mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
RHDEVDOCS-4027 -Z stream release notes 4.8+ with peer review feedback + aconway feedback - attribute fix
This commit is contained in:
libander
committed by
openshift-cherrypick-robot
openshift-cherrypick-robot
parent
00fea56d21
commit
4e3c42cf7d
@@ -1,19 +1,312 @@
|
||||
:_content-type: ASSEMBLY
|
||||
[id="cluster-logging-release-notes"]
|
||||
[id="cluster-logging-release-notes_{context}"]
|
||||
include::_attributes/common-attributes.adoc[]
|
||||
= Release notes for version 5.4 of the {logging}
|
||||
= Release notes for Logging
|
||||
|
||||
:context: cluster-logging-release-notes-v5x
|
||||
|
||||
toc::[]
|
||||
|
||||
include::modules/making-open-source-more-inclusive.adoc[leveloffset=+1]
|
||||
[id="cluster-logging-ocp-compatibility"]
|
||||
.Logging Compatibility
|
||||
The {logging-title} is provided as an installable component, with a distinct release cycle from the core {product-title}. The link:https://access.redhat.com/support/policy/updates/openshift#logging[Red Hat OpenShift Container Platform Life Cycle Policy] outlines release compatibility.
|
||||
|
||||
include::modules/cluster-logging-release-notes-5.4.0.adoc[leveloffset=+1]
|
||||
include::modules/cluster-logging-release-notes-5.4.z.adoc[leveloffset=+0]
|
||||
|
||||
include::modules/cluster-logging-release-notes-5.4.0.adoc[leveloffset=+0]
|
||||
|
||||
[id="cluster-logging-technology-previews-5.4"]
|
||||
== Technology Previews
|
||||
== Logging 5.4 Technology Previews
|
||||
|
||||
include::modules/cluster-logging-vector-tech-preview.adoc[leveloffset=+1]
|
||||
include::modules/cluster-logging-vector-tech-preview.adoc[leveloffset=+3]
|
||||
|
||||
include::modules/cluster-logging-loki-tech-preview.adoc[leveloffset=+1]
|
||||
include::modules/cluster-logging-loki-tech-preview.adoc[leveloffset=+3]
|
||||
|
||||
include::modules/cluster-logging-release-notes-5.3.z.adoc[leveloffset=-1]
|
||||
|
||||
[id="cluster-logging-release-notes-5-3-0"]
|
||||
== OpenShift Logging 5.3.0
|
||||
This release includes link:https://access.redhat.com/errata/RHSA-2021:4627[RHSA-2021:4627 OpenShift Logging Bug Fix Release 5.3.0]
|
||||
|
||||
[id="openshift-logging-5-3-0-new-features-and-enhancements"]
|
||||
==== New features and enhancements
|
||||
* With this update, authorization options for Log Forwarding have been expanded. Outputs may now be configured with SASL, username/password, or TLS.
|
||||
|
||||
[id="openshift-logging-5-3-0-bug-fixes"]
|
||||
==== Bug fixes
|
||||
* Before this update, if you forwarded logs using the syslog protocol, serializing a ruby hash encoded key/value pairs to contain a '=>' character and replaced tabs with "#11". This update fixes the issue so that log messages are correctly serialized as valid JSON. (link:https://issues.redhat.com/browse/LOG-1494[LOG-1494])
|
||||
|
||||
* Before this update, application logs were not correctly configured to forward to the proper Cloudwatch stream with multi-line error detection enabled. (link:https://issues.redhat.com/browse/LOG-1939[LOG-1939])
|
||||
|
||||
* Before this update, a name change of the deployed collector in the 5.3 release caused the alert 'fluentnodedown' to generate. (link:https://issues.redhat.com/browse/LOG-1918[LOG-1918])
|
||||
|
||||
* Before this update, a regression introduced in a prior release configuration caused the collector to flush its buffered messages before shutdown, creating a delay the termination and restart of collector Pods. With this update, fluentd no longer flushes buffers at shutdown, resolving the issue. (link:https://issues.redhat.com/browse/LOG-1735[LOG-1735])
|
||||
|
||||
* Before this update, a regression introduced in a prior release intentionally disabled JSON message parsing. This update re-enables JSON parsing. It also sets the log entry "level" based on the "level" field in parsed JSON message or by using regex to extract a match from a message field. (link:https://issues.redhat.com/browse/LOG-1199[LOG-1199])
|
||||
|
||||
* Before this update, the `ClusterLogging` custom resource (CR) applied the value of the `totalLimitSize` field to the Fluentd `total_limit_size` field, even if the required buffer space was not available. With this update, the CR applies the lesser of the two `totalLimitSize` or 'default' values to the Fluentd `total_limit_size` field, resolving the issue. (link:https://issues.redhat.com/browse/LOG-1776[LOG-1776])
|
||||
|
||||
[id="openshift-logging-5-3-0-known-issues"]
|
||||
==== Known issues
|
||||
* If you forward logs to an external Elasticsearch server and then change a configured value in the pipeline secret, such as the username and password, the Fluentd forwarder loads the new secret but uses the old value to connect to an external Elasticsearch server. This issue happens because the Red Hat OpenShift Logging Operator does not currently monitor secrets for content changes. (link:https://issues.redhat.com/browse/LOG-1652[LOG-1652])
|
||||
+
|
||||
As a workaround, if you change the secret, you can force the Fluentd pods to redeploy by entering:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc delete pod -l component=collector
|
||||
----
|
||||
|
||||
[id="openshift-logging-5-3-0-deprecated-removed-features"]
|
||||
==== Deprecated and removed features
|
||||
Some features available in previous releases have been deprecated or removed.
|
||||
|
||||
Deprecated functionality is still included in OpenShift Logging and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments.
|
||||
|
||||
[id="openshift-logging-5-3-0-legacy-forwarding"]
|
||||
==== Forwarding logs using the legacy Fluentd and legacy syslog methods have been removed
|
||||
|
||||
In OpenShift Logging 5.3, the legacy methods of forwarding logs to Syslog and Fluentd are removed. Bug fixes and support are provided through the end of the OpenShift Logging 5.2 life cycle. After which, no new feature enhancements are made.
|
||||
|
||||
Instead, use the following non-legacy methods:
|
||||
|
||||
* xref:../logging/cluster-logging-external.adoc#cluster-logging-collector-log-forward-fluentd_cluster-logging-external[Forwarding logs using the Fluentd forward protocol]
|
||||
* xref:../logging/cluster-logging-external.adoc#cluster-logging-collector-log-forward-syslog_cluster-logging-external[Forwarding logs using the syslog protocol]
|
||||
|
||||
[id="openshift-logging-5-3-0-legacy-forwarding-config"]
|
||||
==== Configuration mechanisms for legacy forwarding methods have been removed
|
||||
|
||||
In OpenShift Logging 5.3, the legacy configuration mechanism for log forwarding is removed: You cannot forward logs using the legacy Fluentd method and legacy Syslog method. Use the standard log forwarding methods instead.
|
||||
|
||||
[id="openshift-logging-5-3-0-CVEs"]
|
||||
==== CVEs
|
||||
.Click to expand CVEs
|
||||
[%collapsible]
|
||||
====
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2018-20673.html[CVE-2018-20673]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2018-25009.html[CVE-2018-25009]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2018-25010.html[CVE-2018-25010]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2018-25012.html[CVE-2018-25012]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2018-25013.html[CVE-2018-25013]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2018-25014.html[CVE-2018-25014]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-5827.html[CVE-2019-5827]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-13750.html[CVE-2019-13750]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-13751.html[CVE-2019-13751]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-14615.html[CVE-2019-14615]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-17594.html[CVE-2019-17594]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-17595.html[CVE-2019-17595]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-18218.html[CVE-2019-18218]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-19603.html[CVE-2019-19603]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-20838.html[CVE-2019-20838]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-0427.html[CVE-2020-0427]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-10001.html[CVE-2020-10001]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-12762.html[CVE-2020-12762]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-13435.html[CVE-2020-13435]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-14145.html[CVE-2020-14145]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-14155.html[CVE-2020-14155]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-16135.html[CVE-2020-16135]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-17541.html[CVE-2020-17541]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-24370.html[CVE-2020-24370]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-24502.html[CVE-2020-24502]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-24503.html[CVE-2020-24503]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-24504.html[CVE-2020-24504]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-24586.html[CVE-2020-24586]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-24587.html[CVE-2020-24587]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-24588.html[CVE-2020-24588]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-26139.html[CVE-2020-26139]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-26140.html[CVE-2020-26140]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-26141.html[CVE-2020-26141]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-26143.html[CVE-2020-26143]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-26144.html[CVE-2020-26144]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-26145.html[CVE-2020-26145]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-26146.html[CVE-2020-26146]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-26147.html[CVE-2020-26147]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-27777.html[CVE-2020-27777]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-29368.html[CVE-2020-29368]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-29660.html[CVE-2020-29660]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-35448.html[CVE-2020-35448]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-35521.html[CVE-2020-35521]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-35522.html[CVE-2020-35522]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-35523.html[CVE-2020-35523]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-35524.html[CVE-2020-35524]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-36158.html[CVE-2020-36158]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-36312.html[CVE-2020-36312]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-36330.html[CVE-2020-36330]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-36331.html[CVE-2020-36331]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-36332.html[CVE-2020-36332]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-36386.html[CVE-2020-36386]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-0129.html[CVE-2021-0129]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3200.html[CVE-2021-3200]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3348.html[CVE-2021-3348]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3426.html[CVE-2021-3426]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3445.html[CVE-2021-3445]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3481.html[CVE-2021-3481]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3487.html[CVE-2021-3487]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3489.html[CVE-2021-3489]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3564.html[CVE-2021-3564]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3572.html[CVE-2021-3572]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3573.html[CVE-2021-3573]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3580.html[CVE-2021-3580]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3600.html[CVE-2021-3600]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3635.html[CVE-2021-3635]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3659.html[CVE-2021-3659]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3679.html[CVE-2021-3679]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3732.html[CVE-2021-3732]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3778.html[CVE-2021-3778]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3796.html[CVE-2021-3796]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3800.html[CVE-2021-3800]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-20194.html[CVE-2021-20194]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-20197.html[CVE-2021-20197]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-20231.html[CVE-2021-20231]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-20232.html[CVE-2021-20232]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-20239.html[CVE-2021-20239]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-20266.html[CVE-2021-20266]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-20284.html[CVE-2021-20284]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-22876.html[CVE-2021-22876]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-22898.html[CVE-2021-22898]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-22925.html[CVE-2021-22925]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-23133.html[CVE-2021-23133]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-23840.html[CVE-2021-23840]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-23841.html[CVE-2021-23841]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-27645.html[CVE-2021-27645]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-28153.html[CVE-2021-28153]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-28950.html[CVE-2021-28950]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-28971.html[CVE-2021-28971]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-29155.html[CVE-2021-29155]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-29646.htm[lCVE-2021-29646]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-29650.html[CVE-2021-29650]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-31440.html[CVE-2021-31440]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-31535.html[CVE-2021-31535]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-31829.html[CVE-2021-31829]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-31916.html[CVE-2021-31916]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-33033.html[CVE-2021-33033]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-33194.html[CVE-2021-33194]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-33200.html[CVE-2021-33200]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-33560.html[CVE-2021-33560]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-33574.html[CVE-2021-33574]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-35942.html[CVE-2021-35942]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-36084.html[CVE-2021-36084]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-36085.html[CVE-2021-36085]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-36086.html[CVE-2021-36086]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-36087.html[CVE-2021-36087]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-42574.html[CVE-2021-42574]
|
||||
====
|
||||
|
||||
include::modules/cluster-logging-release-notes-5.2.z.adoc[leveloffset=0]
|
||||
|
||||
[id="cluster-logging-release-notes-5-2-0"]
|
||||
== OpenShift Logging 5.2.0
|
||||
|
||||
This release includes link:https://access.redhat.com/errata/RHBA-2021:3393[RHBA-2021:3393 OpenShift Logging Bug Fix Release 5.2.0]
|
||||
|
||||
[id="openshift-logging-5-2-0-new-features-and-enhancements"]
|
||||
=== New features and enhancements
|
||||
|
||||
* With this update, you can forward log data to Amazon CloudWatch, which provides application and infrastructure monitoring. For more information, see xref:../logging/cluster-logging-external.html#cluster-logging-collector-log-forward-cloudwatch_cluster-logging-external[Forwarding logs to Amazon CloudWatch]. (link:https://issues.redhat.com/browse/LOG-1173[LOG-1173])
|
||||
|
||||
* With this update, you can forward log data to Loki, a horizontally scalable, highly available, multi-tenant log aggregation system. For more information, see xref:../logging/cluster-logging-external.html#cluster-logging-collector-log-forward-loki_cluster-logging-external[Forwarding logs to Loki]. (link:https://issues.redhat.com/browse/LOG-684[LOG-684])
|
||||
|
||||
* With this update, if you use the Fluentd forward protocol to forward log data over a TLS-encrypted connection, now you can use a password-encrypted private key file and specify the passphrase in the Cluster Log Forwarder configuration. For more information, see xref:../logging/cluster-logging-external.html#cluster-logging-collector-log-forward-fluentd_cluster-logging-external[Forwarding logs using the Fluentd forward protocol]. (link:https://issues.redhat.com/browse/LOG-1525[LOG-1525])
|
||||
|
||||
* This enhancement enables you to use a username and password to authenticate a log forwarding connection to an external Elasticsearch instance. For example, if you cannot use mutual TLS (mTLS) because a third-party operates the Elasticsearch instance, you can use HTTP or HTTPS and set a secret that contains the username and password. For more information, see xref:../logging/cluster-logging-external.adoc#cluster-logging-collector-log-forward-es_cluster-logging-external[Forwarding logs to an external Elasticsearch instance]. (link:https://issues.redhat.com/browse/LOG-1022[LOG-1022])
|
||||
|
||||
* With this update, you can collect OVN network policy audit logs for forwarding to a logging server. For more information, see xref:../logging/cluster-logging-external.html#cluster-logging-collecting-ovn-audit-logs_cluster-logging-external[Collecting OVN network policy audit logs]. (link:https://issues.redhat.com/browse/LOG-1526[LOG-1526])
|
||||
|
||||
* By default, the data model introduced in {product-title} 4.5 gave logs from different namespaces a single index in common. This change made it harder to see which namespaces produced the most logs.
|
||||
+
|
||||
The current release adds namespace metrics to the *Logging* dashboard in the {product-title} console. With these metrics, you can see which namespaces produce logs and how many logs each namespace produces for a given timestamp.
|
||||
+
|
||||
To see these metrics, open the *Administrator* perspective in the {product-title} web console, and navigate to *Observe* -> *Dashboards* -> *Logging/Elasticsearch*. (link:https://issues.redhat.com/browse/LOG-1680[LOG-1680])
|
||||
|
||||
* The current release, OpenShift Logging 5.2, enables two new metrics: For a given timestamp or duration, you can see the total logs produced or logged by individual containers, and the total logs collected by the collector. These metrics are labeled by namespace, pod, and container name so that you can see how many logs each namespace and pod collects and produces. (link:https://issues.redhat.com/browse/LOG-1213[LOG-1213])
|
||||
|
||||
[id="openshift-logging-5-2-0-bug-fixes"]
|
||||
=== Bug fixes
|
||||
|
||||
* Before this update, when the OpenShift Elasticsearch Operator created index management cronjobs, it added the `POLICY_MAPPING` environment variable twice, which caused the apiserver to report the duplication. This update fixes the issue so that the `POLICY_MAPPING` environment variable is set only once per cronjob, and there is no duplication for the apiserver to report. (link:https://issues.redhat.com/browse/LOG-1130[LOG-1130])
|
||||
|
||||
* Before this update, suspending an Elasticsearch cluster to zero nodes did not suspend the index-management cronjobs, which put these cronjobs into maximum backoff. Then, after unsuspending the Elasticsearch cluster, these cronjobs stayed halted due to maximum backoff reached. This update resolves the issue by suspending the cronjobs and the cluster. (link:https://issues.redhat.com/browse/LOG-1268[LOG-1268])
|
||||
|
||||
* Before this update, in the *Logging* dashboard in the {product-title} console, the list of top 10 log-producing containers was missing the "chart namespace" label and provided the incorrect metric name, `fluentd_input_status_total_bytes_logged`. With this update, the chart shows the namespace label and the correct metric name, `log_logged_bytes_total`. (link:https://issues.redhat.com/browse/LOG-1271[LOG-1271])
|
||||
|
||||
* Before this update, if an index management cronjob terminated with an error, it did not report the error exit code: instead, its job status was "complete." This update resolves the issue by reporting the error exit codes of index management cronjobs that terminate with errors. (link:https://issues.redhat.com/browse/LOG-1273[LOG-1273])
|
||||
|
||||
* The `priorityclasses.v1beta1.scheduling.k8s.io` was removed in 1.22 and replaced by `priorityclasses.v1.scheduling.k8s.io` (`v1beta1` was replaced by `v1`). Before this update, `APIRemovedInNextReleaseInUse` alerts were generated for `priorityclasses` because `v1beta1` was still present . This update resolves the issue by replacing `v1beta1` with `v1`. The alert is no longer generated. (link:https://issues.redhat.com/browse/LOG-1385[LOG-1385])
|
||||
|
||||
* Previously, the OpenShift Elasticsearch Operator and Red Hat OpenShift Logging Operator did not have the annotation that was required for them to appear in the {product-title} web console list of operators that can run in a disconnected environment. This update adds the `operators.openshift.io/infrastructure-features: '["Disconnected"]'` annotation to these two operators so that they appear in the list of operators that run in disconnected environments. (link:https://issues.redhat.com/browse/LOG-1420[LOG-1420])
|
||||
|
||||
* Before this update, Red Hat OpenShift Logging Operator pods were scheduled on CPU cores that were reserved for customer workloads on performance-optimized single-node clusters. With this update, cluster logging operator pods are scheduled on the correct CPU cores. (link:https://issues.redhat.com/browse/LOG-1440[LOG-1440])
|
||||
|
||||
* Before this update, some log entries had unrecognized UTF-8 bytes, which caused Elasticsearch to reject the messages and block the entire buffered payload. With this update, rejected payloads drop the invalid log entries and resubmit the remaining entries to resolve the issue. (link:https://issues.redhat.com/browse/LOG-1499[LOG-1499])
|
||||
|
||||
* Before this update, the `kibana-proxy` pod sometimes entered the `CrashLoopBackoff` state and logged the following message `Invalid configuration: cookie_secret must be 16, 24, or 32 bytes to create an AES cipher when pass_access_token == true or cookie_refresh != 0, but is 29 bytes.` The exact actual number of bytes could vary. With this update, the generation of the Kibana session secret has been corrected, and the kibana-proxy pod no longer enters a `CrashLoopBackoff` state due to this error. (link:https://issues.redhat.com/browse/LOG-1446[LOG-1446])
|
||||
|
||||
* Before this update, the AWS CloudWatch Fluentd plugin logged its AWS API calls to the Fluentd log at all log levels, consuming additional {product-title} node resources. With this update, the AWS CloudWatch Fluentd plugin logs AWS API calls only at the "debug" and "trace" log levels. This way, at the default "warn" log level, Fluentd does not consume extra node resources. (link:https://issues.redhat.com/browse/LOG-1071[LOG-1071])
|
||||
|
||||
* Before this update, the Elasticsearch OpenDistro security plugin caused user index migrations to fail. This update resolves the issue by providing a newer version of the plugin. Now, index migrations proceed without errors. (link:https://issues.redhat.com/browse/LOG-1276[LOG-1276])
|
||||
|
||||
* Before this update, in the *Logging* dashboard in the {product-title} console, the list of top 10 log-producing containers lacked data points. This update resolves the issue, and the dashboard displays all data points. (link:https://issues.redhat.com/browse/LOG-1353[LOG-1353])
|
||||
|
||||
* Before this update, if you were tuning the performance of the Fluentd log forwarder by adjusting the `chunkLimitSize` and `totalLimitSize` values, the `Setting queued_chunks_limit_size for each buffer to` message reported values that were too low. The current update fixes this issue so that this message reports the correct values. (link:https://issues.redhat.com/browse/LOG-1411[LOG-1411])
|
||||
|
||||
* Before this update, the Kibana OpenDistro security plugin caused user index migrations to fail. This update resolves the issue by providing a newer version of the plugin. Now, index migrations proceed without errors. (link:https://issues.redhat.com/browse/LOG-1558[LOG-1558])
|
||||
|
||||
* Before this update, using a namespace input filter prevented logs in that namespace from appearing in other inputs. With this update, logs are sent to all inputs that can accept them. (link:https://issues.redhat.com/browse/LOG-1570[LOG-1570])
|
||||
|
||||
* Before this update, a missing license file for the `viaq/logerr` dependency caused license scanners to abort without success. With this update, the `viaq/logerr` dependency is licensed under Apache 2.0 and the license scanners run successfully. (link:https://issues.redhat.com/browse/LOG-1590[LOG-1590])
|
||||
|
||||
* Before this update, an incorrect brew tag for `curator5` within the `elasticsearch-operator-bundle` build pipeline caused the pull of an image pinned to a dummy SHA1. With this update, the build pipeline uses the `logging-curator5-rhel8` reference for `curator5`, enabling index management cronjobs to pull the correct image from `registry.redhat.io`. (link:https://issues.redhat.com/browse/LOG-1624[LOG-1624])
|
||||
|
||||
* Before this update, an issue with the `ServiceAccount` permissions caused errors such as `no permissions for [indices:admin/aliases/get]`. With this update, a permission fix resolves the issue. (link:https://issues.redhat.com/browse/LOG-1657[LOG-1657])
|
||||
|
||||
* Before this update, the Custom Resource Definition (CRD) for the Red Hat OpenShift Logging Operator was missing the Loki output type, which caused the admission controller to reject the `ClusterLogForwarder` custom resource object. With this update, the CRD includes Loki as an output type so that administrators can configure `ClusterLogForwarder` to send logs to a Loki server. (link:https://issues.redhat.com/browse/LOG-1683[LOG-1683])
|
||||
|
||||
* Before this update, OpenShift Elasticsearch Operator reconciliation of the `ServiceAccounts` overwrote third-party-owned fields that contained secrets. This issue caused memory and CPU spikes due to frequent recreation of secrets. This update resolves the issue. Now, the OpenShift Elasticsearch Operator does not overwrite third-party-owned fields. (link:https://issues.redhat.com/browse/LOG-1714[LOG-1714])
|
||||
|
||||
* Before this update, in the `ClusterLogging` custom resource (CR) definition, if you specified a `flush_interval` value but did not set `flush_mode` to `interval`, the Red Hat OpenShift Logging Operator generated a Fluentd configuration. However, the Fluentd collector generated an error at runtime. With this update, the Red Hat OpenShift Logging Operator validates the `ClusterLogging` CR definition and only generates the Fluentd configuration if both fields are specified. (link:https://issues.redhat.com/browse/LOG-1723[LOG-1723])
|
||||
|
||||
[id="openshift-logging-5-2-0-known-issues"]
|
||||
=== Known issues
|
||||
|
||||
* If you forward logs to an external Elasticsearch server and then change a configured value in the pipeline secret, such as the username and password, the Fluentd forwarder loads the new secret but uses the old value to connect to an external Elasticsearch server. This issue happens because the Red Hat OpenShift Logging Operator does not currently monitor secrets for content changes. (link:https://issues.redhat.com/browse/LOG-1652[LOG-1652])
|
||||
+
|
||||
As a workaround, if you change the secret, you can force the Fluentd pods to redeploy by entering:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc delete pod -l component=collector
|
||||
----
|
||||
|
||||
[id="openshift-logging-5-2-0-deprecated-removed-features"]
|
||||
=== Deprecated and removed features
|
||||
|
||||
Some features available in previous releases have been deprecated or removed.
|
||||
|
||||
Deprecated functionality is still included in OpenShift Logging and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments.
|
||||
|
||||
[id="openshift-logging-5-2-0-legacy-forwarding"]
|
||||
=== Forwarding logs using the legacy Fluentd and legacy syslog methods have been deprecated
|
||||
|
||||
From {product-title} 4.6 to the present, forwarding logs by using the following legacy methods have been deprecated and will be removed in a future release:
|
||||
|
||||
* Forwarding logs using the legacy Fluentd method
|
||||
* Forwarding logs using the legacy syslog method
|
||||
|
||||
Instead, use the following non-legacy methods:
|
||||
|
||||
* xref:../logging/cluster-logging-external.adoc#cluster-logging-collector-log-forward-fluentd_cluster-logging-external[Forwarding logs using the Fluentd fohttps://www.redhat.com/security/data/cve/CVE-2021-22922.htmlrward protocol]
|
||||
|
||||
* xref:../logging/cluster-logging-external.adoc#cluster-logging-collector-log-forward-syslog_cluster-logging-external[Forwarding logs using the syslog protocol]
|
||||
|
||||
[id="openshift-logging-5-2-0-CVEs"]
|
||||
=== CVEs
|
||||
.Click to expand CVEs
|
||||
[%collapsible]
|
||||
====
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-22922.html[CVE-2021-22922]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-22923.html[CVE-2021-22923]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-22924.html[CVE-2021-22924]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-32740.html[CVE-2021-32740]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-36222.html[CVE-2021-36222]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-37750.html[CVE-2021-37750]
|
||||
====
|
||||
|
||||
324
modules/cluster-logging-release-notes-5.2.z.adoc
Normal file
324
modules/cluster-logging-release-notes-5.2.z.adoc
Normal file
@@ -0,0 +1,324 @@
|
||||
[id="cluster-logging-release-notes-5-2-10"]
|
||||
== OpenShift Logging 5.2.10
|
||||
[role="_abstract"]
|
||||
This release includes link:https://access.redhat.com/errata/[ OpenShift Logging Bug Fix Release 5.2.10]]
|
||||
|
||||
[id="openshift-logging-5-2-10-bug-fixes"]
|
||||
=== Bug fixes
|
||||
* Before this update some log forwarder outputs could re-order logs with the same time-stamp. With this update, a sequence number has been added to the log record to order entries that have matching timestamps.(https://issues.redhat.com/browse/LOG-2335[LOG-2335])
|
||||
|
||||
* Before this update, clusters with a large number of namespaces caused Elasticsearch to stop serving requests because the list of namespaces reached the maximum header size limit. With this update, headers only include a list of namespace names, resolving the issue. (https://issues.redhat.com/browse/LOG-2475[LOG-2475])
|
||||
|
||||
* Before this update, `system:serviceaccount:openshift-monitoring:prometheus-k8s` had cluster level privileges as a `clusterrole` and `clusterrolebinding`. This update restricts the `serviceaccount` to the `openshift-logging` namespace with a role and rolebinding. (https://issues.redhat.com/browse/LOG-2480[LOG-2480])
|
||||
|
||||
* Before this update, the `cluster-logging-operator` utilized cluster scoped roles and bindings to establish permissions for the Prometheus service account to scrape metrics. These permissions were only created when deploying the Operator using the console interface, and were missing when the Operator was deployed from the command line. This fixes the issue by making this role and binding namespace scoped. (https://issues.redhat.com/browse/LOG-1972[LOG-1972])
|
||||
|
||||
|
||||
[id="openshift-logging-5-2-10-CVEs"]
|
||||
=== CVEs
|
||||
.Click to expand CVEs
|
||||
[%collapsible]
|
||||
====
|
||||
* link:https://access.redhat.com/security/cve/CVE-2018-25032[CVE-2018-25032]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-4028[CVE-2021-4028]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-37136[CVE-2021-37136]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-37137[CVE-2021-37137]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-43797[CVE-2021-43797]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-0778[CVE-2022-0778]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-1154[CVE-2022-1154]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-1271[CVE-2022-1271]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-21426[CVE-2022-21426]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-21434[CVE-2022-21434]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-21443[CVE-2022-21443]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-21476[CVE-2022-21476]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-21496[CVE-2022-21496]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-21698[CVE-2022-21698]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-25636[CVE-2022-25636]
|
||||
====
|
||||
|
||||
[id="cluster-logging-release-notes-5-2-9"]
|
||||
== OpenShift Logging 5.2.9
|
||||
[role="_abstract"]
|
||||
This release includes link:https://access.redhat.com/errata/RHBA-2022:1375[RHBA-2022:1375 OpenShift Logging Bug Fix Release 5.2.9]]
|
||||
|
||||
[id="openshift-logging-5-2-9-bug-fixes"]
|
||||
=== Bug fixes
|
||||
* Before this update, defining a toleration with no key and the existing Operator caused the Operator to be unable to complete an upgrade. With this update, this toleration no longer blocks the upgrade from completing. (link:https://issues.redhat.com/browse/LOG-2304[LOG-2304])
|
||||
|
||||
[id="cluster-logging-release-notes-5-2-8"]
|
||||
== OpenShift Logging 5.2.8
|
||||
|
||||
This release includes link:https://access.redhat.com/errata/RHSA-2022:0728[RHSA-2022:0728 OpenShift Logging Bug Fix Release 5.2.8]
|
||||
|
||||
[id="openshift-logging-5-2-8-bug-fixes"]
|
||||
=== Bug fixes
|
||||
* Before this update, if you removed OpenShift Logging from {product-title}, the web console continued displaying a link to the *Logging* page. With this update, removing or uninstalling OpenShift Logging also removes that link.(link:https://issues.redhat.com/browse/LOG-2180[LOG-2180])
|
||||
|
||||
[id="openshift-logging-5-2-8-CVEs"]
|
||||
=== CVEs
|
||||
.Click to expand CVEs
|
||||
[%collapsible]
|
||||
====
|
||||
* link:https://access.redhat.com/security/cve/CVE-2020-28491[CVE-2020-28491]
|
||||
** link:https://bugzilla.redhat.com/show_bug.cgi?id=1930423[BZ-1930423]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-0552[CVE-2022-0552]
|
||||
** link:https://bugzilla.redhat.com/show_bug.cgi?id=2052539[BG-2052539]
|
||||
====
|
||||
|
||||
[id="cluster-logging-release-notes-5-2-7"]
|
||||
== OpenShift Logging 5.2.7
|
||||
|
||||
This release includes link:https://access.redhat.com/errata/RHBA-2022:0478[RHBA-2022:0478 OpenShift Logging Bug Fix Release 5.2.7]
|
||||
|
||||
[id="openshift-logging-5-2-7-bug-fixes"]
|
||||
=== Bug fixes
|
||||
* Before this update, Elasticsearch pods failed to start after updating with FIPS enabled. With this update, Elasticsearch pods start successfully. (link:https://issues.redhat.com/browse/LOG-2000[LOG-2000])
|
||||
|
||||
* Before this update, if a persistent volume claim (PVC) already existed, Elasticsearch generated an error, "Unable to create PersistentVolumeClaim due to forbidden: exceeded quota: infra-storage-quota." With this update, Elasticsearch checks for existing PVCs, resolving the issue. (link:https://issues.redhat.com/browse/LOG-2118[LOG-2118])
|
||||
|
||||
[id="openshift-logging-5-2-7-CVEs"]
|
||||
=== CVEs
|
||||
.Click to expand CVEs
|
||||
[%collapsible]
|
||||
====
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-3521[CVE-2021-3521]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-3872[CVE-2021-3872]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-3984[CVE-2021-3984]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-4019[CVE-2021-4019]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-4122[CVE-2021-4122]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-4155[CVE-2021-4155]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-4192[CVE-2021-4192]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-4193[CVE-2021-4193]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-0185[CVE-2022-0185]
|
||||
====
|
||||
|
||||
[id="cluster-logging-release-notes-5-2-6"]
|
||||
== OpenShift Logging 5.2.6
|
||||
|
||||
This release includes link:https://access.redhat.com/errata/RHSA-2022:0230[RHSA-2022:0230 OpenShift Logging Bug Fix Release 5.2.6]
|
||||
|
||||
[id="openshift-logging-5-2-6-bug-fixes"]
|
||||
=== Bug fixes
|
||||
* Before this update, the release did not include a filter change which caused fluentd to crash. With this update, the missing filter has been corrected. (link:https://issues.redhat.com/browse/LOG-2104[LOG-2104])
|
||||
|
||||
* This update changes the log4j dependency to 2.17.1 to resolve link:https://access.redhat.com/security/cve/CVE-2021-44832[CVE-2021-44832].(link:https://issues.redhat.com/browse/LOG-2101[LOG-2101])
|
||||
|
||||
[id="openshift-logging-5-2-6-CVEs"]
|
||||
=== CVEs
|
||||
.Click to expand CVEs
|
||||
[%collapsible]
|
||||
====
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-27292[CVE-2021-27292]
|
||||
** link:https://bugzilla.redhat.com/show_bug.cgi?id=1940613[BZ-1940613]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-44832[CVE-2021-44832]
|
||||
** link:https://bugzilla.redhat.com/show_bug.cgi?id=2035951[BZ-2035951]
|
||||
====
|
||||
|
||||
[id="cluster-logging-release-notes-5-2-5"]
|
||||
== OpenShift Logging 5.2.5
|
||||
|
||||
This release includes link:https://access.redhat.com/errata/RHSA-2022:0043[RHSA-2022:0043 OpenShift Logging Bug Fix Release 5.2.5]
|
||||
|
||||
[id="openshift-logging-5-2-5-bug-fixes"]
|
||||
=== Bug fixes
|
||||
* Before this update, Elasticsearch rejected logs from the Event Router due to a parsing error. This update changes the data model to resolve the parsing error. However, as a result, previous indices might cause warnings or errors within Kibana. The `kubernetes.event.metadata.resourceVersion` field causes errors until existing indices are removed or reindexed. If this field is not used in Kibana, you can ignore the error messages. If you have a retention policy that deletes old indices, the policy eventually removes the old indices and stops the error messages. Otherwise, manually reindex to stop the error messages. link:https://issues.redhat.com/browse/LOG-2087[LOG-2087])
|
||||
|
||||
|
||||
[id="openshift-logging-5-2-5-CVEs"]
|
||||
=== CVEs
|
||||
.Click to expand CVEs
|
||||
[%collapsible]
|
||||
====
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-3712[CVE-2021-3712]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-20321[CVE-2021-20321]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-42574[CVE-2021-42574]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-45105[CVE-2021-45105]
|
||||
====
|
||||
|
||||
[id="cluster-logging-release-notes-5-2-4"]
|
||||
== OpenShift Logging 5.2.4
|
||||
|
||||
This release includes link:https://access.redhat.com/errata/RHSA-2021:5127[RHSA-2021:5127 OpenShift Logging Bug Fix Release 5.2.4]
|
||||
|
||||
[id="openshift-logging-5-2-4-bug-fixes"]
|
||||
=== Bug fixes
|
||||
|
||||
* Before this update records shipped via syslog would serialize a ruby hash encoding key/value pairs to contain a '=>' character, as well as replace tabs with "#11". This update serializes the message correctly as proper JSON. (link:https://issues.redhat.com/browse/LOG-1775[LOG-1775])
|
||||
|
||||
* Before this update, the Elasticsearch Prometheus exporter plugin compiled index-level metrics using a high-cost query that impacted the Elasticsearch node performance. This update implements a lower-cost query that improves performance. (link:https://issues.redhat.com/browse/LOG-1970[LOG-1970])
|
||||
|
||||
* Before this update, Elasticsearch sometimes rejected messages when Log Forwarding was configured with multiple outputs. This happened because configuring one of the outputs modified message content to be a single message. With this update, Log Forwarding duplicates the messages for each output so that output-specific processing does not affect the other outputs. (link:https://issues.redhat.com/browse/LOG-1824[LOG-1824])
|
||||
|
||||
|
||||
[id="openshift-logging-5-2-4-CVEs"]
|
||||
=== CVEs
|
||||
.Click to expand CVEs
|
||||
[%collapsible]
|
||||
====
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2018-25009.html[CVE-2018-25009]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2018-25010.html[CVE-2018-25010]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2018-25012.html[CVE-2018-25012]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2018-25013.html[CVE-2018-25013]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2018-25014.html[CVE-2018-25014]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-5827.html[CVE-2019-5827]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-13750.html[CVE-2019-13750]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-13751.html[CVE-2019-13751]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-17594.html[CVE-2019-17594]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-17595.html[CVE-2019-17595]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-18218.html[CVE-2019-18218]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-19603.html[CVE-2019-19603]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-20838.html[CVE-2019-20838]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-12762.html[CVE-2020-12762]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-13435.html[CVE-2020-13435]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-14145.html[CVE-2020-14145]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-14155.html[CVE-2020-14155]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-16135.html[CVE-2020-16135]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-17541.html[CVE-2020-17541]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-24370.html[CVE-2020-24370]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-35521.html[CVE-2020-35521]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-35522.html[CVE-2020-35522]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-35523.html[CVE-2020-35523]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-35524.html[CVE-2020-35524]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-36330.html[CVE-2020-36330]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-36331.html[CVE-2020-36331]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-36332.html[CVE-2020-36332]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3200.html[CVE-2021-3200]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3426.html[CVE-2021-3426]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3445.html[CVE-2021-3445]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3481.html[CVE-2021-3481]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3572.html[CVE-2021-3572]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3580.html[CVE-2021-3580]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3712.html[CVE-2021-3712]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3800.html[CVE-2021-3800]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-20231.html[CVE-2021-20231]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-20232.html[CVE-2021-20232]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-20266.html[CVE-2021-20266]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-20317.html[CVE-2021-20317]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-21409.html[CVE-2021-21409]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-22876.html[CVE-2021-22876]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-22898.html[CVE-2021-22898]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-22925.html[CVE-2021-22925]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-27645.html[CVE-2021-27645]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-28153.html[CVE-2021-28153]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-31535.html[CVE-2021-31535]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-33560.html[CVE-2021-33560]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-33574.html[CVE-2021-33574]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-35942.html[CVE-2021-35942]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-36084.html[CVE-2021-36084]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-36085.html[CVE-2021-36085]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-36086.html[CVE-2021-36086]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-36087.html[CVE-2021-36087]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-37136.html[CVE-2021-37136]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-37137.html[CVE-2021-37137]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-42574.html[CVE-2021-42574]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-43267.html[CVE-2021-43267]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-43527.html[CVE-2021-43527]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-44228.html[CVE-2021-44228]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-45046.html[CVE-2021-45046]
|
||||
====
|
||||
|
||||
[id="cluster-logging-release-notes-5-2-3"]
|
||||
== OpenShift Logging 5.2.3
|
||||
|
||||
This release includes link:https://access.redhat.com/errata/RHSA-2021:4032[RHSA-2021:4032 OpenShift Logging Bug Fix Release 5.2.3]
|
||||
|
||||
[id="openshift-logging-5-2-3-bug-fixes"]
|
||||
=== Bug fixes
|
||||
|
||||
* Before this update, some alerts did not include a namespace label. This omission doesn't comply with the OpenShift Monitoring Team's guidelines for writing alerting rules in OpenShift. With this update, all the alerts in Elasticsearch Operator include a namespace label and follow all the guidelines for writing alerting rules in OpenShift.(link:https://issues.redhat.com/browse/LOG-1857[LOG-1857])
|
||||
|
||||
* Before this update, a regression introduced in a prior release intentionally disabled JSON message parsing. This update re-enables JSON parsing. It also sets the log entry "level" based on the "level" field in parsed JSON message or by using regex to extract a match from a message field. (link:https://issues.redhat.com/browse/LOG-1759[LOG-1759])
|
||||
|
||||
[id="openshift-logging-5-2-3-CVEs"]
|
||||
=== CVEs
|
||||
.Click to expand CVEs
|
||||
[%collapsible]
|
||||
====
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-23369[CVE-2021-23369]
|
||||
** link:https://bugzilla.redhat.com/show_bug.cgi?id=1948761[BZ-1948761]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-23383[CVE-2021-23383]
|
||||
** link:https://bugzilla.redhat.com/show_bug.cgi?id=1956688[BZ-1956688]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2018-20673[CVE-2018-20673]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2019-5827[CVE-2019-5827]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2019-13750[CVE-2019-13750]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2019-13751[CVE-2019-13751]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2019-17594[CVE-2019-17594]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2019-17595[CVE-2019-17595]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2019-18218[CVE-2019-18218]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2019-19603[CVE-2019-19603]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2019-20838[CVE-2019-20838]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2020-12762[CVE-2020-12762]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2020-13435[CVE-2020-13435]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2020-14155[CVE-2020-14155]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2020-16135[CVE-2020-16135]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2020-24370[CVE-2020-24370]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-3200[CVE-2021-3200]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-3426[CVE-2021-3426]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-3445[CVE-2021-3445]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-3572[CVE-2021-3572]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-3580[CVE-2021-3580]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-3778[CVE-2021-3778]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-3796[CVE-2021-3796]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-3800[CVE-2021-3800]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-20231[CVE-2021-20231]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-20232[CVE-2021-20232]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-20266[CVE-2021-20266]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-22876[CVE-2021-22876]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-22898[CVE-2021-22898]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-22925[CVE-2021-22925]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-23840[CVE-2021-23840]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-23841[CVE-2021-23841]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-27645[CVE-2021-27645]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-28153[CVE-2021-28153]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-33560[CVE-2021-33560]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-33574[CVE-2021-33574]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-35942[CVE-2021-35942]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-36084[CVE-2021-36084]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-36085[CVE-2021-36085]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-36086[CVE-2021-36086]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-36087[CVE-2021-36087]
|
||||
====
|
||||
|
||||
[id="cluster-logging-release-notes-5-2-2"]
|
||||
== OpenShift Logging 5.2.2
|
||||
|
||||
This release includes link:https://access.redhat.com/errata/RHBA-2021:3747[RHBA-2021:3747 OpenShift Logging Bug Fix Release 5.2.2]
|
||||
|
||||
[id="openshift-logging-5-2-2-bug-fixes"]
|
||||
=== Bug fixes
|
||||
|
||||
* Before this update, the `ClusterLogging` custom resource (CR) applied the value of the `totalLimitSize` field to the Fluentd `total_limit_size` field, even if the required buffer space was not available. With this update, the CR applies the lesser of the two `totalLimitSize` or 'default' values to the Fluentd `total_limit_size` field, resolving the issue.(link:https://issues.redhat.com/browse/LOG-1738[LOG-1738])
|
||||
|
||||
* Before this update, a regression introduced in a prior release configuration caused the collector to flush its buffered messages before shutdown, creating a delay the termination and restart of collector Pods. With this update, fluentd no longer flushes buffers at shutdown, resolving the issue. (link:https://issues.redhat.com/browse/LOG-1739[LOG-1739])
|
||||
|
||||
* Before this update, an issue in the bundle manifests prevented installation of the Elasticsearch operator through OLM on OpenShift 4.9. With this update, a correction to bundle manifests re-enables installs and upgrades in 4.9.(link:https://issues.redhat.com/browse/LOG-1780[LOG-1780])
|
||||
|
||||
[id="openshift-logging-5-2-2-CVEs"]
|
||||
=== CVEs
|
||||
.Click to expand CVEs
|
||||
[%collapsible]
|
||||
====
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-25648.html[CVE-2020-25648]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-22922.html[CVE-2021-22922]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-22923.html[CVE-2021-22923]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-22924.html[CVE-2021-22924]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-36222.html[CVE-2021-36222]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-37576.html[CVE-2021-37576]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-37750.html[CVE-2021-37750]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-38201.html[CVE-2021-38201]
|
||||
====
|
||||
|
||||
[id="cluster-logging-release-notes-5-2-1"]
|
||||
== OpenShift Logging 5.2.1
|
||||
|
||||
This release includes link:https://access.redhat.com/errata/RHBA-2021:3550[RHBA-2021:3550 OpenShift Logging Bug Fix Release 5.2.1]
|
||||
|
||||
[id="openshift-logging-5-2-1-bug-fixes"]
|
||||
=== Bug fixes
|
||||
|
||||
* Before this update, due to an issue in the release pipeline scripts, the value of the `olm.skipRange` field remained unchanged at `5.2.0` instead of reflecting the current release number. This update fixes the pipeline scripts to update the value of this field when the release numbers change. (link:https://issues.redhat.com/browse/LOG-1743[LOG-1743])
|
||||
|
||||
[id="openshift-logging-5-2-1-CVEs"]
|
||||
=== CVEs
|
||||
|
||||
(None)
|
||||
247
modules/cluster-logging-release-notes-5.3.z.adoc
Normal file
247
modules/cluster-logging-release-notes-5.3.z.adoc
Normal file
@@ -0,0 +1,247 @@
|
||||
//Z-stream Release Notes by Version
|
||||
[id="cluster-logging-release-notes-5-3-7"]
|
||||
== OpenShift Logging 5.3.7
|
||||
This release includes link:https://access.redhat.com/errata/RHSA-2022:2217[RHSA-2022:2217 OpenShift Logging Bug Fix Release 5.3.7]
|
||||
|
||||
[id="openshift-logging-5-3-7-bug-fixes"]
|
||||
=== Bug fixes
|
||||
* Before this update, Linux audit log time parsing relied on an ordinal position of key/value pair. This update changes the parsing to utilize a regex to find the time entry. (https://issues.redhat.com/browse/LOG-2322[LOG-2322])
|
||||
|
||||
* * Before this update some log forwarder outputs could re-order logs with the same time-stamp. With this update, a sequence number has been added to the log record to order entries that have matching timestamps. (https://issues.redhat.com/browse/LOG-2334[LOG-2334])
|
||||
|
||||
* Before this update, clusters with a large number of namespaces caused Elasticsearch to stop serving requests because the list of namespaces reached the maximum header size limit. With this update, headers only include a list of namespace names, resolving the issue. (https://issues.redhat.com/browse/LOG-2450[LOG-2450])
|
||||
|
||||
* Before this update, `system:serviceaccount:openshift-monitoring:prometheus-k8s` had cluster level privileges as a `clusterrole` and `clusterrolebinding`. This update restricts the `serviceaccount` to the `openshift-logging` namespace with a role and rolebinding. (https://issues.redhat.com/browse/LOG-2481[LOG-2481)])
|
||||
|
||||
=== CVEs
|
||||
[id="openshift-logging-5-3-7-CVEs"]
|
||||
.Click to expand CVEs
|
||||
[%collapsible]
|
||||
====
|
||||
* https://access.redhat.com/security/cve/CVE-2018-25032[CVE-2018-25032]
|
||||
* https://access.redhat.com/security/cve/CVE-2021-4028[CVE-2021-4028]
|
||||
* https://access.redhat.com/security/cve/CVE-2021-37136[CVE-2021-37136]
|
||||
* https://access.redhat.com/security/cve/CVE-2021-37137[CVE-2021-37137]
|
||||
* https://access.redhat.com/security/cve/CVE-2021-43797[CVE-2021-43797]
|
||||
* https://access.redhat.com/security/cve/CVE-2022-0759[CVE-2022-0759]
|
||||
* https://access.redhat.com/security/cve/CVE-2022-0778[CVE-2022-0778]
|
||||
* https://access.redhat.com/security/cve/CVE-2022-1154[CVE-2022-1154]
|
||||
* https://access.redhat.com/security/cve/CVE-2022-1271[CVE-2022-1271]
|
||||
* https://access.redhat.com/security/cve/CVE-2022-21426[CVE-2022-21426]
|
||||
* https://access.redhat.com/security/cve/CVE-2022-21434[CVE-2022-21434]
|
||||
* https://access.redhat.com/security/cve/CVE-2022-21443[CVE-2022-21443]
|
||||
* https://access.redhat.com/security/cve/CVE-2022-21476[CVE-2022-21476]
|
||||
* https://access.redhat.com/security/cve/CVE-2022-21496[CVE-2022-21496]
|
||||
* https://access.redhat.com/security/cve/CVE-2022-21698[CVE-2022-21698]
|
||||
* https://access.redhat.com/security/cve/CVE-2022-25636[CVE-2022-25636]
|
||||
====
|
||||
|
||||
[id="cluster-logging-release-notes-5-3-6"]
|
||||
== OpenShift Logging 5.3.6
|
||||
This release includes link:https://access.redhat.com/errata/RHBA-2022:1377[RHBA-2022:1377 OpenShift Logging Bug Fix Release 5.3.6]
|
||||
|
||||
[id="openshift-logging-5-3-6-bug-fixes"]
|
||||
=== Bug fixes
|
||||
* Before this update, defining a toleration with no key and the existing Operator caused the Operator to be unable to complete an upgrade. With this update, this toleration no longer blocks the upgrade from completing. (link:https://issues.redhat.com/browse/LOG-2126[LOG-2126])
|
||||
|
||||
* Before this change, it was possible for the collector to generate a warning where the chunk byte limit was exceeding an emitted event. With this change, you can tune the readline limit to resolve the issue as advised by the upstream documentation. (link:https://issues.redhat.com/browse/LOG-2380[LOG-2380])
|
||||
|
||||
[id="cluster-logging-release-notes-5-3-5"]
|
||||
== OpenShift Logging 5.3.5
|
||||
[role="_abstract"]
|
||||
This release includes link:https://access.redhat.com/errata/RHSA-2022:0721[RHSA-2022:0721 OpenShift Logging Bug Fix Release 5.3.5]
|
||||
|
||||
[id="openshift-logging-5-3-5-bug-fixes"]
|
||||
=== Bug fixes
|
||||
* Before this update, if you removed OpenShift Logging from {product-title}, the web console continued displaying a link to the *Logging* page. With this update, removing or uninstalling OpenShift Logging also removes that link. (link:https://issues.redhat.com/browse/LOG-2182[LOG-2182])
|
||||
|
||||
=== CVEs
|
||||
[id="openshift-logging-5-3-5-CVEs"]
|
||||
.Click to expand CVEs
|
||||
[%collapsible]
|
||||
====
|
||||
* link:https://access.redhat.com/security/cve/CVE-2020-28491[CVE-2020-28491]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-3521[CVE-2021-3521]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-3872[CVE-2021-3872]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-3984[CVE-2021-3984]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-4019[CVE-2021-4019]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-4122[CVE-2021-4122]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-4192[CVE-2021-4192]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-4193[CVE-2021-4193]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-0552[CVE-2022-0552]
|
||||
====
|
||||
|
||||
[id="cluster-logging-release-notes-5-3-4"]
|
||||
== OpenShift Logging 5.3.4
|
||||
[role="_abstract"]
|
||||
This release includes link:https://access.redhat.com/errata/RHBA-2022:0411[RHBA-2022:0411 OpenShift Logging Bug Fix Release 5.3.4]
|
||||
|
||||
[id="openshift-logging-5-3-4-bug-fixes"]
|
||||
=== Bug fixes
|
||||
* Before this update, changes to the metrics dashboards had not yet been deployed because the `cluster-logging-operator` did not correctly compare existing and desired config maps that contained the dashboard. This update fixes the logic by adding a unique hash value to the object labels. (link:https://issues.redhat.com/browse/LOG-2066[LOG-2066])
|
||||
|
||||
* Before this update, Elasticsearch pods failed to start after updating with FIPS enabled. With this update, Elasticsearch pods start successfully. (link:https://issues.redhat.com/browse/LOG-1974[LOG-1974])
|
||||
|
||||
* Before this update, elasticsearch generated the error "Unable to create PersistentVolumeClaim due to forbidden: exceeded quota: infra-storage-quota." if the PVC already existed. With this update, elasticsearch checks for existing PVCs, resolving the issue. (link:https://issues.redhat.com/browse/LOG-2127[LOG-2127])
|
||||
|
||||
=== CVEs
|
||||
[id="openshift-logging-5-3-4-CVEs"]
|
||||
.Click to expand CVEs
|
||||
[%collapsible]
|
||||
====
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-3521[CVE-2021-3521]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-3872[CVE-2021-3872]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-3984[CVE-2021-3984]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-4019[CVE-2021-4019]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-4122[CVE-2021-4122]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-4155[CVE-2021-4155]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-4192[CVE-2021-4192]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-4193[CVE-2021-4193]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-0185[CVE-2022-0185]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-21248[CVE-2022-21248]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-21277[CVE-2022-21277]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-21282[CVE-2022-21282]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-21283[CVE-2022-21283]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-21291[CVE-2022-21291]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-21293[CVE-2022-21293]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-21294[CVE-2022-21294]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-21296[CVE-2022-21296]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-21299[CVE-2022-21299]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-21305[CVE-2022-21305]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-21340[CVE-2022-21340]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-21341[CVE-2022-21341]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-21360[CVE-2022-21360]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-21365[CVE-2022-21365]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2022-21366[CVE-2022-21366]
|
||||
====
|
||||
|
||||
[id="cluster-logging-release-notes-5-3-3"]
|
||||
== OpenShift Logging 5.3.3
|
||||
This release includes link:https://access.redhat.com/errata/RHSA-2022:0227[RHSA-2022:0227 OpenShift Logging Bug Fix Release 5.3.3]
|
||||
|
||||
[id="openshift-logging-5-3-3-bug-fixes"]
|
||||
=== Bug fixes
|
||||
* Before this update, changes to the metrics dashboards had not yet been deployed because the cluster-logging-operator did not correctly compare existing and desired configmaps containing the dashboard. This update fixes the logic by adding a dashboard unique hash value to the object labels.(link:https://issues.redhat.com/browse/LOG-2066[LOG-2066])
|
||||
|
||||
* This update changes the log4j dependency to 2.17.1 to resolve link:https://access.redhat.com/security/cve/CVE-2021-44832[CVE-2021-44832].(link:https://issues.redhat.com/browse/LOG-2102[LOG-2102])
|
||||
|
||||
=== CVEs
|
||||
[id="openshift-logging-5-3-3-CVEs"]
|
||||
.Click to expand CVEs
|
||||
[%collapsible]
|
||||
====
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-27292[CVE-2021-27292]
|
||||
** link:https://bugzilla.redhat.com/show_bug.cgi?id=1940613[BZ-1940613]
|
||||
* link:https://access.redhat.com/security/cve/CVE-2021-44832[CVE-2021-44832]
|
||||
** link:https://bugzilla.redhat.com/show_bug.cgi?id=2035951[BZ-2035951]
|
||||
====
|
||||
|
||||
[id="cluster-logging-release-notes-5-3-2"]
|
||||
== OpenShift Logging 5.3.2
|
||||
This release includes link:https://access.redhat.com/errata/RHSA-2022:0044[RHSA-2022:0044 OpenShift Logging Bug Fix Release 5.3.2]
|
||||
|
||||
[id="openshift-logging-5-3-2-bug-fixes"]
|
||||
=== Bug fixes
|
||||
* Before this update, Elasticsearch rejected logs from the Event Router due to a parsing error. This update changes the data model to resolve the parsing error. However, as a result, previous indices might cause warnings or errors within Kibana. The `kubernetes.event.metadata.resourceVersion` field causes errors until existing indices are removed or reindexed. If this field is not used in Kibana, you can ignore the error messages. If you have a retention policy that deletes old indices, the policy eventually removes the old indices and stops the error messages. Otherwise, manually reindex to stop the error messages. (link:https://issues.redhat.com/browse/LOG-2087[LOG-2087])
|
||||
|
||||
* Before this update, the OpenShift Logging Dashboard displayed the wrong pod namespace in the table that displays top producing and collected containers over the last 24 hours. With this update, the OpenShift Logging Dashboard displays the correct pod namespace. (link:https://issues.redhat.com/browse/LOG-2051[LOG-2051])
|
||||
|
||||
* Before this update, if `outputDefaults.elasticsearch.structuredTypeKey` in the `ClusterLogForwarder` custom resource (CR) instance did not have a structured key, the CR replaced the output secret with the default secret used to communicate to the default log store. With this update, the defined output secret is correctly used. (link:https://issues.redhat.com/browse/LOG-2046[LOG-2046])
|
||||
|
||||
[id="openshift-logging-5-3-2-CVEs"]
|
||||
=== CVEs
|
||||
.Click to expand CVEs
|
||||
[%collapsible]
|
||||
====
|
||||
* https://access.redhat.com/security/cve/CVE-2020-36327[CVE-2020-36327]
|
||||
** https://bugzilla.redhat.com/show_bug.cgi?id=1958999[BZ-1958999]
|
||||
* https://access.redhat.com/security/cve/CVE-2021-45105[CVE-2021-45105]
|
||||
** https://bugzilla.redhat.com/show_bug.cgi?id=2034067[BZ-2034067]
|
||||
* https://access.redhat.com/security/cve/CVE-2021-3712[CVE-2021-3712]
|
||||
* https://access.redhat.com/security/cve/CVE-2021-20321[CVE-2021-20321]
|
||||
* https://access.redhat.com/security/cve/CVE-2021-42574[CVE-2021-42574]
|
||||
====
|
||||
|
||||
[id="cluster-logging-release-notes-5-3-1"]
|
||||
== OpenShift Logging 5.3.1
|
||||
This release includes link:https://access.redhat.com/errata/RHSA-2021:5129[RHSA-2021:5129 OpenShift Logging Bug Fix Release 5.3.1]
|
||||
|
||||
[id="openshift-logging-5-3-1-bug-fixes"]
|
||||
=== Bug fixes
|
||||
* Before this update, the Fluentd container image included builder tools that were unnecessary at run time. This update removes those tools from the image. (link:https://issues.redhat.com/browse/LOG-1998[LOG-1998])
|
||||
|
||||
* Before this update, the Logging dashboard displayed an empty CPU graph because of a reference to an invalid metric. With this update, the Logging dashboard displays CPU graphs correctly. (link:https://issues.redhat.com/browse/LOG-1925[LOG-1925])
|
||||
|
||||
* Before this update, the Elasticsearch Prometheus exporter plugin compiled index-level metrics using a high-cost query that impacted the Elasticsearch node performance. This update implements a lower-cost query that improves performance. (link:https://issues.redhat.com/browse/LOG-1897[LOG-1897])
|
||||
|
||||
|
||||
[id="openshift-logging-5-3-1-CVEs"]
|
||||
=== CVEs
|
||||
.Click to expand CVEs
|
||||
[%collapsible]
|
||||
====
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-21409.html[CVE-2021-21409]
|
||||
** link:https://bugzilla.redhat.com/show_bug.cgi?id=1944888[BZ-1944888]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-37136.html[CVE-2021-37136]
|
||||
** link:https://bugzilla.redhat.com/show_bug.cgi?id=2004133[BZ-2004133]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-37137.html[CVE-2021-37137]
|
||||
** link:https://bugzilla.redhat.com/show_bug.cgi?id=2004135[BZ-2004135]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-44228.html[CVE-2021-44228]
|
||||
** link:https://bugzilla.redhat.com/show_bug.cgi?id=2030932[BZ-2030932]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2018-25009.html[CVE-2018-25009]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2018-25010.html[CVE-2018-25010]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2018-25012.html[CVE-2018-25012]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2018-25013.html[CVE-2018-25013]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2018-25014.html[CVE-2018-25014]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-5827.html[CVE-2019-5827]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-13750.html[CVE-2019-13750]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-13751.html[CVE-2019-13751]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-17594.html[CVE-2019-17594]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-17595.html[CVE-2019-17595]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-18218.html[CVE-2019-18218]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-19603.html[CVE-2019-19603]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2019-20838.html[CVE-2019-20838]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-12762.html[CVE-2020-12762]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-13435.html[CVE-2020-13435]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-14145.html[CVE-2020-14145]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-14155.html[CVE-2020-14155]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-16135.html[CVE-2020-16135]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-17541.html[CVE-2020-17541]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-24370.html[CVE-2020-24370]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-35521.html[CVE-2020-35521]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-35522.html[CVE-2020-35522]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-35523.html[CVE-2020-35523]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-35524.html[CVE-2020-35524]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-36330.html[CVE-2020-36330]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-36331.html[CVE-2020-36331]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2020-36332.html[CVE-2020-36332]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3200.html[CVE-2021-3200]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3426.html[CVE-2021-3426]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3445.html[CVE-2021-3445]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3481.html[CVE-2021-3481]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3572.html[CVE-2021-3572]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3580.html[CVE-2021-3580]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3712.html[CVE-2021-3712]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-3800.html[CVE-2021-3800]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-20231.html[CVE-2021-20231]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-20232.html[CVE-2021-20232]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-20266.html[CVE-2021-20266]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-20317.html[CVE-2021-20317]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-22876.html[CVE-2021-22876]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-22898.html[CVE-2021-22898]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-22925.html[CVE-2021-22925]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-27645.html[CVE-2021-27645]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-28153.html[CVE-2021-28153]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-31535.html[CVE-2021-31535]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-33560.html[CVE-2021-33560]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-33574.html[CVE-2021-33574]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-35942.html[CVE-2021-35942]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-36084.html[CVE-2021-36084]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-36085.html[CVE-2021-36085]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-36086.html[CVE-2021-36086]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-36087.html[CVE-2021-36087]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-42574.html[CVE-2021-42574]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-43267.html[CVE-2021-43267]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-43527.html[CVE-2021-43527]
|
||||
* link:https://www.redhat.com/security/data/cve/CVE-2021-45046.html[CVE-2021-45046]
|
||||
====
|
||||
@@ -1,14 +1,9 @@
|
||||
|
||||
// Module included in the following assemblies:
|
||||
//cluster-logging-release-notes.adoc
|
||||
|
||||
[id="cluster-logging-ocp-compatibility"]
|
||||
= {product-title} compatibility
|
||||
The {logging-title} is provided as an installable component, with a distinct release cycle from the core {product-title}. The link:https://access.redhat.com/support/policy/updates/openshift#logging[Red Hat OpenShift Container Platform Life Cycle Policy] outlines release compatibility.
|
||||
|
||||
[id="cluster-logging-release-notes-5-4-0"]
|
||||
= Version 5.4 of the {logging}
|
||||
The following advisories are available for version 5.4 of the {logging}:
|
||||
= Logging 5.4
|
||||
The following advisories are available for logging 5.4:
|
||||
link:https://access.redhat.com/errata/RHSA-2022:1461[{logging-title-uc} Release 5.4]
|
||||
|
||||
[id="openshift-logging-5-4-0-bug-fixes"]
|
||||
@@ -40,7 +35,7 @@ link:https://access.redhat.com/errata/RHSA-2022:1461[{logging-title-uc} Release
|
||||
|
||||
* Before this update, clusters with a large number of namespaces caused Elasticsearch to stop serving requests because the list of namespaces reached the maximum header size limit. With this update, headers only include a list of namespace names, resolving the issue. (link:https://issues.redhat.com/browse/LOG-1899[LOG-1899])
|
||||
|
||||
* Before this update, the OpenShift Logging dashboard showed the number of shards 'x' times bigger than actual value when Elasticsearch has 'x' nodes. This was because it was printing all primary shards for each ES pod and processing sum on it, while the output is always for the whole ES cluster. With this update, the calculation has been corrected. (link:https://issues.redhat.com/browse/LOG-2156[LOG-2156])
|
||||
* Before this update, the *{product-title} Logging* dashboard showed the number of shards 'x' times larger than the actual value when Elasticsearch had 'x' nodes. This issue occurred because it was printing all primary shards for each ES pod and calculating a sum on it, although the output was always for the whole ES cluster. With this update, the number of shards is now correctly calculated. (link:https://issues.redhat.com/browse/LOG-2156[LOG-2156])
|
||||
|
||||
* Before this update, the secrets "kibana" and "kibana-proxy" were not recreated if they were deleted manually. With this update, the `elasticsearch-operator` will watch the resources and automatically recreate them if deleted. (link:https://issues.redhat.com/browse/LOG-2250[LOG-2250])
|
||||
|
||||
|
||||
39
modules/cluster-logging-release-notes-5.4.z.adoc
Normal file
39
modules/cluster-logging-release-notes-5.4.z.adoc
Normal file
@@ -0,0 +1,39 @@
|
||||
//Z-stream Release Notes by Version
|
||||
[id="cluster-logging-release-notes-5-4-1"]
|
||||
== Logging 5.4.1
|
||||
This release includes https://access.redhat.com/errata/RHSA-2022:2216[RHSA-2022:2216-OpenShift Logging Bug Fix Release 5.4.1].
|
||||
|
||||
[id="openshift-logging-5-4-1-bug-fixes"]
|
||||
=== Bug fixes
|
||||
* Before this update, the log file metric exporter only reported logs created while the exporter was running, which resulted in inaccurate log growth data. This update resolves this issue by monitoring `/var/log/pods`. (https://issues.redhat.com/browse/LOG-2442[LOG-2442])
|
||||
|
||||
* Before this update, the collector would be blocked because it continually tried to use a stale connection when forwarding logs to fluentd forward receivers. With this release, the `keepalive_timeout` value has been set to 30 seconds (`30s`) so that the collector recycles the connection and re-attempts to send failed messages within a reasonable amount of time. (https://issues.redhat.com/browse/LOG-2534[LOG-2534])
|
||||
|
||||
* Before this update, an error in the gateway component enforcing tenancy for reading logs limited access to logs with a Kubernetes namespace causing "audit" and some "infrastructure" logs to be unreadable. With this update, the proxy correctly detects users with admin access and allows access to logs without a namespace. (https://issues.redhat.com/browse/LOG-2448[LOG-2448])
|
||||
|
||||
* Before this update, `system:serviceaccount:openshift-monitoring:prometheus-k8s` had cluster level privileges as a `clusterrole` and `clusterrolebinding`. This update restricts the `serviceaccount` to the `openshift-logging` namespace with a role and rolebinding. (https://issues.redhat.com/browse/LOG-2437[LOG-2437])
|
||||
|
||||
* Before this update, Linux audit log time parsing relied on an ordinal position of a key/value pair. This update changes the parsing to use a regular expression to find the time entry. (https://issues.redhat.com/browse/LOG-2321[LOG-2321])
|
||||
|
||||
|
||||
[id="openshift-logging-5-4-1-CVEs"]
|
||||
=== CVEs
|
||||
.Click to expand CVEs
|
||||
[%collapsible]
|
||||
====
|
||||
* https://access.redhat.com/security/cve/CVE-2018-25032[CVE-2018-25032]
|
||||
* https://access.redhat.com/security/cve/CVE-2021-4028[CVE-2021-4028]
|
||||
* https://access.redhat.com/security/cve/CVE-2021-37136[CVE-2021-37136]
|
||||
* https://access.redhat.com/security/cve/CVE-2021-37137[CVE-2021-37137]
|
||||
* https://access.redhat.com/security/cve/CVE-2021-43797[CVE-2021-43797]
|
||||
* https://access.redhat.com/security/cve/CVE-2022-0778[CVE-2022-0778]
|
||||
* https://access.redhat.com/security/cve/CVE-2022-1154[CVE-2022-1154]
|
||||
* https://access.redhat.com/security/cve/CVE-2022-1271[CVE-2022-1271]
|
||||
* https://access.redhat.com/security/cve/CVE-2022-21426[CVE-2022-21426]
|
||||
* https://access.redhat.com/security/cve/CVE-2022-21434[CVE-2022-21434]
|
||||
* https://access.redhat.com/security/cve/CVE-2022-21443[CVE-2022-21443]
|
||||
* https://access.redhat.com/security/cve/CVE-2022-21476[CVE-2022-21476]
|
||||
* https://access.redhat.com/security/cve/CVE-2022-21496[CVE-2022-21496]
|
||||
* https://access.redhat.com/security/cve/CVE-2022-21698[CVE-2022-21698]
|
||||
* https://access.redhat.com/security/cve/CVE-2022-25636[CVE-2022-25636]
|
||||
====
|
||||
Reference in New Issue
Block a user