07 juillet 2016 Sorties

Logstash 2.3.4 released

Par Suyog Rao

We are pleased to announce 2.3.4, a bug fix release for Logstash. This release fixes an important security vulnerability with Elasticsearch Output, so we advice our users to read the note below and upgrade to 2.3.4. You can get this release on our downloads page, and the changelog is here.

Bugs Fixed

Prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information. Users who secure communication from Logstash to Elasticsearch via Basic Auth using Elastic Shield or other systems are advised to upgrade to this version. We have created Elastic Security Advisory ESA-2016-02 for this vulnerability and updated our security page with details.