3.137.0

3.137.0 - 2025-03-26

Added

• mirrord prolicies now allow for enforcing usage of mirrord profiles.

Changed

• Moved the readonly_file_buffer configuration option from experimental to
  config.feature.fs.
  #2984
• Allow ping-pong an extra timeout period if intproxy recives other messages
  from the agent in last period.

Fixed

• Added a limit on the size of config.feature.fs.readonly_file_buffer to a maximum of 1 MB
  to avoid EIO errors.
  #3206
• Fixed a bug related to stealing IPv6 traffic (resolving original destination
  of a stolen connection).
• Fixed an issue where mirrord was preventing the local application from making
  gRPC connections to sidecar containers.
  #3212

3.136.0

3.136.0 - 2025-03-21

Added

• mirrord CLI now prints the path to the internal proxy logfile.
  #3137
• Added support for new CRD - MirrordProfile. mirrord profiles allow for
  storing mirrord config templates in the cluster and applying them to the
  mirrord config at runtime.

Fixed

• Regression in running some SIP-protected binaries with mirrord.
  #3149
• Regression in running SIP-protected binaries that have entitelements.
  #3184

3.135.0

3.135.0 - 2025-03-18

Added

• mirrord now issues a warning when the user's config allows for
  stealing health checks from the target.
  #3121

Changed

• 502 Bad Gateway responses returned by the mirrord-agent now contain the
  source error.

Fixed

• Added missing PodTemplate permissions to the ClusterRole produced by
  mirrord operator setup.
• Fixed a bug where mirrord was producing a malformed credentials file.
• Fixed a bug where mirrord was unable to target Argo Rollouts with both
  workloadRefs and selectors.

3.134.2

3.134.2 - 2025-03-06

Added

• If a stolen HTTP request matches filters of multiple users,
  the users who don't get the request are now notified with a log message.
  #3120

Changed

• Improved the mirrord_agent_http_request_in_progress_count metric.
  #3092

Fixed

• Fixed unlink and unlinkat logic for files vs. directories.
  #3094
• Fixed an bug in TCP mirroring feature.
• Fixed an error where mirrord would sometimes fail with NotImplemented error
  due to latency on agent/operator connection.
• Fixed an issue where mirrord was unable to perform an HTTP/1 upgrade over a
  local TLS connection.
• Improved remote DNS errors returned to the client application from the
  mirrord-agent.

3.134.1

3.134.1 - 2025-02-28

Fixed

• Fixed mirrord failing to load when running emulated in an x86 shell by using
  code shim in builds for arm64 and x86.
  #3052
• Fix go -> execve sip use cases, i.e air or go reloaders
  #3123
• Fixed mirrord Operator's ClusterRole generated by the mirrord operator setup command.

3.134.0

3.134.0 - 2025-02-24

Added

• Added support for stealing HTTPS requests with a filter (requires mirrord
  Operator). #2771
• Added Nix installation instructions to the README.
  #3034

Fixed

• Fixed an issue where stealing a remote port was preventing the application
  from making TCP connections with the same destination port number.
  #3006
• Fixed the order of path checks/operations in file ops handlers in the mirrord
  layer. #3095
• Fixed an issue where mirrord was sometimes unable to steal traffic from more
  than one port with an HTTP filter.

3.133.1

3.133.1 - 2025-02-19

Fixed

• Added a reconnection mechanism when using mirrord operator.
  #2901
• Fixed issues with rollout targets without a selector field present.
  #3063
• Look for the correct pid that matches the targets container_id (by searching
  /proc/pid/cgroup).
  #3076
• Prevent reading a remote directory from producing an 'unexpected response'
  error and crashing.
  #3081
• Fixed a remote DNS regression introduced when hickory-resolver and
  hickory-proto versions were bumped.
  #3098
• mirrord CLI now correctly emits logs when enabled with RUST_LOG environment
  variable. #3099

3.133.0

3.133.0 - 2025-02-17

Added

• Added an option to configure timeout for idle local HTTP connections
  (experimental.idle_local_http_connection_timeout).

Changed

• Improved the warning produced when the user specifies agent namespace for a
  targetless run.

Fixed

• Correct statfs data for Go.
  #3044
• Updated hickory-resolver and hickory-proto to 0.25.0-alpha.5 and rand
  from 0.8 to 0.9.
  #3079
• Respect ignored paths and path mapping in statfs hook.
  #3082
• Some FS libc calls could be carried out remotely instead of locally in some
  cases. #3083
• mirrord ls command now does not list unnecessary target types when called
  from a plugin/extension.
  #3086
• Fixed wrong link for ipv6 config docs.

3.132.1

3.132.1 - 2025-02-06

Fixed

• Fixed operator connect URL produced by the CLI when a target container is
  specified.

3.132.0

3.132.0 - 2025-02-06

Removed

• Removed faulty statfs hook for Go applications.

Added

• Added Kubernetes ReplicaSet as a new target type (requires mirrord Operator).

Changed

• Namespace for targetless runs is now specified with the
  target.namespace config field (or the MIRRORD_TARGET_NAMESPACE
  environment variable).
  agent.namespace field is ignored in targetless runs.