Today we are officially releasing Graylog v3.2.5.
This release is a bug fix release improving the functionality of Graylog. Please read on for detailed descriptions of each bug fix.
Many thanks to our community for reporting issues and contributing fixes!
DOWNLOAD LINKS
- Docker image
- DEB and RPM packages are available in our repositories
- OVA / Appliance
- Tarballs (manual installation):
– Graylog Enterprise Integrations
Please report bugs and any other issues in our GitHub issue tracker. Thank you!
UPDATE: SECURITY FIXES
Graylog v3. fixes XSS vulnerabilities and issues in the AWS plugins. We strongly recommend that all Graylog users upgrade regardless of the Graylog version you are running on.
XSS ISSUES
Two XSS issues were discovered in the content packs module and the hyperlink string decorator by Juha Laaksonen, Cyber Security Specialist at Solita. A big thanks to Juha for alerting us about these issues.
AWS PLUGIN SECRET KEY LEAK
Mika Kulmala, Cyber Security Specialist at Solita, reported a leak of the AWS secret key in certain (authenticated) Graylog REST API calls. Graylog is no longer revealing the AWS secret key in REST API responses. A big thanks to Mika for alerting us about this issue.
GRAYLOG ENTERPRISE 3.2.5
No changes since v3.2.4.
GRAYLOG 3.2.5
CORE
Added
- Add minimal support for Beats 7.x to the beats input. Graylog2/graylog2-server#6501 Graylog2/graylog2-server#7894
- Show system notification when disk in Elasticsearch fills up. Graylog2/graylog2-server#7899 (Thanks @radykal-com)
Changed
- Enforce unix newlines in the sidecar collector configuration file editor. Graylog2/graylog2-server#7889 Graylog2/collector-sidecar#389 Graylog2/graylog2-server#7975
- Mask passwords in input configuration returned from the /system/inputstates endpoint. Graylog2/graylog2-server#8037
- Sanitize URLs in content packs. Graylog2/graylog2-server#8072 Graylog2/graylog2-server#8104
- Sanitize URls in “Hyperlink String” decorator. Graylog2/graylog2-server#8150
Fixed
- Fix UI issues in sidecar configuration. Graylog2/graylog2-server#7406 Graylog2/graylog2-server#7754
- Fix dashboard migration issues. Graylog2/graylog2-server#7732 Graylog2/graylog2-server#7749 Graylog2/graylog2-server#7840
- Fix message list sorting option. Graylog2/graylog2-server#7758 Graylog2/graylog2-server#7763
- Fix compatibility issue with Safari and the aggregation configuration. Graylog2/graylog2-server#7806 Graylog2/graylog2-server#7815
- Fix pipeline stage parsing endpoint. Graylog2/graylog2-server#7322 Graylog2/graylog2-server#7830
