We are announcing the release of logstash 1.5.4 and 1.4.5 which fixes important security issues. Our recommendation is to upgrade immediately if you are using either of the following features:

Logstash forwarder: After the release of 1.5.3, users encountered an issue where Logstash Forwarder was unable to communicate to Logstash instance because of SSL/TLS certificate validation errors. This has been fixed.

Lumberjack output: Typically used to connect two Logstash instances. In such deployments, one Logstash instance is used to collect logs from a webserver and securely transmit them to a central Logstash instance to perform additional filtering and storing.

Security Fixes

When using SSL/TLS functionality, Lumberjack output from Logstash 1.5.3 and prior versions did not validate certificate presented by the Logstash instance acting as a server. This exposes a man in the middle vulnerability.

We have been assigned CVE-2015-5619 for this issue and have added this vulnerability to our CVE page.

Note: Users of Logstash Forwarder are not affected by this particular vulnerability

Enhancements

Elasticsearch Output: Added the ability to update existing ES documents and support of upsert -- if document doesn't exist, create it (#116). Thanks to David Chauviere for contributing this enhancement!

Example configuration:

output { if [use_case] == "doc_upsert" { elasticsearch { host => "elasticsearch" protocol => "http" action => "update" document_id => "%{[uid]}" doc_as_upsert => true } } else if [use_case] == "doc_static_upsert" { elasticsearch { host => "elasticsearch" protocol => "http" action => "update" document_id => "%{[uid]}" upsert => '{"static_field": "demo"}' } } else if [use_case] == "doc_dynamic_upsert" { elasticsearch { host => "elasticsearch" protocol => "http" action => "update" document_id => "%{[uid]}" upsert => '{"use_case": "%{[use_case]}", "dynamic": { "fieldC": "%{[dynamic_field][fieldC]}"}}' } } }

Bug fixes

Below is a list of bug fixes in core and plugins. For a full list, please check the changelog.

Reverted a change in our harden SSL fix, that prevented Logstash Forwarder and Lumberjack output clients to connect to 1.5.3 instances (#3657)

Updated Concurrent-ruby library usage to suppress deprecation warnings (#3662)

Updated Concurrent-ruby library usage to suppress deprecation warnings (#3662) Lumberjack input: Fixed a scenario where Logstash Forwarder could lose events when dealing with congestion from downstream plugins. We were incorrectly calculating the window size of payload in the acknowledgement stage. (#3691)

Lumberjack input: Fixed a scenario where Logstash Forwarder could lose events when dealing with congestion from downstream plugins. We were incorrectly calculating the window size of payload in the acknowledgement stage. (#3691) File input: Fix double ingestion issue when using glob path (#3674)

File input: Fix double ingestion issue when using glob path (#3674) AWS mixin: Correctly configure the proxy when using V2 version of the mixin. (#15)

AWS mixin: Correctly configure the proxy when using V2 version of the mixin. (#15) Lumberjack ouput: Added better handling of congestion scenario by using a buffered payloads (#7)

Feedback



Please download Logstash 1.5.4 and let us know what you think on Twitter (@elastic) or on our forum. You can report any problems on the GitHub issues page.

