Logstash 8.3.0 Release Notes

Known issue

An event serialization bug was discovered, which causes an issue when trying to read dead letter or persistent queues created in previous versions of Logstash.

We recommend not upgrading to Logstash 8.3.0 if you are using dead letter or persistent queues.

New features and enhancements

  • Logstash is more efficient at fetching pipelines as of 8.3.0. When a Logstash instance sends its pipeline IDs to Elasticsearch or central pipeline management in Kibana, it gets back only the pipeline configs that belong to that instance. These enhancements required changes to both Logstash (#14076) and Elasticsearch (#85847).

    These improvements dramatically decrease network load while also giving users the ability to control pipelines dynamically using wildcards.

  • Dead Letter Queues can now be configured to drop older events instead of new ones when they’re full. The setting "dead_letter_queue.storage_policy" has been introduced for this purpose, and new metrics - such as a counter for dropped events - are now exposed in the API to better monitor the DLQ behavior. #13923 #14058
  • To improve security of Logstash deployments, 8.3.0 brings a new setting "allow_superuser" that defaults to false. When enabled it prevents Logstash from starting as super user ("root"). This setting will be enabled by default in the future. Consider explicitly enabling it. Otherwise a deprecation log entry will be emitted. #14046 #14089
  • Continuing with the focus on security, we’ve introduced "api.auth.basic.password_policy.mode" to ensure the password used to guard Logstash’s HTTP API has a minimum set of strength requirements. By default a warning will be emitted if the defined password doesn’t meet the criteria, but in a future release the mode will be set to "ERROR". #14045 #14105 #14159
  • Elasticsearch introduced "security on by default" back in 8.0.0, with TLS enabled by default in its HTTP and transport layers. To facilitate connecting to 8.x clusters, Elasticsearch displays the fingerprint of the Certificate Authority it generates on startup. This release of Logstash introduces support for setting "ca_trusted_fingerprint" in Elasticsearch input, filter and outputs plugins. #14120
  • Technical Preview: Receiving events containing keys with characters that have special meaning to Logstash such as [ and ] (for field references) has always causes issues to data ingestion. A new setting in Technical Preview, disabled by default, called "config.field_reference.escape_style" was introduced to handle such special characters by escaping them. #14044

Notable issues fixed

  • Don’t display values of password type settings in conditionals #13997
  • Introduce a retry mechanism in pipeline-to-pipeline instead of crashing #14027
  • Add thread safety around Puma startup/shutdown #14080
  • Add value converters for java.time classes #13972
  • Correct the class reference to the MetricNotFound exception #13970
  • Fix a possible corruption of Persistent Queue during a crash of the Logstash process #14165

Updates to dependencies

  • The bundled JDK 11 has been updated to 11.0.15+10 #14031
  • Jackson and jackson-databind have been updated to 2.13.3 #13945

Plugin releases

Avro Codec - 3.4.0

  • Add encoding option to select the encoding of Avro payload, could be binary or base64 #39

Elasticsearch Filter - 3.12.0

  • Add support for ca_trusted_fingerprint when run on Logstash 8.3+ #158

Fingerprint Filter - 3.4.0

  • Add support for 128bit murmur variant #66.

Azure_event_hubs Input - 1.4.4

  • Fix: Replace use of block with lambda to fix wrong number of arguments error on jruby-9.3.4.0 #75

Beats Input - 6.4.0

  • Feat: review and deprecate ssl protocol/cipher settings #450

Elasticsearch Input - 4.14.0

  • Refactor: switch to using scheduler mixin #177
  • Add support for ca_trusted_fingerprint when run on Logstash 8.3+ #178

Http Input - 3.6.0

  • Feat: review and deprecate ssl protocol/cipher related settings #151

Jms Input - 3.2.2

  • Fix: Remove usage of java_kind_of? to allow this plugin to be supported for versions of Logstash using jruby-9.3.x #54

S3 Input - 3.8.4

  • Refactoring, reuse code to manage additional_settings from mixin-aws #237

Sqs Input - 3.3.2

  • Fix an issue that prevented timely shutdown when subscribed to an inactive queue
  • Refactoring: used logstash-mixin-aws to leverage shared code to manage additional_settings #64

Tcp Input - 6.3.0

  • Feat: ssl_supported_protocols (TLSv1.3) + ssl_cipher_suites #198

Jdbc Integration - 5.3.0

  • Refactor: start using scheduler mixin #110
  • Fix: change default path of last_run_metadata_path to be rooted in the LS data.path folder and not in $HOME #106

Kafka Integration - 10.12.0

  • bump kafka client to 2.8.1 #115
  • Feat: add connections_max_idle_ms setting for output #118

Aws Mixin - 5.1.0

  • Add support for additional_settings configuration options used by S3 and SQS input plugins #53.
  • Drop support for aws-sdk-v1

Elasticsearch Output - 11.6.0

  • Add support for ca_trusted_fingerprint when run on Logstash 8.3+ #1074
  • Feat: add ssl_supported_protocols option #1055
  • [DOC] Add v8 to supported values for ecs_compatiblity defaults #1059

S3 Output - 4.3.7

  • Refactor: avoid usage of ConcurrentHashMap (JRuby 9.3.4 work-around) #248
  • Docs: more documentation on restore + temp dir #236

Tcp Output - 6.1.0

  • Feat: add support for TLS v1.3 #47
  • Fix: close server and client sockets on plugin close