Fluentd v1.14.2 has been released

Hi users!

We have released v1.14.2. ChangeLog is here.

This release is a maintenance release of v1.14 series.

IMPORTANT: This release contain the fix for CVE-2021-41186 - ReDoS vulnerability in parser_apache2. This vulnerabbility is affected from Fluentd v0.14.14 to v1.14.1. We recommend to upgrade Fluentd to v1.14.2 or use patched version of parser_apache2 plugin.

Fixed ReDoS vulnerability in parser_apache2

parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability.

A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack.

There are two workarounds:

  • Don't use parser_apache2 for parsing logs which cannot guarantee generated by Apache.
  • Put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable FLUENT_PLUGIN or --plugin option of fluentd).

As noted above, it requires a maliciously compromised Apache log to cause ReDoS. Usually, such a log will not be generated by Apache, so the risk of ReDoS is low.

Patched version of parser_apache2 is available from parser_apache2.rb

fluent-cat: Added --event-time option for testing

In this release, --event-time option was added to fluent-cat.

You can send event in specific event time with --event-time option instead of sending time in the previous versions.


echo '{"test": "ok"}' | fluent-cat --event-time "2021-10-29 13:14:15.0+00:00" tag

GitHub: Your Configuration field was automatically quoted

Recently, when creating issue on GitHub, Your Configuration field was automatically quoted.

Most users doesn't quote Your Configuration field manually when they report a bug. So it was changed to be quoted automatically.

Upgrade attention for TD Agent users

If you use Fluentd v1.12 or later, we recommend to use at least v1.12.4. It is because in_tail contains serious bugs in it.

As latest td-agent 4.2.0 bundles Fluentd 1.13.3. If you want to upgrade Fluentd further more, upgrade it by yourself.

$ sudo td-agent-gem install fluentd --version=1.14.2

Enjoy logging!

Subscribed to the RSS feed here.

Written by ClearCode, Inc.

ClearCode, Inc. is a software company specializing in the development of Free Software. We maintain Fluentd and its plugin ecosystem, and provide commercial support for them.


comments powered by Disqus

About Fluentd

Fluentd is an open source data collector to unify log management.

Learn

Want to learn the basics of Fluentd? Check out these pages.

Ask the Community

Couldn't find enough information? Let's ask the community!

Ask the Experts

You need commercial-grade support from Fluentd committers and experts?

Follow Us!