This is the third beta for the upcoming release of Graylog v5.0. Please read on for detailed descriptions of everything that is included.
-
Download Links
- Docker image
- DEB and RPM packages are available in our repositories
- Docker Compose
- Tarballs (manual installation):
GRAYLOG FORWARDER
- Tarball (manual installation):
- OS Packages
- Docker image:
- Docker Hub
- docker pull graylog/graylog-forwarder:5.0-beta.1-1
Please report bugs and any other issues in our GitHub issue tracker. Thank you!
GRAYLOG OPERATIONS & PLATFORM 5.0 BETA.3
Released: 2022-11-09
Changed
- Created default Pipeline Manager role graylog2-server#13251
- Set keepalive for all sockets used in HTTP notifications graylog2-server#13736
Fixed
- Limited the number of unknown field validation messages graylog2-server#13923
- Allowed masking sensitive, non-password fields in input configurations graylog2-server#13873
- Pipeline rule description was not saved when creating rules with source graylog2-server#13820
- Fixed beats hostname field parsing for newer beats versions graylog2-server#13254
- “Pause Stream” button was not disabled for default streams. graylog2-server#13575
- Disallowed exporting non-exportable Event Definitions in Content Packs graylog2-server#13878
- Hid rollup checkbox when groupings are deleted. graylog2-server#13547
- “Always matches” stream rule still matches after being “inverted” graylog2-server#13819
Security Issues
- Bumped netty to 4.1.84 and tcnative to 2.0.54, fixing various CVEs graylog2-server#13879
- CVE-2021-21409 – request smuggling
- CVE-2021-37136 – Bzip2Decoder doesn’t allow setting size restrictions for decompressed data
- CVE-2021-37137 – SnappyFrameDecoder doesn’t restrict chunk length any may buffer skippable chunks in an unnecessary way
- CVE-2021-21409 – Validate Content-Length header in HTTP/2 decoder
- CVE-2021-43797 – HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling
Let us know what you’d like to have included in our GitHub issue tracker.
