Product release

Logstash 1.5.4 and 1.4.5 released

We are announcing the release of logstash 1.5.4 and 1.4.5 which fixes important security issues. Our recommendation is to upgrade immediately if you are using either of the following features:

Logstash forwarder: After the release of 1.5.3, users encountered an issue where Logstash Forwarder was unable to communicate to Logstash instance because of SSL/TLS certificate validation errors. This has been fixed.

Lumberjack output: Typically used to connect two Logstash instances. In such deployments, one Logstash instance is used to collect logs from a webserver and securely transmit them to a central Logstash instance to perform additional filtering and storing.

Security Fixes

When using SSL/TLS functionality, Lumberjack output from Logstash 1.5.3 and prior versions did not validate certificate presented by the Logstash instance acting as a server. This exposes a man in the middle vulnerability.

We have been assigned CVE-2015-5619 for this issue and have added this vulnerability to our CVE page.

Note: Users of Logstash Forwarder are not affected by this particular vulnerability

Enhancements

Elasticsearch Output: Added the ability to update existing ES documents and support of upsert  -- if document doesn't exist, create it (#116). Thanks to David Chauviere for contributing this enhancement! 

Example configuration: 

output {
  if [use_case] == "doc_upsert" {
    elasticsearch {
      host => "elasticsearch"
      protocol => "http"
      action => "update"
      document_id => "%{[uid]}"
      doc_as_upsert => true
    }    
  } else if [use_case] == "doc_static_upsert" {
    elasticsearch {
      host => "elasticsearch"
      protocol => "http"
      action => "update"
      document_id => "%{[uid]}"
      upsert => '{"static_field": "demo"}'
    }        
  } else if [use_case] == "doc_dynamic_upsert" {
    elasticsearch {
      host => "elasticsearch"
      protocol => "http"
      action => "update"
      document_id => "%{[uid]}"
      upsert => '{"use_case": "%{[use_case]}", "dynamic": { "fieldC": "%{[dynamic_field][fieldC]}"}}'
    }
  }
}

Bug fixes

Below is a list of bug fixes in core and plugins. For a full list, please check the changelog.

  • Reverted a change in our harden SSL fix, that prevented Logstash Forwarder and Lumberjack output clients to connect to 1.5.3 instances (#3657)
  • Updated Concurrent-ruby library usage to suppress deprecation warnings (#3662)
  • Lumberjack input: Fixed a scenario where Logstash Forwarder could lose events when dealing with congestion from downstream plugins. We were incorrectly calculating the window size of payload in the acknowledgement stage. (#3691)
  • File input: Fix double ingestion issue when using glob path (#3674)
  • AWS mixin: Correctly configure the proxy when using V2 version of the mixin. (#15)
  • Lumberjack ouput:  Added better handling of congestion scenario by using a buffered payloads (#7)

Feedback

Please download Logstash 1.5.4 and let us know what you think on Twitter (@elastic) or on our forum. You can report any problems on the GitHub issues page.