Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 1. Release notes

1.1. Logging 6.0.10 Release Notes
Copy link

This release includes RHBA-2025:15564.

1.1.1. Bug Fixes
Copy link

  • Before this update, a bug in the authorization workflow for user rules and alerts allowed users to view alerts from other users. With this update, the bug fix restores the correct authorization behavior, and users can only see their own rules and alerts. (LOG-7315)
  • Before this update, creating an AlertingRule for kernel errors failed in the openshift-logging namespace because the infrastructure or audit tenant was not supported. As a consequence, users could not create AlertingRules for kernel messages without specifying a namespace label. With this update, AlertingRule validation allows the infrastructure or audit tenant in the openshift-logging namespace without a namespace label, enabling users to create AlertingRules for kernel errors successfully. (LOG-7319)
  • Before this update, the loki-gateway did not enforce fine-grained authorization on the /series endpoint for the application tenant. As a consequence, users could get unauthorized access to the stream metadata information for different log streams. With this update, the /series endpoint uses the match parameter instead of the query parameter to filter the series metadata that is returned for a request. As a result, the loki-gateway correctly enforces fine-grained authorization for the /series endpoint for the application tenant. (LOG-7321)
  • Before this update, Loki ingesters that got into an unhealthy state due to networking issues stayed in that state even after the network recovered. With this update, you can configure the Loki Operator to perform service discovery more often so that unhealthy ingesters can rejoin the group. (LOG-7323)
  • Before this update, the vector_buffer_byte_size and vector_buffer_events metrics incorrectly reported negative values under certain system load and timing conditions. This led to unreliable monitoring, potentially masking buffer issues. With this update, a concurrent, centralized state tracker ensures that these metrics are always reported as non-negative values. This ensures that the metrics correctly report buffer sizes helping with accurate monitoring. (LOG-7595)
  • Before this update, a log record with a malformed timestamp could cause the Vector agent to panic when attempting to forward logs to Loki. With this update, error handling for out-of-range timestamp values has been improved resolving the issue. (LOG-7601)

1.2. Logging 6.0.9
Copy link

This release includes RHBA-2025:8144.

1.2.1. Bug fixes
Copy link

  • Before this update, merging data from the message field into the root of a Syslog log event caused inconsistencies with the ViaQ data model. These inconsistencies could overwrite system information, duplicate data, or corrupt the log event. This update makes Syslog parsing and merging consistent with the other output types and resolves the issue. (LOG-7183)
  • Before this update, log forwarding failed when the cluster-wide proxy configuration included a URL with a username containing an encoded @ symbol; for example, user%40name. This update adds the correct support for URL-encoded values in proxy configurations and resolves the issue. (LOG-7186)

1.2.2. CVEs
Copy link

For detailed information about Red Hat security ratings, see Severity ratings.

1.3. Logging 6.0.8
Copy link

This release includes RHBA-2025:4520.

1.3.1. Bug fixes
Copy link

  • Before this update, collector pods would enter a crash loop due to a configuration error when attempting token-based authentication with an Elasticsearch output. With this update, token authentication with an Elasticsearch output generates a valid configuration. (LOG-7019)

1.3.2. CVEs
Copy link

Note

For detailed information on Red Hat security ratings, review Severity ratings.

1.4. Logging 6.0.7
Copy link

This release includes RHSA-2025:3905.

1.4.1. New features and enhancements
Copy link

  • Before this update, time-based stream sharding was not enabled in Loki, which resulted in Loki being unable to save historical data. With this update, the Loki Operator enables time-based stream sharding in Loki, which helps Loki save historical data. (LOG-6990)

1.4.2. CVEs
Copy link

Note

For detailed information on Red Hat security ratings, review Severity ratings.

1.5. Logging 6.0.6
Copy link

This release includes RHSA-2025:3132.

1.5.1. Bug fixes
Copy link

  • Before this update, the Logging Operator deployed the collector config map with output configurations that were not referenced by any inputs. With this update, the Operator adds validation to fail the ClusterLogForwarder custom resource if an output configuration is not referenced by any inputs, preventing the deployment of the collector. (LOG-6759)

1.5.2. CVEs
Copy link

Note

For detailed information on Red Hat security ratings, review Severity ratings.

1.6. Logging 6.0.5
Copy link

This release includes RHBA-2025:1986.

1.6.1. CVEs
Copy link

1.7. Logging 6.0.4
Copy link

This release includes RHBA-2025:1228.

1.7.1. New features and enhancements
Copy link

  • This enhancement adds OTel semantic stream labels to the lokiStack output so that you can query logs by using both ViaQ and OTel stream labels. (LOG-6580)

1.7.2. Bug fixes
Copy link

  • Before this update, the Operator used a cached client to fetch the SecurityContextConstraint cluster resource, which could result in an error when the cache is invalid. With this update, the Operator now always retrieves data from the API server instead of using the cache. (LOG-6130)
  • Before this update, the Vector startup script attempted to delete buffer lock files during startup. With this update, the Vector startup script no longer attempts to delete buffer lock files during startup. (LOG-6348)
  • Before this update, a bug in the must-gather script for the cluster-logging-operator prevented the LokiStack from being gathered correctly when it existed. With this update, the LokiStack is gathered correctly. (LOG-6499)
  • Before this update, the collector metrics dashboard could get removed after an Operator upgrade due to a race condition during the change from the old to the new pod deployment. With this update, labels are added to the dashboard ConfigMap to identify the upgraded deployment as the current owner so that it will not be removed. (LOG-6608)
  • Before this update, the logging must-gather did not collect resources such as UIPlugin, ClusterLogForwarder, LogFileMetricExporter and LokiStack CR. With this update, these resources are now collected in their namespace directory instead of the cluster-logging one. (LOG-6654)
  • Before this update, Vector did not retain process information, such as the program name, app-name, procID, and other details, when forwarding journal logs by using the syslog protocol. This could lead to the loss of important information. With this update, the Vector collector now preserves all required process information, and the data format adheres to the specifications of RFC3164 and RFC5424. (LOG-6659)

1.8. Logging 6.0.3
Copy link

This release includes RHBA-2024:10991.

1.8.1. New features and enhancements
Copy link

  • With this update, the Loki Operator supports the configuring of the workload identity federation on the Google Cloud Platform (GCP) by using the Cluster Credential Operator (CCO) in Red Hat OpenShift Logging 4.17 or later. (LOG-6421)

1.8.2. Bug fixes
Copy link

  • Before this update, the collector used the default settings to collect audit logs, which did not account for back pressure from output receivers. With this update, the audit log collection is optimized for file handling and log reading. (LOG-6034)
  • Before this update, any namespace containing openshift or kube was treated as an infrastructure namespace. With this update, only the following namespaces are treated as infrastructure namespaces: default, kube, openshift, and namespaces that begin with openshift- or kube-. (LOG-6204)
  • Before this update, an input receiver service was repeatedly created and deleted, causing issues with mounting the TLS secrets. With this update, the service is created once and only deleted if it is not defined in the ClusterLogForwarder custom resource. (LOG-6343)
  • Before this update, pipeline validation might enter an infinite loop if a name was a substring of another name. With this update, stricter name equality checks prevent the infinite loop. (LOG-6352)
  • Before this update, the collector alerting rules included the summary and message fields. With this update, the collector alerting rules include the summary and description fields. (LOG-6406)
  • Before this update, setting up the custom audit inputs in the ClusterLogForwarder custom resource with configured LokiStack output caused errors due to the nil pointer dereference. With this update, the Operator performs the nil checks, preventing such errors. (LOG-6441)
  • Before this update, the collector did not correctly mount the /var/log/oauth-server/ path, which prevented the collection of the audit logs. With this update, the volume mount is added, and the audit logs are collected as expected. (LOG-6486)
  • Before this update, the collector did not correctly mount the oauth-apiserver audit log file. As a result, such audit logs were not collected. With this update, the volume mount is correctly mounted, and the logs are collected as expected. (LOG-6543)

1.8.3. CVEs
Copy link

1.9. Logging 6.0.2
Copy link

This release includes RHBA-2024:10051.

1.9.1. Bug fixes
Copy link

  • Before this update, Loki did not correctly load some configurations, which caused issues when using Alibaba Cloud or IBM Cloud object storage. This update fixes the configuration-loading code in Loki, resolving the issue. (LOG-5325)
  • Before this update, the collector would discard audit log messages that exceeded the configured threshold. This modifies the audit configuration thresholds for the maximum line size as well as the number of bytes read during a read cycle. (LOG-5998)
  • Before this update, the Cluster Logging Operator did not watch and reconcile resources associated with an instance of a ClusterLogForwarder like it did in prior releases. This update modifies the operator to watch and reconcile all resources it owns and creates. (LOG-6264)
  • Before this update, log events with an unknown severity level sent to Google Cloud Logging would trigger a warning in the vector collector, which would then default the severity to 'DEFAULT'. With this update, log severity levels are now standardized to match Google Cloud Logging specifications, and audit logs are assigned a severity of 'INFO'. (LOG-6296)
  • Before this update, when infrastructure namespaces were included in application inputs, the log_type was set as application. With this update, the log_type of infrastructure namespaces included in application inputs is set to infrastructure. (LOG-6354)
  • Before this update, specifying a value for the syslog.enrichment field of the ClusterLogForwarder added namespace_name, container_name, and pod_name to the messages of non-container logs. With this update, only container logs include namespace_name, container_name, and pod_name in their messages when syslog.enrichment is set. (LOG-6402)

1.9.2. CVEs
Copy link

1.10. Logging 6.0.1
Copy link

This release includes OpenShift Logging Bug Fix Release 6.0.1.

1.10.1. Bug fixes
Copy link

  • With this update, the default memory limit for the collector has been increased from 1024 Mi to 2024 Mi. However, users should always adjust their resource limits according to their cluster specifications and needs. (LOG-6180)
  • Before this update, the Loki Operator failed to add the default namespace label to all AlertingRule resources, which caused the User-Workload-Monitoring Alertmanager to skip routing these alerts. This update adds the rule namespace as a label to all alerting and recording rules, resolving the issue and restoring proper alert routing in Alertmanager. (LOG-6151)
  • Before this update, the LokiStack ruler component view did not initialize properly, causing an invalid field error when the ruler component was disabled. This update ensures that the component view initializes with an empty value, resolving the issue. (LOG-6129)
  • Before this update, it was possible to set log_source in the prune filter, which could lead to inconsistent log data. With this update, the configuration is validated before being applied, and any configuration that includes log_source in the prune filter is rejected. (LOG-6202)

1.10.2. CVEs
Copy link

1.11. Logging 6.0.0
Copy link

This release includes Logging for Red Hat OpenShift Bug Fix Release 6.0.0

Note

Logging is provided as an installable component, with a distinct release cycle from the core OpenShift Container Platform. The Red Hat OpenShift Container Platform Life Cycle Policy outlines release compatibility.

Expand
Table 1.1. Upstream component versions
logging VersionComponent Version

Operator

eventrouter

logfilemetricexporter

loki

lokistack-gateway

opa-openshift

vector

6.0

0.4

1.1

3.1.0

0.1

0.1

0.37.1

1.12. Removal notice
Copy link

  • With this release, logging no longer supports the ClusterLogging.logging.openshift.io and ClusterLogForwarder.logging.openshift.io custom resources. Refer to the product documentation for details on the replacement features. (LOG-5803)
  • With this release, logging no longer manages or deploys log storage (such as Elasticsearch), visualization (such as Kibana), or Fluentd-based log collectors. (LOG-5368)
Note

In order to continue to use Elasticsearch and Kibana managed by the elasticsearch-operator, the administrator must modify those object’s ownerRefs before deleting the ClusterLogging resource.

1.13. New features and enhancements
Copy link

  • This feature introduces a new architecture for logging for Red Hat OpenShift by shifting component responsibilities to their relevant Operators, such as for storage, visualization, and collection. It introduces the ClusterLogForwarder.observability.openshift.io API for log collection and forwarding. Support for the ClusterLogging.logging.openshift.io and ClusterLogForwarder.logging.openshift.io APIs, along with the Red Hat managed Elastic stack (Elasticsearch and Kibana), is removed. Users are encouraged to migrate to the Red Hat LokiStack for log storage. Existing managed Elasticsearch deployments can be used for a limited time. Automated migration for log collection is not provided, so administrators need to create a new ClusterLogForwarder.observability.openshift.io specification to replace their previous custom resources. Refer to the official product documentation for more details. (LOG-3493)
  • With this release, the responsibility for deploying the logging view plugin shifts from the Red Hat OpenShift Logging Operator to the Cluster Observability Operator (COO). For new log storage installations that need visualization, the Cluster Observability Operator and the associated UIPlugin resource must be deployed. Refer to the Cluster Observability Operator Overview product documentation for more details. (LOG-5461)
  • This enhancement sets default requests and limits for Vector collector deployments' memory and CPU usage based on Vector documentation recommendations. (LOG-4745)
  • This enhancement updates Vector to align with the upstream version v0.37.1. (LOG-5296)
  • This enhancement introduces an alert that triggers when log collectors buffer logs to a node’s file system and use over 15% of the available space, indicating potential back pressure issues. (LOG-5381)
  • This enhancement updates the selectors for all components to use common Kubernetes labels. (LOG-5906)
  • This enhancement changes the collector configuration to deploy as a ConfigMap instead of a secret, allowing users to view and edit the configuration when the ClusterLogForwarder is set to Unmanaged. (LOG-5599)
  • This enhancement adds the ability to configure the Vector collector log level using an annotation on the ClusterLogForwarder, with options including trace, debug, info, warn, error, or off. (LOG-5372)
  • This enhancement adds validation to reject configurations where Amazon CloudWatch outputs use multiple AWS roles, preventing incorrect log routing. (LOG-5640)
  • This enhancement removes the Log Bytes Collected and Log Bytes Sent graphs from the metrics dashboard. (LOG-5964)
  • This enhancement updates the must-gather functionality to only capture information for inspecting Logging 6.0 components, including Vector deployments from ClusterLogForwarder.observability.openshift.io resources and the Red Hat managed LokiStack. (LOG-5949)
  • This enhancement improves Azure storage secret validation by providing early warnings for specific error conditions. (LOG-4571)

  • This enhancement updates the ClusterLogForwarder API to follow the Kubernetes standards. (LOG-5977)

    Example of a new configuration in the ClusterLogForwarder custom resource for the updated API

    apiVersion: observability.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: <name>
spec:
  outputs:
  - name: <output_name>
    type: <output_type>
    <output_type>:
      tuning:
         deliveryMode: AtMostOnce
    Copy to Clipboard Toggle word wrap

1.14. Technology Preview features
Copy link

  • This release introduces a Technology Preview feature for log forwarding using OpenTelemetry. A new output type,` OTLP`, allows sending JSON-encoded log records using the OpenTelemetry data model and resource semantic conventions. (LOG-4225)

1.15. Bug fixes
Copy link

  • Before this update, the CollectorHighErrorRate and CollectorVeryHighErrorRate alerts were still present. With this update, both alerts are removed in the logging 6.0 release but might return in a future release. (LOG-3432)

1.16. CVEs
Copy link

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat