IMPORTANT: This release contain the fix for CVE-2021-41186 -
ReDoS vulnerability in parser_apache2.
This vulnerability is affected from Fluentd v0.14.14 to v1.14.1.
We recommend to upgrade Fluentd to v1.14.2 or use patched version of
parser_apache2 plugin.
Enhancement
fluent-cat: Add --event-time option to send specified event time for testing.
Bug fix
Fixed to generate correct epoch timestamp even after switching Daylight Saving Time
fluent/fluentd#3524
Fixed ReDoS vulnerability in parser_apache2.
This vulnerability is caused by a certain pattern of a broken apache log.
v1.14.1
Release v1.14.1 - 2021/09/29
Enhancement
in_tail: Added file related metrics.
These metrics should be collected same as fluent-bit's in_tail.
fluent/fluentd#3504
out_forward: Changed to use metrics mechanism for node statistics
fluent/fluentd#3506
Bug fix
in_tail: Fixed a crash bug that it raise undefined method of eof? error.
This error may happen only when read_bytes_limit_per_second was specified.
fluent/fluentd#3500
Fixed a error when using @include directive
It was occurred when http/https scheme URI is used in @include directive with Ruby 3.
fluent/fluentd#3517
out_copy: Fixed to suppress a wrong warning for ignore_if_prev_success
It didn't work even if a user set it.
fluent/fluentd#3515
Fixed not to output nanoseconds field of next retry time in warning log
Then, inappropriate labels in log are also fixed. (retry_time -> retry_times,
next_retry_seconds -> next_retry_time)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/rubrikinc/fluent-plugin-throttle/network/alerts).
Bumps fluentd from 1.11.1 to 1.14.2.
Changelog
Sourced from fluentd's changelog.
... (truncated)
Commits
5126ebav1.14.25482a3dMerge pull request from GHSA-hwhf-64mh-r662db93f4bparser_apache2: Fix too wide matching regexpf10541bMerge pull request #3529 from fluent/drone-update-rubye9ebe22fluent-cat: support to send event time in specified timestamp8f990b8test: use more appropriate path for windows8a66ba0Merge pull request #3533 from fluent/issue-template-render-configurationfb57d36Issue Template: Use code block forYour Configurationentryc3d8cfdDrone CI: Update to Ruby 3.0 and 2.7264a147Merge pull request #3524 from fluent/issue3195Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/rubrikinc/fluent-plugin-throttle/network/alerts).