Falcon LogScale 1.76.4 LTS (2023-06-22)

Version?Type?Release Date?Availability?End of Support

Security

Updates

Upgrades

From?

Config.

Changes?
1.76.4LTS2023-06-22

Cloud

2024-02-28No1.44.0No
TAR ChecksumValue
MD5db953465da81f218ea623eda9eb1bbe0
SHA12a8103e67e25f5875b0d9fb64df7b200553e2e2a
SHA256c9ea2a7accd3e68b4a38dadc8a4a2db61551501d5faf13fa45422fd62433a9ed
SHA51204f3e5f98eea9fb40c9af0ca3bf00ed1941dd54d6ab2d3fc030d9ea98fca735a5fc9a9aa3d83dc5d66a47955c0242ba78dca291321c6b53880a7239d1831c259
Docker ImageSHA256 Checksum
humio764db9a8db6139b18f8e6757c1bfd8b3adfe61cfae07f923a453a1fbe7831fe7
humio-corea885340105544d8054463717a4457cc6cda3b42bdcb5df12a830677b8a232803
kafka92250700f7357110151726ebbe1cb38f63534c25e24566ffdb5f3d9c042158f3
zookeeper76417a09f8e5bfcbf647ade6456acce088c5dcb4cb7be02686dcc6c2a30b616e

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.76.4/server-1.76.4.tar.gz

Security fixes.

Advance Warning

The following items are due to change in a future release.

  • Configuration

    • Starting from 1.78 release, the default value for the MAX_INGEST_REQUEST_SIZE configuration will be reduced from 1 GB to 32 MB.

      This value limits the size of ingest request and rejects oversized requests.

      If the request is compressed within HTTP, then this restricts the size after decompressing.

Fixed in this release

  • Security

    • Verified that LogScale does not use the affected Akka dependency component in CVE-2023-31442 by default, and have taken additional precautions to notify customers.

      For:

      • LogScale Cloud/Falcon Long Term Repository:

        • This CVE does not impact LogScale Cloud or LTR customers.

      • LogScale Self-Hosted:

        • Exposure to risk:

          • Potential risk is only present if a self hosted customer has modified the Akka parameters to a non default value of akka.io.dns.resolver = async-dns during initial setup.

          • By default LogScale does not use this configuration parameter.

          • CrowdStrike has never recommended custom Akka parameters. We recommend using default values for all parameters.

        • Steps to mitigate:

          • Setting akka.io.dns.resolver to default value (inet-address) will mitigate the potential risk.

        • On versions older than 1.92.0:

          • Unset the custom Akka configuration. Refer to Akka documentation for more information on how to unset or pass a different value to the parameter here.

          • CrowdStrike recommends upgrading LogScale to 1.92.x or higher versions.