Please make sure to create a MongoDB database backup before starting the upgrade to Graylog 4.1!
Graylog is now using only ciphers that considered secure (at this time of writing) when TLS v1.2 or greater is enabled. (see #10653 and #10985) Only TLSv1.2 and TLSv1.3 are enabled in the default Graylog configuration.
This could lead to problems with legacy TLS implementations connecting to Graylog. (e.g. older Syslog daemon versions connecting to a Graylog Syslog input)
To enable older ciphers again and work around problems with legacy TLS implementations, the
enabled_tls_protocols option can be adjusted to include TLS v1.1.
enabled_tls_protocols = TLSv1.1,TLSv1.2
The semantics of the limit parameter in the legacy search API (
/search/universal/(absolute|keyword|relative)) have changed
to fix an inconsistency introduced in
4.0: prior to
0 meant “no limit”, with
4.0 this changed to
0 for “empty result”. With 4.1 this has been fixed to work again like in the past but the underlying
Searches#scroll method has been tagged as
@deprecated now, too.
Prior to v4.0 and in v4.0 without version probing for the Elasticsearch version, Graylog continues connecting to ES until it is successfull. When you have version-probing for the used Elasticsearch version enabled, and Graylog starts up but can not connect to ES, the startup stopped immediately with v4.0. Starting from 4.1 the default behaviour is, that Graylog retries connecting with a delay until it can connect to Elasticsearch making the behaviour consistent again. See the Elasticsearch configuration page for details.