RHBA-2021:2112 - Bug Fix Advisory

Topic

Openshift Logging Bug Fix Release (5.1.0)

Description

Openshift Logging Bug Fix Release (5.1.0)

Solution

For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:

https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

For Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:

https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html

Affected Products

• Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64

Fixes

• LOG-1125 - [1915448] Collector blocked pushing logs to internal storage because of global proxy settings
• LOG-1183 - Fix EO upgrade tests for 5.x
• LOG-1200 - Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"
• LOG-1201 - CLO does not handle 0d retention policy well
• LOG-1205 - CLO resets ES's node status preventing the cluster to be redeployed
• LOG-1209 - Using legacy Log Forwarding is not sending logs to the internal Elasticsearch
• LOG-1222 - ClusterLogForwarder namespace-specific log forwarding does not work as expected
• LOG-1230 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs.
• LOG-1255 - Logging 5.1 - Elasticsearch-operator can not start due to resource limitation
• LOG-1097 - Ensure current alerts are marked with appropriate severity
• LOG-1098 - Ensure Critical alerts have complete playbook entries
• LOG-1100 - Create warning alerts to prevent users from reaching disk watermark thresholds
• LOG-1148 - Stop mangling JSON records for non-elasticsearch outputs
• LOG-1153 - Create rollover/delete policies for json indices
• LOG-1157 - Implement the JSON forwarding proposal
• LOG-1160 - Create events for cert generation
• LOG-1161 - Create events for bad ClusterLogForwarder status
• LOG-1186 - Add keepalive option for fluent forward config
• LOG-1214 - Make the Logging 5.1 pipeline ready
• LOG-1217 - Merge to master
• LOG-1223 - Release 5.1
• LOG-1231 - 5.1 - Sometimes the eventrouter couldn't gather event logs
• LOG-1298 - 5.1 Fix
• LOG-1327 - Port fix to 5.1 for BZ-1945168
• LOG-1338 - LogForwarder YAML does not show input selector after creation
• LOG-1351 - [Logging 5.1]EO shouldn't try to upgrade ES cluster after adding/removing storage.
• LOG-1355 - No default output configuration in Clusterlogforwarders.logging.openshift.io
• LOG-1386 - Intermittent failure in JSON parsing tests.
• LOG-1387 - The structured index can not be managed by index management cronjob
• LOG-1388 - project user can not list his structuredIndex in kabana
• LOG-1393 - Seeing "ElasticsearchSecurityException" while doing minimal stress testing
• LOG-1400 - elasticsearch output should add app- prefix to index names.
• LOG-1401 - eventrouter raising "Observed a panic: &runtime.TypeAssertionError"
• LOG-1408 - APIRemovedInNextReleaseInUse alert for priorityclasses
• LOG-1419 - Minimal Operator changes to support PE recommended best bractices
• LOG-1421 - Update channels to OLM conventions
• LOG-1449 - kibana-proxy CrashLoopBackoff with error Invalid configuration cookie_secret must be 16, 24, or 32 bytes to create an AES cipher
• LOG-1450 - [1927249] fieldmanager.go:186] [SHOULD NOT HAPPEN] failed to update managedFields...duplicate entries for key [name="POLICY_MAPPING"]
• LOG-1458 - Operators missing disconnected annotation
• LOG-1460 - The index management job status is always `Completed` even when there has an error in the job log.
• LOG-1486 - The spec in crd should renamed to StructuredType following the pull/1039
• LOG-1517 - [release-5.1] OLM bug workaround for workload partitioning (PR#1042)
• LOG-1536 - Full Cluster Cert Redeploy is broken when the ES clusters includes non-data nodes
• LOG-785 - Allow storing and querying of structured logs (JSON)
• LOG-883 - Expose ability to forward logs only from specific pods via a label selector inside the Log Forwarding API.
• LOG-1571 - Bug 1981579: Fix built-in application behavior to collect all of logs

CVEs

• CVE-2016-10228
• CVE-2017-14502
• CVE-2018-25011
• CVE-2019-2708
• CVE-2019-9169
• CVE-2019-25013
• CVE-2020-8231
• CVE-2020-8284
• CVE-2020-8285
• CVE-2020-8286
• CVE-2020-8927
• CVE-2020-10543
• CVE-2020-10878
• CVE-2020-13434
• CVE-2020-14344
• CVE-2020-14345
• CVE-2020-14346
• CVE-2020-14347
• CVE-2020-14360
• CVE-2020-14361
• CVE-2020-14362
• CVE-2020-14363
• CVE-2020-15358
• CVE-2020-25712
• CVE-2020-26116
• CVE-2020-26137
• CVE-2020-26541
• CVE-2020-27618
• CVE-2020-27619
• CVE-2020-28196
• CVE-2020-29361
• CVE-2020-29362
• CVE-2020-29363
• CVE-2020-36328
• CVE-2020-36329
• CVE-2021-3177
• CVE-2021-3326
• CVE-2021-3516
• CVE-2021-3517
• CVE-2021-3518
• CVE-2021-3520
• CVE-2021-3537
• CVE-2021-3541
• CVE-2021-20271
• CVE-2021-23336
• CVE-2021-27219
• CVE-2021-33034

References

• null