"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "UPGRADING.rst" between
graylog-3.3.8.tgz and graylog-4.0.0.tgz

About: Graylog is a fully integrated log management platform for collecting, indexing, and analyzing both structured and unstructured data from almost any source (builds on MongoDB database and Elasticsearch search engine). Server instance (Compiled Jar).

UPGRADING.rst  (graylog-3.3.8.tgz):UPGRADING.rst  (graylog-4.0.0.tgz)
************************** **************************
Upgrading to Graylog 3.3.x Upgrading to Graylog 4.0.x
************************** **************************
.. _upgrade-from-32-to-33: .. _upgrade-from-33-to-40:
Deprecation of cluster stats endpoints
======================================
Starting with v4.0, the cluster stats endpoints are deprecated and will be remov
ed in a future version. Those include:
- '/system/cluster/stats'
- '/system/cluster/stats/elasticsearch'
- '/system/cluster/stats/mongo'
[BREAKING] Fixing certificate validation for LDAP servers used for authenticatio n [BREAKING] Fixing certificate validation for LDAP servers used for authenticatio n
================================================================================ = ================================================================================ =
Prior to v3.3.3, the certificates of LDAP servers which are connected to using a secure connection (SSL or TLS) were not validated, even if the "Allow self-sign ed certificates" option was unchecked. Starting with v3.3.3, certificates are va lidated against the local default keystore. This might introduce a breaking chan ge, depending on your local LDAP settings and the validity of the certificates u sed (if any). Please ensure that all certificates used are valid, their common n ame matches the host part of your configured LDAP server and your local keystore contains all CA/intermediate certs required for validation. Prior to v3.3.3, the certificates of LDAP servers which are connected to using a secure connection (SSL or TLS) were not validated, even if the "Allow self-sign ed certificates" option was unchecked. Starting with v3.3.3, certificates are va lidated against the local default keystore. This might introduce a breaking chan ge, depending on your local LDAP settings and the validity of the certificates u sed (if any). Please ensure that all certificates used are valid, their common n ame matches the host part of your configured LDAP server and your local keystore contains all CA/intermediate certs required for validation.
A `CVE <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15813>`_ is trac ked for this issue. A `CVE <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15813>`_ is trac ked for this issue.
Deprecating legacy Aggregation API endpoints Change of API endpoint for user retrieval and modification
============================================ ==========================================================
This release is marking several endpoints of the legacy (pre 3.2) aggregation AP
I as being deprecated. They will be removed in 4.0. These include:
- `/search/universal/(absolute|relative|keyword)/`
- `terms-histogram`
- `histogram`
- `fieldhistogram`
- `stats`
- `termsstats`
- `terms`
- `/sources`
These endpoints are not being used by the frontend anymore. In general, we try t
o replace very specific endpoints with more general, flexible ones.
Deprecating and removing these endpoints frees development time for new things,
which would otherwise need to be invested in maintaining legacy code.
All of the functionality offered by these endpoints can be implemented by the `V
iews` API in a better way, please consult your local Swagger instance for detail
s.
API Access Token Encryption In 4.0 we changed most of the user API endpoint `/users` to expect user IDs inst
=========================== ead of names.
For improved security, all API access tokens will now be stored encrypted in the Deprecation of API endpoint for unpaginated listing of grok patterns
database. Existing API tokens will automatically be encrypted by a database mig ====================================================================
ration on Graylog server startup.
.. warning:: The token encryption is using the ``password_secret`` value from `` In 3.0 we introduce a new API endpoint to retrieve grok patterns from the backen
graylog.conf`` (or ``/etc/graylog/server/server.conf``) as encryption key. All G d: '/system/grok/paginated' which allows
raylog nodes in the cluster need to have the same value configured for that opti to pass pagination parameters.
on to make sure encryption/decryption works correctly. (if the values differ acr We therefore mark '/system/grok' as deprecated. Users who use this endpoint for
oss your nodes, use the one from the master node for all other nodes) scripting purpose should change
their scripts to the format of the new endpoint, so they only need to to change
the URL when '/system/grok/paginated' will become
'/system/grok'.
Dashboards API Deprecation of API endpoint for unpaginated listing of streams
============== ==============================================================
Since 3.2.0, the legacy dashboards API was still accessible and functional under In 4.0 we introduce a new API endpoint to retrieve streams from the backend: '/s
`/dashboards`, you could create, manipulate and delete legacy dashboards, but t treams/paginated' which allows
his had no effect in the frontend. to pass pagination parameters.
Starting with 3.3.0, the legacy dashboards API will be moved to `/legacy/dashboa We therefore mark '/streams' as deprecated. Users who use this endpoint for scri
rds`. The current dashboards will be accessible through `/dashboards` again. The pting purpose should change
pre-3.2.0 route for the current dashboards (`/views/dashboards`) will redirect their scripts to the format of the new endpoint, so they only need to to change
there as well. the URL when '/streams/paginated' will become
Please note that the format has changed. You can see the new format for dashboar '/streams'.
ds in the API browser.
We are planning to remove the legacy dashboards API and the `/views/dashboards` Deprecation of API endpoint for unpaginated listing of users
redirect in the next major upgrade of Graylog. ==============================================================
Saved Searches API In 4.0 we introduce a new API endpoint to retrieve users from the backend: '/use
================== rs/paginated' which allows
to pass pagination parameters.
We therefore mark '/users' as deprecated. Users who use this endpoint for script
ing purpose should change
their scripts to the format of the new endpoint, so they only need to to change
the URL when '/users/paginated' will become
'/users'.
Since 3.2.0, the legacy saved searches API was still accessible and functional u Removal of legacy Dashboard API
nder `/search/saved`, you could create, manipulate and delete legacy saved searc ===============================
hes, but this had no effect in the frontend.
Starting with 3.3.0, the legacy saved searches API will be moved to `/legacy/sea
rch/saved`. The current saved searches will be accessible through `/search/saved
` again. The pre-3.2.0 route for the current saved searches (`/views/savedSearch
es`) will redirect there as well.
Please note that the format has changed. You can see the new format for saved se
arches in the API browser.
We are planning to remove the legacy saved searches API and the `/views/savedSea Starting with 3.3, the previous Dashboard API was replaced by the views API. The
rches` redirect in the next major upgrade of Graylog. refore it was moved to a ``/legacy`` prefix
and marked for deprecation. Now it is removed altogether.
CSV Export API Removal of legacy Saved Searches API
============== ====================================
For 3.3.0 a new endpoint for creating CSV exports has been added under `/views/s Starting with 3.3, the previous Saved Searches API was replaced by the views API
earch/messages`. . Therefore it was moved to a ``/legacy`` prefix
and marked for deprecation. Now it is removed altogether.
We are planning to remove the older export endpoints in the next major upgrade o Removal of legacy redirects for Dashboards & Saved Search API
f Graylog: =============================================================
- `/search/universal/absolute/export`
- `/search/universal/keyword/export`
- `/search/universal/relative/export`
Notes for plugin authors For 3.3, the pre-views Dashboards & Saved Searches APIs were moved to a ``/legac
======================== y`` prefix. The new APIs were moved to ``/dashboards`` & ``/search/saved`` and l
egacy redirects were created for the previous routes (``/views/dashboards`` & ``
/views/savedSearches``).
Prior to 3.2.0, it was possible to consume a special `OkHttpClient` instance whi ch bypassed the configured proxy. It was consumed by injecting it using the ``@N amed("systemHttpClient")`` annotation. Since the ``http_non_proxy_hosts`` config uration directive exists, which allows configuring hosts which bypass the proxy, it is not required anymore and not used internally either. Therefore it is remo ved. We advise any plugin author aware of the usage of this functionality in the plugin to remove the ``@Named`` annotation so the generic client is used instea d. With 4.0, the legacy redirects (which were marked as being deprecated in 3.3) ar e removed.
Known Bugs and Limitations Disable Cross-Origin Requests by Default
========================== ========================================
* tbd For improved security, Cross-Origin requests towards the API server are now disa
llowed by default.
In the rare case, that your setup is serving the frontend assets from a differen
t
origin than the server, you can reenable this by with ``http_enable_cors = true`
` in ``graylog.conf``.
 End of changes. 19 change blocks. 
74 lines changed or deleted 65 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)