- Fix: restore logic to add the Bouncy-Castle security provider at runtime #181
- required to properly read encrypted (legacy) OpenSSL PKCS#5v1.5 keys
- Added ECS Compatibility Mode #165
- When operating in an ECS Compatibility mode, metadata about the connection on which we are receiving data is nested in well-named fields under
[@metadata][input][tcp]instead of at the root level.
- When operating in an ECS Compatibility mode, metadata about the connection on which we are receiving data is nested in well-named fields under
- Fix: source address is no longer missing when a proxy is present
- Changed jar dependencies to reflect newer versions #179
- Feat: improve SSL error logging/unwrapping #178
- Fix: the plugin will no longer have a side effect of adding the Bouncy-Castle security provider at runtime
- bumping dependency commons-io #174
- [DOC] Reorder options alphabetically #171
- [DOC] better description for
tcp_keep_aliveoption #169
- Fix: reduce error logging (to info level) on connection resets #168
- Refactor: only patch Socket classes once (on first input)
- Refactor: use a proper log4j logger (in Java to avoid surprises when unwrapping
LogStash::Logging::Logger)
- Updated Netty dependencies. Additionally, this release removes the dependency on
tcnative+boringssl, using JVM supplied ciphers instead. This may result in fewer ciphers being available if the JCE unlimited strength jurisdiction policy is not installed. (This policy is installed by default on versions of the JDK from u161 onwards)#157
- Fix potential startup crash that could occur when multiple instances of this plugin were started simultaneously #155
- Refactor: scope java_import to avoid polluting #152
- Skip empty lines while reading certificate files #144
- Fixed race condition where data would be accepted before queue was configured
- Support multiple certificates per file #140
- Removed obsolete
data_timeoutandssl_cacertoptions
- Added support for pkcs1 and pkcs8 key formats #122
- Changed server-mode SSL to run on top of Netty #122
- Changed travis testing infra to use logstash tarballs #122
- Fixed certificate chain handling and validation #124
- Added new configuration option
dns_reverse_lookup_enabledto allow users to disable costly DNS reverse lookups #100
- New configuration option to set TCP keep-alive #16
- Reorder shut down of the two event loops to prevent RejectedExecutionException
- Fix broken 5.0.6 release
- Docs: Set the default_codec doc attribute.
- Restore SSLSUBJECT field when ssl_verify is enabled. #115
- Update Netty/tc-native versions to match those in beats input #113
- Fix bug where codec was not flushed when client disconnected
- Restore INFO logging statement on startup
- Fixed typo in @metadata tag
- Update gemspec summary
- Fix bug where this input would crash logstash during some socket reads when acting as an SSL server
- Fix some documentation issues
- Changed the behaviour of the
hostfield to contain the resolved peer hostname for a connection instead of its peer IP - Mark deprecated :data_timeout and :ssl_cacert options as obsolete
and moved the peer's IP to the new field
ip_address
- Fixed regression causing incoming connection host ips being accidentally resolved to hostnames
- Implemented plain socket server in a non-blocking way improving performance and fixing issues for use cases with a large number of concurrent connections
- Version yanked from RubyGems for accidental behaviour change causing unwanted reverse lookups on connections
- Version yanked from RubyGems for packaging issues
- Add documentation for how to use tcp input to accept log4j2 data.
- Add support for proxy protocol
- Relax constraint on logstash-core-plugin-api to >= 1.60 <= 2.99
- Change the log level of the SSLError for the handshake from error to debug #53
- Republish all the gems under jruby.
- Update the plugin to the version 2.0 of the plugin api, this change is required for Logstash 5.0 compatibility. See elastic/logstash#5141
- Fixed a bug where using a certificate with a passphrase wouldn't work.
- Depend on logstash-core-plugin-api instead of logstash-core, removing the need to mass update plugins on major releases of logstash
- New dependency requirements for logstash-core for the 5.0 release
- Fixed a bug where previous connection would accidentally be closed when accepting new socket connection
- Fixed an issue with log message which used a closed socket's peer address
- properly convert sslsubject to string before assigning to event field, added specs, see #38
- Deprecate ssl_cacert as it's confusing, does it job but when willing to add a chain of certificated the name and behaviour is a bit confusing.
- Add ssl_extra_chain_certs that allows you to specify a list of certificates path that will be added to the CAStore.
- Make ssl_verify=true as a default value, if using ssl and performing validation is not reasonable as security might be compromised.
- Add tests to verify behaviour under different SSL connection circumstances.
- Fixes #3 and #9.
- Added the receiving port in the event payload, fixes #4
- Fixed malformed SSL crashing Logstash, see #25
- Dependency on logstash-core update to >= 2.0.0.beta2 < 3.0.0
- removed usage of RSpec.configure, see #21
- refactored & cleaned up plugin structure, see #18
- Plugins were updated to follow the new shutdown semantic, this mainly allows Logstash to instruct input plugins to terminate gracefully, instead of using Thread.raise on the plugins' threads. Ref: elastic/logstash#3895
- Dependency on logstash-core update to 2.0