Changelog for version 5.8.10#
Released 15 January 2026#
Gravwell#
Attention
This release contains a high priority bug fix for a security violation where the Go Flow node script could access and perform dangerous ioctl functions when the searchagent is run as root.
Additions#
Added the ability to resize the query editor or open it in a modal for the Go and JavaScript Flow nodes.
Added a global config option to set a default
Ageout-Timefor wells that do not set their own.
Bug Fixes#
Fixed the default formatters for objects in the payload coming from Alerts.
Fixed an issue where incorrect bounds checking for enumerated arrays could cause queries to fail.
Fixed an issue with a caching deadlock for the Kit APIs.
Fixed an issue with retrieving assets that were shared with Write access when trying to resolve the “most appropriate” asset by GUID.
Fixed an issue where the Persistent Search Expiration for an Alert could not be edited without first refreshing the page or re-enabling search retention.
Fixed an issue where a user would see a blank read-only Alerts form instead of a Not Found message when attempting to access an Alert they did not have permission to access.
Fixed an issue where modals from Flow nodes were not visible in full screen mode.
Removed the ioctl package and tightened searchagent security for the Go Flow node.
Ingester Changes#
Additions#
Added an Attach Preprocessor to attch intrinsic values to entries per processor.
Added a Regex Drop Preprocessor to drop or pass entry data based on a regular expression.
Added
Attach-Metadataconfig option to the S3 ingester to allow setting thebucketandkeyas intrinsic enumerated values.
General/Miscellaneous#
The webserver health check API now takes into account the health of indexers and replication. If the webserver is not able to fully service a search, it will now respond with a 500 on that API.