Falcon LogScale 1.233.0 Not Released (2026-03-24)

Version?Type?Release Date?Availability?End of SupportSecurity UpdatesUpgrades From?Downgrades To?Config. Changes?
1.233.0Not Released2026-03-24

Internal Only

2027-03-31No1.177.01.177.0No

Not released.

Advance Warning

The following items are due to change in a future release.

  • Security

    • Starting from LogScale version 1.237, support for insecure ldap connections will be removed. Self-Hosted customers using LDAP will only be able to use ldaps secure connections.

Deprecation

Items that have been deprecated and may be removed in a future release.

  • The userId parameter for the updateDashboardToken GraphQL mutation has been deprecated and will be removed in version 1.273.

  • rdns() has been deprecated and will be removed in version 1.249. Use reverseDns() as an alternative function.

Known Issues

  • Storage

    • For clusters using secondary storage where the primary storage on some nodes in the cluster may be getting filled (that is, the storage usage on the primary disk is halfway between PRIMARY_STORAGE_PERCENTAGE and PRIMARY_STORAGE_MAX_FILL_PERCENTAGE), those nodes may fail to transfer segments from other nodes. The failure will be indicated by the error java.nio.file.AtomicMoveNotSupportedException with message "Invalid cross-device link".

      This does not corrupt data or cause data loss, but will prevent the cluster from being fully healthy, and could also prevent data from reaching adequate replication.

Recent Package Updates

The following LogScale packages have been updated within the last month.

  • Package Changes

    • infoblox/nios has been updated to v1.4.2.

      • Fixed JSON parsing issue for DNS answers containing backslashes by adding proper escape handling

      • Added test cases for DNS TYPE65 queries with complex data structures

      • Updated parser version to 3.0.2

      For more information, see Package infoblox/nios Release Notes.

    • cloudflare/zerotrust has been updated to v2.2.0.

      • Enhanced email security alert filtering to only generate alerts for malicious, suspicious, or spoof dispositions

      • Added threat technique name mapping from ThreatCategories for email security alerts

      • Improved event categorization for email security with separate handling for threat techniques vs general emails

      • Updated WAF alert generation to trigger only when severity indicates likely attack or attack (severity <= 50)

      • Updated parser version to 4.2.0

      For more information, see Package cloudflare/zerotrust Release Notes.

    • checkpoint/ngfw has been updated to v2.7.0.

      • Fixed event.kind assignment for malware detection events to properly set "alert" value

      • Enhanced conditional logic for malware event categorization in Block and Detect actions

      • Updated parser version to 3.7.0

      For more information, see Package checkpoint/ngfw Release Notes.

    • microsoft/sysmon has been updated to v1.1.4.

      • Added @dataConnectionID field to the select statement for improved data connection tracking

      • Updated parser version to 1.1.4

      For more information, see Package microsoft/sysmon Release Notes.

    • darktrace/detect has been updated to v2.0.2.

      • Updated ECS version to 9.2.0

      • Updated parser version to 3.0.2

      • Enhanced timestamp parsing for RFC 3164 syslog format to handle single-digit day values with optional space padding

      • Added array-based field handling for host.mac[] field

      For more information, see Package darktrace/detect Release Notes.

    • zscaler/internet-access has been updated to v2.1.2.

      • Fixed event.action field assignment order in firewall events to ensure proper conditional processing

      • Updated parser version to 4.0.2

      For more information, see Package zscaler/internet-access Release Notes.

    • fortinet/fortigate has been updated to v2.3.3.

      • Enhanced VPN tunnel event handling with improved source address mapping for tunnel-up actions

      • Added source.nat.ip field mapping from Vendor.tunnelip for VPN tunnel events

      • Improved network direction detection with additional conditions for Vendor.init field

      • Fixed corrupted type field parsing by restoring "utm" value when type field contains text/css, text/html, or other text/* values

      • Updated parser version to 5.1.3

      For more information, see Package fortinet/fortigate Release Notes.

    • zscaler/internet-access has been updated to v2.1.1.

      • Enhanced user field handling with improved fallback logic using coalesce function

      • Updated user.name field to use both Vendor.elogin and Vendor.user as fallback options

      • Updated parser version to 4.0.1

      For more information, see Package zscaler/internet-access Release Notes.