Hello,
On 12/1/25 9:15 PM, Christian Brabandt wrote:
On Mi, 26 Nov 2025, Alan Coopersmith wrote:
https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/
provides their analysis and information about fixes in versions 4.2, 4.1.1,
and 4.0.14, which are available from https://github.com/fluent/fluent-bit .
For the record, there is a typo in the above blog post. The backported
fixed version is v4.0.13
there seems to be indeed some confusion/inconsistencies about the
possible fixes:
1. [1] lists 4.2, 4.1.1 and 4.0.14 as fixes
2. [2] lists 4.0.12, 4.1.1 and 4.2.0 as fixes
3. In this thread 4.0.13 (among 4.1.1 and 4.2.0) is now listed as a fix
But if we check [3] version 4.0.13 only contains two changelog entries
shared with version 4.1.1. Furthermore 4.0.12 was released more closely
to 4.1.1 then 4.0.13 so the fixed versions on [2] might be the correct
ones (4.0.12, 4.1.1 and 4.2.0).
Regards,
[1]
https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/
[2] https://kb.cert.org/vuls/id/761751
[3] https://github.com/fluent/fluent-bit/releases
