axoflow
diff --git a/‎NEWS.md‎
Lines changed: 129 additions & 84 deletions b/‎NEWS.md‎
Lines changed: 129 additions & 84 deletions
diff --git a/‎news/bugfix-1108.md‎
Lines changed: 0 additions & 5 deletions b/‎news/bugfix-1108.md‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎news/bugfix-1110.md‎
Lines changed: 0 additions & 6 deletions b/‎news/bugfix-1110.md‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎news/bugfix-1114.md‎
Lines changed: 0 additions & 1 deletion b/‎news/bugfix-1114.md‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎news/bugfix-1122.md‎
Lines changed: 0 additions & 5 deletions b/‎news/bugfix-1122.md‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎news/bugfix-1124.md‎
Lines changed: 0 additions & 2 deletions b/‎news/bugfix-1124.md‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎news/feature-1026.md‎
Lines changed: 0 additions & 3 deletions b/‎news/feature-1026.md‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎news/feature-1069.md‎
Lines changed: 0 additions & 37 deletions b/‎news/feature-1069.md‎
Lines changed: 0 additions & 37 deletions
diff --git a/‎news/feature-1077.md‎
Lines changed: 0 additions & 3 deletions b/‎news/feature-1077.md‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎news/feature-1093.md‎
Lines changed: 0 additions & 17 deletions b/‎news/feature-1093.md‎
Lines changed: 0 additions & 17 deletions
@@ -1,4 +1,4 @@
-4.25.0
+4.26.0
 ======
 
 AxoSyslog is binary-compatible with syslog-ng [1] and serves as a drop-in replacement.
@@ -9,128 +9,172 @@ Packages are available in our [APT](https://github.com/axoflow/axosyslog/#deb-pa
 
 Check out the [AxoSyslog documentation](https://axoflow.com/docs/axosyslog-core/) for all the details.
 
+## Highlights
 
-## Features
+<Fill this block manually from the blocks below>
 
-  * `syslog()`/`network()`: HAProxy protocol v2 support over UDP
+## Features
 
-    When `transport(proxied-udp)` is configured, the original client address and port are available as `${SOURCEIP}`,
-    `${SOURCEPORT}`, `${DESTIP}`, and `${DESTPORT}`.
-    ([#987](https://github.com/axoflow/axosyslog/pull/987))
+  * `syslog()`, `network()` sources: add `syslogng_input_transport_errors_total` metric
 
-  * FilterX: Added new function: `uuid()` that generates a random UUID v4 string.
-    ([#1018](https://github.com/axoflow/axosyslog/pull/1018))
+    It shows `invalid-frame-header` or `tls-handshake` related transport errors.
+    ([#1026](https://github.com/axoflow/axosyslog/pull/1026))
 
-  * FilterX: Added various crypto hash digest functions.
+  * Add `trusted-fingerprints()` option: this new option will allow you to trust
+    X.509 certificates based on their fingerprints. The new option deprecates
+    `trusted-keys()`, the major difference being that `trusted-fingerprints()`
+    will accept X.509 certificates as valid, even if the normal X.509 validation
+    fails, whereas `trusted-keys()` needed both the X.509 verification pass and
+    the fingerprint checking to succeed. This feature also adds the capability
+    to use a fingerprinting method other than SHA1, which is not considered safe
+    anymore.
 
-    These functions compute the hash of a string or bytes and return the result as a hex string:
-    * `md5()`
-    * `sha1()`
-    * `sha256()`
-    * `sha512()`
+    Here's an example syntax:
 
-    The generic `digest(input, alg="sha256")` function accepts an optional algorithm
-    name and returns the raw hash as a bytes object.
-    ([#1019](https://github.com/axoflow/axosyslog/pull/1019))
+    	tls(
+    		...
+    		trusted-fingerprints("SHA1:0C:EF:34:4D:0B:74:AE:03:72:9A:4E:68:AF:90:59:A9:EF:35:1F:AA",
+    				     "SHA512:15:B3:C5:96:48:5B:F6:20:C3:86:47:78:99:E1:2B:F2:C4:A6:93:AE:E8:0A:B3:F7:78:39:66:B4:EF:4F:A5:47:2A:E0:4A:93:06:46:72:C0:15:6A:FC:59:10:25:37:60:E3:84:E9:EC:90:30:12:F5:27:EA:22:1F:55:9B:3B:97")
+    	)
 
-  * FilterX: Added `utf8_validate()` and `utf8_sanitize()` string functions.
+    NOTE: the fingerprinting method is the word before the first colon. The
+    naming of the fingerprinting methods should match OpenSSL's supported digest
+    algorithms.
 
-    * `utf8_validate()` checks whether the string contains valid UTF-8 sequences and returns a boolean
-    * `utf8_sanitize()` replaces invalid byte sequences with their `\xNN` escaped representation
-    ([#1019](https://github.com/axoflow/axosyslog/pull/1019))
+    As of OpenSSL 3.0.10, the following digest algorithms are supported:
 
-  * FilterX: Added various encoding/decoding functions.
+    Message Digest commands (see the `dgst' command for more details)
+    blake2b512        blake2s256        md4               md5
+    rmd160            sha1              sha224            sha256
+    sha3-224          sha3-256          sha3-384          sha3-512
+    sha384            sha512            sha512-224        sha512-256
+    shake128          shake256          sm3
 
-    * `base64_encode()`/`base64_decode()` (bytes <-> string)
-    * `urlencode()`/`urldecode()` (string <-> string)
-    * `hex_encode()`/`hex_decode()` (bytes <-> string)
-    ([#1019](https://github.com/axoflow/axosyslog/pull/1019))
+    To find out the fingerprint for a certificate, you can use this command:
 
-  * New FilterX types `subnet()` and `ip()`: these new types encapsulate an
-    IPv4/IPv6 subnet (in CIDR notation) or a single IP address. Both types takes
-    their string representation and will return an ERROR if the format cannot be
-    parsed.
+    $ openssl x509 -sha512 -in <certificate file in pem> -fingerprint
+    ([#137](https://github.com/axoflow/axosyslog/pull/137))
 
-    Example configuration:
+  * `afuser`: add escaping() option to usertty() output
 
-        a = subnet("192.168.0.0/24");
+    The usertty() destination now supports an escaping() option, using the same
+    template escaping behavior as templates.
+    ([#1117](https://github.com/axoflow/axosyslog/pull/1117))
 
-        "192.168.0.5" in a;
-        "192.168.1.5" in a or true;
-        ip("192.168.0.11") in a;
+  * `switch`: add ranged case support for FilterX `switch`
 
-        a6 = subnet("DEAD:BEEF::1/64");
-
-        "DEAD:BEEF::2" in a6;
-        "DEAD:BABE::1" in a6 or true;
-        ip("DEAD:BEEF::00ac") in a6;
-    ([#1021](https://github.com/axoflow/axosyslog/pull/1021))
+    Example usage:
+    ```
+    selector = 5;
+    switch (selector) {
+        case 1..4:
+            result = "below";
+            break;
+        case 5:
+            result = "exact";
+            break;
+        default:
+            result = "above";
+            break;
+    };
+    ```
+    ([#1093](https://github.com/axoflow/axosyslog/pull/1093))
 
-  * FilterX `glob_match()` function: this function will match a filename against
-    a single-, or a list of glob-style patterns.
+  * `parallelize()`: add `syslogng_parallelized_batch_size` and
+    `syslogng_parallelized_input_batch_size` histograms to the prometheus style
+    stats output, at stats(level(4)).
+    ([#1077](https://github.com/axoflow/axosyslog/pull/1077))
 
-    Example:
+  * `arrow-flight()`: Added a new destination for [Apache Arrow Flight](https://arrow.apache.org/docs/format/Flight.html)
 
-        glob_match(filename, "*.zip");
-        glob_match(filename, ["*.zip", "*.7z"]);
-    ([#1039](https://github.com/axoflow/axosyslog/pull/1039))
+    Options:
+      * `url()`: Flight endpoint
+      * `path()`: descriptor path, templatable so a single destination can route to many tables
+      * `schema()`: one `"name" TYPE => template` entry per column
 
-  * FilterX `cache_json_file`: add deafult_value parameter to FilterX function
+    Column types supported in `schema()`:
+      * `STRING`
+      * `INT64` (alias `INTEGER`)
+      * `DOUBLE` (alias `FLOAT64`)
+      * `BOOL` (alias `BOOLEAN`)
+      * `TIMESTAMP`
+      * `MAP(STRING, STRING)`
 
-    If the file is not present, or an error occurs when reading it, the default_value will be used, if provided.
+    Example configuration:
 
-    Example:
     ```
-    cache_json_file("./test.json", default_value={"key": "value"});
+    destination d_arrow {
+      arrow-flight(
+        url("grpc://flight.example.com:8815")
+        path("events.${HOST}")
+        schema(
+          "ts"       TIMESTAMP => "$UNIXTIME"
+          "host"     STRING    => "$HOST"
+          "program"  STRING    => "$PROGRAM"
+          "severity" INT64     => "$LEVEL_NUM"
+          "msg"      STRING    => "$MSG"
+        )
+        batch-lines(1000)
+        batch-bytes(1048576)
+        batch-timeout(5000)
+        workers(4)
+        worker-partition-key("${HOST}")
+      );
+    };
     ```
-    ([#1034](https://github.com/axoflow/axosyslog/pull/1034))
+    ([#1069](https://github.com/axoflow/axosyslog/pull/1069))
 
 
 ## Bugfixes
 
-  * `disk-buffer()`: keep the queue alive during reload
-
-    Keeping the disk-buffer alive on reload fixes a bug, where a full disk-buffer can
-    grow infinitely by reloading. It can also cause significant reload speedup.
-    ([#1030](https://github.com/axoflow/axosyslog/pull/1030))
-
-  * `disk-buffer()`: fix message ordering issue when a message batch failed to be delivered
-    ([#1005](https://github.com/axoflow/axosyslog/pull/1005))
+  * `logmsg`: fix crash when iterating name-value registry concurrently
 
-  * CR (`\r`) characters are now removed from line endings, empty UDP datagrams are dropped
-    ([#1000](https://github.com/axoflow/axosyslog/pull/1000))
+    The hash table mapping value names to handles was iterated without locking, which could crash AxoSyslog
+    when another thread registered new name-value pairs at the same time. This happened for example when the
+    Python `LogMessage.keys()` method ran while a `kv-parser()` was processing messages on a parallel path.
+    ([#1122](https://github.com/axoflow/axosyslog/pull/1122))
 
-  * FilterX `parse_xml()`: fix crash in case of invalid XML
-    ([#1041](https://github.com/axoflow/axosyslog/pull/1041))
+  * `logproto`: fix crash with `transport(auto)` sources across a config reload
+    ([#1124](https://github.com/axoflow/axosyslog/pull/1124))
 
-  * FilterX: fix crash when using the `+` operator on dicts
-    ([#1040](https://github.com/axoflow/axosyslog/pull/1040))
+  * `afsql`: fix segfault after database error
+    ([#1114](https://github.com/axoflow/axosyslog/pull/1114))
 
-  * FilterX: fix error handling of the `=??` operator
-    ([#1053](https://github.com/axoflow/axosyslog/pull/1053))
+  * `java/hdfs`: fix unreleased lock in `send()` when file open fails
 
+    If `getHdfsFile()` returned `null`, the lock acquired at the start of
+    `send()` was never released, causing a permanent deadlock on all
+    subsequent calls.
+    ([#1108](https://github.com/axoflow/axosyslog/pull/1108))
 
-## Other changes
+  * `correlation`: fix radix parser end-of-input handling
 
-  * `opentelemetry()`, `axosyslog-otlp`, `loki()`, `google-pubsub`, `clickhouse`, `bigquery` : improve performance by using gRPC arenas for allocation
-    ([#1015](https://github.com/axoflow/axosyslog/pull/1015))
+    Fixes two related radix matcher edge cases at end of input.
 
-  * New metrics: `syslogng_input_transport_errors_total` for syslog framing and TLS errors
-    ([#1026](https://github.com/axoflow/axosyslog/pull/1026))
+    Parser scans now stop before '\0' to avoid reading past end-of-input and to keep captured lengths correct.
+    Parser-node traversal now continues with empty remaining input, so OPTIONALSET children can still match.
+    ([#1110](https://github.com/axoflow/axosyslog/pull/1110))
 
-  * `http()`: error reporting improvements of batched sending
-    ([#1001](https://github.com/axoflow/axosyslog/pull/1001))
 
-  * Network sources: `transport(auto)` detections became more robust
-    ([#1013](https://github.com/axoflow/axosyslog/pull/1013))
+## Other changes
 
-  * `syslog-ng --interactive`: new debugger commands - step, continue, follow, trace
-    ([#340](https://github.com/axoflow/axosyslog/pull/340))
+  * `parallelize()`: improve throughput by avoiding batches that are too large.
+    Also set the default batch-size() parameter to 100, both in case of
+    partition based and round robin batching.
+    ([#1078](https://github.com/axoflow/axosyslog/pull/1078))
 
-  * FilterX performance optimizations
+  * Ubuntu 26.04 and Fedora 44 packages
+    ([#1068](https://github.com/axoflow/axosyslog/pull/1068))
 
-  * Contribution Guide: added section on how to contribute AI-assisted code
-    ([#1043](https://github.com/axoflow/axosyslog/pull/1043))
+  * Decouple `repr()` and `string()`: previously the repr() of an object was
+    typically the same as str, did not include type-related hints in its output.
+    This makes repr() usage less useful, especially as we are adding more types
+    to filterx. Starting with this version, repr() includes a format similar to
+    Python's repr. This is an incompatible change for uses where repr() was
+    directly used in an output, but normally its intended has always been the
+    debug log of filterx. If your use-case relies on the current repr() format,
+    you should explicitly cast your object to `string()` instead.
+    ([#1033](https://github.com/axoflow/axosyslog/pull/1033))
 
 
 
@@ -153,5 +197,6 @@ of AxoSyslog, contribute.
 
 We would like to thank the following people for their contribution:
 
-Andras Mitzki, Attila Szakacs, Balazs Scheidler, László Várady,
-Szilard Parrag, Tamás Kosztyu
+Andras Mitzki, Attila Szakacs-Bertok, Balazs Scheidler,
+Balint Ferencz, Bence Csati, Hofi, László Várady, Szilard Parrag,
+Tamás Kosztyu, engzaz