Falcon LogScale 1.242.0 GA (2026-05-26)
| Version? | Type? | Release Date? | Availability? | End of Support | Security Updates | Upgrades From? | Downgrades To? | Config. Changes? |
|---|---|---|---|---|---|---|---|---|
| 1.242.0 | GA | 2026-05-26 | Cloud | Next LTS | No | 1.177.0 | 1.177.0 | No |
Hide file download links
Download
Use docker pull humio/humio-core:1.242.0 to download the latest version
Bug fixes and updates
Deprecation
Items that have been deprecated and may be removed in a future release.
The following manuals have been moved to the archives:
The userId parameter for the updateDashboardToken GraphQL mutation has been deprecated and will be removed in version 1.273.
rdns()has been deprecated and will be removed in version 1.249. UsereverseDns()as an alternative function.
Upgrades
Changes that may occur or be required during an upgrade.
Security
Upgraded the dependency Jackson to version 2.21.3 to address a denial of service vulnerability.
See their documentation here: Jackson: GitHub
User Interface
The LogScale UI time zone database has been updated to the Internet Assigned Numbers Authority (IANA) 2026b release.
New features and improvements
Automation and Triggers
Email actions now support dynamic recipients using message templates. Most templates available in email subjects and bodies can also be used in the recipients list, including field references such as
{field:fieldName}that resolve from event data at trigger time. Templates can constitute the entire recipient address (for example,{field:email}) or be embedded within an email address (for example,{field:username}@crowdstrike.comor{name}@example.com). This enables sending notifications directly to users referenced in log events, such as notifying a user whose login failed. Static and dynamic recipients can be mixed freely.Templates that produce large or multi-line output (such as
{events},{events_html}, or{url}) are not permitted in recipients. For filter alerts, which trigger on a single event, the recipient is calculated from that event. For other alert types, the recipient is calculated from the first event only, which may be problematic if events have different values for the field referenced in the recipient template.Warning: when using field references, ensure the query is scoped so that recipients only receive events relevant to them.
For more information, see Dynamic Email Recipients.
API
Added an ingest status endpoint at
/api/v1/status/ingest. This endpoint exposes a node's ability to receive and handle incoming ingest requests.In the future, this endpoint will be used to signal whether all conditions necessary for ingesting have been met for recently-started nodes, such as whether lookup files have been synchronized. At present, no such conditions have been implemented and the endpoint always responds with
200 OK.
Fixed in this release
Security
Fixed an issue where BitBucket social login was failing due to Atlassian's CHANGE-3052 deprecation. BitBucket now requires OAuth2 access tokens to be sent as a Bearer token in the Authorization header rather than as a query parameter. This issue has now been resolved.
Queries
Anchoring in regular expressions would produce incorrect prefilters. Specifically, this affected the
$anchor, which may optionally match a line terminator unless the multi-line flag is enabled. The resulting prefilter would incorrectly require anchoring at the end of the input, causing some valid values to be erroneously filtered out. This issue has now been resolved.
Functions
The query function
series()now correctly respects query memory limits.The
parseCEF()function now correctly adds error messages to the @error_msg field when parsing fails, aligning error reporting with the behavior of other functions.
Known Issues
Storage
For clusters using secondary storage where the primary storage on some nodes in the cluster may be getting filled (that is, the storage usage on the primary disk is halfway between
PRIMARY_STORAGE_PERCENTAGEandPRIMARY_STORAGE_MAX_FILL_PERCENTAGE), those nodes may fail to transfer segments from other nodes. The failure will be indicated by the error java.nio.file.AtomicMoveNotSupportedException with message "Invalid cross-device link".This does not corrupt data or cause data loss, but will prevent the cluster from being fully healthy, and could also prevent data from reaching adequate replication.
Improvement
Security
The default example text provided when setting up IP filters has been updated and deduplicated.
Ingestion
Improved the distribution of digest partitions onto nodes. The previous implementation would sometimes cause individual nodes to own clusters of partitions, causing hotspots. The new implementation distributes partitions across available nodes without this type of clustering.
Queries
Scheduled searches no longer start immediately when due to run. Instead, all scheduled searches due to start within a given minute are staggered over that minute, smoothing out the load on the query engine and improving overall query performance.
For more information, see Automatic distribution within each minute.
LogScale's
SearchUI now populates events in subquery Table tabs using a direct lookup in the table used by the query. As a result, the subquery table tab is now populated with a single request, increasing its speed significantly.For more information, see Display tabs.
Added an optimization for
ORcharacter predicates in the Regular Expression Engine v2. Regexes such as the following are now significantly faster:regex[ab]{4}regex[Ee]xecution|[Mm]alwareFor more information, see Operators.
Added an optimization for case-insensitive regexes in the Regular Expression Engine v2. Many case-insensitive regexes are now up to approximately 30% faster than before.
Added an optimization for case-insensitive searching in the Regular Expression Engine v2. This optimization applies to most regular expressions containing a sequence of characters. For example, case-insensitive regular expressions such as
/Twain/and/(Tom|Sawyer|Huckleberry|Finn)/are now up to twice as fast.