3.2.3
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Contents
3.2.3
The following issues have been resolved in Splunk 3.2.3:
- An issue with incorrect timestamp offsets has been addressed: if you have configured timestamp offsets using pre-Splunk 3.2 POSIX instructions, you must reconfigure them using this information. If you do not do this, your timestamp information will be incorrect. If you have not configured timezone offsets, you can ignore this note.
- Saved searches now work correctly with scripted auth. (SPL-13016)
- You can now use wildcards on Windows when specifying paths to filenames in inputs.conf. You cannot, however, use backslashes within a regex in inputs.conf. For example, you can have
C:\fflanda\path\to\*\logfile.log, but\fflanda\*\d\logfile.logwill not work. (SPL-12679) - Splunk now handles multi-line Windows events properly (multiple single line events or single multi-line events containing two or more actual events) when you specify the parsing queue on the indexer's TCP input. (SPL-12995)
- Installing Sparc package somewhere other than
opt/splunkis now supported. (SPL-13187) - You can now use a Unix deployment server to distribute configs to Windows clients. (SPL-12750, SPL-13124)
- Splunk Web now correctly validates alert cron schedules. (SPL-13328)
Resolved security issues
- A cross-site request forgery vulnerability has been resolved. (SPL-13318) Many thanks to aaron@vtty.com for identifying this issue.
- A security issue related to possible remote Denial of Service vulnerability of
splunkdhas been resolved. (SPL-13403) Many thanks to aaron@vtty.com for identifying this issue. - The 3.2.3 release of Splunk includes a security fix that puts restrictions on how the
splunkwebservice acts. Some more unusual server configurations may experience unexpected behavior as a result. If your Splunk deployment includes a configuration that puts a Splunk server behind a rewriting proxy in an uncommon configuration (such as running multiple instances of Splunk server and exposing them all on the same domain), or routes a Splunk server through a rewriting proxy that modifies or filters HTTP cookie information, Splunk Web may not return search results. You will notice this immediately, as the default main dashboard will load empty frames. (SPL-13639) - A security issue related to permissions on custom bundle directories has been resolved. (SPL-12861)
This documentation applies to the following versions of Splunk: 3.2.3 , 3.2.4 , 3.2.5 , 3.2.6 View the Article History for its revisions.