses a backoff algorithm for connections to avoid creating excessive network traffic and log entries. When a remote destination that AppScope tries to connect to rejects the connection or is not available, AppScope retries the connection at a progressively slower rate.

Improved Handling of Payloads

When the payloads feature is enabled, setting SCOPE_PAYLOAD_TO_DISK to true now guarantees that AppScope will write payloads to the local directory specified in SCOPE_PAYLOAD_DIR.

Simplified Architecture

The ldscope utility no longer exists, and you can use CLI commands instead; ldscope.log has been renamed as libscope.log.

CLI Improvements

The AppScope CLI is enhanced in the following ways:

• scope start can now attach to processes running in rootless and nested containers.
• scope detach, when run with the new --all flag, detaches from all processes at once.
• scope stop, a new command, runs scope detach --all, removes the filter file from the system, and removes scope from service configurations. This undoes the effects of the scope attach, scope start, and/or scope service commands.
• scope snapshot obtains debug information about a running or crashing process, regardless of whether or not the process is scoped.
• scope --passthrough replaces scope run --passthrough.

Three commands use IPC, which is new in AppScope 1.3.0. scope inspect and scope update are completely new, while scope ps has new capabilities thanks to IPC.

• scope inspect retrieves the AppScope config currently in effect and determines the status of the transport AppScope is trying to use.
• scope update modifies the current AppScope config.
• scope ps now determines whether the processes it lists are scoped or not.

Fixes

• #1328 Scoping Terraform – e.g., scope terraform plan – no longer causes Terraform to crash.
• #1310 Follow mode – i.e., running scope events -f to see the scoped app's events scrolling – works correctly again, fixing a regression in recent versions of AppScope.
• #1293 AppScope no longer causes Redis to crash when Redis (running as a service, and scoped) receives a GET or SET command.
• #1252 AppScope no longer uses the UPX executable file compressor, avoiding scenarios where some Java applications crashed when scoped.
• #1153 The scope ps command no longer erroneously reports that a process is scoped even after scope detach has been run for that process.

Pre-Release 1.3.0-rc2

Minor Release

Assets are available attached to the release here and via Docker and the Cribl CDN at the links below.

• Docker: cribl/scope:1.3.0-rc2
• x86: https://cdn.cribl.io/dl/scope/1.3.0-rc2/linux/x86_64/scope
• ARM: https://cdn.cribl.io/dl/scope/1.3.0-rc2/linux/aarch64/scope

Pre-Release 1.3.0-rc1

Minor Release

Assets are available attached to the release here and via Docker and the Cribl CDN at the links below.

• Docker: cribl/scope:1.3.0-rc1
• x86: https://cdn.cribl.io/dl/scope/1.3.0-rc1/linux/x86_64/scope
• ARM: https://cdn.cribl.io/dl/scope/1.3.0-rc1/linux/aarch64/scope

Pre-Release 1.3.0-rc0

Our GitHub workflow was unable to upload Release Assets for this v1.3.0-rc0 build.
See v1.3.0-rc1 for an equivalent build, with Release Assets.