Logstash 7.16.1 Release Notesedit

Security updateedit

Logstash response to Apache Log4j2 vulnerabilityedit

A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j2 utility was disclosed publicly through the project’s GitHub on December 9, 2021. The vulnerability impacts Apache Log4j2 versions 2.0 to 2.14.1.

In Logstash, we responded by bumping the log4j version to 2.15.0 in #13496 to bypass the vulnerability.

Update to Logstash version 6.8.21 or 7.16.1 to get this fix.

See our related security announcement for additional information.

Known issueedit

Release 7.16.1 includes filter versions that will not run on JDK 8. This issue is fixed in the latest versions:

You can update these plugins as usual:

bin/logstash-plugin update logstash-filter-date
bin/logstash-plugin update logstash-filter-geoip

Clear the JAVA_HOME and LS_JAVA_HOME environment variables to run Logstash with the bundled JDK (currently JDK 11). This approach is recommended and can help you avoid version incompatibilities.

Performance improvements and notable issues fixededit

  • Fixed an issue that would prevent Logstash from starting if a deprecated setting, such as http.enabled, was configured. #13484

Updates to dependencies

  • Updated Log4j to 2.15.0 #13496

Pluginsedit

Avro Codec - 3.3.1

  • Pin avro gem to 1.10.x, as 1.11+ requires ruby 2.6+ #37

Date Filter - 3.1.11

  • Update Log4j dependencies to 2.15.0 #142
  • Internal: upgrade packaging tooling to Gradle 7 so that plugin can be packaged on modern Java releases #140
  • Internal: refined spec and unit test assertions to account for changes in how timestamps are serialised in Logstash 8. #141
  • Build against JRuby 9k #116

Dissect Filter - 1.2.2

  • Update Log4j dependencies to 2.15.0 #80
  • Fix: update to Gradle 7 #78

Geoip Filter - 7.2.6

  • Update Log4J dependencies to 2.15.0 #196
  • Added preview of ECS-v8 support with existing ECS-v1 implementation #193
  • Fix: update to Gradle 7 #191
  • [DOC] Clarify CC licensed database indefinite use condition and air-gapped environment #192

Grok Filter - 4.4.1

  • Added preview of ECS v8 support using existing ECS v1 implementation #175

Mutate Filter - 3.5.6

  • [DOC] Added info on maintaining precision between Ruby float and Elasticsearch float #158
  • Fix: removed code and documentation for already removed remove option. #161

Syslog_pri Filter - 3.1.1

  • Added preview of ECS-v8 support with existing ECS-v1 implementation #10

Useragent Filter - 3.3.2

  • Added preview of ECS-v8 support with existing ECS-v1 implementation #76
  • Internal: update to Gradle 7 #75

Xml Filter - 4.1.3

  • [DOC] Updated URL for current xsl reference docs #70
  • [DOC] Added info about non valid characters #72

Azure_event_hubs Input - 1.4.1

  • Update Log4j dependencies to 2.15.0 #71
  • Fixed Gradle’s script to use Gradle 7 #69

Beats Input - 6.2.3

  • Updated Log4j dependency to 2.15.0 #436
  • Fix: update to Gradle 7 #432
  • [DOC] Edit documentation for executor_threads #435

Dead_letter_queue Input - 1.1.6

  • Update dependencies for log4j and jackson #30

Http Input - 3.4.3

  • Update Log4j dependency to 2.15.0 #147
  • Fix: update to Gradle 7 #145

Tcp Input - 6.2.3

  • Update Log4j dependencies to 2.15.0 #186
  • Internal: update to Gradle 7 #184
  • Internal: relax jruby-openssl upper bound #185

Jdbc Integration - 5.1.8

  • Fix the blocking pipeline reload and shutdown when connectivity issues happen #85
  • Normalize jdbc_driver_class loading to support any top-level java packages #86

Kafka Integration - 10.8.2

  • [DOC] Updates description of enable_auto_commit=false to clarify that the commit happens after data is fetched AND written to the queue #90
  • Fix: update to Gradle 7 #104
  • [DOC] Clarify Kafka client does not support proxy #103

Validator_support Mixin - 1.0.2

  • Fix: '' value behavior in field_reference validator #2
  • Introduce plugin parameter validation adapters, including initial backport for :field_reference validator.

Elasticsearch Output - 11.2.3

  • Downgrade ECS templates, pinning to v1.10.0 of upstream; fixes an issue where ECS templates cannot be installed in Elasticsearch 6.x or 7.1-7.2, since the generated templates include fields of type: flattened that was introduced in Elasticsearch 7.3
  • Update ECS templates from upstream; ecs_compatiblity => v1 now resolves to templates for ECS v1.12.1 #1027

Sns Output - 4.0.8

  • Feat: handle host object as subject (due ECS) #22