Logstash 8.5.1 Release Notes

Logstash 8.5.1 Release Notes

Notable issues fixed

  • Fixes the reporting of configuration errors when using multiple-pipelines to make them more actionable #14713

Updates to dependencies

  • The bundled JDK has been updated to 17.0.5+8 #14728

Plugins

Cef Codec - 6.2.6

  • Fix: when decoding, escaped newlines and carriage returns in extension values are now correctly decoded into literal newlines and carriage returns respectively #98
  • Fix: when decoding, non-CEF payloads are identified and intercepted to prevent data-loss and corruption. They now cause a descriptive log message to be emitted, and are emitted as their own _cefparsefailure-tagged event containing the original bytes in its message field #99
  • Fix: when decoding while configured with a delimiter, flushing this codec now correctly consumes the remainder of its internal buffer. This resolves an issue where bytes that are written without a trailing delimiter could be lost #100

Json Codec - 3.1.1

  • Fix: when decoded JSON includes an [event][original] field, having ecs_compatibility enabled will no longer overwrite the decoded field #43

Grok Filter - 4.4.3

  • Minor typos in docs examples #176

Tcp Input - 6.3.1

  • Fixes a regression in which the ssl_subject was missing for SSL-secured connections in server mode #199

Unix Input - 3.1.2

  • Fix: eliminate high CPU usage when data timeout is disabled and no data is available on the socket #30

Rabbitmq Integration - 7.3.1

  • DOCS: clarify the availability and cost of using the metadata_enabled option #52

Elasticsearch Output - 11.9.3

  • DOC: clarify that http_compression option only affects requests; compressed responses have always been read independent of this setting #1030
  • Fix broken link to Logstash Reference #1085
  • Fixes a possible infinite-retry-loop that could occur when this plugin is configured with an action whose value contains a sprintf-style placeholder that fails to be resolved for an individual event. Events in this state are routed to the pipeline’s dead letter queue (DLQ) if the DLQ is enabled. Otherwise, these events are logged-and-dropped so that the remaining events in the batch can be processed. #1080