Graylog 1.3.4 is a patch release for the Graylog 1.3.x release line which fixes a security issue in the Graylog web interface and solves an issue with time-based index rotation. Users of Graylog 1.3.3 or earlier are strongly encouraged to update to this version.
Special thanks to Ingo Chao for responsibly disclosing the redirect vulnerability in the Graylog web interface!
If you find security related issues in Graylog and want to disclose them privately (instead of filing a public issue on GitHub), please do not hesitate to write an email to firstname.lastname@example.org with your findings!
Download Graylog 1.3.4
Graylog 1.3.4 can be downloaded from here.
The Graylog packages are available on our download page in the "All releases" section.
Our virtual appliance in OVA format has been updated for this release, too.
Changes in Graylog 1.3.4
- Fix security issue which allowed redirecting users to arbitrary sites on login Graylog2/graylog2-web-interface#1729
- Fix issue with time-based index rotation strategy Graylog2/graylog2-server#725 Graylog2/graylog2-server#1693
- Fix issue with IndexFailureServiceImpl Graylog2/graylog2-server#1747
- Add default Content-Type to GettingStartedResource Graylog2/graylog2-server#1700
- Improve OS platform detection Graylog2/graylog2-server#1737
- Add prefixes GRAYLOG_ (environment variables) and graylog. (system properties) for overriding configuration settings Graylog2/graylog2-server@48ed88d
- Fix URL to Graylog Marketplace on Extractor/Content Pack pages Graylog2/graylog2-server#1817
- Use monospace font on message values Graylog2/graylog2-web-interface@3cce368
Feedback is welcome!
Please report any bugs or questions you have through one of our community channels.
Feature ideas are welcome in our product idea portal.