v.4.13.1 Release (Coming Soon)

PRODUCTDATERELEASEADDITIONAL RESOURCES
Edge2025-08-13MaintenanceKnown Issues, Cribl Stream Release Notes

The following draft provides early access to release notes for the upcoming Cribl Suite product release. Features or functionality presented are not considered binding commitments and are subject to change at the discretion of Cribl at any time for any reason without notice. This information should not be relied upon in making purchasing decisions.

Cribl Edge 4.13.1 delivers crucial operational improvements, enhanced stability, and important bug fixes.

Important Changes

Action Required: End of Support Notice for AWS SDK v2

AWS will end support for its AWS SDK for JavaScript v2 on September 8, 2025. Cribl AWS Sources and Destinations use this SDK. To ensure uninterrupted operation and compatibility, we have updated our SDK to v3 in this Cribl release and will completely remove the v2 SDK in September 2025.

What you need to do: Based on AWS’s public communications, Cribl does not expect any AWS functionality to break for customers still using the v2 SDK. To ensure your software supply chain contains only fully supported components, upgrade your Cribl deployment to version 4.13.1 or higher.

New Features

This release provides the following improvements:

Transfer Data Across Connected Environments

Who doesn’t love free data transfers? Now, you can send data between Connected Environments (a self-managed Cribl Edge instance and a Cloud environment) without incurring double ingest charges. To learn more about this feature, see Transfer Data Between Workspaces or Environments.

Sources and Destinations

  • The Confluent Cloud and Kafka Sources and Destinations now support JSON schema types for message encoding and decoding via the Confluent Schema Registry. A new Schema type setting allows you to select either Avro or JSON for event serialization.

  • The Grafana and Loki Sources and Destinations now support structured metadata for logs. Toggle on the new Enable structured metadata setting to add string key-value pairs from the internal __structuredMetadata field, allowing you to enrich events with high-cardinality context (like trace IDs) without inflating label sets.

  • The Loki Destination now supports dynamic HTTP headers. The Destination inspects each event for a __headers object and batches events with identical __headers values, sending them in a single HTTP request. This allows for per-event custom headers, supporting use cases like multi-tenant routing and dynamic authentication.

Corrections

This release contains the following bug fixes:

Cribl Edge Exclusive Fixes

IDDescription
CRIBL-30293
We fixed an issue where upgrading Cribl Edge on Windows via the MSI installer did not allow disabling TLS.

Operational Fixes

IDDescription
CRIBL-33815
Fixed an issue where sorting Packs by Display Name in the UI did not work as expected. Packs now sort correctly by Display Name.
CRIBL-33362Resolved an issue in the Flows chart on the Monitoring page where the pre-processing Pipeline’s bytes metric incorrectly mirrored the last active route’s value. The pre-processing Pipeline now accurately displays the bytes received directly from the Source.
CRIBL-29531Fixed an issue where Syslog Sources configured with only TCP ports or UDP (but not both) did not appear in the Flows chart on the Monitoring page. All Syslog Source configurations now correctly display in the graph, providing a complete view of your data flows.
CRIBL-30721Fixed a UI issue in the Parser Function where the Destination field option was missing for Regex and Grok types. The Destination field is now consistently available for all Parser Function data types.
CRIBL-33597Fixed the confusing UI output in the Event Breaker Preview. The Event Breaker output preview now shows all events that were broken out by the rule, including events that don’t match the filter. Events that don’t match the filter appear with a strike-through them.
CRIBL-32737Fixed a misleading UI issue in the Event Breaker Rules preview where the timestamp highlight disappeared when using a non-local timezone and the %H format. The timestamp now applies correct highlighting, ensuring accurate visual feedback during configuration.

Source and Destination Fixes

IDDescription
CRIBL-30022
Fixed an issue where the File Monitor Source would intermittently mix up the source/headers of events from two CSV files created sequentially.
CRIBL-32559The HTTP Source now completes TLS handshakes when Show originating IP is enabled. Previously, this setting would cause the handshake to fail, preventing secure connections.
CRIBL-33157The Google Security Operations Destination now reliably refreshes its authentication token on all Worker Processes. Previously, some Workers could stop refreshing the token, resulting in expired tokens and loss of data delivery. Affected Workers would repeatedly log “Auth token has expired” without a corresponding “Auth token refreshed” entry.
CRIBL-29523The process_resident_memory_bytes metric for Linux in System Metrics Source now correctly reports the values in bytes instead of pages. This results in larger values, which could affect thresholds, alerts, or visuals in dashboards.

Other Functional Fixes

IDDescription
CRIBL-33595
You can now sort by connection status in Edge Nodes and Workers lists.