On Di, 02 Dez 2025, Christian Fischer wrote:
> there seems to be indeed some confusion/inconsistencies about the possible > fixes: > 1. [1] lists 4.2, 4.1.1 and 4.0.14 as fixes > 2. [2] lists 4.0.12, 4.1.1 and 4.2.0 as fixes > 3. In this thread 4.0.13 (among 4.1.1 and 4.2.0) is now listed as a fix > > But if we check [3] version 4.0.13 only contains two changelog entries > shared with version 4.1.1. Furthermore 4.0.12 was released more closely to > 4.1.1 then 4.0.13 so the fixed versions on [2] might be the correct ones > (4.0.12, 4.1.1 and 4.2.0). > > Regards, > > [1] > https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/ > [2] https://kb.cert.org/vuls/id/761751 > [3] https://github.com/fluent/fluent-bit/releases Well, I have asked upstream https://github.com/fluent/fluent-bit/issues/11230 and they have confirmed and updated the blog post[1] to mention 4.0.13 as the proper backported fix. I did not check or even verify the other versions. Thanks, Christian -- evakuieren: zeigt eindeutig, daß der Menschen erstes Milchvieh "o'muh" sagte.
