Support for Fluent Bit 3.2.7
Users will now receive Fluent Bit version 3.2.7, which includes fixes for known vulnerabilities. For more details, refer https://fluentbit.io/announcements/.
Security
Previous versions of Fluent Bit in the 3.1 and 3.2 series are affected by two security vulnerabilities if customers use the OpenTelemetry input plugin or Prometheus Remote Write input. The identified vulnerabilities are: CVE-2024-50608, CVE-2024-50609.
By default, New Relic does not include these plugins in our distribution of the Fluent Bit packages in any of the instrumentation packages we provide. However, in order to support customers using these plugins and mitigate any potential impact, we recommend customers to upgrade to the latest available versions of these packages:
Hosts:
- Windows: Infrastructure Agent upgraded to v1.62.0 or later
- Linux: Infrastructure Agent upgraded to v1.62.0 or later
Kubernetes:
- newrelic-logging upgraded to v1.26.1
- nri-bundle upgraded to v5.0.115
Fluent Bit:
- New Relic Fluent Bit Output Docker Image upgraded to v2.3.0
Notes
To stay up to date with the most recent fixes and enhancements, subscribe to our Logs RSS feed.