Announcing Graylog 6.3.0-beta.5

Release date: 2025-06-10

• Upgrade notes
• DEB and RPM packages are available in our repositories
• Docker Compose
• Container images:
  • Graylog Open
  • Graylog Enterprise
  • Graylog Data Node
• Tarballs for manual installation:
  • Graylog Server
  • Graylog Server (bundled JVM, linux-x64)
  • Graylog Server (bundled JVM, linux-aarch64)
  • Graylog Enterprise Server
  • Graylog Enterprise Server (bundled JVM, linux-x64)
  • Graylog Enterprise Server (bundled JVM, linux-aarch64)
  • Graylog Data Node (bundled JVM, linux-x64)
  • Graylog Data Node (bundled JVM, linux-aarch64)

 

Graylog 6.3.0-beta.5

Released: 2025-06-10

Added

• Update system generated routing when corresponding stream is renamed or deleted. graylog2-server#22131 graylog2-server#22766
• Geo-IP files can now be downloaded from google-cloud-storage. graylog2-server#22191 graylog2-server#22305
• Added remove_string_fields_by_value pipeline rule. graylog2-server#22200 graylog2-server#22205
• Add support for date formatting in JMTE templates for custom notification bodies. graylog2-server#22296 graylog2-server#22632
• Added ignoreExtraCsvValues parameter for the csv_to_map pipeline function. graylog2-server#22522 graylog2-server#22649
• Add system notification if heap size for data node is potentially too small. graylog-plugin-enterprise#6641 graylog2-server#20168
• Added datanode sniffer to opensearch clients where applicable graylog2-server#22155
• Make elastic/opensearch hosts from rest client accessible in server. graylog2-server#22185
• Added support for Google Cloud Storage repository configuration in data node graylog2-server#22282
• Adds a permission to restrict creation of specified input types. graylog-plugin-enterprise#10477 graylog2-server#22468
• Round axis values on widget charts. graylog-plugin-enterprise#8898 graylog2-server#22470
• During content pack installations, entity permissions are checked before entity creation. Example: For installation of a content pack containing a stream, the user installing the content pack must have streams:create graylog-plugin-enterprise#10479 graylog2-server#22570
• Adding frontend error reporting through telemetry, requiring opt-in. graylog2-server#22616
• Added node_name to data node certificate SAN. graylog2-server#22598 graylog2-server#22656
• Added new pipeline function hex_to_decimal_byte_list to convert a hexadecimal string to an array of decimal values. graylog-plugin-enterprise#10181 graylog2-server#22786

Changed

• Adds a configurable grace period static_leader_timeout for missing leader notification in static mode. graylog2-server#20672 graylog2-server#22773
• Changed default AdaptiveCard schema version to 1.5 from 1.6 in Microsoft Teams Notification v2 template. graylog2-server#22571

Fixed

• Display error in message list widget when page exceeds search cluster result limit. graylog2-server#18947 graylog2-server#20644 graylog2-server#22311
• Add additional data fields for the Kinesis/Cloudwatch input. graylog2-server#22085 graylog2-server#22370
• Force all requests of search job executions to be routed to the same shards for consistency. graylog2-server#22107 graylog2-server#22340
• Improve error handling for the Kinesis/Cloudwatch input. graylog2-server#22137 graylog2-server#22370
• Allow the Kinesis/Cloudwatch input to be created for empty Kinesis streams. graylog2-server#22138 graylog2-server#22370
• Allow the source field to be overridden for the Kinesis/Cloudwatch input. graylog2-server#22140 graylog2-server#22370
• Make deprecated pipeline rule warnings less noisy and more actionable. graylog2-server#22168 graylog2-server#22558
• Fix search validation. No warning when asterisk used in field names. graylog2-server#22373 graylog2-server#22824
• Fix location of native_lib directory in data node distribution packages. graylog2-server#22544 graylog2-server#22791
• Fix updating rulebuilder based rule failing error. graylog2-server#22551 graylog2-server#22723
• Fixing Alerts & Events histogram on Elasticsearch 7. graylog2-server#22618 graylog2-server#22622
• Handle timestamp parsing for Netscaler WAF logs. graylog-plugin-enterprise#8844
• Fix sorting in events overview widget based on timestamp field. graylog-plugin-enterprise#8488 graylog2-server#22221
• Add permission check if a user is allowed to save searches. graylog-plugin-enterprise#10359 graylog2-server#22322
• Fixed erroneously adding fields to group_by on event replay function. graylog2-server#19862 graylog2-server#22343
• Fixed error in number of items calculation needed for paging favorites on the welcome page. graylog-plugin-enterprise#10436 graylog2-server#22397
• Adding correct handling for streams filter in legacy searches. graylog2-server#21836 graylog2-server#22409
• Add missing column names on tabular export of widgets (CSV etc.) graylog2-server#22074 graylog2-server#22426
• Revert AWS SDK to version 2.29.52 to fix compatibility with S3-compatible services. graylog-plugin-enterprise#10504 graylog2-server#22450
• Fix pipeline details page loading issue. graylog2-server#22018 graylog2-server#22455
• Alerts & Events page now filters only on the event streams that the user is allowed to see. graylog2-server#22488
• Use provided password to encrypt private key in client certificate downloads in data node graylog-plugin-enterprise#10598 graylog2-server#22518
• When inlining a global search filter, add a newly created ID graylog-plugin-enterprise#9719 graylog2-server#22531
• Fix datanode upgrade list sorting, add server version warning graylog-plugin-enterprise#10529 graylog-plugin-enterprise#10530 graylog2-server#22533
• Prevent leaking OPENSEARCH_JAVA_HOME to opensearch in data node, always use bundled JDK graylog2-server#22534
• Fix event definition creation error for users without stream read permissions. graylog2-server#20412 graylog2-server#22585
• Fixed using certain conditions and actions in the rule builder after inital setup of Graylog without restart. graylog2-server#20793 graylog2-server#22645
• Fix issue with message journal recovery on server shutdown. graylog2-server#22715
• Show public notifications according to their visibility (login/global). graylog-plugin-enterprise#10748 graylog2-server#22738
• Return error instead of warning during query validation if a used parameter has no value set. graylog-plugin-enterprise#10868 graylog2-server#22756
• Avoid permissions error during filter preview if user has no access to any streams. graylog-plugin-enterprise#10869 graylog2-server#22771
• Fixes links into the security app for Last Opened and Favourites by adding a pluggable Entity Permission Mapper to resolve mappings in the enterprise modules. graylog-plugin-enterprise#10894 graylog2-server#22776
• Turn permission error into validation error for empty streams in event definition. graylog-plugin-enterprise#10869 graylog2-server#22778
• Fix NullPointerException in JsonMappingExceptionMapper. graylog2-server#22819

 

Graylog Enterprise 6.3.0-beta.5

Released: 2025-06-10

Added

• Add Google Cloud Storage support to Data Lake graylog-plugin-enterprise#10242 graylog-plugin-enterprise#10366
• Add ability to add all events from a Detection Chain as evidence to an investigation. graylog-plugin-enterprise#10288 graylog-plugin-enterprise#10441 graylog-plugin-enterprise#10569
• Added select all to the list of security events in asset details drawer graylog-plugin-enterprise#10805 graylog-plugin-enterprise#10969
• Added new Event Procedures. graylog-plugin-enterprise#8625 graylog-plugin-enterprise#9163 graylog-plugin-enterprise#9164 graylog-plugin-enterprise#9165 graylog-plugin-enterprise#9166 graylog-plugin-enterprise#9169 graylog-plugin-enterprise#10289 graylog-plugin-enterprise#10507 graylog-plugin-enterprise#10810 graylog-plugin-enterprise#10880 graylog-plugin-enterprise#10984 graylog-plugin-enterprise#8825 graylog-plugin-enterprise#9324 graylog-plugin-enterprise#9375 graylog2-server#21108 graylog-plugin-enterprise#9694 graylog-plugin-enterprise#10354 graylog-plugin-enterprise#10443 graylog-plugin-enterprise#10492 graylog-plugin-enterprise#10533 graylog2-server#22469 graylog2-server#22535 graylog-plugin-enterprise#10640 graylog2-server#22297 graylog2-server#22510 graylog2-server#22510 graylog2-server#22510 graylog2-server#22510 graylog2-server#22589 graylog-plugin-enterprise#10703 graylog2-server#22572 graylog-plugin-enterprise#10682 graylog2-server#22568 graylog-plugin-enterprise#10618 graylog-plugin-enterprise#10774 graylog-plugin-enterprise#10848 graylog-plugin-enterprise#10921 graylog2-server#22730 graylog-plugin-enterprise#10953 graylog-plugin-enterprise#10948 graylog2-server#22761 graylog-plugin-enterprise#10995
• Add possibility to create Google Cloud Storage Warm Tier repositories graylog-plugin-enterprise#10210 graylog-plugin-enterprise#10334 graylog-plugin-enterprise#10290
• Added built-in Admin and Reader roles for Illuminate. graylog-plugin-enterprise#10422
• Add possibility to create Google Cloud Storage archiving backend graylog-plugin-enterprise#10243 graylog-plugin-enterprise#10426
• Added new Mimecast (v2.0 API) input, and deprecated Mimecast (v1.0 API) input. graylog-plugin-enterprise#10585 graylog-plugin-enterprise#10724
• Adding the sharing button for reports. graylog-plugin-enterprise#10567 graylog-plugin-enterprise#10468 graylog-plugin-enterprise#10627
• Improve ability to extract OIDC user info from multiple sources. In particular, this resolves a limitation with Entra team sync. support#221 graylog-plugin-enterprise#10650
• Add a report configuration view for read permissions. graylog-plugin-enterprise#10750
• Add SAML authentication service. graylog-plugin-enterprise#9988

Changed

• Modified Sigma rule visibility to be controlled by entity sharing model. graylog-plugin-enterprise#10898 graylog-plugin-enterprise#10427 graylog-plugin-enterprise#10926
• Changed permission needed to see Enterprise > Illuminate page from Admin (’*’) to illuminate_bundle_management:read. graylog-plugin-enterprise#10419
• Data Tiering: Improve informational copy on Warm Tier setup. graylog2-server#22615 graylog-plugin-enterprise#10859
• Removed event_definitions:read permission from Security Admin, Security Events Manager, Security Events Reader, and Security Reader roles. graylog-plugin-enterprise#10978

Fixed

• Fixed incomplete audit entries for customization actions. graylog-plugin-enterprise#6621 graylog-plugin-enterprise#10117 graylog-plugin-enterprise#10761
• Fixed loss of sharing of Illuminate entities on Illuminate updates. graylog-plugin-enterprise#10161 graylog-plugin-enterprise#10658 graylog2-server#22546
• Fixed error when testing connections for existing asset sources. graylog-plugin-enterprise#10265 graylog-plugin-enterprise#10417
• Deletion of unused Data Lake backends is now working as expected. Check validation logic for Data Lake backend configuration during creation graylog-plugin-enterprise#10355 graylog-plugin-enterprise#10462
• Fixed issue when opening message details in the LogView widget where the wrong request was run for duplicated messages that came from the same input but different index sets or streams. graylog-plugin-enterprise#10357 graylog-plugin-enterprise#10361
• Fixed Overlaped text when print Threat Coverage widget. graylog-plugin-enterprise#10379 graylog-plugin-enterprise#10539
• Fixed Markdown preview displaying underneath Security Events Drawer. graylog-plugin-enterprise#10428 graylog-plugin-enterprise#10511
• Fixed issue preventing Detection Chain info from being displayed for some Security Events. graylog-plugin-enterprise#10433 graylog-plugin-enterprise#10437
• Fixed AWS S3 input restart handling and CPU utilization issues. graylog-plugin-enterprise#10496 graylog-plugin-enterprise#10499 graylog-plugin-enterprise#10534
• Improve wording for the Import Assets confirmation dialog. graylog-plugin-enterprise#10565
• Added GRN permissions check to Security Events – Definitions view graylog-plugin-enterprise#10717 graylog-plugin-enterprise#10734 graylog-plugin-enterprise#10919
• Corrected permission for managing vulnerability scanners from assets:edit to asset:manage_vulnerability_scanners. graylog-plugin-enterprise#10723 graylog-plugin-enterprise#10728
• Illuminate customization edit modal does not close with X button graylog-plugin-enterprise#10783 graylog-plugin-enterprise#10980
• Sort asset list by risk score on security welcome page. graylog-plugin-enterprise#10804 graylog-plugin-enterprise#10826
• Changes the event procedure details view to be a drawer graylog-plugin-enterprise#10813 graylog-plugin-enterprise#10996
• Fixing header badge form to have consistent dirty state. graylog-plugin-enterprise#10821 graylog-plugin-enterprise#10933
• Fix null error when exporting Create Investigation notification in content pack. graylog-plugin-enterprise#10896 graylog-plugin-enterprise#10938
• Fixed licensed Illuminate packs incorrectly being available for install without the necessary license. graylog-plugin-enterprise#10899 graylog-plugin-enterprise#10920
• Fixed permissions issue preventing some users from creating Correlation Event Definitions. graylog-plugin-enterprise#10904 graylog-plugin-enterprise#10994
• Fixed issue preventing the ability to edit a shared Event Notification from the Security Events view. graylog-plugin-enterprise#10929 graylog-plugin-enterprise#10975
• Dismissing notification closes it immediately. graylog-plugin-enterprise#8780 graylog-plugin-enterprise#10606
• Re-introduce create permission check on reports. Adding a report creator role. Allows users that are not supposed to create reports, which is a change to the previous version. graylog-plugin-enterprise#10341 graylog-plugin-enterprise#20344
• Fixed error when importing Microsoft Defender Vulnerabilities where a single machine missing a hostname would cause the vulnerability batch to fail to import. graylog-plugin-enterprise#10465
• Fixed permissions on Sigma Rules page to allow correct functionality to users with sigma_rules:edit. graylog-plugin-enterprise#10470
• Fixed empty error message on failed Microsoft Graph credential checks. graylog-plugin-enterprise#10704
• Fixed intermittent leader node error when downloading Sigma rule. graylog-plugin-enterprise#10695 graylog-plugin-enterprise#10751
• Fix forwarder filter tab. graylog-plugin-enterprise#10645 graylog-plugin-enterprise#6875 graylog-plugin-enterprise#10817
• Fixed errors when viewing Detection Chain details for a security Event when the source Sigma Rule was no longer present. graylog-plugin-enterprise#10993

 

Please report bugs and any other issues in our GitHub issue tracker. Thank you!