Fluentd v1.14.2 has been released

Hi users!

We have released v1.14.2. ChangeLog is here.

This release is a maintenance release of v1.14 series.

IMPORTANT: This release contain the fix for CVE-2021-41186 - ReDoS vulnerability in parser_apache2. This vulnerabbility is affected from Fluentd v0.14.14 to v1.14.1. We recommend to upgrade Fluentd to v1.14.2 or use patched version of parser_apache2 plugin.

Fixed ReDoS vulnerability in parser_apache2

parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability.

A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack.

There are two workarounds:

  • Don't use parser_apache2 for parsing logs which cannot guarantee generated by Apache.
  • Put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable FLUENT_PLUGIN or --plugin option of fluentd).

As noted above, it requires a maliciously compromised Apache log to cause ReDoS. Usually, such a log will not be generated by Apache, so the risk of ReDoS is low.

Patched version of parser_apache2 is available from parser_apache2.rb

fluent-cat: Added --event-time option for testing

In this release, --event-time option was added to fluent-cat.

You can send event in specific event time with --event-time option instead of sending time in the previous versions.

echo '{"test": "ok"}' | fluent-cat --event-time "2021-10-29 13:14:15.0+00:00" tag

GitHub: Your Configuration field was automatically quoted

Recently, when creating issue on GitHub, Your Configuration field was automatically quoted.

Most users doesn't quote Your Configuration field manually when they report a bug. So it was changed to be quoted automatically.

Upgrade attention for TD Agent users

If you use Fluentd v1.12 or later, we recommend to use at least v1.12.4. It is because in_tail contains serious bugs in it.

As latest td-agent 4.2.0 bundles Fluentd 1.13.3. If you want to upgrade Fluentd further more, upgrade it by yourself.

$ sudo td-agent-gem install fluentd --version=1.14.2

Enjoy logging!

Subscribed to the RSS feed here.

Written by ClearCode, Inc.

ClearCode, Inc. is a software company specializing in the development of Free Software. We maintain Fluentd and its plugin ecosystem, and provide commercial support for them.