Announcing Graylog 6.2.4

This is a bug-fix release that improves Graylog’s functionality. Please read on for information on what has changed.

Download Links

Release date: 2025-06-23

• Upgrade notes
• DEB and RPM packages are available in our repositories
• Docker Compose
• Container images:
  • Graylog Open
  • Graylog Enterprise
  • Graylog Data Node
• Tarballs for manual installation:
  • Graylog Server
  • Graylog Server (bundled JVM, linux-x64)
  • Graylog Server (bundled JVM, linux-aarch64)
  • Graylog Enterprise Server
  • Graylog Enterprise Server (bundled JVM, linux-x64)
  • Graylog Enterprise Server (bundled JVM, linux-aarch64)
  • Graylog Data Node (bundled JVM, linux-x64)
  • Graylog Data Node (bundled JVM, linux-aarch64)

Graylog Server 6.2.4

Released: 2025-06-23

Added

• Add ability for to_* conversion pipeline functions to return a null default value. graylog2-server#21799 graylog2-server#22733

Fixed

• Add additional data fields for the Kinesis/Cloudwatch input. graylog2-server#22085 graylog2-server#22370
• Fix AWS CloudTrail input to support IAM temporary security credentials. graylog2-server#22086
• Improve error handling for the Kinesis/Cloudwatch input. graylog2-server#22137 graylog2-server#22370
• Allow the Kinesis/Cloudwatch input to be created for empty Kinesis streams. graylog2-server#22138 graylog2-server#22370
• Allow the source field to be overridden for the Kinesis/Cloudwatch input. graylog2-server#22140 graylog2-server#22370 graylog2-server#22887
• Fix node link in message details of message table widget on search page graylog2-server#22431 graylog2-server#22852
• Fix updating rulebuilder based rule failing error. graylog2-server#22551 graylog2-server#22723
• Fixed using certain conditions and actions in the rule builder after inital setup of Graylog without restart. graylog2-server#20793 graylog2-server#22645 graylog2-server#22674

Security

• Fix permission check for creating a new API-token. “CVE submitted, awaiting publication of GHSA-3m86-c9x3-vwm9”

Graylog Enterprise 6.2.4

Released: 2025-06-23

Fixed

• Fixed issue preventing the ability to edit a shared Event Notification from the Security Events view. graylog-plugin-enterprise#10929 graylog-plugin-enterprise#10975
• Fixed inconsistencies between front and backend Asset validation leading to errors for API created Assets. graylog-plugin-enterprise#10960 graylog-plugin-enterprise#11015
• Removed new Event Definition buttons on security pages for users without create permissions graylog-plugin-enterprise#10967 graylog-plugin-enterprise#11008
• Fixed errors when viewing Detection Chain details for a security Event when the source Sigma Rule was no longer present. graylog-plugin-enterprise#10993

Please report bugs and any other issues in our GitHub issue tracker. Thank you!