Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 1. Release notes

1.1. Logging 5.9
Link kopieren

Red Hat Logging 5.9 end of life

Red Hat Logging 5.9 is no longer supported.

Logging 5.9 reached End of Life on November 3, 2025. The suggested replacement is Logging 6. For details about migrating, see the Upgrading Logging.

Logging is provided as an installable component, with a distinct release cycle from the core OpenShift Container Platform. The Red Hat OpenShift Container Platform Life Cycle Policy outlines release compatibility.

Note

The stable channel only provides updates to the most recent release of logging. To continue receiving updates for prior releases, you must change your subscription channel to stable-x.y, where

x.y

represents the major and minor version of logging you have installed. For example, stable-5.7.

1.1.1. Logging 5.9.16
Link kopieren

This release includes RHBA-2025:18144.

1.1.1.1. Bug fixes
Link kopieren

Before this update, log forwarding failed when the cluster-wide proxy configuration included a URL with a username containing an encoded
```
@
```
symbol, for example,
```
user%40name
```
. This update adds the correct support for URL-encoded values in proxy configurations and resolves the issue. LOG-6963
Before this update, Vector sent a single message twice to syslog after reading it due to an issue in the log forwarding configuration. As a consequence, duplicate syslog messages were sent, causing increased network usage and resource consumption. With this update, Vector sends a single message to syslog, reducing network usage and improving server performance. LOG-7008
Before this update, Vector overwrote the defined log type when writing to syslog if the log message included a
```
log_type
```
field. With this update, the
```
.message
```
field is replaced only if it contains a valid JSON string. This ensures that structured data is handled correctly and nested fields are preserved during syslog encoding. As a result, the defined log type is preserved. LOG-7009
Before this update, Vector duplicated fields inside a log message when forwarding logs to syslog. This led to redundant data in the output. With this update, the
```
.message
```
field is replaced only if it contains a valid JSON string, ensuring that structured data is handled correctly and preventing field duplication during syslog encoding. LOG-7010
Before this update,
```
ClusterLoggingForwarder
```
spec validation failed with a nil pointer runtime error when the
```
outputRef
```
field in a pipeline did not have a corresponding output defined or had an output with no name. With this update, the validation function has been fixed, preventing the Operator from crashing and ensuring continuous logging service. LOG-7191
Before this update, parsing the
```
.message
```
field as JSON could generate logs at the
```
error
```
level even when the issue was not critical. With this update, the messages are logged at the
```
debug
```
level, reducing log noise and still allowing for debugging when needed. LOG-7232
Before this update, the histogram in the Observe > Logs page did not update its time range even after being manually refreshed. With this update, the correct time range is set and the histogram shows updated data when refreshed. LOG-7413

1.1.1.2. Known issues
Link kopieren

When you forward logs to a syslog output, the produced message format is inconsistent between Fluentd and Vector log collectors. Vector messages are within quotation marks; Fluentd messages are not. As a consequence, when migrating from Fluentd to Vector, users might experience issues with their tool integrations. (LOG-7007)

1.1.2. Logging 5.9.15
Link kopieren

This release includes RHBA-2025:8775.

1.1.2.1. CVEs
Link kopieren

Note

For detailed information on Red Hat security ratings, review Severity ratings.

1.1.3. Logging 5.9.14
Link kopieren

This release includes RHSA-2025:7449.

1.1.3.1. CVEs
Link kopieren

Note

For detailed information on Red Hat security ratings, review Severity ratings.

1.1.4. Logging 5.9.13
Link kopieren

This release includes RHSA-2025:3906.

1.1.4.1. Bug Fixes
Link kopieren

Before this update, issuing the
```
oc explain
```
command for the
```
clusterlogging.spec.visualization
```
and
```
clusterlogging.spec.collection
```
resources did not list all the supported types in the output. With this update, the command correctly returns the complete list of supported types in the output for both the resources. (LOG-6855)

1.1.4.2. CVEs
Link kopieren

Note

For detailed information on Red Hat security ratings, review Severity ratings.

1.1.5. Logging 5.9.12
Link kopieren

This release includes RHSA-2025:1985.

1.1.5.1. CVEs
Link kopieren

Note

For detailed information on Red Hat security ratings, review Severity ratings.

1.1.6. Logging 5.9.11
Link kopieren

This release includes RHSA-2025:1227.

1.1.6.1. Enhancements
Link kopieren

This enhancement adds
```
OTel
```
semantic stream labels to the
```
lokiStack
```
output so that you can query logs by using both
```
ViaQ
```
and
```
OTel
```
stream labels. (LOG-6581)

1.1.6.2. Bug Fixes
Link kopieren

Before this update, the collector container mounted all log sources. With this update, it mounts only the defined input sources. (LOG-5691)
Before this update, fluentd ignored the
```
no_proxy
```
setting when using the HTTP output. With this update, the
```
no_proxy
```
setting is picked up correctly. (LOG-6586)
Before this update, clicking on "more logs" from the pod detail view triggered a false permission error due to a missing namespace parameter required for authorization. With this update, clicking "more logs" includes the namespace parameter, preventing the permission error and allowing access to more logs. (LOG-6645)
Before this update, specifying
```
syslog.addLogSource
```
added
```
namespace_name
```
,
```
container_name
```
, and
```
pod_name
```
to the messages of non-container logs. With this update, only container logs will include
```
namespace_name
```
,
```
container_name
```
, and
```
pod_name
```
in their messages when
```
syslog.addLogSource
```
is set. (LOG-6656)

1.1.6.3. CVEs
Link kopieren

Note

For detailed information on Red Hat security ratings, review Severity ratings.

1.1.7. Logging 5.9.10
Link kopieren

This release includes RHSA-2024:10990.

1.1.7.1. Bug Fixes
Link kopieren

Before this update, any namespace containing
```
openshift
```
or
```
kube
```
was treated as an infrastructure namespace. With this update, only the following namespaces are treated as infrastructure namespaces:
```
default
```
,
```
kube
```
,
```
openshift
```
, and namespaces that begin with
```
openshift-
```
or
```
kube-
```
. (LOG-6044)
Before this update, Loki attempted to detect the level of log messages, which caused confusion when the collector also detected log levels and produced different results. With this update, automatic log level detection in Loki is disabled. (LOG-6321)
Before this update, when the
```
ClusterLogForwarder
```
custom resource defined
```
tls.insecureSkipVerify: true
```
in combination with
```
type: http
```
and an HTTP URL, the certificate validation was not skipped. This misconfiguration caused the collector to fail because it attempted to validate certificates despite the setting. With this update, when
```
tls.insecureSkipVerify: true
```
is set, the URL is checked for the HTTPS. An HTTP URL will cause a misconfiguration error. (LOG-6376)
Before this update, when any infrastructure namespaces were specified in the application inputs in the
```
ClusterLogForwarder
```
custom resource, logs were generated with the incorrect
```
log_type: application
```
tags. With this update, when any infrastructure namespaces are specified in the application inputs, logs are generated with the correct
```
log_type: infrastructure
```
tags. (LOG-6377)
Important
When updating to Logging for Red Hat OpenShift 5.9.10, if you previously added any infrastructure namespaces in the application inputs in the
ClusterLogForwarder
custom resource, you must add the permissions for collecting logs from infrastructure namespaces. For more details, see "Setting up log collection".

1.1.7.2. CVEs
Link kopieren

1.1.8. Logging 5.9.9
Link kopieren

This release includes RHBA-2024:10049.

1.1.8.1. Bug fixes
Link kopieren

Before this update, upgrades to version 6.0 failed with errors if a Log File Metric Exporter instance was present. This update fixes the issue, enabling upgrades to proceed smoothly without errors. (LOG-6201)
Before this update, Loki did not correctly load some configurations, which caused issues when using Alibaba Cloud or IBM Cloud object storage. This update fixes the configuration-loading code in Loki, resolving the issue. (LOG-6293)

1.1.8.2. CVEs
Link kopieren

CVE-2024-6119

1.1.9. Logging 5.9.8
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.9.8.

1.1.9.1. Bug fixes
Link kopieren

Before this update, the Loki Operator failed to add the default
```
namespace
```
label to all
```
AlertingRule
```
resources, which caused the User-Workload-Monitoring Alertmanager to skip routing these alerts. This update adds the rule namespace as a label to all alerting and recording rules, resolving the issue and restoring proper alert routing in Alertmanager. (LOG-6181)
Before this update, the LokiStack ruler component view did not initialize properly, causing an invalid field error when the ruler component was disabled. This update ensures that the component view initializes with an empty value, resolving the issue. (LOG-6183)
Before this update, an LF character in the
```
vector.toml
```
file under the ES authentication configuration caused the collector pods to crash. This update removes the newline characters from the username and password fields, resolving the issue. (LOG-6206)
Before this update, it was possible to set the
```
.containerLimit.maxRecordsPerSecond
```
parameter in the
```
ClusterLogForwarder
```
custom resource to
```
0
```
, which could lead to an exception during Vector’s startup. With this update, the configuration is validated before being applied, and any invalid values (less than or equal to zero) are rejected. (LOG-6214)

1.1.9.2. CVEs
Link kopieren

1.1.10. Logging 5.9.7
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.9.7.

1.1.10.1. Bug fixes
Link kopieren

Before this update, the
```
clusterlogforwarder.spec.outputs.http.timeout
```
parameter was not applied to the Fluentd configuration when Fluentd was used as the collector type, causing HTTP timeouts to be misconfigured. With this update, the
```
clusterlogforwarder.spec.outputs.http.timeout
```
parameter is now correctly applied, ensuring Fluentd honors the specified timeout and handles HTTP connections according to the user’s configuration. (LOG-6125)
Before this update, the TLS section was added without verifying the broker URL schema, resulting in SSL connection errors if the URLs did not start with
```
tls
```
. With this update, the TLS section is now added only if the broker URLs start with
```
tls
```
, preventing SSL connection errors. (LOG-6041)

1.1.10.2. CVEs
Link kopieren

Note

For detailed information on Red Hat security ratings, review Severity ratings.

1.1.11. Logging 5.9.6
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.9.6.

1.1.11.1. Bug fixes
Link kopieren

Before this update, the collector deployment ignored secret changes, causing receivers to reject logs. With this update, the system rolls out a new pod when there is a change in the secret value, ensuring that the collector reloads the updated secrets. (LOG-5525)
Before this update, the Vector could not correctly parse field values that included a single dollar sign (
```
$
```
). With this update, field values with a single dollar sign are automatically changed to two dollar signs (
```
$$
```
), ensuring proper parsing by the Vector. (LOG-5602)
Before this update, the drop filter could not handle non-string values (e.g.,
```
.responseStatus.code: 403
```
). With this update, the drop filter now works properly with these values. (LOG-5815)
Before this update, the collector used the default settings to collect audit logs, without handling the backload from output receivers. With this update, the process for collecting audit logs has been improved to better manage file handling and log reading efficiency. (LOG-5866)
Before this update, the
```
must-gather
```
tool failed on clusters with non-AMD64 architectures such as Azure Resource Manager (ARM) or PowerPC. With this update, the tool now detects the cluster architecture at runtime and uses architecture-independent paths and dependencies. The detection allows
```
must-gather
```
to run smoothly on platforms like ARM and PowerPC. (LOG-5997)
Before this update, the log level was set using a mix of structured and unstructured keywords that were unclear. With this update, the log level follows a clear, documented order, starting with structured keywords. (LOG-6016)
Before this update, multiple unnamed pipelines writing to the default output in the
```
ClusterLogForwarder
```
caused a validation error due to duplicate auto-generated names. With this update, the pipeline names are now generated without duplicates. (LOG-6033)
Before this update, the collector pods did not have the
```
PreferredScheduling
```
annotation. With this update, the
```
PreferredScheduling
```
annotation is added to the collector daemonset. (LOG-6023)

1.1.11.2. CVEs
Link kopieren

1.1.12. Logging 5.9.5
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.9.5

1.1.12.1. Bug Fixes
Link kopieren

Before this update, duplicate conditions in the LokiStack resource status led to invalid metrics from the Loki Operator. With this update, the Operator removes duplicate conditions from the status. (LOG-5855)
Before this update, the Loki Operator did not trigger alerts when it dropped log events due to validation failures. With this update, the Loki Operator includes a new alert definition that triggers an alert if Loki drops log events due to validation failures. (LOG-5895)
Before this update, the Loki Operator overwrote user annotations on the LokiStack Route resource, causing customizations to drop. With this update, the Loki Operator no longer overwrites Route annotations, fixing the issue. (LOG-5945)

1.1.12.2. CVEs
Link kopieren

None.

1.1.13. Logging 5.9.4
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.9.4

1.1.13.1. Bug Fixes
Link kopieren

Before this update, an incorrectly formatted timeout configuration caused the OCP plugin to crash. With this update, a validation prevents the crash and informs the user about the incorrect configuration. (LOG-5373)
Before this update, workloads with labels containing
```
-
```
caused an error in the collector when normalizing log entries. With this update, the configuration change ensures the collector uses the correct syntax. (LOG-5524)
Before this update, an issue prevented selecting pods that no longer existed, even if they had generated logs. With this update, this issue has been fixed, allowing selection of such pods. (LOG-5697)
Before this update, the Loki Operator would crash if the
```
CredentialRequest
```
specification was registered in an environment without the
```
cloud-credentials-operator
```
. With this update, the
```
CredentialRequest
```
specification only registers in environments that are
```
cloud-credentials-operator
```
enabled. (LOG-5701)
Before this update, the Logging Operator watched and processed all config maps across the cluster. With this update, the dashboard controller only watches the config map for the logging dashboard. (LOG-5702)
Before this update, the
```
ClusterLogForwarder
```
introduced an extra space in the message payload which did not follow the
```
RFC3164
```
specification. With this update, the extra space has been removed, fixing the issue. (LOG-5707)
Before this update, removing the seeding for
```
grafana-dashboard-cluster-logging
```
as a part of (LOG-5308) broke new greenfield deployments without dashboards. With this update, the Logging Operator seeds the dashboard at the beginning and continues to update it for changes. (LOG-5747)
Before this update, LokiStack was missing a route for the Volume API causing the following error:
```
404 not found
```
. With this update, LokiStack exposes the Volume API, resolving the issue. (LOG-5749)

1.1.13.2. CVEs
Link kopieren

CVE-2024-24790

1.1.14. Logging 5.9.3
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.9.3

1.1.14.1. Bug Fixes
Link kopieren

Before this update, there was a delay in restarting Ingesters when configuring
```
LokiStack
```
, because the Loki Operator sets the write-ahead log
```
replay_memory_ceiling
```
to zero bytes for the
```
1x.demo
```
size. With this update, the minimum value used for the
```
replay_memory_ceiling
```
has been increased to avoid delays. (LOG-5614)
Before this update, monitoring the Vector collector output buffer state was not possible. With this update, monitoring and alerting the Vector collector output buffer size is possible that improves observability capabilities and helps keep the system running optimally. (LOG-5586)

1.1.14.2. CVEs
Link kopieren

1.1.15. Logging 5.9.2
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.9.2

1.1.15.1. Bug Fixes
Link kopieren

Before this update, changes to the Logging Operator caused an error due to an incorrect configuration in the
```
ClusterLogForwarder
```
CR. As a result, upgrades to logging deleted the daemonset collector. With this update, the Logging Operator re-creates collector daemonsets except when a
```
Not authorized to collect
```
error occurs. (LOG-4910)
Before this update, the rotated infrastructure log files were sent to the application index in some scenarios due to an incorrect configuration in the Vector log collector. With this update, the Vector log collector configuration avoids collecting any rotated infrastructure log files. (LOG-5156)
Before this update, the Logging Operator did not monitor changes to the
```
grafana-dashboard-cluster-logging
```
config map. With this update, the Logging Operator monitors changes in the
```
ConfigMap
```
objects, ensuring the system stays synchronized and responds effectively to config map modifications. (LOG-5308)
Before this update, an issue in the metrics collection code of the Logging Operator caused it to report stale telemetry metrics. With this update, the Logging Operator does not report stale telemetry metrics. (LOG-5426)
Before this change, the Fluentd
```
out_http
```
plugin ignored the
```
no_proxy
```
environment variable. With this update, the Fluentd patches the
```
HTTP#start
```
method of ruby to honor the
```
no_proxy
```
environment variable. (LOG-5466)

1.1.15.2. CVEs
Link kopieren

1.1.16. Logging 5.9.1
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.9.1

1.1.16.1. Enhancements
Link kopieren

Before this update, the Loki Operator configured Loki to use path-based style access for the Amazon Simple Storage Service (S3), which has been deprecated. With this update, the Loki Operator defaults to virtual-host style without users needing to change their configuration. (LOG-5401)
Before this update, the Loki Operator did not validate the Amazon Simple Storage Service (S3) endpoint used in the storage secret. With this update, the validation process ensures the S3 endpoint is a valid S3 URL, and the
```
LokiStack
```
status updates to indicate any invalid URLs. (LOG-5395)

1.1.16.2. Bug Fixes
Link kopieren

Before this update, a bug in LogQL parsing left out some line filters from the query. With this update, the parsing now includes all the line filters while keeping the original query unchanged. (LOG-5268)
Before this update, a prune filter without a defined
```
pruneFilterSpec
```
would cause a segfault. With this update, there is a validation error if a prune filter is without a defined
```
puneFilterSpec
```
. (LOG-5322)
Before this update, a drop filter without a defined
```
dropTestsSpec
```
would cause a segfault. With this update, there is a validation error if a prune filter is without a defined
```
puneFilterSpec
```
. (LOG-5323)
Before this update, the Loki Operator did not validate the Amazon Simple Storage Service (S3) endpoint URL format used in the storage secret. With this update, the S3 endpoint URL goes through a validation step that reflects on the status of the
```
LokiStack
```
. (LOG-5397)
Before this update, poorly formatted timestamp fields in audit log records led to
```
WARN
```
messages in Red Hat OpenShift Logging Operator logs. With this update, a remap transformation ensures that the timestamp field is properly formatted. (LOG-4672)
Before this update, the error message thrown while validating a
```
ClusterLogForwarder
```
resource name and namespace did not correspond to the correct error. With this update, the system checks if a
```
ClusterLogForwarder
```
resource with the same name exists in the same namespace. If not, it corresponds to the correct error. (LOG-5062)
Before this update, the validation feature for output config required a TLS URL, even for services such as Amazon CloudWatch or Google Cloud Logging where a URL is not needed by design. With this update, the validation logic for services without URLs are improved, and the error message are more informative. (LOG-5307)
Before this update, defining an infrastructure input type did not exclude logging workloads from the collection. With this update, the collection excludes logging services to avoid feedback loops. (LOG-5309)

1.1.16.3. CVEs
Link kopieren

No CVEs.

1.1.17. Logging 5.9.0
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.9.0

1.1.17.1. Removal notice
Link kopieren

The Logging 5.9 release does not contain an updated version of the OpenShift Elasticsearch Operator. Instances of OpenShift Elasticsearch Operator from prior logging releases, remain supported until the EOL of the logging release. As an alternative to using the OpenShift Elasticsearch Operator to manage the default log storage, you can use the Loki Operator. For more information on the Logging lifecycle dates, see Platform Agnostic Operators.

1.1.17.2. Deprecation notice
Link kopieren

In Logging 5.9, Fluentd, and Kibana are deprecated and are planned to be removed in Logging 6.0, which is expected to be shipped alongside a future release of OpenShift Container Platform. Red Hat will provide critical and above CVE bug fixes and support for these components during the current release lifecycle, but these components will no longer receive feature enhancements. The Vector-based collector provided by the Red Hat OpenShift Logging Operator and LokiStack provided by the Loki Operator are the preferred Operators for log collection and storage. We encourage all users to adopt the Vector and Loki log stack, as this will be the stack that will be enhanced going forward.
In Logging 5.9, the
```
Fields
```
option for the Splunk output type was never implemented and is now deprecated. It will be removed in a future release.

1.1.17.3. Enhancements
Link kopieren

1.1.17.3.1. Log Collection
Link kopieren

This enhancement adds the ability to refine the process of log collection by using a workload’s metadata to
```
drop
```
or
```
prune
```
logs based on their content. Additionally, it allows the collection of infrastructure logs, such as journal or container logs, and audit logs, such as
```
kube api
```
or
```
ovn
```
logs, to only collect individual sources. (LOG-2155)
This enhancement introduces a new type of remote log receiver, the syslog receiver. You can configure it to expose a port over a network, allowing external systems to send syslog logs using compatible tools such as rsyslog. (LOG-3527)
With this update, the
```
ClusterLogForwarder
```
API now supports log forwarding to Azure Monitor Logs, giving users better monitoring abilities. This feature helps users to maintain optimal system performance and streamline the log analysis processes in Azure Monitor, which speeds up issue resolution and improves operational efficiency. (LOG-4605)
This enhancement improves collector resource utilization by deploying collectors as a deployment with two replicas. This occurs when the only input source defined in the
```
ClusterLogForwarder
```
custom resource (CR) is a receiver input instead of using a daemon set on all nodes. Additionally, collectors deployed in this manner do not mount the host file system. To use this enhancement, you need to annotate the
```
ClusterLogForwarder
```
CR with the
```
logging.openshift.io/dev-preview-enable-collector-as-deployment
```
annotation. (LOG-4779)
This enhancement introduces the capability for custom tenant configuration across all supported outputs, facilitating the organization of log records in a logical manner. However, it does not permit custom tenant configuration for logging managed storage. (LOG-4843)
With this update, the
```
ClusterLogForwarder
```
CR that specifies an application input with one or more infrastructure namespaces like
```
default
```
,
```
openshift*
```
, or
```
kube*
```
, now requires a service account with the
```
collect-infrastructure-logs
```
role. (LOG-4943)
This enhancement introduces the capability for tuning some output settings, such as compression, retry duration, and maximum payloads, to match the characteristics of the receiver. Additionally, this feature includes a delivery mode to allow administrators to choose between throughput and log durability. For example, the
```
AtLeastOnce
```
option configures minimal disk buffering of collected logs so that the collector can deliver those logs after a restart. (LOG-5026)
This enhancement adds three new Prometheus alerts, warning users about the deprecation of Elasticsearch, Fluentd, and Kibana. (LOG-5055)

1.1.17.3.2. Log Storage
Link kopieren

This enhancement in LokiStack improves support for OTEL by using the new V13 object storage format and enabling automatic stream sharding by default. This also prepares the collector for future enhancements and configurations. (LOG-4538)
This enhancement introduces support for short-lived token workload identity federation with Azure and AWS log stores for STS enabled OpenShift Container Platform 4.14 and later clusters. Local storage requires the addition of a
```
CredentialMode: static
```
annotation under
```
spec.storage.secret
```
in the LokiStack CR. (LOG-4540)
With this update, the validation of the Azure storage secret is now extended to give early warning for certain error conditions. (LOG-4571)
With this update, Loki now adds upstream and downstream support for Google Cloud workload identity federation mechanism. This allows authenticated and authorized access to the corresponding object storage services. (LOG-4754)

1.1.17.4. Bug Fixes
Link kopieren

Before this update, the logging must-gather could not collect any logs on a FIPS-enabled cluster. With this update, a new
```
oc
```
client is available in
```
cluster-logging-rhel9-operator
```
, and must-gather works properly on FIPS clusters. (LOG-4403)
Before this update, the LokiStack ruler pods could not format the IPv6 pod IP in HTTP URLs used for cross-pod communication. This issue caused querying rules and alerts through the Prometheus-compatible API to fail. With this update, the LokiStack ruler pods encapsulate the IPv6 pod IP in square brackets, resolving the problem. Now, querying rules and alerts through the Prometheus-compatible API works just like in IPv4 environments. (LOG-4709)
Before this fix, the YAML content from the logging must-gather was exported in a single line, making it unreadable. With this update, the YAML white spaces are preserved, ensuring that the file is properly formatted. (LOG-4792)
Before this update, when the
```
ClusterLogForwarder
```
CR was enabled, the Red Hat OpenShift Logging Operator could run into a nil pointer exception when
```
ClusterLogging.Spec.Collection
```
was nil. With this update, the issue is now resolved in the Red Hat OpenShift Logging Operator. (LOG-5006)
Before this update, in specific corner cases, replacing the
```
ClusterLogForwarder
```
CR status field caused the
```
resourceVersion
```
to constantly update due to changing timestamps in
```
Status
```
conditions. This condition led to an infinite reconciliation loop. With this update, all status conditions synchronize, so that timestamps remain unchanged if conditions stay the same. (LOG-5007)
Before this update, there was an internal buffering behavior to
```
drop_newest
```
to address high memory consumption by the collector resulting in significant log loss. With this update, the behavior reverts to using the collector defaults. (LOG-5123)
Before this update, the Loki Operator
```
ServiceMonitor
```
in the
```
openshift-operators-redhat
```
namespace used static token and CA files for authentication, causing errors in the Prometheus Operator in the User Workload Monitoring spec on the
```
ServiceMonitor
```
configuration. With this update, the Loki Operator
```
ServiceMonitor
```
in
```
openshift-operators-redhat
```
namespace now references a service account token secret by a
```
LocalReference
```
object. This approach allows the User Workload Monitoring spec in the Prometheus Operator to handle the Loki Operator
```
ServiceMonitor
```
successfully, enabling Prometheus to scrape the Loki Operator metrics. (LOG-5165)
Before this update, the configuration of the Loki Operator
```
ServiceMonitor
```
could match many Kubernetes services, resulting in the Loki Operator metrics being collected multiple times. With this update, the configuration of
```
ServiceMonitor
```
now only matches the dedicated metrics service. (LOG-5212)

1.1.17.5. Known Issues
Link kopieren

None.

1.1.17.6. CVEs
Link kopieren

1.2. Logging 5.8
Link kopieren

Red Hat Logging 5.8 end of life

Red Hat Logging 5.8 is no longer supported.

Logging 5.8 reached End of Life on November 3, 2025. The suggested replacement is Logging 6. For details about migrating, see the Upgrading Logging.

Note

x.y

represents the major and minor version of logging you have installed. For example, stable-5.7.

1.2.1. Logging 5.8.21
Link kopieren

This release includes RHBA-2025:8773 and RHBA-2025:8774.

1.2.1.1. CVEs
Link kopieren

1.2.3. Logging 5.8.19
Link kopieren

This release includes RHBA-2025:3447 and RHSA-2025:3448.

1.2.3.1. CVEs
Link kopieren

1.2.4. Logging 5.8.18
Link kopieren

This release includes RHSA-2025:1983 and RHBA-2025:1984.

1.2.4.1. CVEs
Link kopieren

Note

For detailed information on Red Hat security ratings, review Severity ratings.

1.2.5. Logging 5.8.17
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.8.17 and OpenShift Logging Bug Fix Release 5.8.17.

1.2.5.1. Enhancements
Link kopieren

This enhancement adds
```
OTel
```
semantic stream labels to the
```
lokiStack
```
output so that you can query logs by using both
```
ViaQ
```
and
```
OTel
```
stream labels. (LOG-6582)

1.2.5.2. CVEs
Link kopieren

Note

For detailed information on Red Hat security ratings, review Severity ratings.

1.2.6. Logging 5.8.16
Link kopieren

This release includes RHBA-2024:10989 and RHBA-2024:143685.

1.2.6.1. Bug fixes
Link kopieren

Before this update, Loki automatically tried to guess the log level of log messages, which caused confusion because the collector already does this, and Loki and the collector would sometimes come to different results. With this update, the automatic log level discovery in Loki is disabled. LOG-6322.

1.2.7. Logging 5.8.15
Link kopieren

This release includes RHBA-2024:10052 and RHBA-2024:10053.

1.2.7.1. Bug fixes
Link kopieren

Before this update, Loki did not correctly load some configurations, which caused issues when using Alibaba Cloud or IBM Cloud object storage. This update fixes the configuration-loading code in Loki, resolving the issue. (LOG-6294)
Before this update, upgrades to version 6.0 failed with errors if a Log File Metric Exporter instance was present. This update fixes the issue, enabling upgrades to proceed smoothly without errors. (LOG-6328)

1.2.8. Logging 5.8.14
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.8.14 and OpenShift Logging Bug Fix Release 5.8.14.

1.2.8.1. Bug fixes
Link kopieren

Before this update, it was possible to set the
```
.containerLimit.maxRecordsPerSecond
```
parameter in the
```
ClusterLogForwarder
```
custom resource to
```
0
```
, which could lead to an exception during Vector’s startup. With this update, the configuration is validated before being applied, and any invalid values (less than or equal to zero) are rejected. (LOG-4671)
Before this update, the Loki Operator did not automatically add the default
```
namespace
```
label to all its alerting rules, which caused Alertmanager instance for user-defined projects to skip routing such alerts. With this update, all alerting and recording rules have the
```
namespace
```
label and Alertmanager now routes these alerts correctly. (LOG-6182)
Before this update, the LokiStack ruler component view was not properly initialized, which caused the invalid field error when the ruler component was disabled. With this update, the issue is resolved by the component view being initialized with an empty value. (LOG-6184)

1.2.8.2. CVEs
Link kopieren

Note

For detailed information on Red Hat security ratings, review Severity ratings.

1.2.9. Logging 5.8.13
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.8.13 and OpenShift Logging Bug Fix Release 5.8.13.

1.2.9.1. Bug fixes
Link kopieren

Before this update, the
```
clusterlogforwarder.spec.outputs.http.timeout
```
parameter was not applied to the Fluentd configuration when Fluentd was used as the collector type, causing HTTP timeouts to be misconfigured. With this update, the
```
clusterlogforwarder.spec.outputs.http.timeout
```
parameter is now correctly applied, ensuring that Fluentd honors the specified timeout and handles HTTP connections according to the user’s configuration. (LOG-5210)
Before this update, the Elasticsearch Operator did not issue an alert to inform users about the upcoming removal, leaving existing installations unsupported without notice. With this update, the Elasticsearch Operator will trigger a continuous alert on OpenShift Container Platform version 4.16 and later, notifying users of its removal from the catalog in November 2025. (LOG-5966)
Before this update, the Red Hat OpenShift Logging Operator was unavailable on OpenShift Container Platform version 4.16 and later, preventing Telco customers from completing their certifications for the upcoming Logging 6.0 release. With this update, the Red Hat OpenShift Logging Operator is now available on OpenShift Container Platform versions 4.16 and 4.17, resolving the issue. (LOG-6103)
Before this update, the Elasticsearch Operator was not available in the OpenShift Container Platform versions 4.17 and 4.18, preventing the installation of ServiceMesh, Kiali, and Distributed Tracing. With this update, the Elasticsearch Operator properties have been expanded for OpenShift Container Platform versions 4.17 and 4.18, resolving the issue and allowing ServiceMesh, Kiali, and Distributed Tracing operators to install their stacks. (LOG-6134)

Note

For detailed information on Red Hat security ratings, review Severity ratings.

1.2.10. Logging 5.8.12
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.8.12 and OpenShift Logging Bug Fix Release 5.8.12.

1.2.10.1. Bug fixes
Link kopieren

Before this update, the collector used internal buffering with the
```
drop_newest
```
setting to reduce high memory usage, which caused significant log loss. With this update, the collector goes back to its default behavior, where
```
sink<>.buffer
```
is not customized. (LOG-6026)

1.2.11. Logging 5.8.11
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.8.11 and OpenShift Logging Bug Fix Release 5.8.11.

1.2.11.1. Bug fixes
Link kopieren

Before this update, the TLS section was added without verifying the broker URL schema, leading to SSL connection errors if the URLs did not start with
```
tls
```
. With this update, the TLS section is added only if broker URLs start with
```
tls
```
, preventing SSL connection errors. (LOG-5139)
Before this update, the Loki Operator did not trigger alerts when it dropped log events due to validation failures. With this update, the Loki Operator includes a new alert definition that triggers an alert if Loki drops log events due to validation failures. (LOG-5896)
Before this update, the 4.16 GA catalog did not include Elasticsearch Operator 5.8, preventing the installation of products like Service Mesh, Kiali, and Tracing. With this update, Elasticsearch Operator 5.8 is now available on 4.16, resolving the issue and providing support for Elasticsearch storage for these products only. (LOG-5911)
Before this update, duplicate conditions in the LokiStack resource status led to invalid metrics from the Loki Operator. With this update, the Operator removes duplicate conditions from the status. (LOG-5857)
Before this update, the Loki Operator overwrote user annotations on the LokiStack Route resource, causing customizations to drop. With this update, the Loki Operator no longer overwrites Route annotations, fixing the issue. (LOG-5946)

1.2.12. Logging 5.8.10
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.8.10 and OpenShift Logging Bug Fix Release 5.8.10.

1.2.12.1. Known issues
Link kopieren

Before this update, when enabling retention, the Loki Operator produced an invalid configuration. As a result, Loki did not start properly. With this update, Loki pods can set retention. (LOG-5821)

1.2.12.2. Bug fixes
Link kopieren

Before this update, the
```
ClusterLogForwarder
```
introduced an extra space in the message payload that did not follow the
```
RFC3164
```
specification. With this update, the extra space has been removed, fixing the issue. (LOG-5647)

1.2.12.3. CVEs
Link kopieren

1.2.13. Logging 5.8.9
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.8.9 and OpenShift Logging Bug Fix Release 5.8.9.

1.2.13.1. Bug fixes
Link kopieren

Before this update, an issue prevented selecting pods that no longer existed, even if they had generated logs. With this update, this issue has been fixed, allowing selection of such pods. (LOG-5698)
Before this update, LokiStack was missing a route for the Volume API, which caused the following error:
```
404 not found
```
. With this update, LokiStack exposes the Volume API, resolving the issue. (LOG-5750)
Before this update, the Elasticsearch operator overwrote all service account annotations without considering ownership. As a result, the
```
kube-controller-manager
```
recreated service account secrets because it logged the link to the owning service account. With this update, the Elasticsearch operator merges annotations, resolving the issue. (LOG-5776)

1.2.13.2. CVEs
Link kopieren

1.2.14. Logging 5.8.8
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.8.8 and OpenShift Logging Bug Fix Release 5.8.8.

1.2.14.1. Bug fixes
Link kopieren

Before this update, there was a delay in restarting Ingesters when configuring
```
LokiStack
```
, because the Loki Operator sets the write-ahead log
```
replay_memory_ceiling
```
to zero bytes for the
```
1x.demo
```
size. With this update, the minimum value used for the
```
replay_memory_ceiling
```
has been increased to avoid delays. (LOG-5615)

1.2.15. Logging 5.8.7
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.8.7 Security Update and OpenShift Logging Bug Fix Release 5.8.7.

1.2.15.1. Bug fixes
Link kopieren

Before this update, the
```
elasticsearch-im-<type>-*
```
pods failed if no
```
<type>
```
logs (audit, infrastructure, or application) were collected. With this update, the pods no longer fail when
```
<type>
```
logs are not collected. (LOG-4949)
Before this update, the validation feature for output config required an SSL/TLS URL, even for services such as Amazon CloudWatch or Google Cloud Logging where a URL is not needed by design. With this update, the validation logic for services without URLs are improved, and the error message is more informative. (LOG-5467)
Before this update, an issue in the metrics collection code of the Logging Operator caused it to report stale telemetry metrics. With this update, the Logging Operator does not report stale telemetry metrics. (LOG-5471)
Before this update, changes to the Logging Operator caused an error due to an incorrect configuration in the
```
ClusterLogForwarder
```
CR. As a result, upgrades to logging deleted the daemonset collector. With this update, the Logging Operator re-creates collector daemonsets except when a
```
Not authorized to collect
```
error occurs. (LOG-5514)

1.2.16. Logging 5.8.6
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.8.6 Security Update and OpenShift Logging Bug Fix Release 5.8.6.

1.2.16.1. Enhancements
Link kopieren

Before this update, the Loki Operator did not validate the Amazon Simple Storage Service (S3) endpoint used in the storage secret. With this update, the validation process ensures the S3 endpoint is a valid S3 URL, and the
```
LokiStack
```
status updates to indicate any invalid URLs. (LOG-5392)
Before this update, the Loki Operator configured Loki to use path-based style access for the Amazon Simple Storage Service (S3), which has been deprecated. With this update, the Loki Operator defaults to virtual-host style without users needing to change their configuration. (LOG-5402)

1.2.16.2. Bug fixes
Link kopieren

Before this update, the Elastisearch Operator
```
ServiceMonitor
```
in the
```
openshift-operators-redhat
```
namespace used static token and certificate authority (CA) files for authentication, causing errors in the Prometheus Operator in the User Workload Monitoring specification on the
```
ServiceMonitor
```
configuration. With this update, the Elastisearch Operator
```
ServiceMonitor
```
in the
```
openshift-operators-redhat
```
namespace now references a service account token secret by a
```
LocalReference
```
object. This approach allows the User Workload Monitoring specifications in the Prometheus Operator to handle the Elastisearch Operator
```
ServiceMonitor
```
successfully. This enables Prometheus to scrape the Elastisearch Operator metrics. (LOG-5164)
Before this update, the Loki Operator did not validate the Amazon Simple Storage Service (S3) endpoint URL format used in the storage secret. With this update, the S3 endpoint URL goes through a validation step that reflects on the status of the
```
LokiStack
```
. (LOG-5398)

1.2.16.3. CVEs
Link kopieren

1.2.17. Logging 5.8.5
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.8.5.

1.2.17.1. Bug fixes
Link kopieren

Before this update, the configuration of the Loki Operator’s
```
ServiceMonitor
```
could match many Kubernetes services, resulting in the Loki Operator’s metrics being collected multiple times. With this update, the configuration of
```
ServiceMonitor
```
now only matches the dedicated metrics service. (LOG-5250)
Before this update, the Red Hat build pipeline did not use the existing build details in Loki builds and omitted information such as revision, branch, and version. With this update, the Red Hat build pipeline now adds these details to the Loki builds, fixing the issue. (LOG-5201)
Before this update, the Loki Operator checked if the pods were running to decide if the
```
LokiStack
```
was ready. With this update, it also checks if the pods are ready, so that the readiness of the
```
LokiStack
```
reflects the state of its components. (LOG-5171)
Before this update, running a query for log metrics caused an error in the histogram. With this update, the histogram toggle function and the chart are disabled and hidden because the histogram doesn’t work with log metrics. (LOG-5044)
Before this update, the Loki and Elasticsearch bundle had the wrong
```
maxOpenShiftVersion
```
, resulting in
```
IncompatibleOperatorsInstalled
```
alerts. With this update, including 4.16 as the
```
maxOpenShiftVersion
```
property in the bundle fixes the issue. (LOG-5272)
Before this update, the build pipeline did not include linker flags for the build date, causing Loki builds to show empty strings for
```
buildDate
```
and
```
goVersion
```
. With this update, adding the missing linker flags in the build pipeline fixes the issue. (LOG-5274)
Before this update, a bug in LogQL parsing left out some line filters from the query. With this update, the parsing now includes all the line filters while keeping the original query unchanged. (LOG-5270)
Before this update, the Loki Operator
```
ServiceMonitor
```
in the
```
openshift-operators-redhat
```
namespace used static token and CA files for authentication, causing errors in the Prometheus Operator in the User Workload Monitoring spec on the
```
ServiceMonitor
```
configuration. With this update, the Loki Operator
```
ServiceMonitor
```
in
```
openshift-operators-redhat
```
namespace now references a service account token secret by a
```
LocalReference
```
object. This approach allows the User Workload Monitoring spec in the Prometheus Operator to handle the Loki Operator
```
ServiceMonitor
```
successfully, enabling Prometheus to scrape the Loki Operator metrics. (LOG-5240)

1.2.17.2. CVEs
Link kopieren

1.2.18. Logging 5.8.4
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.8.4.

1.2.18.1. Bug fixes
Link kopieren

Before this update, the developer console’s logs did not account for the current namespace, resulting in query rejection for users without cluster-wide log access. With this update, all supported OCP versions ensure correct namespace inclusion. (LOG-4905)
Before this update, the Cluster Logging Operator deployed
```
ClusterRoles
```
supporting LokiStack deployments only when the default log output was LokiStack. With this update, the roles are split into two groups: read and write. The write roles deploys based on the setting of the default log storage, just like all the roles used to do before. The read roles deploys based on whether the logging console plugin is active. (LOG-4987)
Before this update, multiple
```
ClusterLogForwarders
```
defining the same input receiver name had their service endlessly reconciled because of changing
```
ownerReferences
```
on one service. With this update, each receiver input will have its own service named with the convention of
```
<CLF.Name>-<input.Name>
```
. (LOG-5009)
Before this update, the
```
ClusterLogForwarder
```
did not report errors when forwarding logs to cloudwatch without a secret. With this update, the following error message appears when forwarding logs to cloudwatch without a secret:
```
secret must be provided for cloudwatch output
```
. (LOG-5021)
Before this update, the
```
log_forwarder_input_info
```
included
```
application
```
,
```
infrastructure
```
, and
```
audit
```
input metric points. With this update,
```
http
```
is also added as a metric point. (LOG-5043)

1.2.19. Logging 5.8.3
Link kopieren

This release includes Logging Bug Fix 5.8.3 and Logging Security Fix 5.8.3

1.2.19.1. Bug fixes
Link kopieren

Before this update, when configured to read a custom S3 Certificate Authority the Loki Operator would not automatically update the configuration when the name of the ConfigMap or the contents changed. With this update, the Loki Operator is watching for changes to the ConfigMap and automatically updates the generated configuration. (LOG-4969)
Before this update, Loki outputs configured without a valid URL caused the collector pods to crash. With this update, outputs are subject to URL validation, resolving the issue. (LOG-4822)
Before this update the Cluster Logging Operator would generate collector configuration fields for outputs that did not specify a secret to use the service account bearer token. With this update, an output does not require authentication, resolving the issue. (LOG-4962)
Before this update, the
```
tls.insecureSkipVerify
```
field of an output was not set to a value of
```
true
```
without a secret defined. With this update, a secret is no longer required to set this value. (LOG-4963)
Before this update, output configurations allowed the combination of an insecure (HTTP) URL with TLS authentication. With this update, outputs configured for TLS authentication require a secure (HTTPS) URL. (LOG-4893)

1.2.19.2. CVEs
Link kopieren

1.2.20. Logging 5.8.2
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.8.2.

1.2.20.1. Bug fixes
Link kopieren

Before this update, the LokiStack ruler pods would not format the IPv6 pod IP in HTTP URLs used for cross pod communication, causing querying rules and alerts through the Prometheus-compatible API to fail. With this update, the LokiStack ruler pods encapsulate the IPv6 pod IP in square brackets, resolving the issue. (LOG-4890)
Before this update, the developer console logs did not account for the current namespace, resulting in query rejection for users without cluster-wide log access. With this update, namespace inclusion has been corrected, resolving the issue. (LOG-4947)
Before this update, the logging view plugin of the OpenShift Container Platform web console did not allow for custom node placement and tolerations. With this update, defining custom node placements and tolerations has been added to the logging view plugin of the OpenShift Container Platform web console. (LOG-4912)

1.2.20.2. CVEs
Link kopieren

1.2.21. Logging 5.8.1
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.8.1 and OpenShift Logging Bug Fix Release 5.8.1 Kibana.

1.2.21.1. Enhancements
Link kopieren

1.2.21.1.1. Log Collection
Link kopieren

With this update, while configuring Vector as a collector, you can add logic to the Red Hat OpenShift Logging Operator to use a token specified in the secret in place of the token associated with the service account. (LOG-4780)
With this update, the BoltDB Shipper Loki dashboards are now renamed to Index dashboards. (LOG-4828)

1.2.21.2. Bug fixes
Link kopieren

Before this update, the
```
ClusterLogForwarder
```
created empty indices after enabling the parsing of JSON logs, even when the rollover conditions were not met. With this update, the
```
ClusterLogForwarder
```
skips the rollover when the
```
write-index
```
is empty. (LOG-4452)
Before this update, the Vector set the
```
default
```
log level incorrectly. With this update, the correct log level is set by improving the enhancement of regular expression, or
```
regexp
```
, for log level detection. (LOG-4480)
Before this update, during the process of creating index patterns, the default alias was missing from the initial index in each log output. As a result, Kibana users were unable to create index patterns by using OpenShift Elasticsearch Operator. This update adds the missing aliases to OpenShift Elasticsearch Operator, resolving the issue. Kibana users can now create index patterns that include the
```
{app,infra,audit}-000001
```
indexes. (LOG-4683)
Before this update, Fluentd collector pods were in a
```
CrashLoopBackOff
```
state due to binding of the Prometheus server on IPv6 clusters. With this update, the collectors work properly on IPv6 clusters. (LOG-4706)
Before this update, the Red Hat OpenShift Logging Operator would undergo numerous reconciliations whenever there was a change in the
```
ClusterLogForwarder
```
. With this update, the Red Hat OpenShift Logging Operator disregards the status changes in the collector daemonsets that triggered the reconciliations. (LOG-4741)
Before this update, the Vector log collector pods were stuck in the
```
CrashLoopBackOff
```
state on IBM Power machines. With this update, the Vector log collector pods start successfully on IBM Power architecture machines. (LOG-4768)
Before this update, forwarding with a legacy forwarder to an internal LokiStack would produce SSL certificate errors using Fluentd collector pods. With this update, the log collector service account is used by default for authentication, using the associated token and
```
ca.crt
```
. (LOG-4791)
Before this update, forwarding with a legacy forwarder to an internal LokiStack would produce SSL certificate errors using Vector collector pods. With this update, the log collector service account is used by default for authentication and also using the associated token and
```
ca.crt
```
. (LOG-4852)
Before this fix, IPv6 addresses would not be parsed correctly after evaluating a host or multiple hosts for placeholders. With this update, IPv6 addresses are correctly parsed. (LOG-4811)
Before this update, it was necessary to create a
```
ClusterRoleBinding
```
to collect audit permissions for HTTP receiver inputs. With this update, it is not necessary to create the
```
ClusterRoleBinding
```
because the endpoint already depends upon the cluster certificate authority. (LOG-4815)
Before this update, the Loki Operator did not mount a custom CA bundle to the ruler pods. As a result, during the process to evaluate alerting or recording rules, object storage access failed. With this update, the Loki Operator mounts the custom CA bundle to all ruler pods. The ruler pods can download logs from object storage to evaluate alerting or recording rules. (LOG-4836)
Before this update, while removing the
```
inputs.receiver
```
section in the
```
ClusterLogForwarder
```
, the HTTP input services and its associated secrets were not deleted. With this update, the HTTP input resources are deleted when not needed. (LOG-4612)
Before this update, the
```
ClusterLogForwarder
```
indicated validation errors in the status, but the outputs and the pipeline status did not accurately reflect the specific issues. With this update, the pipeline status displays the validation failure reasons correctly in case of misconfigured outputs, inputs, or filters. (LOG-4821)
Before this update, changing a
```
LogQL
```
query that used controls such as time range or severity changed the label matcher operator defining it like a regular expression. With this update, regular expression operators remain unchanged when updating the query. (LOG-4841)

1.2.22. Logging 5.8.0
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.8.0 and OpenShift Logging Bug Fix Release 5.8.0 Kibana.

1.2.22.1. Deprecation notice
Link kopieren

In Logging 5.8, Elasticsearch, Fluentd, and Kibana are deprecated and are planned to be removed in Logging 6.0, which is expected to be shipped alongside a future release of OpenShift Container Platform. Red Hat will provide critical and above CVE bug fixes and support for these components during the current release lifecycle, but these components will no longer receive feature enhancements. The Vector-based collector provided by the Red Hat OpenShift Logging Operator and LokiStack provided by the Loki Operator are the preferred Operators for log collection and storage. We encourage all users to adopt the Vector and Loki log stack, as this will be the stack that will be enhanced going forward.

1.2.22.2. Enhancements
Link kopieren

1.2.22.2.1. Log Collection
Link kopieren

With this update, the LogFileMetricExporter is no longer deployed with the collector by default. You must manually create a
```
LogFileMetricExporter
```
custom resource (CR) to generate metrics from the logs produced by running containers. If you do not create the
```
LogFileMetricExporter
```
CR, you may see a No datapoints found message in the OpenShift Container Platform web console dashboard for Produced Logs. (LOG-3819)
With this update, you can deploy multiple, isolated, and RBAC-protected
```
ClusterLogForwarder
```
custom resource (CR) instances in any namespace. This allows independent groups to forward desired logs to any destination while isolating their configuration from other collector deployments. (LOG-1343)
Important
In order to support multi-cluster log forwarding in additional namespaces other than the
openshift-logging
namespace, you must update the Red Hat OpenShift Logging Operator to watch all namespaces. This functionality is supported by default in new Red Hat OpenShift Logging Operator version 5.8 installations.
With this update, you can use the flow control or rate limiting mechanism to limit the volume of log data that can be collected or forwarded by dropping excess log records. The input limits prevent poorly-performing containers from overloading the Logging and the output limits put a ceiling on the rate of logs shipped to a given data store. (LOG-884)
With this update, you can configure the log collector to look for HTTP connections and receive logs as an HTTP server, also known as a webhook. (LOG-4562)
With this update, you can configure audit polices to control which Kubernetes and OpenShift API server events are forwarded by the log collector. (LOG-3982)

1.2.22.2.2. Log Storage
Link kopieren

With this update, LokiStack administrators can have more fine-grained control over who can access which logs by granting access to logs on a namespace basis. (LOG-3841)
With this update, the Loki Operator introduces
```
PodDisruptionBudget
```
configuration on LokiStack deployments to ensure normal operations during OpenShift Container Platform cluster restarts by keeping ingestion and the query path available. (LOG-3839)
With this update, the reliability of existing LokiStack installations are seamlessly improved by applying a set of default Affinity and Anti-Affinity policies. (LOG-3840)
With this update, you can manage zone-aware data replication as an administrator in LokiStack, in order to enhance reliability in the event of a zone failure. (LOG-3266)
With this update, a new supported small-scale LokiStack size of 1x.extra-small is introduced for OpenShift Container Platform clusters hosting a few workloads and smaller ingestion volumes (up to 100GB/day). (LOG-4329)
With this update, the LokiStack administrator has access to an official Loki dashboard to inspect the storage performance and the health of each component. (LOG-4327)

1.2.22.2.3. Log Console
Link kopieren

With this update, you can enable the Logging Console Plugin when Elasticsearch is the default Log Store. (LOG-3856)
With this update, OpenShift Container Platform application owners can receive notifications for application log-based alerts on the OpenShift Container Platform web console Developer perspective for OpenShift Container Platform version 4.14 and later. (LOG-3548)

1.2.22.3. Known Issues
Link kopieren

Currently, Splunk log forwarding might not work after upgrading to version 5.8 of the Red Hat OpenShift Logging Operator. This issue is caused by transitioning from OpenSSL version 1.1.1 to version 3.0.7. In the newer OpenSSL version, there is a default behavior change, where connections to TLS 1.2 endpoints are rejected if they do not expose the RFC 5746 extension.
As a workaround, enable TLS 1.3 support on the TLS terminating load balancer in front of the Splunk HEC (HTTP Event Collector) endpoint. Splunk is a third-party system and this should be configured from the Splunk end.
Currently, there is a flaw in handling multiplexed streams in the HTTP/2 protocol, where you can repeatedly make a request for a new multiplex stream and immediately send an
```
RST_STREAM
```
frame to cancel it. This created extra work for the server set up and tore down the streams, resulting in a denial of service due to server resource consumption. There is currently no workaround for this issue. (LOG-4609)
Currently, when using FluentD as the collector, the collector pod cannot start on the OpenShift Container Platform IPv6-enabled cluster. The pod logs produce the
```
fluentd pod [error]: unexpected error error_class=SocketError error="getaddrinfo: Name or service not known
```
error. There is currently no workaround for this issue. (LOG-4706)
Currently, the log alert is not available on an IPv6-enabled cluster. There is currently no workaround for this issue. (LOG-4709)
Currently,
```
must-gather
```
cannot gather any logs on a FIPS-enabled cluster, because the required OpenSSL library is not available in the
```
cluster-logging-rhel9-operator
```
. There is currently no workaround for this issue. (LOG-4403)
Currently, when deploying the logging version 5.8 on a FIPS-enabled cluster, the collector pods cannot start and are stuck in
```
CrashLoopBackOff
```
status, while using FluentD as a collector. There is currently no workaround for this issue. (LOG-3933)

1.2.22.4. CVEs
Link kopieren

CVE-2023-40217

1.3. Logging 5.7
Link kopieren

Note

x.y

represents the major and minor version of logging you have installed. For example, stable-5.7.

1.3.1. Logging 5.7.15
Link kopieren

This release includes OpenShift Logging Bug Fix 5.7.15.

1.3.1.1. Bug fixes
Link kopieren

Before this update, there was a delay in restarting Ingesters when configuring
```
LokiStack
```
, because the Loki Operator sets the write-ahead log
```
replay_memory_ceiling
```
to zero bytes for the
```
1x.demo
```
size. With this update, the minimum value used for the
```
replay_memory_ceiling
```
has been increased to avoid delays. (LOG-5616)

1.3.2. Logging 5.7.14
Link kopieren

This release includes OpenShift Logging Bug Fix 5.7.14.

1.3.2.1. Bug fixes
Link kopieren

Before this update, an issue in the metrics collection code of the Logging Operator caused it to report stale telemetry metrics. With this update, the Logging Operator does not report stale telemetry metrics. (LOG-5472)

1.3.2.2. CVEs
Link kopieren

1.3.3. Logging 5.7.13
Link kopieren

This release includes OpenShift Logging Bug Fix 5.7.13.

1.3.3.1. Enhancements
Link kopieren

Before this update, the Loki Operator configured Loki to use path-based style access for the Amazon Simple Storage Service (S3), which has been deprecated. With this update, the Loki Operator defaults to virtual-host style without users needing to change their configuration. (LOG-5403)
Before this update, the Loki Operator did not validate the Amazon Simple Storage Service (S3) endpoint used in the storage secret. With this update, the validation process ensures the S3 endpoint is a valid S3 URL, and the
```
LokiStack
```
status updates to indicate any invalid URLs. (LOG-5393)

1.3.3.2. Bug fixes
Link kopieren

Before this update, the Elastisearch Operator
```
ServiceMonitor
```
in the
```
openshift-operators-redhat
```
namespace used static token and certificate authority (CA) files for authentication, causing errors in the Prometheus Operator in the User Workload Monitoring specification on the
```
ServiceMonitor
```
configuration. With this update, the Elastisearch Operator
```
ServiceMonitor
```
in the
```
openshift-operators-redhat
```
namespace now references a service account token secret by a
```
LocalReference
```
object. This approach allows the User Workload Monitoring specifications in the Prometheus Operator to handle the Elastisearch Operator
```
ServiceMonitor
```
successfully. This enables Prometheus to scrape the Elastisearch Operator metrics. (LOG-5243)
Before this update, the Loki Operator did not validate the Amazon Simple Storage Service (S3) endpoint URL format used in the storage secret. With this update, the S3 endpoint URL goes through a validation step that reflects on the status of the
```
LokiStack
```
. (LOG-5399)

1.3.3.3. CVEs
Link kopieren

1.3.4. Logging 5.7.12
Link kopieren

This release includes OpenShift Logging Bug Fix 5.7.12.

1.3.4.1. Bug fixes
Link kopieren

Before this update, the Loki Operator checked if the pods were running to decide if the
```
LokiStack
```
was ready. With this update, it also checks if the pods are ready, so that the readiness of the
```
LokiStack
```
reflects the state of its components. (LOG-5172)
Before this update, the Red Hat build pipeline didn’t use the existing build details in Loki builds and omitted information such as revision, branch, and version. With this update, the Red Hat build pipeline now adds these details to the Loki builds, fixing the issue. (LOG-5202)
Before this update, the configuration of the Loki Operator’s
```
ServiceMonitor
```
could match many Kubernetes services, resulting in the Loki Operator’s metrics being collected multiple times. With this update, the configuration of
```
ServiceMonitor
```
now only matches the dedicated metrics service. (LOG-5251)
Before this update, the build pipeline did not include linker flags for the build date, causing Loki builds to show empty strings for
```
buildDate
```
and
```
goVersion
```
. With this update, adding the missing linker flags in the build pipeline fixes the issue. (LOG-5275)
Before this update, the Loki Operator
```
ServiceMonitor
```
in the
```
openshift-operators-redhat
```
namespace used static token and CA files for authentication, causing errors in the Prometheus Operator in the User Workload Monitoring spec on the
```
ServiceMonitor
```
configuration. With this update, the Loki Operator
```
ServiceMonitor
```
in
```
openshift-operators-redhat
```
namespace now references a service account token secret by a
```
LocalReference
```
object. This approach allows the User Workload Monitoring spec in the Prometheus Operator to handle the Loki Operator
```
ServiceMonitor
```
successfully, enabling Prometheus to scrape the Loki Operator metrics. (LOG-5241)

1.3.4.2. CVEs
Link kopieren

1.3.5. Logging 5.7.11
Link kopieren

This release includes Logging Bug Fix 5.7.11.

1.3.5.1. Bug fixes
Link kopieren

Before this update, when configured to read a custom S3 Certificate Authority, the Loki Operator would not automatically update the configuration when the name of the
```
ConfigMap
```
object or the contents changed. With this update, the Loki Operator now watches for changes to the
```
ConfigMap
```
object and automatically updates the generated configuration. (LOG-4968)

1.3.5.2. CVEs
Link kopieren

CVE-2023-39326

1.3.6. Logging 5.7.10
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.7.10.

1.3.6.1. Bug fix
Link kopieren

Before this update, the LokiStack ruler pods would not format the IPv6 pod IP in HTTP URLs used for cross pod communication, causing querying rules and alerts through the Prometheus-compatible API to fail. With this update, the LokiStack ruler pods encapsulate the IPv6 pod IP in square brackets, resolving the issue. (LOG-4891)

1.3.7. Logging 5.7.9
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.7.9.

1.3.7.1. Bug fixes
Link kopieren

Before this fix, IPv6 addresses would not be parsed correctly after evaluating a host or multiple hosts for placeholders. With this update, IPv6 addresses are correctly parsed. (LOG-4281)
Before this update, the Vector failed to start on IPv4-only nodes. As a result, it failed to create a listener for its metrics endpoint with the following error:
```
Failed to start Prometheus exporter: TCP bind failed: Address family not supported by protocol (os error 97)
```
. With this update, the Vector operates normally on IPv4-only nodes. (LOG-4589)
Before this update, during the process of creating index patterns, the default alias was missing from the initial index in each log output. As a result, Kibana users were unable to create index patterns by using OpenShift Elasticsearch Operator. This update adds the missing aliases to OpenShift Elasticsearch Operator, resolving the issue. Kibana users can now create index patterns that include the
```
{app,infra,audit}-000001
```
indexes. (LOG-4806)
Before this update, the Loki Operator did not mount a custom CA bundle to the ruler pods. As a result, during the process to evaluate alerting or recording rules, object storage access failed. With this update, the Loki Operator mounts the custom CA bundle to all ruler pods. The ruler pods can download logs from object storage to evaluate alerting or recording rules. (LOG-4837)
Before this update, changing a LogQL query using controls such as time range or severity changed the label matcher operator as though it was defined like a regular expression. With this update, regular expression operators remain unchanged when updating the query. (LOG-4842)
Before this update, the Vector collector deployments relied upon the default retry and buffering behavior. As a result, the delivery pipeline backed up trying to deliver every message when the availability of an output was unstable. With this update, the Vector collector deployments limit the number of message retries and drop messages after the threshold has been exceeded. (LOG-4536)

1.3.8. Logging 5.7.8
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.7.8.

1.3.8.1. Bug fixes
Link kopieren

Before this update, there was a potential conflict when the same name was used for the
```
outputRefs
```
and
```
inputRefs
```
parameters in the
```
ClusterLogForwarder
```
custom resource (CR). As a result, the collector pods entered in a
```
CrashLoopBackOff
```
status. With this update, the output labels contain the
```
OUTPUT_
```
prefix to ensure a distinction between output labels and pipeline names. (LOG-4383)
Before this update, while configuring the JSON log parser, if you did not set the
```
structuredTypeKey
```
or
```
structuredTypeName
```
parameters for the Cluster Logging Operator, no alert would display about an invalid configuration. With this update, the Cluster Logging Operator informs you about the configuration issue. (LOG-4441)
Before this update, if the
```
hecToken
```
key was missing or incorrect in the secret specified for a Splunk output, the validation failed because the Vector forwarded logs to Splunk without a token. With this update, if the
```
hecToken
```
key is missing or incorrect, the validation fails with the
```
A non-empty hecToken entry is required
```
error message. (LOG-4580)
Before this update, selecting a date from the
```
Custom time range
```
for logs caused an error in the web console. With this update, you can select a date from the time range model in the web console successfully. (LOG-4684)

1.3.8.2. CVEs
Link kopieren

1.3.9. Logging 5.7.7
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.7.7.

1.3.9.1. Bug fixes
Link kopieren

Before this update, FluentD normalized the logs emitted by the EventRouter differently from Vector. With this update, the Vector produces log records in a consistent format. (LOG-4178)
Before this update, there was an error in the query used for the FluentD Buffer Availability graph in the metrics dashboard created by the Cluster Logging Operator as it showed the minimum buffer usage. With this update, the graph shows the maximum buffer usage and is now renamed to FluentD Buffer Usage. (LOG-4555)
Before this update, deploying a LokiStack on IPv6-only or dual-stack OpenShift Container Platform clusters caused the LokiStack memberlist registration to fail. As a result, the distributor pods went into a crash loop. With this update, an administrator can enable IPv6 by setting the
```
lokistack.spec.hashRing.memberlist.enableIPv6:
```
value to
```
true
```
, which resolves the issue. (LOG-4569)
Before this update, the log collector relied on the default configuration settings for reading the container log lines. As a result, the log collector did not read the rotated files efficiently. With this update, there is an increase in the number of bytes read, which allows the log collector to efficiently process rotated files. (LOG-4575)
Before this update, the unused metrics in the Event Router caused the container to fail due to excessive memory usage. With this update, there is reduction in the memory usage of the Event Router by removing the unused metrics. (LOG-4686)

1.3.10. Logging 5.7.6
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.7.6.

1.3.10.1. Bug fixes
Link kopieren

Before this update, the collector relied on the default configuration settings for reading the container log lines. As a result, the collector did not read the rotated files efficiently. With this update, there is an increase in the number of bytes read, which allows the collector to efficiently process rotated files. (LOG-4501)
Before this update, when users pasted a URL with predefined filters, some filters did not reflect. With this update, the UI reflects all the filters in the URL. (LOG-4459)
Before this update, forwarding to Loki using custom labels generated an error when switching from Fluentd to Vector. With this update, the Vector configuration sanitizes labels in the same way as Fluentd to ensure the collector starts and correctly processes labels. (LOG-4460)
Before this update, the Observability Logs console search field did not accept special characters that it should escape. With this update, it is escaping special characters properly in the query. (LOG-4456)
Before this update, the following warning message appeared while sending logs to Splunk:
```
Timestamp was not found.
```
With this update, the change overrides the name of the log field used to retrieve the Timestamp and sends it to Splunk without warning. (LOG-4413)
Before this update, the CPU and memory usage of Vector was increasing over time. With this update, the Vector configuration now contains the
```
expire_metrics_secs=60
```
setting to limit the lifetime of the metrics and cap the associated CPU usage and memory footprint. (LOG-4171)
Before this update, the LokiStack gateway cached authorized requests very broadly. As a result, this caused wrong authorization results. With this update, LokiStack gateway caches on a more fine-grained basis which resolves this issue. (LOG-4393)
Before this update, the Fluentd runtime image included builder tools which were unnecessary at runtime. With this update, the builder tools are removed, resolving the issue. (LOG-4467)

1.3.10.2. CVEs
Link kopieren

1.3.11. Logging 5.7.4
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.7.4.

1.3.11.1. Bug fixes
Link kopieren

Before this update, when forwarding logs to CloudWatch, a
```
namespaceUUID
```
value was not appended to the
```
logGroupName
```
field. With this update, the
```
namespaceUUID
```
value is included, so a
```
logGroupName
```
in CloudWatch appears as
```
logGroupName: vectorcw.b443fb9e-bd4c-4b6a-b9d3-c0097f9ed286
```
. (LOG-2701)
Before this update, when forwarding logs over HTTP to an off-cluster destination, the Vector collector was unable to authenticate to the cluster-wide HTTP proxy even though correct credentials were provided in the proxy URL. With this update, the Vector log collector can now authenticate to the cluster-wide HTTP proxy. (LOG-3381)
Before this update, the Operator would fail if the Fluentd collector was configured with Splunk as an output, due to this configuration being unsupported. With this update, configuration validation rejects unsupported outputs, resolving the issue. (LOG-4237)
Before this update, when the Vector collector was updated an
```
enabled = true
```
value in the TLS configuration for AWS Cloudwatch logs and the Google Cloud Stackdriver caused a configuration error. With this update,
```
enabled = true
```
value will be removed for these outputs, resolving the issue. (LOG-4242)
Before this update, the Vector collector occasionally panicked with the following error message in its log:
```
thread 'vector-worker' panicked at 'all branches are disabled and there is no else branch', src/kubernetes/reflector.rs:26:9
```
. With this update, the error has been resolved. (LOG-4275)
Before this update, an issue in the Loki Operator caused the
```
alert-manager
```
configuration for the application tenant to disappear if the Operator was configured with additional options for that tenant. With this update, the generated Loki configuration now contains both the custom and the auto-generated configuration. (LOG-4361)
Before this update, when multiple roles were used to authenticate using STS with AWS Cloudwatch forwarding, a recent update caused the credentials to be non-unique. With this update, multiple combinations of STS roles and static credentials can once again be used to authenticate with AWS Cloudwatch. (LOG-4368)
Before this update, Loki filtered label values for active streams but did not remove duplicates, making Grafana’s Label Browser unusable. With this update, Loki filters out duplicate label values for active streams, resolving the issue. (LOG-4389)
Pipelines with no
```
name
```
field specified in the
```
ClusterLogForwarder
```
custom resource (CR) stopped working after upgrading to OpenShift Logging 5.7. With this update, the error has been resolved. (LOG-4120)

1.3.11.2. CVEs
Link kopieren

1.3.12. Logging 5.7.3
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.7.3.

1.3.12.1. Bug fixes
Link kopieren

Before this update, when viewing logs within the OpenShift Container Platform web console, cached files caused the data to not refresh. With this update the bootstrap files are not cached, resolving the issue. (LOG-4100)
Before this update, the Loki Operator reset errors in a way that made identifying configuration problems difficult to troubleshoot. With this update, errors persist until the configuration error is resolved. (LOG-4156)
Before this update, the LokiStack ruler did not restart after changes were made to the
```
RulerConfig
```
custom resource (CR). With this update, the Loki Operator restarts the ruler pods after the
```
RulerConfig
```
CR is updated. (LOG-4161)
Before this update, the vector collector terminated unexpectedly when input match label values contained a
```
/
```
character within the
```
ClusterLogForwarder
```
. This update resolves the issue by quoting the match label, enabling the collector to start and collect logs. (LOG-4176)
Before this update, the Loki Operator terminated unexpectedly when a
```
LokiStack
```
CR defined tenant limits, but not global limits. With this update, the Loki Operator can process
```
LokiStack
```
CRs without global limits, resolving the issue. (LOG-4198)
Before this update, Fluentd did not send logs to an Elasticsearch cluster when the private key provided was passphrase-protected. With this update, Fluentd properly handles passphrase-protected private keys when establishing a connection with Elasticsearch. (LOG-4258)
Before this update, clusters with more than 8,000 namespaces caused Elasticsearch to reject queries because the list of namespaces was larger than the
```
http.max_header_size
```
setting. With this update, the default value for header size has been increased, resolving the issue. (LOG-4277)
Before this update, label values containing a
```
/
```
character within the
```
ClusterLogForwarder
```
CR would cause the collector to terminate unexpectedly. With this update, slashes are replaced with underscores, resolving the issue. (LOG-4095)
Before this update, the Cluster Logging Operator terminated unexpectedly when set to an unmanaged state. With this update, a check to ensure that the
```
ClusterLogging
```
resource is in the correct Management state before initiating the reconciliation of the
```
ClusterLogForwarder
```
CR, resolving the issue. (LOG-4177)
Before this update, when viewing logs within the OpenShift Container Platform web console, selecting a time range by dragging over the histogram didn’t work on the aggregated logs view inside the pod detail. With this update, the time range can be selected by dragging on the histogram in this view. (LOG-4108)
Before this update, when viewing logs within the OpenShift Container Platform web console, queries longer than 30 seconds timed out. With this update, the timeout value can be configured in the configmap/logging-view-plugin. (LOG-3498)
Before this update, when viewing logs within the OpenShift Container Platform web console, clicking the more data available option loaded more log entries only the first time it was clicked. With this update, more entries are loaded with each click. (OU-188)
Before this update, when viewing logs within the OpenShift Container Platform web console, clicking the streaming option would only display the streaming logs message without showing the actual logs. With this update, both the message and the log stream are displayed correctly. (OU-166)

1.3.12.2. CVEs
Link kopieren

1.3.13. Logging 5.7.2
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.7.2.

1.3.13.1. Bug fixes
Link kopieren

Before this update, it was not possible to delete the
```
openshift-logging
```
namespace directly due to the presence of a pending finalizer. With this update, the finalizer is no longer utilized, enabling direct deletion of the namespace. (LOG-3316)
Before this update, the
```
run.sh
```
script would display an incorrect
```
chunk_limit_size
```
value if it was changed according to the OpenShift Container Platform documentation. However, when setting the
```
chunk_limit_size
```
via the environment variable
```
$BUFFER_SIZE_LIMIT
```
, the script would show the correct value. With this update, the
```
run.sh
```
script now consistently displays the correct
```
chunk_limit_size
```
value in both scenarios. (LOG-3330)
Before this update, the OpenShift Container Platform web console’s logging view plugin did not allow for custom node placement or tolerations. This update adds the ability to define node placement and tolerations for the logging view plugin. (LOG-3749)
Before this update, the Cluster Logging Operator encountered an Unsupported Media Type exception when trying to send logs to DataDog via the Fluentd HTTP Plugin. With this update, users can seamlessly assign the content type for log forwarding by configuring the HTTP header Content-Type. The value provided is automatically assigned to the
```
content_type
```
parameter within the plugin, ensuring successful log transmission. (LOG-3784)
Before this update, when the
```
detectMultilineErrors
```
field was set to
```
true
```
in the
```
ClusterLogForwarder
```
custom resource (CR), PHP multi-line errors were recorded as separate log entries, causing the stack trace to be split across multiple messages. With this update, multi-line error detection for PHP is enabled, ensuring that the entire stack trace is included in a single log message. (LOG-3878)
Before this update,
```
ClusterLogForwarder
```
pipelines containing a space in their name caused the Vector collector pods to continuously crash. With this update, all spaces, dashes (-), and dots (.) in pipeline names are replaced with underscores (_). (LOG-3945)
Before this update, the
```
log_forwarder_output
```
metric did not include the
```
http
```
parameter. This update adds the missing parameter to the metric. (LOG-3997)
Before this update, Fluentd did not identify some multi-line JavaScript client exceptions when they ended with a colon. With this update, the Fluentd buffer name is prefixed with an underscore, resolving the issue. (LOG-4019)
Before this update, when configuring log forwarding to write to a Kafka output topic which matched a key in the payload, logs dropped due to an error. With this update, Fluentd’s buffer name has been prefixed with an underscore, resolving the issue.(LOG-4027)
Before this update, the LokiStack gateway returned label values for namespaces without applying the access rights of a user. With this update, the LokiStack gateway applies permissions to label value requests, resolving the issue. (LOG-4049)
Before this update, the Cluster Logging Operator API required a certificate to be provided by a secret when the
```
tls.insecureSkipVerify
```
option was set to
```
true
```
. With this update, the Cluster Logging Operator API no longer requires a certificate to be provided by a secret in such cases. The following configuration has been added to the Operator’s CR:
```
tls.verify_certificate = false
tls.verify_hostname = false
```
(LOG-3445)
Before this update, the LokiStack route configuration caused queries running longer than 30 seconds to timeout. With this update, the LokiStack global and per-tenant
```
queryTimeout
```
settings affect the route timeout settings, resolving the issue. (LOG-4052)
Before this update, a prior fix to remove defaulting of the
```
collection.type
```
resulted in the Operator no longer honoring the deprecated specs for resource, node selections, and tolerations. This update modifies the Operator behavior to always prefer the
```
collection.logs
```
spec over those of
```
collection
```
. This varies from previous behavior that allowed using both the preferred fields and deprecated fields but would ignore the deprecated fields when
```
collection.type
```
was populated. (LOG-4185)
Before this update, the Vector log collector did not generate TLS configuration for forwarding logs to multiple Kafka brokers if the broker URLs were not specified in the output. With this update, TLS configuration is generated appropriately for multiple brokers. (LOG-4163)
Before this update, the option to enable passphrase for log forwarding to Kafka was unavailable. This limitation presented a security risk as it could potentially expose sensitive information. With this update, users now have a seamless option to enable passphrase for log forwarding to Kafka. (LOG-3314)
Before this update, Vector log collector did not honor the
```
tlsSecurityProfile
```
settings for outgoing TLS connections. After this update, Vector handles TLS connection settings appropriately. (LOG-4011)
Before this update, not all available output types were included in the
```
log_forwarder_output_info
```
metrics. With this update, metrics contain Splunk and Google Cloud Logging data which was missing previously. (LOG-4098)
Before this update, when
```
follow_inodes
```
was set to
```
true
```
, the Fluentd collector could crash on file rotation. With this update, the
```
follow_inodes
```
setting does not crash the collector. (LOG-4151)
Before this update, the Fluentd collector could incorrectly close files that should be watched because of how those files were tracked. With this update, the tracking parameters have been corrected. (LOG-4149)
Before this update, forwarding logs with the Vector collector and naming a pipeline in the
```
ClusterLogForwarder
```
instance
```
audit
```
,
```
application
```
or
```
infrastructure
```
resulted in collector pods staying in the
```
CrashLoopBackOff
```
state with the following error in the collector log:
```
ERROR vector::cli: Configuration error. error=redefinition of table transforms.audit for key transforms.audit
```
After this update, pipeline names no longer clash with reserved input names, and pipelines can be named
```
audit
```
,
```
application
```
or
```
infrastructure
```
. (LOG-4218)
Before this update, when forwarding logs to a syslog destination with the Vector collector and setting the
```
addLogSource
```
flag to
```
true
```
, the following extra empty fields were added to the forwarded messages:
```
namespace_name=
```
,
```
container_name=
```
, and
```
pod_name=
```
. With this update, these fields are no longer added to journal logs. (LOG-4219)
Before this update, when a
```
structuredTypeKey
```
was not found, and a
```
structuredTypeName
```
was not specified, log messages were still parsed into structured object. With this update, parsing of logs is as expected. (LOG-4220)

1.3.14. Logging 5.7.1
Link kopieren

This release includes: OpenShift Logging Bug Fix Release 5.7.1.

1.3.14.1. Bug fixes
Link kopieren

Before this update, the presence of numerous noisy messages within the Cluster Logging Operator pod logs caused reduced log readability, and increased difficulty in identifying important system events. With this update, the issue is resolved by significantly reducing the noisy messages within Cluster Logging Operator pod logs. (LOG-3482)
Before this update, the API server would reset the value for the
```
CollectorSpec.Type
```
field to
```
vector
```
, even when the custom resource used a different value. This update removes the default for the
```
CollectorSpec.Type
```
field to restore the previous behavior. (LOG-4086)
Before this update, a time range could not be selected in the OpenShift Container Platform web console by clicking and dragging over the logs histogram. With this update, clicking and dragging can be used to successfully select a time range. (LOG-4501)
Before this update, clicking on the Show Resources link in the OpenShift Container Platform web console did not produce any effect. With this update, the issue is resolved by fixing the functionality of the "Show Resources" link to toggle the display of resources for each log entry. (LOG-3218)

1.3.14.2. CVEs
Link kopieren

1.3.15. Logging 5.7.0
Link kopieren

This release includes OpenShift Logging Bug Fix Release 5.7.0.

1.3.15.1. Enhancements
Link kopieren

With this update, you can enable logging to detect multi-line exceptions and reassemble them into a single log entry.

To enable logging to detect multi-line exceptions and reassemble them into a single log entry, ensure that the

ClusterLogForwarder

Custom Resource (CR) contains a

detectMultilineErrors

field, with a value of

true

1.3.15.2. Known Issues
Link kopieren

None.

1.3.15.3. Bug fixes
Link kopieren

Before this update, the
```
nodeSelector
```
attribute for the Gateway component of the LokiStack did not impact node scheduling. With this update, the
```
nodeSelector
```
attribute works as expected. (LOG-3713)

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 1. Release notes

1.1. Logging 5.9Link kopierenLink in die Zwischenablage kopiert!

1.1.1. Logging 5.9.16Link kopierenLink in die Zwischenablage kopiert!

1.1.1.1. Bug fixesLink kopierenLink in die Zwischenablage kopiert!

1.1.1.2. Known issuesLink kopierenLink in die Zwischenablage kopiert!

1.1.2. Logging 5.9.15Link kopierenLink in die Zwischenablage kopiert!

1.1.2.1. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.1.3. Logging 5.9.14Link kopierenLink in die Zwischenablage kopiert!

1.1.3.1. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.1.4. Logging 5.9.13Link kopierenLink in die Zwischenablage kopiert!

1.1.4.1. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

1.1.4.2. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.1.5. Logging 5.9.12Link kopierenLink in die Zwischenablage kopiert!

1.1.5.1. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.1.6. Logging 5.9.11Link kopierenLink in die Zwischenablage kopiert!

1.1.6.1. EnhancementsLink kopierenLink in die Zwischenablage kopiert!

1.1.6.2. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

1.1.6.3. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.1.7. Logging 5.9.10Link kopierenLink in die Zwischenablage kopiert!

1.1.7.1. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

1.1.7.2. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.1.8. Logging 5.9.9Link kopierenLink in die Zwischenablage kopiert!

1.1.8.1. Bug fixesLink kopierenLink in die Zwischenablage kopiert!

1.1.8.2. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.1.9. Logging 5.9.8Link kopierenLink in die Zwischenablage kopiert!

1.1.9.1. Bug fixesLink kopierenLink in die Zwischenablage kopiert!

1.1.9.2. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.1.10. Logging 5.9.7Link kopierenLink in die Zwischenablage kopiert!

1.1.10.1. Bug fixesLink kopierenLink in die Zwischenablage kopiert!

1.1.10.2. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.1.11. Logging 5.9.6Link kopierenLink in die Zwischenablage kopiert!

1.1.11.1. Bug fixesLink kopierenLink in die Zwischenablage kopiert!

1.1.11.2. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.1.12. Logging 5.9.5Link kopierenLink in die Zwischenablage kopiert!

1.1.12.1. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

1.1.12.2. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.1.13. Logging 5.9.4Link kopierenLink in die Zwischenablage kopiert!

1.1.13.1. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

1.1.13.2. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.1.14. Logging 5.9.3Link kopierenLink in die Zwischenablage kopiert!

1.1.14.1. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

1.1.14.2. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.1.15. Logging 5.9.2Link kopierenLink in die Zwischenablage kopiert!

1.1.15.1. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

1.1.15.2. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.1.16. Logging 5.9.1Link kopierenLink in die Zwischenablage kopiert!

1.1.16.1. EnhancementsLink kopierenLink in die Zwischenablage kopiert!

1.1.16.2. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

1.1.16.3. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.1.17. Logging 5.9.0Link kopierenLink in die Zwischenablage kopiert!

1.1.17.1. Removal noticeLink kopierenLink in die Zwischenablage kopiert!

1.1.17.2. Deprecation noticeLink kopierenLink in die Zwischenablage kopiert!

1.1.17.3. EnhancementsLink kopierenLink in die Zwischenablage kopiert!

1.1.17.3.1. Log CollectionLink kopierenLink in die Zwischenablage kopiert!

1.1.17.3.2. Log StorageLink kopierenLink in die Zwischenablage kopiert!

1.1.17.4. Bug FixesLink kopierenLink in die Zwischenablage kopiert!

1.1.17.5. Known IssuesLink kopierenLink in die Zwischenablage kopiert!

1.1.17.6. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.2. Logging 5.8Link kopierenLink in die Zwischenablage kopiert!

1.2.1. Logging 5.8.21Link kopierenLink in die Zwischenablage kopiert!

1.2.1.1. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.2.2. Logging 5.8.20Link kopierenLink in die Zwischenablage kopiert!

1.2.2.1. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.2.3. Logging 5.8.19Link kopierenLink in die Zwischenablage kopiert!

1.2.3.1. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.2.4. Logging 5.8.18Link kopierenLink in die Zwischenablage kopiert!

1.2.4.1. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.2.5. Logging 5.8.17Link kopierenLink in die Zwischenablage kopiert!

1.2.5.1. EnhancementsLink kopierenLink in die Zwischenablage kopiert!

1.2.5.2. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.2.6. Logging 5.8.16Link kopierenLink in die Zwischenablage kopiert!

1.2.6.1. Bug fixesLink kopierenLink in die Zwischenablage kopiert!

1.2.6.2. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.2.7. Logging 5.8.15Link kopierenLink in die Zwischenablage kopiert!

1.2.7.1. Bug fixesLink kopierenLink in die Zwischenablage kopiert!

1.2.7.2. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.2.8. Logging 5.8.14Link kopierenLink in die Zwischenablage kopiert!

1.2.8.1. Bug fixesLink kopierenLink in die Zwischenablage kopiert!

1.2.8.2. CVEsLink kopierenLink in die Zwischenablage kopiert!

1.1. Logging 5.9
Link kopieren

1.1.1. Logging 5.9.16
Link kopieren

1.1.1.1. Bug fixes
Link kopieren

1.1.1.2. Known issues
Link kopieren

1.1.2. Logging 5.9.15
Link kopieren

1.1.2.1. CVEs
Link kopieren

1.1.3. Logging 5.9.14
Link kopieren

1.1.3.1. CVEs
Link kopieren

1.1.4. Logging 5.9.13
Link kopieren

1.1.4.1. Bug Fixes
Link kopieren

1.1.4.2. CVEs
Link kopieren

1.1.5. Logging 5.9.12
Link kopieren

1.1.5.1. CVEs
Link kopieren

1.1.6. Logging 5.9.11
Link kopieren

1.1.6.1. Enhancements
Link kopieren

1.1.6.2. Bug Fixes
Link kopieren

1.1.6.3. CVEs
Link kopieren

1.1.7. Logging 5.9.10
Link kopieren

1.1.7.1. Bug Fixes
Link kopieren

1.1.7.2. CVEs
Link kopieren

1.1.8. Logging 5.9.9
Link kopieren

1.1.8.1. Bug fixes
Link kopieren

1.1.8.2. CVEs
Link kopieren

1.1.9. Logging 5.9.8
Link kopieren

1.1.9.1. Bug fixes
Link kopieren

1.1.9.2. CVEs
Link kopieren

1.1.10. Logging 5.9.7
Link kopieren

1.1.10.1. Bug fixes
Link kopieren

1.1.10.2. CVEs
Link kopieren

1.1.11. Logging 5.9.6
Link kopieren

1.1.11.1. Bug fixes
Link kopieren

1.1.11.2. CVEs
Link kopieren

1.1.12. Logging 5.9.5
Link kopieren

1.1.12.1. Bug Fixes
Link kopieren

1.1.12.2. CVEs
Link kopieren

1.1.13. Logging 5.9.4
Link kopieren

1.1.13.1. Bug Fixes
Link kopieren

1.1.13.2. CVEs
Link kopieren

1.1.14. Logging 5.9.3
Link kopieren

1.1.14.1. Bug Fixes
Link kopieren

1.1.14.2. CVEs
Link kopieren

1.1.15. Logging 5.9.2
Link kopieren

1.1.15.1. Bug Fixes
Link kopieren

1.1.15.2. CVEs
Link kopieren

1.1.16. Logging 5.9.1
Link kopieren

1.1.16.1. Enhancements
Link kopieren

1.1.16.2. Bug Fixes
Link kopieren

1.1.16.3. CVEs
Link kopieren

1.1.17. Logging 5.9.0
Link kopieren

1.1.17.1. Removal notice
Link kopieren

1.1.17.2. Deprecation notice
Link kopieren

1.1.17.3. Enhancements
Link kopieren

1.1.17.3.1. Log Collection
Link kopieren

1.1.17.3.2. Log Storage
Link kopieren

1.1.17.4. Bug Fixes
Link kopieren

1.1.17.5. Known Issues
Link kopieren

1.1.17.6. CVEs
Link kopieren

1.2. Logging 5.8
Link kopieren

1.2.1. Logging 5.8.21
Link kopieren

1.2.1.1. CVEs
Link kopieren

1.2.2. Logging 5.8.20
Link kopieren

1.2.2.1. CVEs
Link kopieren

1.2.3. Logging 5.8.19
Link kopieren

1.2.3.1. CVEs
Link kopieren

1.2.4. Logging 5.8.18
Link kopieren

1.2.4.1. CVEs
Link kopieren

1.2.5. Logging 5.8.17
Link kopieren

1.2.5.1. Enhancements
Link kopieren

1.2.5.2. CVEs
Link kopieren

1.2.6. Logging 5.8.16
Link kopieren

1.2.6.1. Bug fixes
Link kopieren

1.2.6.2. CVEs
Link kopieren

1.2.7. Logging 5.8.15
Link kopieren

1.2.7.1. Bug fixes
Link kopieren

1.2.7.2. CVEs
Link kopieren

1.2.8. Logging 5.8.14
Link kopieren

1.2.8.1. Bug fixes
Link kopieren

1.2.8.2. CVEs
Link kopieren

1.2.9. Logging 5.8.13
Link kopieren

1.2.9.1. Bug fixes
Link kopieren