Product release

Logstash 2.3.1 and 2.2.4 Released

Hot on the heels of 2.3.0 and 2.2.3, we’ve released Logstash 2.3.1 and Logstash 2.2.4 which contain important compatibility and security updates. We highly recommend that all users upgrade to either version immediately. You can read the detailed release notes here, or jump directly to our downloads page if you can't wait to test drive this release! Additionally, we've released an update to the 2.2.x series, with a bunch of important bugs packaged in 2.2.4. You can read the changelog for 2.2.4 here.

Regression in Regex handling in JRuby

The upgraded version of JRuby we included in 2.3.0 contained an important fix for Windows users, but introduced a dangerous thread safety bug for regular expressions used within Logstash.

Environment Variable Support Now Deactivated By Default

We are very excited to have introduced support for environment variables in configuration files in Logstash 2.3.0! However, we didn’t anticipate that some existing configs would be incompatible with this change. The environment variable support we added treats $ or ${ characters as part of our new variable syntax. This creates problems for people using the characters for other purposes, such as in password values. As such, we have disabled environment variable interpolation by default in 2.3.1 to make the upgrade path easier. You can enable it in 2.3.1 with the --allow-env flag on the CLI. In addition, we have removed support for $VAR environment variables completely. Only the ${VAR} syntax will be supported going forward as it minimizes the potential for conflicts. This change was completed in #4963

Fixed Broken Conditionals

Logstash 2.3.0 includes our new dynamic reloading feature. A change to the pipeline internals required by this feature caused conditionals (anywhere an if was used in a config) to not work correctly. This was fixed in #4970. Logstash versions prior to 2.3.0 were not affected by this bug.

Reverting the new Java Event In Logstash 2.3.1

The new pure Java implementation of the Event class Logstash 2.3.1 is lightning fast, but unfortunately not as compatible as we’d have liked for a minor release. In particular, it could cause problems with some custom Ruby filter scripts and custom plugins from the community. We take our commitment to compatibility, and versioning semantics, seriously. Though we have reverted to the prior Ruby Event implementation, the Java version remains the correct technical direction and we will most likely be reintroducing it in Logstash 5.0 if not sooner. If any breaking changes need to be made, we will ensure these changes are communicated as clearly and broadly as possible.

Passwords Printed in Log Files under Some Conditions

It was discovered that, in Logstash 2.1.0+, log messages generated by a stalled pipeline during shutdown will print plaintext contents of password fields. While investigating this issue we also discovered that debug logging has included this data for quite some time. Our latest releases fix both leaks. You will want to scrub old log files if this is of particular concern to you. This was fixed in issue #4965

Fixed Config Test Flag in Logstash 2.3.0

The Logstash 2.3.0 release inadvertently broke the --config-test option, this has been fixed in Logstash 2.3.1. This was fixed in issue #4933

Other Issues

The accounting of issues fixed in the Logstash 2.3.1 / 2.2.4 release is tracked on issue #4981.


We are super excited for this release of Logstash and look forward to your feedback. You can reach us at our forum, open issues in our GitHub repo, or tweet at us (@elastic).

Happy 'stashing!