Skip to content

Latest commit

 

History

History
342 lines (251 loc) · 9.97 KB

release-notes-8.5.asciidoc

File metadata and controls

342 lines (251 loc) · 9.97 KB

Release notes

This section summarizes the changes in each release.

Also see:

  • {kibana-ref}/release-notes.html[{kib} release notes]

  • {beats-ref}/release-notes.html[{beats} release notes]

{fleet} and {agent} 8.5.2

Review important information about the {fleet} and {agent} 8.5.2 release.

Bug fixes

{fleet}

  • Fix known issue with adding {fleet-server} integration on Windows by always using posix paths for zip files #144880 #144899

{fleet-server}

  • Add active: true filter to enrollment key queries to allow {fleet-server} to handle cases where there are more than 10 inactive keys associated with a policy #2029 #2044

{agent}

  • No bug fixes in this release

{fleet} and {agent} 8.5.1

Review important information about the {fleet} and {agent} 8.5.1 release.

Known issues

Unable to add {fleet-server} integration on Windows

Details

We discovered a high severity issue in version 8.5.1 that only affects Windows users in self-managed environments. When you attempt to add a {fleet-server}, {kib} is unable to add the {fleet-server} integration, and the {fleet-server} polices are created without the necessary integration. For more information, see issue #144880.

Impact

This issue will be resolved in version 8.5.2. We advise Windows users not to upgrade to version 8.5.1.

Offline {agent}s fail to unenroll after timeout has expired

Details

A known issue in {fleet-server} 8.5.1 prevents offline agents from being automatically unenrolled after the unenrollment timeout expires.

Impact

Offline agents will be displayed in the {fleet} Agents list until you explicitly force unenroll them. You can do this through the {fleet} UI or by using the API.

To use the API:

  1. Find agent’s ID. Go to {fleet} > Agents and click the agent to see its details. Copy the Agent ID.

  2. In a terminal window, run:

    curl -u <username>:<password> --request POST \
  --url <kibana_url>/api/fleet/agents/<agentID>/unenroll \
  --header 'content-type: application/json' \
  --header 'kbn-xsrf: xx' \
  --data-raw '{"force":true,"revoke":true}' \
  --compressed

    Where <agentID> is the ID you copied in the previous step.

Enhancements

{agent}

  • Improve shutdown logs #1618

Bug fixes

{fleet}

  • Make asset tags space aware #144066

{fleet-server}

  • No bug fixes for this release

{agent}

  • Fix: Windows Agent left unhealthy after removing Endpoint integration #1286

  • Fix how multiple {fleet-server} hosts are handled #1329

  • Beats will now attempt to recover if a lock file has not been removed #33169

{fleet} and {agent} 8.5.0

Review important information about the {fleet} and {agent} 8.5.0 release.

Breaking changes

Breaking changes can prevent your application from optimal operation and performance. Before you upgrade, review the breaking changes, then mitigate the impact to your application.

{fleet-server} and {agent} now reject certificates signed with SHA-1

Details
With the upgrade to Go 1.18, {fleet-server} now rejects certificates signed with SHA-1. For more information, refer to the Go 1.18 release notes.

Impact
Do not sign certificates with SHA-1. If you are using old certificates signed with SHA-1, update them now.

New features

The 8.5.0 release adds the following new and notable features.

{fleet}

  • Add agent activity flyout #140510

  • Add a new event toggle to capture terminal output in endpoint #139421

  • Make batch actions asynchronous #138870

  • Add ability to tag integration assets #137184

  • Add support for input-only packages #140035

{fleet-server}

  • Log redacted config when config updates #1626 #1671

{agent}

  • Add lumberjack input type to the {filebeat} spec #959

  • Add support for hints-based autodiscovery in Kubernetes provider #698

  • Improve logging during upgrades #1287

Enhancements

{fleet}

  • Add toggle for experimental synthetic _source support in {fleet} data streams #140132

  • Enhance the package policy API to create or update a package policy API with a simplified way to define inputs #139420

  • Support new subscription and license fields #137799

{agent}

  • Improve logging of {fleet} check-in errors and only report the local state as degraded after two consecutive failed check-ins #1154 #1477

Bug fixes

{fleet}

  • Refresh search results when clearing category filter #142853

  • Respect default_field: false when generating index settings #142277

  • Fix repeated debug logs when bundled package directory does not exist #141660

{fleet-server}

  • Fix a race condition between the unenroller goroutine and the main goroutine for the coordinator monitor #1738

  • Remove events from agent check-in body #1774

  • Improve authc debug logging #1870

  • Add error detail to catch-all HTTP error response #1854

  • Fix issue where errors were ignored when written to {es} #1896

  • Update apikey.cache_hit log field name to match convention #1900

  • Custom server limits are no longer ignored when default limits are loaded #1841 #1912

  • Use separate rate limiters for internal and external API listeners to prevent {fleet-server} from shutting down under load #1859 #1904

  • Fix fleet.migration.total log key overlap #1951

{agent}

  • Fix a panic caused by a race condition when installing the {agent} #806 #823

  • Use the {agent} configuration directory as the root of the inputs.d folder #663 #840

  • Fix unintended reset of source URI when downloading components #1252

  • Create separate status reporter for local-only events so that degraded {fleet} check-ins no longer affect health of successful {fleet} check-ins #1157 #1285

  • Add success log message after previous check-in failures #1327

  • Fix docker provider add_fields processors #1420

  • Fix admin permission check on localized windows #1552