Release notes on Grafana Labs

Version 1.9 release notes

Tue, 22 Apr 2025 22:42:59 +0000

Version 1.9 release notes

The Grafana Enterprise Logs (GEL) team is excited to announce the release of GEL 1.9.

GEL 1.9 is built off of Loki 2.9, so it inherits all the features, enhancements, and bug fixes of the upstream project. Refer to the Loki v2.9 release notes for more information.

For the full list of features, enhancements and bug fixes in GEL 1.8, please see the Changelog.

Features and enhancements

1.9.1 Features and enhancements

Updated Loki dependency to v2.9.12 (#3344).
Dependencies updates and CVE fixes (#3160)

1.9.0 Features and enhancements

Updated Loki dependency to v2.9.14.
ingester: Add a configurable backoff to flush operations in the ingester. This is to prevent situations where the store put operation fails fast (for example, 401 Unauthorized) and can cause ingesters to be rate limited. (#13275).
Enhanced GEL usage statistics for more accurate reporting.

Upgrade Considerations

Caution
Out of an abundance of caution, we advise that users with Loki or Grafana Enterprise Logs (GEL) deployments on AWS upgrade their Helm charts or change the names of their buckets, as outlined in the solutions and mitigations section of this blog post.

Bug fixes

1.9.2 bug fixes (2025-04-15)

deps: Bump Go and gojose.
deps: CVE updates for GEL 1.9.2.

1.9.1 bug fixes (2025-02-14)

deps: CVE updates for GEL 1.9.1.

1.9.0 bug fixes (2024-07-10)

Bump image to backport Loki fixes to GEL 1.9 branch.

Version 1.8 release notes

Thu, 01 Aug 2024 20:40:44 +0000

Version 1.8 release notes

The Grafana Enterprise Logs (GEL) team is excited to announce the release of GEL 1.8.

GEL 1.8 is built off of Loki 2.9, so it inherits all the features, enhancements, and bug fixes of the upstream project. Refer to the Loki v2.9 release notes for more information.

For the full list of features, enhancements and bug fixes in GEL 1.8, please see the Changelog.

Features and enhancements

1.8.7 Features and enhancements

Updated Loki dependency to v2.9.5.

1.8.6 Features and enhancements

Updated Loki dependency to v2.9.4.

1.8.5 Features and enhancements

Updated Loki dependency to v2.9.3.

1.8.4 Features and enhancements

Updated Loki dependency to v2.9.2.

1.8.0 Features and enhancements

Updated Loki dependency to 2.9.0.

Upgrade Considerations

Caution
Out of an abundance of caution, we advise that users with Loki or Grafana Enterprise Logs (GEL) deployments on AWS upgrade their Helm charts or change the names of their buckets, as outlined in the solutions and mitigations section of this blog post.

Bug fixes

1.8.7 bug fixes

Bump image and go deps to fix known CVEs.

1.8.6 bug fixes

Upgrade to Loki v2.9.4.
Security fixes for CVE-2023-48795 by upgrading golang.org/x/crypto.

1.8.5 bug fixes

Upgrade Loki to v2.9.3, upgrade otelhttp to 0.44.0, and upgrade base alpine image from 3.18.3 -> 3.18.5 to fix a few CVES (CVE-2023-45142, CVE-2022-21698, CVE-2023-5363).

1.8.4 bug fixes

Updated Loki dependency to 2.9.2.
Fix bug in cache of the index object client in Loki.
Update grpc-go library to 1.57.2-dev that includes a fix for a bug introduced in 1.57.1.

1.8.3 security fixes

Security fixes for CVE-2023-39325, CVE-2023-44487.

Upgrade to go 1.21.3.
Upgrade google.golang.org/grpc to v1.58.3.
Upgrade golang.org/x/net to v0.17.0.

1.8.1 bug fixes

Updated Alpine image version from 3.18.2 to 3.18.3.

V1.7

Mon, 14 Apr 2025 21:05:47 +0000

Version 1.7 release notes

The Grafana Enterprise Logs (GEL) team is excited to announce the release of GEL 1.7.

GEL 1.7 is built off of Loki 2.8, so it inherits all the features, enhancements, and bug fixes of the upstream project. Refer to the Loki v2.8 release notes for more information.

For the full list of features, enhancements and bug fixes in GEL 1.7, please see the Changelog.

Features and enhancements

1.7.6 Features and enhancements

Upgraded Go to 1.20.3
Upgraded golang.org/x/net to inherit fix against rapid stream resets (CVE-2023-39325)

1.7.0 Features and enhancements

Go version updated to 1.20
Updated Loki dependency to 2.8.0
When running in the new 3 target SSD configuration, the Admin API will only run on the backend target.

Bug fixes

1.7.5 bug fixes

Upgraded base docker alpine image from 3.16.7 to 3.18.3

1.7.4 bug fixes

Fix bug in query scheduler query distribution when running in simple scalable mode Loki PR #9471
Upgraded Go version from 1.20.6 to 1.20.8 in Docker images
Upgraded base docker alpine image from 3.16.6 to 3.16.7

1.7.3 bug fixes

Updated libcap version from 2.64-r0 to 2.65-r1 in Docker images
Upgraded Go version from 1.20.4 to 1.20.6 in Docker images

1.7.2 bug fixes

Upgraded to Go 1.20.4 to address security vulnerabilities in previous version of go.
Updated Loki dependency to 2.8.2

1.7.1 bug fixes

Upgraded to Go 1.20.3 to address security vulnerabilities in previous version of go.
Fix the -list-targets command line flag, which was previously advertised in --help but didn’t work.

V1.6

Mon, 14 Apr 2025 21:05:47 +0000

Version 1.6 release notes

The Grafana Enterprise Logs (GEL) team is excited to announce the release of GEL 1.6.

GEL 1.6 is built off of Loki 2.7, so it inherits all the features, enhancements, and bug fixes of the upstream project. Refer to the Loki v2.7 release notes for more information.

For the full list of features, enhancements and bug fixes in GEL 1.6, please see the Changelog.

Features and enhancements

1.6.3 Features and enhancements

Updated Loki dependency to 2.7.5

1.6.2 Features and enhancements

Go version updated to 1.20.1
Alpine version updated to 3.16.4
Updated Loki dependency to 2.7.4

1.6.0 Features and enhancements

Go version updated to 1.19.2
Memberlist config now support cluster label configs to avoid split-brain scenarios
Updated Loki dependency to 2.7.0

Bug fixes

1.6.2 bug fixes

Updated Loki dependency to 2.7.4 to inherit all its bug fixes.

1.6.1 bug fixes

Updated base image of the grafana/enterprise-logs-provisioner Docker image to Alpine 3.16.2
Updated Loki dependency to 2.7.2

1.6.0 bug fixes

Redundant AWS credential validation was removed to fix bug when resolving credentials from IAM role.

V1.5

Mon, 14 Apr 2025 21:05:47 +0000

Version 1.5 release notes

The Grafana Enterprise Logs (GEL) team is excited to announce the release of GEL 1.5.

GEL 1.5 is built off of Loki 2.6.1, so it inherits all the features, enhancements, and bug fixes of the upstream project. Refer to the Loki v2.6 release notes for more information.

For the full list of features, enhancements and bug fixes in GEL 1.5, please see the Changelog.

Features and enhancements

Cross-tenant query federation: GEL 1.5 inherits Loki 2.6’s new cross-tenant query capability, which allows users to query against multiple tenants. This new capability is integrated with GEL’s access control model, which means that any entity trying to execute a cross-tenant query must have logs:read access for all tenants it is requesting to query. For information on how to set up Grafana to execute cross-tenant queries, refer to Create a Grafana data source. For an example query request, refer to the Loki HTTP API reference.
Targeted log line deletion: GEL 1.5 inherits Loki 2.6’s new deletion capabilities, which make it possible to delete specific log lines matching a user-defined query. This new capability is integrated with GEL’s access control model, which means that any entity trying to perform a delete must have logs:delete access to the tenant whose data it is trying to delete. For an example delete request, refer to the Loki HTTP API reference.

Upgrade considerations

Check the upgrade considerations for Loki 2.6. There are no additional GEL-specific upgrade considerations.

Bug fixes

1.5.2 bug fixes

GEL now properly exposes CPU metrics on all components. Previously, GEL only exposed these metrics on its admin-api component.

1.5.1 bug fixes

Fixed a bug that caused all calls to GEL’s Node API to fail with a 404 error.

1.5.0 bug fixes

GEL now returns a generic error message to clients such as the Grafana Agent upon internal errors during authentication. The detailed error message is now written to the GEL logs rather than being returned to the client.
GEL now properly follows the chain of resolving mechanisms for validating AWS credentials. Previously, if a user did not specify their AWS credentials using the access_key and secret_access_key fields in their config.yaml file, GEL would fail to start, rather than checking other possible credential locations (such as environment variables and AIM roles. This fix is only relevant for users who use AWS S3 as their object storage backend for GEL.

V1.4

Mon, 14 Apr 2025 21:05:47 +0000

Version 1.4 release notes

The Grafana Enterprise Logs (GEL) team is excited to announce the release of GEL 1.4.

GEL 1.4 is built off of Loki 2.5.0, so it inherits all the features, enhancements, and bug fixes of the upstream project. Refer to the Loki v2.5 release notes for more information.

Features and enhancements

GEL 1.4 includes version 3 of the Admin API. It removes the ability to delete tenants, access policies, and tokens via the API. Instead, when users no longer want a tenant, access policy, or token, they are expected to soft delete it by marking it “disabled”. Moving to soft deletes allows us to eliminate race conditions and cache invalidation problems that caused unexpected behavior with hard deletes. For more information about the v3 API, refer to Admin API.

Upgrade considerations

After upgrading to GEL 1.4, we suggest you upgrade your GEL plugin for Grafana Enterprise to version 2.4.0 or a more recent version. This ensures that the plugin uses v3 of the Admin API, and it contains a few other small fixes, all of which are detailed in the plugin Changelog.

Bug fixes

1.4.1 bug fixes

Revised the YAML configuration option to support the license type option required for switching to AWS Marketplace-based licensing. Not relevant for customers.

1.4.0 bug fixes

Fixed a bug in which the common configuration block for setting up a shared cloud storage client also required setting type within the Admin client’s storage block. The Admin client’s type will now be correctly inferred from the parameters in the common block.
Fixed a bug in which a user with a label-based access policy could see label names and label values (but not actual log content) that their access policy did not grant to them. With this bug fix, the GEL label names and label values API endpoints properly enforce to label-based access controls.
[SECURITY] Fix of enterprise authentication bypass in Grafana Enterprise Logs component “querier”. (CVE-2022-28660)
- When Grafana Enterprise Logs is deployed in microservices mode and enterprise authentication is used (-auth.type=enterprise), the querier component is not enforcing authentication and can be queried just specifying the tenant ID in the X-Scope-OrgID header, when its HTTP port is exposed. The HTTP port should not be exposed to external traffic.

V1.3

Tue, 16 Jul 2024 15:42:20 +0000

Version 1.3 release notes

The Grafana Enterprise Logs (GEL) team is excited to announce the release of GEL 1.3.

GEL 1.3 is built off of Loki 2.4.2, so it inherits all the features, enhancements, and bug fixes of the upstream project. Refer to the Loki v2.4 release notes.

Features and enhancements

The /node/api/v1/debug-export endpoint returns a ZIP file containing the configuration, version information, and process information. Refer to get debug information for details.
Backend storage for the Admin API adds support for Azure. Refer to admin_client_config for configuration details.

Bug fixes

1.3.1 bug fixes

[SECURITY] Fix of enterprise authentication bypass in Grafana Enterprise Logs component “querier”. (CVE-2022-28660)
- When Grafana Enterprise Logs is deployed in microservices mode and enterprise authentication is used (-auth.type=enterprise), the querier component is not enforcing authentication and can be queried just specifying the tenant ID in the X-Scope-OrgID header, when its HTTP port is exposed. The HTTP port should not be exposed to external traffic.

1.3.0 bug fixes

Revised the GEL /config endpoint to return both GEL and Loki configuration.
Updated the parsing of the common configuration block’s s3 values to allow values specified in the URL-style configuration.

V1.2

Mon, 14 Apr 2025 21:05:47 +0000

Version 1.2 release notes

The Grafana Enterprise Logs (GEL) team is excited to announce the release of GEL 1.2.

GEL 1.2 is built off of Loki 2.4, so it inherits all the features, enhancements, and bug fixes of the upstream project. Refer to the Loki v2.4 release notes.

Features and enhancements

GEL 1.2, like the upstream Loki 2.4, introduces a new deployment mode called a simple scalable deployment. In this mode, Loki is deployed as a collection of read nodes and write nodes. Read and write paths can be scaled and debugged separately, and without the complexity of a microservices deployment. Multiple replicas of the read and write nodes provide high availability for your logging service. An advantage will be no downtime when you upgrade.
- GEL 1.2’s simple scalable deployment mode mirrors that of Loki, except that the GEL-specific services, namely the admin API, are also included in the read and write targets.
- GEL 1.2 adds a common configuration section. It allows the reuse of configuration across different components.
GEL 1.2 eliminates the use of the word “instance,” which had been used as a synonym for “tenant”. Switching to “tenant” allows GEL to more closely align with terminology used in Loki and avoids confusion caused by the fact that “instance” can have multiple meanings besides “tenant.”
- All references to “instance” in the GEL documentation and GEL Grafana plug-in have been replaced with the word “tenant.”
- We’ve added new API endpoints which specify tenant in the request and response bodies. We have deprecated and will eventually remove the original endpoints that use the word instance. Refer to the admin-api docs for more information.
We now have a GEL Helm chart for those interested in deploying on Kubernetes.

Upgrade considerations

When you upgrade to GEL 1.2, upgrade your Grafana GEL administrative plug-in to version 2.3.0.
As part of the simple scalable deployment implementation, we updated the default values for configuration parameters. Those defaults are more in line with Grafana Labs’ recommendations for running the software. It also saves users from needing to update their deployed values, thereby shrinking their configuration size.
- For a full list of GEL v1.2 changes, see GEL releases.
- We do not anticipate any breaking changes due to the updated default values.
- If the path_prefix flag is set in the common_config section, GEL will look for the license file in the path_prefix directory. Users who already define the path to their license with the path flag in the license_config configuration section will see no change in behavior. This flag, when set, takes precedence.
Metrics related to chunk storage and the runtime configuration have changed their prefixes from cortex_ to loki_. If you have any dashboards or downstream logic built on these metrics, you need to update them.

Bug fixes

1.2.0 bug fixes

Fixed a bug that broke leader election for the admin API. By default, leader election is on.
We corrected the URL of the ring endpoint for the GEL gateway. This fixes the ring page on the GEL Grafana plug-in.