Falcon LogScale 1.82.3 LTS (2023-07-04)

Version?Type?Release Date?Availability?End of Support

Security

Updates

Upgrades

From?

Config.

Changes?
1.82.3LTS2023-07-04

Cloud

2024-04-30No1.44.0No

Hide file hashes

Show file hashes

Download: https://repo.humio.com/repository/maven-releases/com/humio/server/1.82.3/server-1.82.3.tar.gz

These notes include entries from the following previous releases: 1.82.0, 1.82.1, 1.82.2

Bug fix and updates.

New features and improvements

  • UI Changes

    • Improvements have been made on the Fields Panel, that would flicker when switching between the Results and Events tabs and the query was live. It now displays the fields of the aggregated query when on the Results tab, and the fields of the events query when on the Events tab.

  • Queries

    • Added backend support for organization level query blocking. Actors with the BlockQueries permission are able to block and stop queries running within their organization.

  • Functions

    • The match()query function has been improved in terms of speed when using glob as the mode.

  • Other

    • Added optional global argument to stopAllQueries, stopStreamingQueries, stopHistoricalQueries, blockedQueries, addToBlocklistById, addToBlocklist permissions. Default is false i.e. within own organization only.

    • Worker-level query scheduling has been adjusted to avoid long-term starvation of expensive queries.

Fixed in this release

  • Security

    • Verified that LogScale does not use the affected Akka dependency component in CVE-2023-31442 by default, and have taken additional precautions to notify customers.

      For:

      • LogScale Cloud/Falcon Long Term Repository:

        • This CVE does not impact LogScale Cloud or LTR customers.

      • LogScale Self-Hosted:

        • Exposure to risk:

          • Potential risk is only present if a self hosted customer has modified the Akka parameters to a non default value of akka.io.dns.resolver = async-dns during initial setup.

          • By default LogScale does not use this configuration parameter.

          • CrowdStrike has never recommended custom Akka parameters. We recommend using default values for all parameters.

        • Steps to mitigate:

          • Setting akka.io.dns.resolver to default value (inet-address) will mitigate the potential risk.

        • On versions older than 1.92.0:

          • Unset the custom Akka configuration. Refer to Akka documentation for more information on how to unset or pass a different value to the parameter here.

          • CrowdStrike recommends upgrading LogScale to 1.92.x or higher versions.

  • UI Changes

  • API

    • Fixed an issue with API Explorer that could fail to load in some configurations when using cookie authentication.

  • Dashboards and Widgets

    • The dropdown menu for dashboard parameter suggestions is now faster and can handle several thousand entries without blocking the UI.

      For more information, see Manage Dashboard Parameters.

  • Functions

  • Other

    • Fixed a permission issue for LogScale Self-Hosted having a dependency on the ManageOrganizations system permission, which should not apply to that environment — the ManageCluster system permission in itself is now sufficient for Self-Hosted.

    • Fixed an issue where searching within small subsets of the latest 24 hours in combination with hash filters could result in events that belonged in the time range to not be included in the result. The visible symptom was that narrowing the search span provided more hits.

    • Fixed an issue that occurred when creating users: when multiple user creation requests were sent at the same time, multiple users were in some cases created with the same name.

    • Fixed an issue that could cause recently merged mini-segments to be excluded from searches after a reboot.