Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 1. Logging 6.1 Release Notes

1.1. Logging 6.1.8 Release Notes
Copy link

This release includes RHBA-2025:15565.

1.1.1. Bug fixes
Copy link

  • Before this update, a bug in the authorization workflow for user rules and alerts allowed users to view alerts from other users. With this update, the bug fix restores the correct authorization behavior, and users can only see their own rules and alerts. (LOG-7314)
  • Before this update, creating an AlertingRule for kernel errors failed in the openshift-logging namespace because the infrastructure or audit tenant was not supported. As a consequence, users could not create AlertingRules for kernel messages without specifying a namespace label. With this update, AlertingRule validation allows the infrastructure or audit tenant in the openshift-logging namespace without a namespace label, enabling users to create AlertingRules for kernel errors successfully. (LOG-7318)
  • Before this update, the loki-gateway did not enforce fine-grained authorization on the /series endpoint for the application tenant. As a consequence, users could get unauthorized access to the stream metadata information from different log streams. With this update, the /series endpoint uses the match parameter instead of the query parameter to filter the series metadata that is returned for a request. As a result, the loki-gateway correctly enforces fine-grained authorization for the /series endpoint for the application tenant. (LOG-7320)
  • Before this update, Loki ingesters that got into an unhealthy state due to networking issues stayed in that state even after the network recovered. With this update, you can configure the Loki Operator to perform service discovery more often so that unhealthy ingesters can rejoin the group. (LOG-7322)
  • Before this update, the vector_buffer_byte_size and vector_buffer_events metrics incorrectly reported negative values under certain system load and timing conditions. This led to unreliable monitoring, potentially masking buffer issues. With this update, a concurrent, centralized state tracker ensures that these metrics are always reported as non-negative values. This ensures that the metrics correctly report buffer sizes helping with accurate monitoring. (LOG-7594)
  • Before this update, a log record with a malformed timestamp could cause the Vector agent to panic when attempting to forward logs to Loki. With this update, error handling for out-of-range timestamp values has been improved resolving the issue. (LOG-7600)

1.2. Logging 6.1.7 Release Notes
Copy link

This release includes RHBA-2025:8143.

1.2.1. Bug fixes
Copy link

  • Before this update, merging data from the message field into the root of a Syslog log event caused the log event to be inconsistent with the ViaQ data model. The inconsistency could lead to overwritten system information, data duplication, or event corruption. This update revises Syslog parsing and merging for the Syslog output to align with other output types, resolving this inconsistency. (LOG-7184)
  • Before this update, log forwarding failed if you configured a cluster-wide proxy with a URL containing a username with an encoded "@" symbol; for example "user%40name". This update resolves the issue by adding correct support for URL-encoded values in proxy configurations. (LOG-7187)

1.2.2. CVEs
Copy link

Note

For detailed information on Red Hat security ratings, review Severity ratings.

1.3. Logging 6.1.6 Release Notes
Copy link

This release includes RHBA-2025:4529.

1.3.1. Bug fixes
Copy link

  • Before this update, collector pods would enter a crash loop due to a configuration error when attempting token-based authentication with an Elasticsearch output. With this update, token authentication with an Elasticsearch output generates a valid configuration. (LOG-7018)
  • Before this update, auditd log messages with multiple msg keys could cause errors in collector pods, because the standard auditd log format expects a single msg field per log entry that follows the msg=audit(TIMESTAMP:ID) structure. With this update, only the first msg value is used, which resolves the issue and ensures accurate extraction of audit metadata. (LOG-7029)

1.3.2. CVEs
Copy link

Note

For detailed information on Red Hat security ratings, review Severity ratings.

1.4. Logging 6.1.5 Release Notes
Copy link

This release includes RHSA-2025:3907.

1.4.1. New features and enhancements
Copy link

  • Before this update, time-based stream sharding was not enabled in Loki, which resulted in Loki being unable to save historical data. With this update, Loki Operator enables time-based stream sharding in Loki, which helps Loki save historical data. (LOG-6991)

1.4.2. Bug fixes
Copy link

  • Before this update, the Vector collector could not forward Open Virtual Network (OVN) and Auditd logs. With this update, the Vector collector can forward OVN and Auditd logs. (LOG-6996)

1.4.3. CVEs
Copy link

Note

For detailed information on Red Hat security ratings, review Severity ratings.

1.5. Logging 6.1.4 Release Notes
Copy link

This release includes Logging for Red Hat OpenShift Bug Fix Release 6.1.4.

1.5.1. Bug fixes
Copy link

  • Before this update, Red Hat Managed Elasticsearch failed to receive logs if the index name did not follow the required patterns (app-, infra-, audit-), resulting in an index_not_found_exception error due to a restricted automatic index creation. With this update, improved documentation and explanations in the oc explain obsclf.spec.outputs.elasticsearch.index command clarify the index naming limitations, helping users configure log forwarding correctly. (LOG-6623)
  • Before this update, when you used 1x.pico as the LokiStack size, the number of delete workers was set to zero. This issue occurred because of an error in the Operator that generates the Loki configuration. With this update, the number of delete workers is set to ten. (LOG-6797)
  • Before this update, the Operator failed to update the securitycontextconstraint object required by the log collector, which was a regression from previous releases. With this update, the Operator restores the cluster role to the service account and updates the resource. (LOG-6816)

1.5.2. CVEs
Copy link

Note

For detailed information on Red Hat security ratings, review Severity ratings.

1.6. Logging 6.1.3 Release Notes
Copy link

This release includes Logging for Red Hat OpenShift Bug Fix Release 6.1.3.

1.6.1. Bug Fixes
Copy link

  • Before this update, when using the new 1x.pico size with the Loki Operator, the PodDisruptionBudget created for the Ingester pod allowed Kubernetes to evict two of the three Ingester pods. With this update, the Operator now creates a PodDisruptionBudget that allows eviction of only a single Ingester pod. (LOG-6693)
  • Before this update, the Operator did not support templating of syslog facility and severity level, which was consistent with the rest of the API. Instead, the Operator relied upon the 5.x API, which is no longer supported. With this update, the Operator supports templating by adding the required validation to the API and rejecting resources that do not match the required format. (LOG-6788)
  • Before this update, empty OTEL tuning configuration caused a validation error. With this update, the validation rules allow empty OTEL tuning configurations. (LOG-6532)

1.6.2. CVEs
Copy link

1.7. Logging 6.1.2 Release Notes
Copy link

This release includes Logging for Red Hat OpenShift Bug Fix Release 6.1.2.

1.7.1. New Features and Enhancements
Copy link

  • This enhancement adds OTel semantic stream labels to the lokiStack output so that you can query logs by using both ViaQ and OTel stream labels. (LOG-6579)

1.7.2. Bug Fixes
Copy link

  • Before this update, the collector alerting rules contained summary and message fields. With this update, the collector alerting rules contain summary and description fields. (LOG-6126)
  • Before this update, the collector metrics dashboard could get removed after an Operator upgrade due to a race condition during the transition from the old to the new pod deployment. With this update, labels are added to the dashboard ConfigMap to identify the upgraded deployment as the current owner so that it will not be removed. (LOG-6280)
  • Before this update, when you included infrastructure namespaces in application inputs, their log_type would be set to application. With this update, the log_type of infrastructure namespaces included in application inputs is set to infrastructure. (LOG-6373)
  • Before this update, the Cluster Logging Operator used a cached client to fetch the SecurityContextConstraint cluster resource, which could result in an error when the cache is invalid. With this update, the Operator now always retrieves data from the API server instead of using a cache. (LOG-6418)
  • Before this update, the logging must-gather did not collect resources such as UIPlugin, ClusterLogForwarder, LogFileMetricExporter, and LokiStack. With this update, the must-gather now collects all of these resources and places them in their respective namespace directory instead of the cluster-logging directory. (LOG-6422)
  • Before this update, the Vector startup script attempted to delete buffer lock files during startup. With this update, the Vector startup script no longer attempts to delete buffer lock files during startup. (LOG-6506)
  • Before this update, the API documentation incorrectly claimed that lokiStack outputs would default the target namespace, which could prevent the collector from writing to that output. With this update, this claim has been removed from the API documentation and the Cluster Logging Operator now validates that a target namespace is present. (LOG-6573)
  • Before this update, the Cluster Logging Operator could deploy the collector with output configurations that were not referenced by any inputs. With this update, a validation check for the ClusterLogForwarder resource prevents the Operator from deploying the collector. (LOG-6585)

1.7.3. CVEs
Copy link

1.8. Logging 6.1.1 Release Notes
Copy link

This release includes Logging for Red Hat OpenShift Bug Fix Release 6.1.1.

1.8.1. New Features and Enhancements
Copy link

  • With this update, the Loki Operator supports configuring the workload identity federation on the Google Cloud Platform (GCP) by using the Cluster Credential Operator (CCO) in Red Hat OpenShift Logging 4.17 or later. (LOG-6420)

1.8.2. Bug Fixes
Copy link

  • Before this update, the collector was discarding longer audit log messages with the following error message: Internal log [Found line that exceeds max_line_bytes; discarding.]. With this update, the discarding of longer audit messages is avoided by increasing the audit configuration thresholds: The maximum line size, max_line_bytes, is 3145728 bytes. The maximum number of bytes read during a read cycle, max_read_bytes, is 262144 bytes. (LOG-6379)
  • Before this update, an input receiver service was repeatedly created and deleted, causing issues with mounting the TLS secrets. With this update, the service is created once and only deleted if it is not defined in the ClusterLogForwarder custom resource. (LOG-6383)
  • Before this update, pipeline validation might have entered an infinite loop if a name was a substring of another name. With this update, stricter name equality checks prevent the infinite loop. (LOG-6405)
  • Before this update, the collector alerting rules included the summary and message fields. With this update, the collector alerting rules include the summary and description fields. (LOG-6407)
  • Before this update, setting up the custom audit inputs in the ClusterLogForwarder custom resource with configured LokiStack output caused errors due to the nil pointer dereference. With this update, the Operator performs the nil checks, preventing such errors. (LOG-6449)
  • Before this update, the ValidLokistackOTLPOutputs condition appeared in the status of the ClusterLogForwarder custom resource even when the output type is not LokiStack. With this update, the ValidLokistackOTLPOutputs condition is removed, and the validation messages for the existing output conditions are corrected. (LOG-6469)
  • Before this update, the collector did not correctly mount the /var/log/oauth-server/ path, which prevented the collection of the audit logs. With this update, the volume mount is added, and the audit logs are collected as expected. (LOG-6484)
  • Before this update, the must-gather script of the Red Hat OpenShift Logging Operator might have failed to gather the LokiStack data. With this update, the must-gather script is fixed, and the LokiStack data is gathered reliably. (LOG-6498)
  • Before this update, the collector did not correctly mount the oauth-apiserver audit log file. As a result, such audit logs were not collected. With this update, the volume mount is correctly mounted, and the logs are collected as expected. (LOG-6533)

1.8.3. CVEs
Copy link

1.9. Logging 6.1.0 Release Notes
Copy link

This release includes Logging for Red Hat OpenShift Bug Fix Release 6.1.0.

1.9.1. New Features and Enhancements
Copy link

1.9.1.1. Log Collection
Copy link

  • This enhancement adds the source iostream to the attributes sent from collected container logs. The value is set to either stdout or stderr based on how the collector received it. (LOG-5292)
  • With this update, the default memory limit for the collector increases from 1024 Mi to 2048 Mi. Users should adjust resource limits based on their cluster’s specific needs and specifications. (LOG-6072)
  • With this update, users can now set the syslog output delivery mode of the ClusterLogForwarder CR to either AtLeastOnce or AtMostOnce. (LOG-6355)

1.9.1.2. Log Storage
Copy link

  • With this update, the new 1x.pico LokiStack size supports clusters with fewer workloads and lower log volumes (up to 50GB/day). (LOG-5939)

1.9.2. Technology Preview
Copy link

Important

The OpenTelemetry Protocol (OTLP) output log forwarder is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

  • With this update, OpenTelemetry logs can now be forwarded using the OTel (OpenTelemetry) data model to a Red Hat Managed LokiStack instance. To enable this feature, add the observability.openshift.io/tech-preview-otlp-output: "enabled" annotation to your ClusterLogForwarder configuration. For additional configuration information, see OTLP Forwarding.
  • With this update, a dataModel field has been added to the lokiStack output specification. Set the dataModel to Otel to configure log forwarding using the OpenTelemetry data format. The default is set to Viaq. For information about data mapping see OTLP Specification.

1.9.3. Bug Fixes
Copy link

None.

1.9.4. CVEs
Copy link

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat