Hey everybody, a new bug fix release, Graylog2 v0.20.4, has been released.
This release includes a fix for an XSS vulnerability when using message highlighting, thus we recommend upgrading to 0.20.4 as soon as possible. Message highlighting is disabled by default in the server, so if you have not enabled it, you are not affected by this vulnerability. Many thanks to GitHub user r-a-c for reporting this problem! Another change concerns stability when using the Kafka radio input. By limiting the concurrently used Kafka streams this change should positively influence the stability of the input. Finally, a runtime limiting mechanism has been introduced that limits the amount of time a stream rule can take to avoid stalling message processing. Slow, backtracking, regular expressions could lead to consuming all CPU in certain cases, this change limits their impact by disabling stream rules should they be too slow. A system notification will be shown if this is the case. For a complete list of changes in both the server and web interface please refer to: * https://github.com/Graylog2/graylog2-server/issues?milestone=27&state=closed * https://github.com/Graylog2/graylog2-web-interface/issues?milestone=29&page=1&state=closed The new releases are available on the GitHub release pages: * https://github.com/Graylog2/graylog2-server/releases/tag/0.20.4 * https://github.com/Graylog2/graylog2-web-interface/releases/tag/0.20.4 Version 0.20.3 should be compatible to version 0.20.4, however we recommend upgrading Graylog2 Server, Radio as well as the web interface to the same version. A big thank you to the TORCH team. Thank you, Kay -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
