RHBA-2021:3393 - Bug Fix Advisory

Topic

Openshift Logging Bug Fix Release (5.2.0)

Description

Openshift Logging Bug Fix Release (5.2.0)

Solution

For important instructions on how to upgrade your cluster and fully apply this errata update, see the following documentation, which will be updated shortly for this release:

https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-release-notes.html

For Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:

https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html

Affected Products

• Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64

Fixes

• LOG-1130 - [1927249] fieldmanager.go:186] [SHOULD NOT HAPPEN] failed to update managedFields...duplicate entries for key [name="POLICY_MAPPING"]
• LOG-1271 - Logs Produced Line Chart does not display podname and namespace labels
• LOG-1273 - The index management job status is always `Completed` even when there has an error in the job log.
• LOG-1385 - APIRemovedInNextReleaseInUse alert for priorityclasses
• LOG-1420 - Operators missing disconnected annotation
• LOG-1440 - BZ1966561 - OLM bug workaround for workload partitioning (PR#1042)
• LOG-1499 - [release-5.2] Error "com.fasterxml.jackson.core.JsonParseException: Invalid UTF-8 start byte 0x92" in Elasticsearch/Fluentd logs
• LOG-1567 - Use correct variable for nextIndex
• LOG-1446 - kibana-proxy CrashLoopBackoff with error Invalid configuration cookie_secret must be 16, 24, or 32 bytes to create an AES cipher
• LOG-1625 - ds/fluentd is not created due to: "system:serviceaccount:openshift-logging:cluster-logging-operator" cannot create resource "securitycontextconstraints" in API group "security.openshift.io" at the cluster scope"
• LOG-1071 - fluentd configuration posting all messages to its own log
• LOG-1276 - Update Elasticsearch/kibana to use opendistro security plugin 2.10.5.1
• LOG-1353 - No datapoints found on top 10 containers dashboard
• LOG-1411 - Underestimate queued_chunks_limit_size value with chunkLimitSize and totalLimitSize tuning parameters
• LOG-1558 - Update OD security dependency to resolve kibana index migration issue
• LOG-1570 - Bug 1981579: Fix built-in application behavior to collect all of logs
• LOG-1590 - Vendored viaq/logerr dependency is missing a license file
• LOG-1623 - Metric`log_collected_bytes_total` is not exposed
• LOG-1624 - Index management cronjobs are using wrong image in CSV/elasticsearch-operator.5.2.0-1
• LOG-1647 - Fluentd pods raise error `Prometheus::Client::LabelSetValidator::InvalidLabelSetError` when forward logs to external logStore
• LOG-1657 - Index management jobs failing with error while attemping to determine the active write alias no permissions
• LOG-1681 - Fluentd pod metric not able to scrape , Fluentd target down
• LOG-1683 - Loki output not present in CLO CRD
• LOG-1702 - Entry out of order when forward logs to loki
• LOG-1589 - There are lots of dockercfg secrets and service-account-token secrets for ES and Kibana in openshift-logging namespace after deploying EFK pods.
• LOG-1714 - Memory/CPU spike issues seen with Logging 5.2 on Power
• LOG-1722 - The value of card `Total Namespace Count` in Logging/Elasticsearch dashboard is not correct.
• LOG-1723 - In fluentd config, flush_interval can't be set with flush_mode=immediate

CVEs

• CVE-2021-22922
• CVE-2021-22923
• CVE-2021-22924
• CVE-2021-32740
• CVE-2021-36222
• CVE-2021-37750

References

• null