Announcing Graylog 6.0 Beta.2
This is a beta for the upcoming release of Graylog v6.0. Please read on for detailed descriptions of everything that is included.
Download Links
- DEB and RPM packages are available in our repositories
- Docker Compose
- Container Images
- Tarballs (manual installation):
- Graylog Server
- Graylog Server (bundled JVM, linux-x64)
- Graylog Server (bundled JVM, linux-aarch64)
- Graylog Enterprise Server
- Graylog Enterprise Server (bundled JVM, linux-x64)
- Graylog Enterprise Server (bundled JVM, linux-aarch64)
- Graylog Data Node (bundled JVM, linux-x64)
- Graylog Data Node (bundled JVM, linux-aarch64)
GRAYLOG FORWARDER
- Tarball (manual installation):
- OS Packages
- Docker image:
- Docker Hub
- docker pull graylog/graylog-forwarder:6.0-beta.1-1
Please report bugs and any other issues in our GitHub issue tracker. Thank you!
GRAYLOG ENTERPRISE 6.0 BETA.2
Released: 2024-03-19
Added
- Added pipeline function fromForwarderInput(<id>, <name>). graylog-plugin-enterprise#5198
- Added ability to bulk add categories to assets. graylog-plugin-enterprise#5988 graylog-plugin-enterprise#6255 graylog-plugin-enterprise#6271
- Introduced warm tier configuration for data tiering functionality, enabling automatic data rollover and providing the option to configure the repository where the data is stored. graylog-plugin-enterprise#6023 graylog2-server#17348 graylog-plugin-enterprise#6091
- New Security Welcome page (secuirty dashboard) graylog-plugin-enterprise#6115 graylog-plugin-enterprise#6240
- Added new Symantec SES log message input. graylog-plugin-enterprise#6223
- Displayed assets associated with evidence attached to an Investigation. graylog-plugin-enterprise#6286 graylog-plugin-enterprise#6312 graylog-plugin-enterprise#6545
- Added new Symantec EDR log message input graylog-plugin-enterprise#6371
- Fixed content pack instalation of reports with scheduling configured graylog-plugin-enterprise#6379 graylog-plugin-enterprise#6558
- New Security Investigations List view graylog-plugin-enterprise#6437 graylog-plugin-enterprise#6473
- Added associated asset categories to messages processed by the SetAssociatedAssets pipeline function graylog-plugin-enterprise#6500 graylog-plugin-enterprise#6579
- Added additional details for Okta input API errors. graylog-plugin-enterprise#6048
- Added Illuminate installation status page. graylog-plugin-enterprise#5730 graylog-plugin-enterprise#6079
- Added more detailed asset history tracking. graylog-plugin-enterprise#6041 graylog-plugin-enterprise#6172
- Added Security App metrics and Investigations metrics dashboard graylog-plugin-enterprise#6353
- Added ability to use enterprise Search Filters on Event Definitions and Sigma rules. graylog-plugin-enterprise#6367 graylog-plugin-enterprise#6475 graylog-plugin-enterprise#6552 graylog2-server#17879 graylog2-server#18029 graylog-plugin-enterprise#6572 graylog-plugin-enterprise#6664
- Added Risk Scoring for Graylog Security Events. graylog-plugin-enterprise#6481
- Added security perspective investigations details page. graylog-plugin-enterprise#6537 graylog-plugin-enterprise#6581
- Added multithreading support for Archive creation. graylog-plugin-enterprise#6273 graylog-plugin-enterprise#6602
- New UI for Events in Security graylog-plugin-enterprise#6511 graylog-plugin-enterprise#6604 graylog-plugin-enterprise#6713
- Added ability to export Sigma rules to content packs graylog-plugin-enterprise#6603 graylog-plugin-enterprise#6609
- Added investigations search type, allowing to include current investigations in searches graylog-plugin-enterprise#6632
- Added investigations widget, which displays current investigations graylog-plugin-enterprise#6640
- Aggregation-based risk calculation for events graylog-plugin-enterprise#6604
- New page for all security dashboards graylog-plugin-enterprise#6661 graylog-plugin-enterprise#6682
- Added ability to specify Remediation Steps for Anomaly Detectors, Event Definitions, and Sigma rules. graylog-plugin-enterprise#6518 graylog-plugin-enterprise#6726
- Added ability to collect Graylog Security metrics, and added dashboard for Investigations metrics. graylog-plugin-enterprise#6756
Changed
- Added warning message when enabling many Sigma rules in bulk. graylog-plugin-enterprise#1097 graylog-plugin-enterprise#6386
- Sorted Anomaly Detectors list alphabetically graylog-plugin-enterprise#3911 graylog-plugin-enterprise#6116
- Added a ‘Sigma:’ prefix to the title of Event Definitions created for Sigma rules. graylog-plugin-enterprise#5706 graylog-plugin-enterprise#6043
- Changed Anomaly Detector initialization to run sequentially instead of in parallel. graylog-plugin-enterprise#5761 graylog-plugin-enterprise#6217
- OIDC custom claims can also be passed in the ID token (not just via the userinfo endpoint). graylog-plugin-enterprise#5767 graylog-plugin-enterprise#6047
- Enabled failure processing features by default on new installations. graylog-plugin-enterprise#5895 graylog-plugin-enterprise#6124
- Changed Active Directory User Asset import mapping configurations to only allow ‘objectSid’ as the Unique ID mapping value. graylog-plugin-enterprise#6038 graylog-plugin-enterprise#6037
- Made license warning and info text generic graylog-plugin-enterprise#6052 graylog-plugin-enterprise#6056
- Adjusted field parsing for F5 BIG-IP Log Events input in preparation for Illuminate content. graylog-plugin-enterprise#6266 graylog-plugin-enterprise#6272
- Removed redundant use of the Asset word on navigation tabs graylog-plugin-enterprise#6302 graylog-plugin-enterprise#6335
- Updated Perspective Switcher style to not include the logo and a shorter title. graylog-plugin-enterprise#6303 graylog-plugin-enterprise#6340 graylog-plugin-enterprise#17752
- Updated Illuminate Event Definitions to allow adding Notifications and Notification settings. graylog-plugin-enterprise#6388 graylog2-server#17828 graylog-plugin-enterprise#6365 graylog2-server#17999
- An optional query parameter is added to licenses/status/for-subject to avoid race conditions. graylog-plugin-enterprise#6098 graylog-plugin-enterprise#6101
- Updated spacing on hub bundle list of illuminate bundles graylog-plugin-enterprise#6125
- Improved Office 365 Input error handling. graylog-plugin-enterprise-integrations#1086 graylog-plugin-enterprise#6225
- Adjusted field parsing for AWS Security Lake input in preparation for Illuminate content. graylog-plugin-enterprise#6148 graylog-plugin-enterprise#6247 graylog-plugin-enterprise#6305
- Adjusted field parsing for Office 365 input in preparation for Illuminate content. graylog-plugin-enterprise#6174 graylog-plugin-enterprise#6252
- Adjusted field parsing for Okta Log Events input in preparation for Illuminate content. graylog-plugin-enterprise#6174 graylog-plugin-enterprise#6265 graylog-plugin-enterprise#6294
- Enabled condition form in event definitions for Illuminate events graylog2-server#18130 graylog-plugin-enterprise#6542 graylog-plugin-enterprise#6546
Removed
- Removed service and vendor_event_description fields from the F5 input. graylog-plugin-enterprise#6376
Fixed
- Fixed columns selector capitalization graylog-plugin-enterprise#5898
- Eliminated archiving error notification when the affected index has been deleted. graylog-plugin-enterprise#5920 graylog-plugin-enterprise#6352
- Fixed F5 BIG-IP Log Events input verify connection issue graylog-plugin-enterprise#5923
- Fixed filtering by dates for Sigma Rules and Investigations to account for user’s timezone. graylog-plugin-enterprise#5995 graylog-plugin-enterprise#6095
- Fixed issue where assets were assigned new IDs on reimport from a source. graylog-plugin-enterprise#6028 graylog-plugin-enterprise#6039
- Only show the release notes for the selected Illuminate Bundle graylog-plugin-enterprise#6035 graylog-plugin-enterprise#6251
- Improved error message when importing assets fails in asset sources. graylog-plugin-enterprise#6068 graylog-plugin-enterprise#6162
- Fixed issue where entities shipped in Illuminate Spotlight Packs would be unnecessarily disabled when enabling a new bundle. graylog-plugin-enterprise#6090 graylog-plugin-enterprise#6094
- Made sure to update license status immediately after adding or removing security license. graylog-plugin-enterprise#6098
- Fixed issue: traffic violation email should display last day output traffic (not input traffic). graylog-plugin-enterprise#6123 graylog-plugin-enterprise#6159
- Fixed an edge case, where an index gets deleted, despite not having been completely archived. graylog-plugin-enterprise#6140 graylog-plugin-enterprise#6176
- Don’t show toast notifications when page loads or state changes to ‘Running’ graylog-plugin-enterprise#6177 graylog-plugin-enterprise#6275
- Fixed validation gap in Office 365 Inputs that allows for polling intervals less than 1 minute. graylog-plugin-enterprise#6210 graylog-plugin-enterprise#6221
- Handled missing widgets graceful when returning report widget values. graylog-plugin-enterprise#6244 graylog-plugin-enterprise#6248
- Added mitigation fix to F5 BIG-IP Log Events Input to avoid intermittent 401 Unauthorized errors. graylog-plugin-enterprise#6336 graylog-plugin-enterprise#6394
- Fixed report rendering bug where it times out if it takes longer than 30 seconds. graylog-plugin-enterprise#6395 graylog-plugin-enterprise#6387
- Added reader permissions for forwarder inputs to READER role graylog-plugin-enterprise#6628 graylog-plugin-enterprise#6668
- Fixed inability to sort by the User IDs User Assets column. graylog-plugin-enterprise#6016 graylog-plugin-enterprise#6045
- Fixed F5 BIG-IP Log Events input expired token error. graylog-plugin-enterprise#6057 graylog-plugin-enterprise#6058
- Fixed AWS Security Lake Log Events input verify connection issue graylog-plugin-enterprise#5923
- Fixed issue where Investigation Event and Message indices could not be customized graylog-plugin-enterprise#6226 graylog-plugin-enterprise#6227
- Fail gRPC health check for Forwarders if Graylog server LB status is “throttled”. graylog-plugin-enterprise#6270
- Fixed incorrect documentation link on Anomaly Detection pages. graylog-plugin-enterprise#6198 graylog-plugin-enterprise#6295
- Fixed investigation widget to include user timezone and new details view URL graylog-plugin-enterprise#6333
- Improved CrowdStrike input error handling for server-side errors. graylog-plugin-enterprise#6539
- Fixed error when attempting to save edits for Illuminate Streams. graylog-plugin-enterprise#6554 graylog-plugin-enterprise#6566
- Enhanced Investigations permissions checks. graylog-plugin-enterprise#6590 graylog-plugin-enterprise#6593
- Fixed instant archiving ui broken because of menu component. graylog-plugin-enterprise#6665 graylog-plugin-enterprise#6669
- Fixed sorting issue with indices created by Illuminate versions before 3.0. graylog2-server#18348 graylog-plugin-enterprise#6719
GRAYLOG OPEN 6.0 BETA.2
Released: 2024-03-19
Added
- Added support for sending HTTP Notification API Key/Secret as a header graylog2-server#14691 graylog2-server#17369
- Stored message receive and processing times in ES/OS fields. graylog2-server#16284
- Added the Email Notification ID to the System Notification for Missing Email Recipients. graylog2-server#16988 graylog2-server#17061
- Added a keyboard shortcuts page graylog2-server#17082 graylog2-server#17083
- Moved existing DataNode config into separate page. graylog2-server#17085 graylog2-server#17104
- Data nodes now publish state machine state. Provides a backend for data node table including state information. graylog2-server#17247 graylog2-server#17382
- Added action for field type management page to remove custom field types. graylog2-server#17284 graylog2-server#17281
- Added filtering to index field types page graylog2-server#17285 graylog2-server#17326
- Added remove custom field type bulk action to index set field type page graylog2-server#17286 graylog2-server#17429
- Added option to add custom field type to non existing field. Add option to change field type with option to choose field from the list graylog2-server#17343 graylog2-server#17408
- Datanode preflight check for data directory compatibility graylog2-server#17424 graylog2-server#17487
- Datanode Cluster Management UI graylog2-server#17704 graylog2-server#17881
- Added index set field type profiles overview and edit page graylog2-server#17746 graylog2-server#17775
- Added action to profile creation from selected types graylog2-server#17746 graylog2-server#18027
- Added deleting index set field type profile action graylog2-server#17815 graylog2-server#18031
- Added new column ‘Origin’ to index set field type mapping page instead of is custom graylog2-server#17934 graylog2-server#17878
- Added ‘field_value_suggestion_mode’ config parameter, that allows to switch field value suggestions off, turn them on and turn them on only for textual fields. graylog2-server#18032 graylog2-server#18095
- Added 4 pipeline functions for general use that were previously only available to Illuminate. graylog-plugin-enterprise#6032 graylog2-server#6112
- Added search result statistics on the main search screen and execution info popover to each dashboard widget graylog2-server#7386 graylog2-server#16130
- Added Create new dashboard widget action graylog2-server#7629 graylog2-server#17582
- Added customizable HTTP notification that supports multiple methods and content types. graylog-plugin-enterprise#3879 graylog-plugin-enterprise#5577 graylog2-server#16758
- Implemented option for graylog.conf to define shortest possible search auto-refresh interval. graylog2-server#16972 graylog2-server#17011 graylog-plugin-enterprise#5138 graylog2-server#17029
- Included basic data node usage information in telemetry. graylog2-server#17042
- Added index set field type management page graylog2-server#17160 graylog2-server#17070
- Data node cluster name is configurable graylog2-server#17143
- Added support for POST and PUT requests for ‘JSON path value from HTTP API’ Input. graylog-plugin-enterprise#6040 graylog2-server#17235
- Data node life cycle management: removal of nodes graylog2-server#16820 graylog2-server#17248
- Added Data Tiering functionality to Graylog Open providing users with a more intuitive and flexible approach to configuring index rotation, retention, and data tiering. graylog-plugin-enterprise#6023 graylog2-server#17348 graylog-plugin-enterprise#6091
- Added start/stop lifecycle functions to data node. Add validations for triggering data node lifecycle functions. graylog2-server#17383 graylog2-server#17402
- Added support for looking up Email Notification sender, reply to, and recipient emails in lookup tables. graylog2-server#17498
- Fallback guide on how to do manual migration into the DataNode graylog2-server#17707
- Added a resource to manage the CA to regular Graylog (not only during preflight) graylog2-server#17775
- Added a job_scheduler_concurrency_limits configuration option to limit the parallel execution of job types. graylog-plugin-enterprise#6313 graylog-plugin-enterprise#6399 graylog2-server#17880
- Added profile selection to index set edit/add form and index set field types page graylog2-server#17751 graylog2-server#17750 graylog2-server#17956
- Added hooks.logout hook which is called when the user logs out graylog2-server#17965
- Added state map and corresponding rest resources for datanode migration wizard graylog2-server#18001
- Extended search query input with option to view search query history. graylog-plugin-enterprise#4012 graylog2-server#18067
- Added datanode migration ui graylog2-server#18079
- Added link to first start logs to log into preflight UI graylog2-server#18113
- Added bulk management capabilities for data nodes graylog2-server#17732 graylog2-server#18121
- Added support for searchable snapshots in data node graylog2-server#18357
- Propagated path.repo configuration in datanode. Needed to support fs snapshot repositories graylog2-server#18369
- Allowed adding aggregations to event processor for use with EventModifiers graylog2-server#18372
- Bumping OpenSearch inside the DataNode to 2.12.0 graylog2-server#18386
- Showed Journal Size in In-Place Migration steps graylog2-server#18492
- Created client certificates for the DataNode for 3rd party apps graylog2-server#18522
- Added UI for Data Node client certificate creation graylog2-server#16466 graylog2-server#18566
- Added Remote reindex connection check, and display indices with errors. graylog2-server#18621
Changed
- The default value for the data_dir configuration option has been removed. It needs to be configured explicitly now. graylog2-server#13673 graylog2-server#15902
- Set SameSite attribute in cookies. graylog2-server#16428 graylog2-server#18329
- Changed Content Packs handling to allow import/export of entites that reference Streams by title. graylog2-server#16743
- Enabled sidecar default configurations to be updated on existing installs. graylog2-server#17040 graylog2-server#17246
- Added Data Node pre-flight check to validate the vm.max_map_count sysctl value. graylog2-server#17430 graylog2-server#17436
- Automatically choose default number of process-buffer and output-buffer processors based on available CPU cores. graylog2-server#17450 graylog2-server#17737
- Ensured password secret meets the minimum length requirement if using/for the DataNode. graylog2-server#17523 graylog2-server#17719
- Updated the select_jsonpath pipeline function to accept JSON strings as the json parameter in addition to parsed JsonNode objects. graylog2-server#17647 graylog2-server#17683
- Provided more verbose error messages for HTTPJSONPath data adapter. graylog2-server#17649 graylog2-server#17801
- Added ability to specify a TTL for null values in lookup table caches. graylog2-server#16466 graylog2-server#17994
- Suppressed index_not_found_exception when there is a race between querying and deleting an index. graylog2-server#18127 graylog2-server#18146
- Shortened time range of show received messages buttons on inputs, forwarder profiles and sidecars. graylog2-server#5620 graylog2-server#5621
- Flagged an error in rule source editor when variable name is a reserved word. graylog2-server#7006 graylog2-server#17736
- Updated io.prometheous:simpleclient to version 0.16.0. graylog2-server#16743
- Updated com.floreysoft:jmte from 5.0.0 to 7.0.2 graylog2-server#16747
- Datanode directries don’t use nodeid subdirs anymore graylog2-server#17255
- Changed logging in Message class. When invalid message key is found and ignored, that fact is logged with INFO level. Rate limited log is used in order to not overwhelm logs with this kind of log messages. graylog2-server#17601
- Unified the way numeric fields are displayed in the message table widget, compared with the data table widget. graylog2-server#17693
- Waited for Datanode to become available during graylog server startup graylog2-server#17758
- Transitioned from javax to jakarta namespace. graylog2-server#17765 graylog-plugin-enterprise#6347
- Removed dependency to Mongojack 2 graylog2-server#18016
- Triggered system notification for IO exceptions during HTTP data adapater lookup. graylog-plugin-enterprise#6292 graylog2-server#18022
- Required authentication for visiting API browser to limit information exposure. graylog2-server#18328
- Improved keyword validation in time range picker. graylog2-server#18219
- Updated Apache Shiro to 2.0.0 graylog2-server#18430
- Considered http_external_uriwhen setting the cookie path. graylog2-server#18472
- Changed default second sort order to gl2_second_sort_field. graylog2-server#18348 graylog2-server#18527
- Introduced MessageFactory and ResultMessageFactory Java interfaces and change Message constructors to be package-private. (See upgrading notes for details!) graylog2-server#18535 graylog-plugin-enterprise#6723
- Datanode opensearch proxy endpoints support targetting specific nodes graylog2-server#18536
- Modified default values for min and max shard size for Time-Size-Optimizing rotation strategy to better match typical node resourcing. graylog-plugin-enterprise#6611 graylog2-server#18609
Removed
- The close index button has been removed from the index set overview page for a specific index. graylog2-server#17570 graylog2-server#18037
- Removed web interface plugin systemnavigation. graylog2-server#17309
- Removed deprecated methods in org.graylog2.plugin.Message class : addStringFields, addLongFields, addDoubleFields, getValidationErrors graylog2-server#17585
- Removed unused classes: org.graylog2.plugin.SingletonMessages and org.graylog.plugins.views.search.engine.LuceneQueryParsingException graylog2-server#17618
Fixed
- Provided more diagnostic information when stream rule fails. graylog2-server#13499 graylog2-server#18539
- Fixed problems with unknown-field validation warnings on fields like gl2_source_input. From now on, Query Validation never treats special GL fields as unknown. graylog2-server#13856 graylog2-server#17515
- Fixed timezone issue with date picker, which resulted in highlighting the wrong selected day. graylog2-server#16096 graylog2-server#16973
- Debounced Query Change in Alerts & Events graylog2-server#16388 graylog2-server#17987
- Fixed rule builder dropdown UX graylog2-server#16980 graylog2-server#17919
- Fixed tooltip colors on Rule Editor. graylog2-server#17204 graylog2-server#17220
- Fixed problem with persisting selected page size for some paginated lists. graylog2-server#17261 graylog2-server#17278
- Fixed event aggregation handling when aggregating on missing fields graylog2-server#17314 graylog2-server#17604
- Improved migration and error handling for event definitions that are missing a field value. graylog2-server#17367
- Fixed preflight basic auth prompt when password has not been entered graylog2-server#17385 graylog2-server#17405
- Pipeline rule simulator – JSON inside message graylog2-server#17464 graylog2-server#17817
- Fixed filebeat path for sidecar default templates and default configurations. graylog2-server#17526 graylog2-server#17624
- Fixed ineffective search query after exporting search to dashboard graylog2-server#17619 graylog2-server#17621
- Added actions on datanode datails page graylog2-server#17705 graylog2-server#17840
- Fields gl2_message_id and streams are now reserved and cannot be changed by custom mappings. No reserved field can be changed when you manually change custom mappings in MongoDB – it will be ignored. graylog2-server#17728 graylog2-server#17766
- Allowed the index range clean up periodcal to delete index ranges that are no longer managed by an index set graylog2-server#17815 graylog2-server#17841
- Fixed error when attempting to share entities with stream dependencies. graylog2-server#17882 graylog2-server#17891
- Corrected parameter description for handle_dup_keys in the pipline rule key_value function.
- If not specified, the function defaults to using the first encountered value for duplicate keys.
- Fixed default values when using the rule builder. graylog2-server#17892 graylog2-server#17969
- Fixed issue where enabled event definitions would be incorrectly set to disabled through the REST API. graylog2-server#17958 graylog2-server#17959
- Fixed UI runtime error when request for alerts overview returns an error. graylog2-server#17995 graylog2-server#18000
- Fixed MoreSearch, so that it does not throw errors when affected indices are null or empty. Because of that, MoreSearch is safer to use on fresh installation, with no events and therefore no index ranges for events indices. graylog2-server#18002 graylog2-server#18023
- Reverted fix for #16029 due to regression in GeoIP lookup table access. graylog2-server#18017 graylog2-server#18322
- Fixed index set defaults not being reflected in the form without reload. graylog2-server#18049 graylog2-server#18098
- Fixed problem with query input which can make the search bar disappear. graylog2-server#18053 graylog2-server#18470
- Fixed CertificatesProvisioning no support for remote reindex migration graylog2-server#18411 graylog2-server#18410
- Fixed automatic pop-up triggering for clearing notifications on the events definition overview page. graylog2-server#18633 graylog2-server#18646
- Error page was shown when navigating to search page with permissions to some streams (usually non-mesage streams, like events), but no permission for default stream. It has been fixed. graylog-plugin-enterprise#4333 graylog2-server#17548 graylog-plugin-enterprise#6245
- DataNode: if no node name was specified, use the hostname as node name default. graylog2-server#17025
- Fixed opensearch configuration sync permissions graylog2-server#17059
- Fixed Content pack install modal having two superposed modal element graylog2-server#16834 graylog2-server#15752 graylog2-server#17073
- Excluded non-message streams from aggregation event searches. graylog-plugin-enterprise#6042 graylog2-server#17087
- Showed ignore_null configuration on lookup cache form. graylog2-server#15200 graylog2-server#17218
- Fixed redirect after creating contentpack revision. graylog2-server#17071 graylog2-server#17233
- Fixed Sidecar collector configuration form submit button not being clickable. graylog2-server#17185 graylog2-server#17280
- Fixed inputs extractors list not updating after deletion graylog2-server#16858 graylog2-server#17289
- Prevented adding same entity data table filter multiple times graylog2-server#17362
- Fixed allow displayName in systemConfiguration plugin export. graylog2-server#15939 graylog2-server#17407
- Fixed editing of system notification event defitinions. graylog2-server#17435
- Fixed archiving when batch size exceeds ES/OS http.max_content_length. graylog-plugin-enterprise#3318 graylog2-server#17449
- Showed correct throughput metric when messages are routed via pipeline rules. graylog-plugin-enterprise#6138 graylog2-server#17456
- Fixed excessive logging of warnings for metrics requests after session expiration. graylog2-server#17477
- By default, none and close index retention strategies are disabled for new installations. graylog-plugin-enterprise#5888 graylog2-server#17552
- Fixed issue preventing the array_contains pipeline function from working with json arrays graylog2-server#17611
- Fixed distribution of table column width for print version of data table and message list widget graylog-plugin-enterprise#6158 graylog2-server#17642
- Removed entity from bulk select state, when removing single entity in tables with bulk actions. graylog2-server#17656
- Fixed text alignment of highlighted numbers in data tables. graylog2-server#17678
- Fixed issue preventing the lookup_all pipeline function from working with json arrays graylog-plugin-enterprise#6363 graylog2-server#17820
- Fixed bug causing null response from array_contains pipeline function when passed null array. graylog2-server#17909
- Fixed LDAP / AD authentication with legacy TLS. graylog2-server#18028
- Fixed Session not timing out on index set details page graylog2-server#18063 graylog2-server#18091
- Fixed support for changed IPinfo ASN mmdb files. graylog-plugin-enterprise#6436 graylog2-server#18124
- Fixed unintended HTML-escaping in system notification messages. graylog-plugin-enterprise#6525 graylog2-server#18171
- More restrictive file permissions for support bundle files. graylog2-server#18174
- Added permission check for displaying content pack uninstall details. graylog2-server#18177
- Avoided logging Graylog node ID multiple times during server startup. graylog2-server#18219
- Do not display info for dashboard query filter in aggregation builder, when dashboard query is empty graylog2-server#18241
- OpenSearch renamed cluster.initial_master_nodes to initial_cluster_manager_nodes, which was not reflected yet and is a possible cause of startup bugs. graylog2-server#18342
- Added a sensible default value for OpenSearch inside the DataNode for indices.query.bool.max_clause_count graylog2-server#18354
- Bumping the OpenSearch client to 2.12.0 graylog2-server#18386
- Fixed RemoteReindexRunning step showing wrong actions graylog2-server#18542
- Fixed duplicate license warning in DataNodesClusterManagementPage graylog2-server#18559
Security
- Always create new sessions for authentication attempts to fix a potential session fixation vulnerability. GHSA-3xf8-g8gr-g7rh
- Restricted classes allowed for cluster config and event types. GHSA-p6gg-5hf4-4rgj graylog2-server#18165
Let us know what you’d like to have included in our GitHub issue tracker.