All news with #fluent bit tag

Fluent Bit Bugs Could Enable Complete Cloud Takeover

⚠️ Fluent Bit, a widely deployed log-processing agent used across containers, Kubernetes DaemonSets, and major cloud platforms, contains multiple critical vulnerabilities that can enable authentication bypass, arbitrary file writes, and full agent takeover. Oligo Security, in cooperation with AWS, disclosed five severe flaws impacting in_forward authentication and the tag-handling logic, plus path traversal and buffer-overflow defects. The project has released patches in v4.1.1 and v4.0.12; operators should update and validate configurations immediately to prevent log tampering, telemetry rerouting, and potential remote code execution.

Fluent Bit Vulnerabilities Threaten Cloud and Kubernetes

⚠️ Researchers disclosed five vulnerabilities in Fluent Bit, the open-source telemetry agent, that can be chained to bypass authentication, write or overwrite files, execute code, corrupt logs, and cause denial-of-service conditions. CERT/CC noted many issues require network access, and fixes were released in Fluent Bit 4.1.1 and 4.0.12 with AWS participating in coordinated disclosure. Operators are urged to update immediately and apply mitigations such as avoiding dynamic tags, mounting configs read-only, and running the agent as a non-root user.

Critical Fluent Bit Vulnerabilities Expose Telemetry Risk

⚠️ Fluent Bit, a widely deployed telemetry agent, has multiple critical vulnerabilities disclosed by Oligo Security affecting inputs, tag processing and output handling. Patches are available in Fluent Bit v4.1.1 and v4.0.12 released in early October 2025; older releases remain at risk. Operators are advised to update immediately, avoid dynamic tags, lock down output file parameters, run with least privilege and mount configuration directories read-only to reduce exposure.

AWS for Fluent Bit 3.0.0: Based on Fluent Bit 4.1.0

🚀 AWS for Fluent Bit 3.0.0, based on Fluent Bit 4.1.0 and Amazon Linux 2023, delivers faster, more secure container logging for Amazon ECS and Amazon EKS. It adds native OpenTelemetry (OTel) support for OTLP logs, metrics, and traces with SigV4 authentication and faster JSON parsing for higher throughput and lower latency. TLS minimum version and cipher controls enforce stronger output security. The image is available in the Amazon ECR Public Gallery and Amazon ECR, and source code and guidance are provided on GitHub.

AWS for Fluent Bit 3.0.0 Released with Fluent Bit 4.1.1

🚀 AWS for Fluent Bit 3.0.0, based on Fluent Bit 4.1.1 and built on Amazon Linux 2023, is now available for Amazon ECS and Amazon EKS customers. The release introduces native OpenTelemetry (OTel) support to ingest and forward OTLP logs, metrics, and traces with AWS SigV4 authentication, removing the need for additional sidecars. It delivers faster JSON parsing and higher log throughput per vCPU with lower latency, plus configurable TLS minimum versions and cipher controls to strengthen output security. Upgrade by pulling the 3.0.0 image from the Amazon ECR Public Gallery, updating your ECS FireLens task definition, or updating the DaemonSet/Helm release on EKS.