Skip to main content

Version 19.500-2

icon

In this release, we've enhanced the security and stability of the Collector with added support for security patches and bug fixes.

Security Fixes

  • Upgraded collector JRE to Amazon Corretto Version 8.412.08.1.
  • Upgraded Install4j to version 10 for macOS.
  • Upgraded com.tanuki:wrapper to version 3.5.56.
  • Upgraded org.apache.commons:commons-configuration2 to version 2.11.0 to address known security vulnerabilities (CVE-2024-29133 and CVE-2024-29131).
  • Upgraded org.bouncycastle:bc-fips to version 1.2.5.0 to address known security vulnerabilities (CVE-2024-29857).
  • Upgraded org.apache.commons:commons-compress to version 1.26.1 to address known security vulnerabilities (CVE-2024-26308 and CVE-2024-25710).
  • Upgraded org.bouncycastle:bctls-fips to version 1.0.19 to address known security vulnerabilities (CVE-2024-30171).
  • Upgraded org.bouncycastle:bcpkix-jdk18on to version 1.78 to address known security vulnerabilities (CVE-2024-30172, CVE-2024-30171, and CVE-2024-29857).
  • Known issues when upgrading to this version:
    • Collector running as non-root user. Collector running as non-root user (run as mode) cannot be upgraded through the API/Web UI. It display an error message indicating that the upgrade is not possible. The upgrade must be performed manually on your machine. Follow the steps to upgrade manually.
    • Collector running on Mac. Collector running on a Mac operating system cannot be upgraded through the API/Web UI. The process will stop, and the collector will need to be restarted manually on your machine if upgraded using API or Web UI. Use the below code to manually restart.
      sudo ./collector start

Bug Fix

  • Fixed the collector start issue by cleaning the temporary files on Windows.
  • Fixed the issue with starting the collector on Linux RHEL OS (version 8.3 and above) with OS-level FIPS mode enabled.
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.