v.4.13.1 Release (Coming Soon)
PRODUCT | DATE | RELEASE | ADDITIONAL RESOURCES |
---|---|---|---|
Stream | 2025-08-13 | Maintenance | Known Issues, Cribl Edge Release Notes |
The following draft provides early access to release notes for the upcoming Cribl Suite product release. Features or functionality presented are not considered binding commitments and are subject to change at the discretion of Cribl at any time for any reason without notice. This information should not be relied upon in making purchasing decisions.
Cribl Stream 4.13.1 delivers crucial operational improvements, enhanced stability, and important bug fixes.
Important Changes
Action Required: End of Support Notice for AWS SDK v2
AWS will end support for its AWS SDK for JavaScript v2 on September 8, 2025. Cribl AWS Sources and Destinations use this SDK. To ensure uninterrupted operation and compatibility, we have updated our SDK to v3 in this Cribl release and will completely remove the v2 SDK in September 2025.
What you need to do: Based on AWS’s public communications, Cribl does not expect any AWS functionality to break for customers still using the v2 SDK. To ensure your software supply chain contains only fully supported components, upgrade your Cribl deployment to version 4.13.1 or higher.
New Features
This release provides the following improvements:
Transfer Data Across Connected Environments
Who doesn’t love free data transfers? Now, you can send data between Connected Environments (a self-managed Cribl Stream instance and a Cloud environment) without incurring double ingest charges. To learn more about this feature, see Transfer Data Between Workspaces or Environments.
Sources and Destinations
The Confluent Cloud and Kafka Sources and Destinations now support JSON schema types for message encoding and decoding via the Confluent Schema Registry. A new Schema type setting allows you to select either
Avro
orJSON
for event serialization.The Grafana and Loki Sources and Destinations now support structured metadata for logs. Toggle on the new Enable structured metadata setting to add string key-value pairs from the internal
__structuredMetadata
field, allowing you to enrich events with high-cardinality context (like trace IDs) without inflating label sets.The Loki Destination now supports dynamic HTTP headers. The Destination inspects each event for a
__headers
object and batches events with identical__headers
values, sending them in a single HTTP request. This allows for per-event custom headers, supporting use cases like multi-tenant routing and dynamic authentication.The Google Cloud Pub/Sub Source now supports monitoring existing subscriptions using only the subscription ID. Enable the new Monitor subscription for new messages toggle when only subscription-level access is available.
Corrections
This release contains the following bug fixes:
Operational Fixes
ID | Description |
---|---|
CRIBL-33815 | Fixed an issue where sorting Packs by Display Name in the UI did not work as expected. Packs now sort correctly by Display Name. |
CRIBL-33362 | Resolved an issue in the Flows chart on the Monitoring page where the pre-processing Pipeline’s bytes metric incorrectly mirrored the last active route’s value. The pre-processing Pipeline now accurately displays the bytes received directly from the Source. |
CRIBL-29531 | Fixed an issue where Syslog Sources configured with only TCP ports or UDP (but not both) did not appear in the Flows chart on the Monitoring page. All Syslog Source configurations now correctly display in the graph, providing a complete view of your data flows. |
CRIBL-30721 | Fixed a UI issue in the Parser Function where the Destination field option was missing for Regex and Grok types. The Destination field is now consistently available for all Parser Function data types. |
CRIBL-33597 | Fixed the confusing UI output in the Event Breaker Preview. The Event Breaker output preview now shows all events that were broken out by the rule, including events that don’t match the filter. Events that don’t match the filter appear with a strike-through them. |
CRIBL-32737 | Fixed a misleading UI issue in the Event Breaker Rules preview where the timestamp highlight disappeared when using a non-local timezone and the %H format. The timestamp now applies correct highlighting, ensuring accurate visual feedback during configuration. |
Source and Destination Fixes
ID | Description |
---|---|
CRIBL-30022 | Fixed an issue where the File Monitor Source would intermittently mix up the source/headers of events from two CSV files created sequentially. |
CRIBL-32559 | The HTTP Source now completes TLS handshakes when Show originating IP is enabled. Previously, this setting would cause the handshake to fail, preventing secure connections. |
CRIBL-33157 | The Google Security Operations Destination now reliably refreshes its authentication token on all Worker Processes. Previously, some Workers could stop refreshing the token, resulting in expired tokens and loss of data delivery. Affected Workers would repeatedly log “Auth token has expired” without a corresponding “Auth token refreshed” entry. |
CRIBL-32338 | Collector configuration pages now include default regex filter expressions based on the Collector ID, to help reduce errors in Route filters. |
CRIBL-34334 | We fixed an issue where some events were excluded from the Preview results when the preview included a collection job that finished quickly. |
CRIBL-34053 | Amazon CloudWatch Logs Destination now correctly handles Worker Node restarts when configured with a static log stream name. Previously, after upgrading to version 4.13, Worker Nodes would attempt to create the same log stream on startup, triggering a ResourceAlreadyExistsException error with the message “The specified log stream already exists,” causing data delivery failures. |
CRIBL-32751 | The Google Cloud Pub/Sub Source now handles invalid or empty Topic ID configurations. Previously, this caused the Source to repeatedly attempt connections, leak sockets, and generate repeated Error listing topic permissions messages in logs. |
CRIBL-33471 | Azure Blob Sources and Destinations now support authentication with Client secret or Certificate when an HTTP proxy is configured. |
CRIBL-33117 | The REST Collector now correctly honors the Reject unauthorized certificates setting when a proxy is configured with a NO_PROXY list. |
Other Functional Fixes
ID | Description |
---|---|
CRIBL-33595 | You can now sort by connection status in Edge Nodes and Workers lists. |
CRIBL-33511 | We fixed a problem in which a user with the User Worker Group permission and the Editor Project permission could not copy a Pipeline. |