We are announcing the release of Logstash 1.5.3 and 1.4.4. In addition to fixing defects, these releases address important security vulnerabilities. Our recommendation is to upgrade immediately if you are using either of the following plugins:
- Lumberjack Input with Logstash Forwarder agent
- Elasticsearch Output with
Lumberjack Input Security Vulnerability
Logstash 1.5.2 and prior versions are vulnerable to a SSL/TLS security issue called the FREAK attack. If you are using the Lumberjack input, FREAK allows an attacker to successfully implement a man in the middle attack, intercepting communication between the Logstash Forwarder agent and Logstash server. Both 1.5.3 and 1.4.4 release include a patch which resolves this issue.
Logstash 1.5.2 and prior versions were packaged with Elasticsearch releases which are vulnerable to Remote code execution vulnerability (CVE-2015-5377) and Directory traversal vulnerability (CVE-2015-5531). These binaries are used in Elasticsearch output specifically when using the
transport protocol. Both 1.5.3 and 1.4.4 are packaged with Elasticsearch version 1.7.0 which has been released to address these vulnerabilities.
Note that users of
http protocol are not vulnerable to these attacks.
Below we highlight some bug fixes and enhancements in this release. For a full list, please check the changelog
Restored the command line option
bin/logstash script. Since plugins are separated as individual entities, we provide tooling to install them when packaged as a ruby gem. Alternatively, developers working on custom plugins can use the
--pluginpath option to load ruby source files into Logstash (#3580).
For debian and rpm packages added ability to force stop Logstash running as a service. When the environment variable
KILL_ON_STOP_TIMEOUT=1 is set, the Logstash process not stopped within a reasonable time will be forced to shutdown. Please be aware that you could lose in-flight messages if you force stop Logstash (#3578). To provide more feedback during shutdown, we now log a periodic report of in-flight events being processed (#3484).
Added the ability for the Elasticsearch output to configure a client side certificate while communicating with a secure Elasticsearch cluster. With this enhancement, Logstash can take advantage of the new cert-based authentication feature available in Elastic Shield 1.3 (#170)
Logstash can now ship logs to Elasticsearch using a forwarding proxy. This enhancement can be enabled in the Elasticsearch output when using the
http protocol (#199)