Menu
Enterprise
Version 1.4 release notes
The Grafana Enterprise Logs (GEL) team is excited to announce the release of GEL 1.4.
GEL 1.4 is built off of Loki 2.5.0, so it inherits all the features, enhancements, and bug fixes of the upstream project. Refer to the Loki v2.5 release notes for more information.
Features and enhancements
- GEL 1.4 includes version 3 of the Admin API. It removes the ability to delete tenants, access policies, and tokens via the API. Instead, when users no longer want a tenant, access policy, or token, they are expected to soft delete it by marking it βdisabledβ. Moving to soft deletes allows us to eliminate race conditions and cache invalidation problems that caused unexpected behavior with hard deletes. For more information about the v3 API, refer to Admin API.
Upgrade considerations
- After upgrading to GEL 1.4, we suggest you upgrade your GEL plugin for Grafana Enterprise to version 2.4.0 or a more recent version. This ensures that the plugin uses v3 of the Admin API, and it contains a few other small fixes, all of which are detailed in the plugin Changelog.
Bug fixes
1.4.1 bug fixes
- Revised the YAML configuration option to support the license type option required for switching to AWS Marketplace-based licensing. Not relevant for customers.
1.4.0 bug fixes
- Fixed a bug in which the
commonconfiguration block for setting up a shared cloud storage client also required settingtypewithin the Admin client’s storage block. The Admin client’s type will now be correctly inferred from the parameters in thecommonblock. - Fixed a bug in which a user with a label-based access policy could see label names and label values (but not actual log content) that their access policy did not grant to them. With this bug fix, the GEL label names and label values API endpoints properly enforce to label-based access controls.
- [SECURITY] Fix of enterprise authentication bypass in Grafana Enterprise Logs component “querier”. (CVE-2022-28660)
- When Grafana Enterprise Logs is deployed in microservices mode and enterprise authentication is used (
-auth.type=enterprise), the querier component is not enforcing authentication and can be queried just specifying the tenant ID in the X-Scope-OrgID header, when its HTTP port is exposed. The HTTP port should not be exposed to external traffic.
- When Grafana Enterprise Logs is deployed in microservices mode and enterprise authentication is used (
Was this page helpful?
Related resources from Grafana Labs
60 min
Scaling and securing your logs with Grafana Loki
This webinar covers the challenges of scaling and securing logs, and how Grafana Enterprise Logs powered by Grafana Loki can help, cost-effectively.
60 min
Managing privacy in log data with Grafana Loki
Laws for data privacy are complex and rapidly changing. During this webinar, we will show how Grafana Loki can help organizations meet these requirements.