Today we are officially releasing Graylog v3.2.5.

This release is a bug fix release improving the functionality of Graylog. Please read on for detailed descriptions of each bug fix.

Many thanks to our community for reporting issues and contributing fixes!

DOWNLOAD LINKS

– Graylog Server

– Graylog Enterprise

– Graylog Integrations

– Graylog Enterprise Integrations

 

Please report bugs and any other issues in our GitHub issue tracker. Thank you!

UPDATE: SECURITY FIXES

Graylog v3. fixes XSS vulnerabilities and issues in the AWS plugins. We strongly recommend that all Graylog users upgrade regardless of the Graylog version you are running on.

XSS ISSUES

Two XSS issues were discovered in the content packs module and the hyperlink string decorator by Juha Laaksonen, Cyber Security Specialist at Solita. A big thanks to Juha for alerting us about these issues.

AWS PLUGIN SECRET KEY LEAK

Mika Kulmala, Cyber Security Specialist at Solita, reported a leak of the AWS secret key in certain (authenticated) Graylog REST API calls. Graylog is no longer revealing the AWS secret key in REST API responses. A big thanks to Mika for alerting us about this issue.

GRAYLOG ENTERPRISE 3.2.5

No changes since v3.2.4.

GRAYLOG 3.2.5

CORE

Added

Changed

Fixed

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog blog delivered to your inbox once a month.