Hi users!
We have released v1.14.2. ChangeLog is here.
This release is a maintenance release of v1.14 series.
IMPORTANT: This release contain the fix for CVE-2021-41186 -
ReDoS vulnerability in parser_apache2
.
This vulnerabbility is affected from Fluentd v0.14.14 to v1.14.1.
We recommend to upgrade Fluentd to v1.14.2 or use patched version of parser_apache2
plugin.
parser_apache2
plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability.
A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack.
There are two workarounds:
parser_apache2
for parsing logs which cannot guarantee generated by Apache.parser_apache2.rb
into /etc/fluent/plugin directory (or any other directories specified by the environment variable FLUENT_PLUGIN
or --plugin
option of fluentd).As noted above, it requires a maliciously compromised Apache log to cause ReDoS. Usually, such a log will not be generated by Apache, so the risk of ReDoS is low.
Patched version of parser_apache2
is available from parser_apache2.rb
--event-time
option for testingIn this release, --event-time
option was added to fluent-cat
.
You can send event in specific event time with --event-time
option instead of sending time
in the previous versions.
echo '{"test": "ok"}' | fluent-cat --event-time "2021-10-29 13:14:15.0+00:00" tag
Recently, when creating issue on GitHub, Your Configuration
field was automatically
quoted.
Most users doesn't quote Your Configuration
field manually when they report a bug.
So it was changed to be quoted automatically.
If you use Fluentd v1.12 or later, we recommend to use at least v1.12.4.
It is because in_tail
contains serious bugs in it.
As latest td-agent 4.2.0 bundles Fluentd 1.13.3. If you want to upgrade Fluentd further more, upgrade it by yourself.
$ sudo td-agent-gem install fluentd --version=1.14.2
Enjoy logging!
Subscribed to the RSS feed here.
ClearCode, Inc. is a software company specializing in the development of Free Software. We maintain Fluentd and its plugin ecosystem, and provide commercial support for them.
Fluentd is an open source data collector to unify log management.
2024-08-29: Scheduled support lifecycle announcement about Fluent Package v6
2023-08-29: Drop schedule announcement about EOL of Treasure Agent (td-agent) 4
2023-08-29: Scheduled support lifecycle announcement about Fluent Package
2023-07-31: Upgrade to fluent-package v5
2025-01-29: Fluentd v1.16.7 has been released
2024-12-14: fluent-package v5.2.0 has been released
2024-11-29: Fluentd v1.18.0 has been released
2024-11-08: fluent-package v5.0.5 has been released
2024-08-29: Scheduled support lifecycle announcement about Fluent Package v6
2024-08-20: Fluentd v1.16.6 has been released
2024-08-19: Fluentd v1.17.1 has been released
2024-08-02: fluent-package v5.1.0 has been released
2024-07-02: fluent-package v5.0.4 has been released
2024-04-30: Fluentd v1.17.0 has been released
Want to learn the basics of Fluentd? Check out these pages.
Couldn't find enough information? Let's ask the community!
You need commercial-grade support from Fluentd committers and experts?
©2010-2025 Fluentd Project. ALL Rights Reserved.
Fluentd is a hosted project under the Cloud Native Computing Foundation (CNCF). All components are available under the Apache 2 License.