fluentd 1.19.2 → 1.19.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4873da89c533afd45a6f02a86aa8f92f7502bd08204724290dd34187c7183cd5
-  data.tar.gz: 1f092049f456daae36077e374670a7a32d044da48b01ecea5410bc116f76c61b
+  metadata.gz: 9613f1dacdb60cfccb245e988e67cec002daee2f81cbe38c2b80c30d525ad7b8
+  data.tar.gz: 4a85aa6c3bdaebd9cd069d508ac969d8792586247bef1d73d25cc906f6cd7c87
 SHA512:
-  metadata.gz: 820db817466aaade115300f5839e62d278a7fbbd19479b939206f4a0b212905046c1717c37cf2e19d90640dc07b570455e9b6f10fa5d21b04b96da4ec04f15b2
-  data.tar.gz: 581e8ac6c84ae65e8b33758de56a65ca684547f64c2864fcdb630c68e2b58bda6232e98c60dc48b99efe8c2cf584f31aef62a14fd1a72785d1b6d88f41635fea
+  metadata.gz: c2d63e0bd8cf51a61d254cfda559f38ed1bcc79ceb1bf1f0d0c80b21b922e67091d2ee8c291a0dc0fcac0110873d0045874df297e0795c0cd604af64f431f845
+  data.tar.gz: 5fe9e2450048bacc978389621b0e3f2c8aed0e9136ffe11192945a754173c1ce13ff50c310cfcdf1633d7dc784e14e9a4fc5a6de519da3bc81decb12f6d5b28d

data/CHANGELOG.md

@@ -1,5 +1,41 @@
 # v1.19
 
+## Release v1.19.3 - 2026/06/25
+
+### Bug Fix
+
+* out_http: add strict host validation for dynamic endpoints https://github.com/fluent/fluentd/pull/5394
+* buffer, in_http: enforce size limits on decompressed payloads https://github.com/fluent/fluentd/pull/5393
+* in_monitor_agent: change default visibility of config, retry, and debug info https://github.com/fluent/fluentd/pull/5392
+* output: enforce strict path boundary validation for tag https://github.com/fluent/fluentd/pull/5391
+* engine: remove duplicated word in unreloadable plugin error message https://github.com/fluent/fluentd/pull/5389
+* storage_local: fix encoding error when reading non-ASCII characters https://github.com/fluent/fluentd/pull/5382
+* parser_csv: skip empty or unparseable lines https://github.com/fluent/fluentd/pull/5359
+* out_forward: avoid reusing closed keepalive sockets after remote disconnects https://github.com/fluent/fluentd/pull/5343
+* buffer: resume buffer correctly even though path contains [] https://github.com/fluent/fluentd/pull/5305
+* in_debug_agent: accept only from local machine by default https://github.com/fluent/fluentd/pull/5279
+
+### Misc
+
+* gem: add win32-registry as runtime dependency for Ruby 4.1 https://github.com/fluent/fluentd/pull/5317
+* output windows: check shorter service timeout on shutdown https://github.com/fluent/fluentd/pull/5306
+* buffer: warn if default timekey (1d) will be used https://github.com/fluent/fluentd/pull/5291
+* warn recommended exclusion path for antivirus https://github.com/fluent/fluentd/pull/5280
+* CI fixes
+  * https://github.com/fluent/fluentd/pull/5387
+  * https://github.com/fluent/fluentd/pull/5386
+  * https://github.com/fluent/fluentd/pull/5366
+  * https://github.com/fluent/fluentd/pull/5342
+  * https://github.com/fluent/fluentd/pull/5341
+  * https://github.com/fluent/fluentd/pull/5340
+  * https://github.com/fluent/fluentd/pull/5339
+  * https://github.com/fluent/fluentd/pull/5338
+  * https://github.com/fluent/fluentd/pull/5337
+  * https://github.com/fluent/fluentd/pull/5336
+  * https://github.com/fluent/fluentd/pull/5335
+  * https://github.com/fluent/fluentd/pull/5334
+  * https://github.com/fluent/fluentd/pull/5333
+
 ## Release v1.19.2 - 2026/02/13
 
 ### Bug Fix

data/Rakefile

@@ -78,4 +78,11 @@ task :coverity do
   FileUtils.rm_rf(['./cov-int', 'cov-fluentd.tar.gz'])
 end
 
+task :check_env do
+  unless ENV['GEM_HOST_API_KEY']
+    abort "Missing required environment variable: GEM_HOST_API_KEY\nSee https://guides.rubygems.org/api-key-scopes/"
+  end
+end
+Rake::Task["release:rubygem_push"].enhance(["check_env"])
+
 task default: [:test, :build]

data/lib/fluent/engine.rb

@@ -186,7 +186,7 @@ module Fluent
 
         ret.all_plugins.each do |plugin|
           if plugin.respond_to?(:reloadable_plugin?) && !plugin.reloadable_plugin?
-            raise Fluent::ConfigError, "Unreloadable plugin plugin: #{Fluent::Plugin.lookup_type_from_class(plugin.class)}, plugin_id: #{plugin.plugin_id}, class_name: #{plugin.class})"
+            raise Fluent::ConfigError, "Unreloadable plugin: #{Fluent::Plugin.lookup_type_from_class(plugin.class)}, plugin_id: #{plugin.plugin_id}, class_name: #{plugin.class})"
           end
         end
 

data/lib/fluent/event.rb

@@ -268,11 +268,12 @@ module Fluent
   end
 
   class CompressedMessagePackEventStream < MessagePackEventStream
-    def initialize(data, cached_unpacker = nil, size = 0, unpacked_times: nil, unpacked_records: nil, compress: :gzip)
+    def initialize(data, cached_unpacker = nil, size = 0, unpacked_times: nil, unpacked_records: nil, compress: :gzip, decompression_size_limit: Fluent::Plugin::Compressable::DEFAULT_DECOMPRESSION_SIZE_LIMIT)
       super(data, cached_unpacker, size, unpacked_times: unpacked_times, unpacked_records: unpacked_records)
       @decompressed_data = nil
       @compressed_data = data
       @type = compress
+      @decompression_size_limit = decompression_size_limit
     end
 
     def empty?

data/lib/fluent/plugin/buf_file.rb

@@ -205,7 +205,7 @@ module Fluent
       def generate_chunk(metadata)
         # FileChunk generates real path with unique_id
         perm = @file_permission || system_config.file_permission
-        chunk = Fluent::Plugin::Buffer::FileChunk.new(metadata, @path, :create, perm: perm, compress: @compress)
+        chunk = Fluent::Plugin::Buffer::FileChunk.new(metadata, @path, :create, perm: perm, compress: @compress, decompression_size_limit: @decompression_size_limit)
         log.debug "Created new chunk", chunk_id: dump_unique_id_hex(chunk.unique_id), metadata: metadata
 
         return chunk
@@ -247,8 +247,8 @@ module Fluent
 
       def escaped_patterns(patterns)
         patterns.map { |pattern|
-          # '{' '}' are special character in Dir.glob
-          pattern.gsub(/[\{\}]/) { |c| "\\#{c}" }
+          # '{', '}', '[' and ']' are special character in Dir.glob
+          pattern.gsub(/[\{\}\[\]]/) { |c| "\\#{c}" }
         }
       end
     end

data/lib/fluent/plugin/buf_file_single.rb

@@ -183,7 +183,7 @@ module Fluent
           end
 
           begin
-            chunk = Fluent::Plugin::Buffer::FileSingleChunk.new(m, path, mode, @key_in_path, compress: @compress)
+            chunk = Fluent::Plugin::Buffer::FileSingleChunk.new(m, path, mode, @key_in_path, compress: @compress, decompression_size_limit: @decompression_size_limit)
             chunk.restore_size(@chunk_format) if @calc_num_records
           rescue Fluent::Plugin::Buffer::FileSingleChunk::FileChunkError => e
             exist_broken_file = true
@@ -216,7 +216,7 @@ module Fluent
       def generate_chunk(metadata)
         # FileChunk generates real path with unique_id
         perm = @file_permission || system_config.file_permission
-        chunk = Fluent::Plugin::Buffer::FileSingleChunk.new(metadata, @path, :create, @key_in_path, perm: perm, compress: @compress)
+        chunk = Fluent::Plugin::Buffer::FileSingleChunk.new(metadata, @path, :create, @key_in_path, perm: perm, compress: @compress, decompression_size_limit: @decompression_size_limit)
 
         log.debug "Created new chunk", chunk_id: dump_unique_id_hex(chunk.unique_id), metadata: metadata
 

data/lib/fluent/plugin/buf_memory.rb

@@ -27,7 +27,7 @@ module Fluent
       end
 
       def generate_chunk(metadata)
-        Fluent::Plugin::Buffer::MemoryChunk.new(metadata, compress: @compress)
+        Fluent::Plugin::Buffer::MemoryChunk.new(metadata, compress: @compress, decompression_size_limit: @decompression_size_limit)
       end
     end
   end

data/lib/fluent/plugin/buffer/chunk.rb

@@ -48,7 +48,7 @@ module Fluent
 
         # TODO: CompressedPackedMessage of forward protocol?
 
-        def initialize(metadata, compress: :text)
+        def initialize(metadata, compress: :text, decompression_size_limit: Compressable::DEFAULT_DECOMPRESSION_SIZE_LIMIT)
           super()
           @unique_id = generate_unique_id
           @metadata = metadata
@@ -64,6 +64,7 @@ module Fluent
           elsif compress == :zstd
             extend ZstdDecompressable
           end
+          @decompression_size_limit = decompression_size_limit
         end
 
         attr_reader :unique_id, :metadata, :state

data/lib/fluent/plugin/buffer/file_chunk.rb

@@ -39,8 +39,8 @@ module Fluent
 
         attr_reader :path, :meta_path, :permission
 
-        def initialize(metadata, path, mode, perm: nil, compress: :text)
-          super(metadata, compress: compress)
+        def initialize(metadata, path, mode, perm: nil, compress: :text, decompression_size_limit: Compressable::DEFAULT_DECOMPRESSION_SIZE_LIMIT)
+          super(metadata, compress: compress, decompression_size_limit: decompression_size_limit)
           perm ||= Fluent::DEFAULT_FILE_PERMISSION
           @permission = perm.is_a?(String) ? perm.to_i(8) : perm
           @bytesize = @size = @adding_bytes = @adding_size = 0

data/lib/fluent/plugin/buffer/file_single_chunk.rb

@@ -35,8 +35,8 @@ module Fluent
 
         attr_reader :path, :permission
 
-        def initialize(metadata, path, mode, key, perm: Fluent::DEFAULT_FILE_PERMISSION, compress: :text)
-          super(metadata, compress: compress)
+        def initialize(metadata, path, mode, key, perm: Fluent::DEFAULT_FILE_PERMISSION, compress: :text, decompression_size_limit: Compressable::DEFAULT_DECOMPRESSION_SIZE_LIMIT)
+          super(metadata, compress: compress, decompression_size_limit: decompression_size_limit)
           @key = key
           perm ||= Fluent::DEFAULT_FILE_PERMISSION
           @permission = perm.is_a?(String) ? perm.to_i(8) : perm

data/lib/fluent/plugin/buffer/memory_chunk.rb

@@ -20,7 +20,7 @@ module Fluent
   module Plugin
     class Buffer
       class MemoryChunk < Chunk
-        def initialize(metadata, compress: :text)
+        def initialize(metadata, compress: :text, decompression_size_limit: Compressable::DEFAULT_DECOMPRESSION_SIZE_LIMIT)
           super
           @chunk = ''.force_encoding(Encoding::ASCII_8BIT)
           @chunk_bytes = 0

data/lib/fluent/plugin/buffer.rb

@@ -66,6 +66,9 @@ module Fluent
       desc 'Compress buffered data.'
       config_param :compress, :enum, list: [:text, :gzip, :zstd], default: :text
 
+      desc 'The size limit of the decompressed element.'
+      config_param :decompression_size_limit, :size, default: Compressable::DEFAULT_DECOMPRESSION_SIZE_LIMIT
+
       desc 'If true, chunks are thrown away when unrecoverable error happens'
       config_param :disable_chunk_backup, :bool, default: false
 

data/lib/fluent/plugin/compressable.rb

@@ -14,6 +14,7 @@
 #    limitations under the License.
 #
 
+require 'fluent/plugin/extractor'
 require 'stringio'
 require 'zlib'
 require 'zstd-ruby'
@@ -21,6 +22,8 @@ require 'zstd-ruby'
 module Fluent
   module Plugin
     module Compressable
+      DEFAULT_DECOMPRESSION_SIZE_LIMIT = 256 * 1024 * 1024
+
       def compress(data, type: :gzip, **kwargs)
         output_io = kwargs[:output_io]
         io = output_io || StringIO.new
@@ -60,79 +63,21 @@ module Fluent
 
       private
 
-      def string_decompress_gzip(compressed_data)
-        io = StringIO.new(compressed_data)
-        out = ''
-        loop do
-          reader = Zlib::GzipReader.new(io)
-          out << reader.read
-          unused = reader.unused
-          reader.finish
-          unless unused.nil?
-            adjust = unused.length
-            io.pos -= adjust
-          end
-          break if io.eof?
-        end
-        out
-      end
-
-      def string_decompress_zstd(compressed_data)
-        io = StringIO.new(compressed_data)
-        reader = Zstd::StreamReader.new(io)
-        out = ''
-        loop do
-          # Zstd::StreamReader needs to specify the size of the buffer
-          out << reader.read(1024)
-          # Zstd::StreamReader doesn't provide unused data, so we have to manually adjust the position
-          break if io.eof?
-        end
-        out
-      end
-
       def string_decompress(compressed_data, type = :gzip)
         if type == :gzip
-          string_decompress_gzip(compressed_data)
+          Extractor.decompress_gzip(compressed_data, limit: @decompression_size_limit || DEFAULT_DECOMPRESSION_SIZE_LIMIT)
         elsif type == :zstd
-          string_decompress_zstd(compressed_data)
+          Extractor.decompress_zstd(compressed_data, limit: @decompression_size_limit || DEFAULT_DECOMPRESSION_SIZE_LIMIT)
         else
           raise ArgumentError, "Unknown compression type: #{type}"
         end
       end
 
-      def io_decompress_gzip(input, output)
-        loop do
-          reader = Zlib::GzipReader.new(input)
-          v = reader.read
-          output.write(v)
-          unused = reader.unused
-          reader.finish
-          unless unused.nil?
-            adjust = unused.length
-            input.pos -= adjust
-          end
-          break if input.eof?
-        end
-        output
-      end
-
-      def io_decompress_zstd(input, output)
-        reader = Zstd::StreamReader.new(input)
-        loop do
-          # Zstd::StreamReader needs to specify the size of the buffer
-          v = reader.read(1024)
-          output.write(v)
-          # Zstd::StreamReader doesn't provide unused data, so we have to manually adjust the position
-          break if input.eof?
-        end
-        output
-      end
-
       def io_decompress(input, output, type = :gzip)
         if type == :gzip
-          io_decompress_gzip(input, output)
+          Extractor.io_decompress_gzip(input, output)
         elsif type == :zstd
-          io_decompress_zstd(input, output)
+          Extractor.io_decompress_zstd(input, output)
         else
           raise ArgumentError, "Unknown compression type: #{type}"
         end

data/lib/fluent/plugin/extractor.rb

@@ -0,0 +1,121 @@
+#
+# Fluentd
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+#
+
+require 'stringio'
+require 'zlib'
+require 'zstd-ruby'
+require 'fluent/error'
+
+module Fluent
+  module Plugin
+    module Extractor
+      class SizeLimitError < UnrecoverableError; end
+
+      BYTES_TO_READ = 64 * 1024
+      INFLATE_BYTES_TO_READ = 1024
+
+      def self.decompress_gzip(compressed_data, limit:)
+        io = StringIO.new(compressed_data)
+        out = ''
+        loop do
+          reader = Zlib::GzipReader.new(io)
+          while (chunk = reader.read(BYTES_TO_READ))
+            out << chunk
+            if out.bytesize > limit
+              raise SizeLimitError, "Decompressed data exceeds limit of #{limit} bytes"
+            end
+          end
+
+          unused = reader.unused
+          reader.finish
+          unless unused.nil?
+            adjust = unused.length
+            io.pos -= adjust
+          end
+          break if io.eof?
+        end
+        out
+      end
+
+      def self.decompress_zstd(compressed_data, limit:)
+        io = StringIO.new(compressed_data)
+        reader = Zstd::StreamReader.new(io)
+        out = ''
+        loop do
+          # Zstd::StreamReader needs to specify the size of the buffer
+          out << reader.read(BYTES_TO_READ)
+          if out.bytesize > limit
+            raise SizeLimitError, "Decompressed data exceeds limit of #{limit} bytes"
+          end
+
+          # Zstd::StreamReader doesn't provide unused data, so we have to manually adjust the position
+          break if io.eof?
+        end
+        out
+      end
+
+      def self.decompress_deflate(compressed_data, limit:)
+        io = StringIO.new(compressed_data)
+        out = ''
+        begin
+          zstream = Zlib::Inflate.new
+          while (chunk = io.read(INFLATE_BYTES_TO_READ))
+            out << zstream.inflate(chunk)
+            if out.bytesize > limit
+              raise SizeLimitError, "Decompressed data exceeds limit of #{limit} bytes"
+            end
+          end
+          out << zstream.finish
+          if out.bytesize > limit
+            raise SizeLimitError, "Decompressed data exceeds limit of #{limit} bytes"
+          end
+        ensure
+          zstream&.close
+        end
+        out
+      end
+
+      def self.io_decompress_gzip(input, output)
+        loop do
+          reader = Zlib::GzipReader.new(input)
+          while (chunk = reader.read(BYTES_TO_READ))
+            output.write(chunk)
+          end
+          unused = reader.unused
+          reader.finish
+          unless unused.nil?
+            adjust = unused.length
+            input.pos -= adjust
+          end
+          break if input.eof?
+        end
+        output
+      end
+
+      def self.io_decompress_zstd(input, output)
+        reader = Zstd::StreamReader.new(input)
+        loop do
+          # Zstd::StreamReader needs to specify the size of the buffer
+          chunk = reader.read(BYTES_TO_READ)
+          output.write(chunk)
+          # Zstd::StreamReader doesn't provide unused data, so we have to manually adjust the position
+          break if input.eof?
+        end
+        output
+      end
+    end
+  end
+end

data/lib/fluent/plugin/in_debug_agent.rb

@@ -26,7 +26,7 @@ module Fluent::Plugin
       super
     end
 
-    config_param :bind, :string, default: '0.0.0.0'
+    config_param :bind, :string, default: '127.0.0.1'
     config_param :port, :integer, default: 24230
     config_param :unix_path, :string, default: nil
     #config_param :unix_mode  # TODO

data/lib/fluent/plugin/in_forward.rb

@@ -54,6 +54,8 @@ module Fluent::Plugin
     config_param :chunk_size_warn_limit, :size, default: nil
     desc 'Received chunk is dropped if it is larger than this value.'
     config_param :chunk_size_limit, :size, default: nil
+    desc 'The size limit of the decompressed element.'
+    config_param :decompression_size_limit, :size, default: 256*1024*1024
     desc 'Skip an event if incoming event is invalid.'
     config_param :skip_invalid_event, :bool, default: true
 
@@ -311,7 +313,7 @@ module Fluent::Plugin
         size = option['size'] || 0
 
         if option['compressed'] && option['compressed'] != 'text'
-          es = Fluent::CompressedMessagePackEventStream.new(entries, nil, size.to_i, compress: option['compressed'].to_sym)
+          es = Fluent::CompressedMessagePackEventStream.new(entries, nil, size.to_i, compress: option['compressed'].to_sym, decompression_size_limit: @decompression_size_limit)
         else
           es = Fluent::MessagePackEventStream.new(entries, nil, size.to_i)
         end

data/lib/fluent/plugin/in_http.rb

@@ -14,6 +14,7 @@
 #    limitations under the License.
 #
 
+require 'fluent/plugin/extractor'
 require 'fluent/plugin/input'
 require 'fluent/plugin/parser'
 require 'fluent/event'
@@ -64,6 +65,8 @@ module Fluent::Plugin
     config_param :bind, :string, default: '0.0.0.0'
     desc 'The size limit of the POSTed element. Default is 32MB.'
     config_param :body_size_limit, :size, default: 32*1024*1024  # TODO default
+    desc 'The size limit of the decompressed element.'
+    config_param :decompression_size_limit, :size, default: 256*1024*1024  # TODO default
     desc 'The timeout limit for keeping the connection alive.'
     config_param :keepalive_timeout, :time, default: 10   # TODO default
     config_param :backlog, :integer, default: nil
@@ -259,7 +262,7 @@ module Fluent::Plugin
 
     def on_server_connect(conn)
       handler = Handler.new(conn, @km, method(:on_request),
-                            @body_size_limit, @format_name, log,
+                            @body_size_limit, @decompression_size_limit, @format_name, log,
                             @cors_allow_origins, @cors_allow_credentials,
                             @add_query_params)
 
@@ -343,12 +346,13 @@ module Fluent::Plugin
     class Handler
       attr_reader :content_type
 
-      def initialize(io, km, callback, body_size_limit, format_name, log,
+      def initialize(io, km, callback, body_size_limit, decompression_size_limit, format_name, log,
                      cors_allow_origins, cors_allow_credentials, add_query_params)
         @io = io
         @km = km
         @callback = callback
         @body_size_limit = body_size_limit
+        @decompression_size_limit = decompression_size_limit
         @next_close = false
         @format_name = format_name
         @log = log
@@ -518,9 +522,9 @@ module Fluent::Plugin
         # For now, we only support 'gzip' and 'deflate'.
         begin
           if @content_encoding == 'gzip'.freeze
-            @body = Zlib::GzipReader.new(StringIO.new(@body)).read
+            @body = Extractor.decompress_gzip(@body, limit: @decompression_size_limit)
           elsif @content_encoding == 'deflate'.freeze
-            @body = Zlib::Inflate.inflate(@body)
+            @body = Extractor.decompress_deflate(@body, limit: @decompression_size_limit)
           end
         rescue
           @log.warn 'fails to decode payload', error: $!.to_s

data/lib/fluent/plugin/in_monitor_agent.rb

@@ -37,9 +37,11 @@ module Fluent::Plugin
     desc 'Determine the rate to emit internal metrics as events.'
     config_param :emit_interval, :time, default: 60
     desc 'Determine whether to include the config information.'
-    config_param :include_config, :bool, default: true
+    config_param :include_config, :bool, default: false
     desc 'Determine whether to include the retry information.'
-    config_param :include_retry, :bool, default: true
+    config_param :include_retry, :bool, default: false
+    desc 'Determine whether to include the debug information.'
+    config_param :include_debug_info, :bool, default: false
 
     class APIHandler
       def initialize(agent)
@@ -151,28 +153,23 @@ module Fluent::Plugin
         # parse ?=query string
         qs.merge!(req.query || {})
 
-        # if ?debug=1 is set, set :with_debug_info for get_monitor_info
-        # and :pretty_json for render_json_error
-        opts = { query: qs }
-        if qs['debug'.freeze].first
-          opts[:with_debug_info] = true
-          opts[:pretty_json] = true
-        end
-
-        if ivars = qs['with_ivars'.freeze].first
-          opts[:ivars] = ivars.split(',')
-        end
+        opts = {
+          query: qs,
+          with_config: @agent.include_config,
+          with_retry: @agent.include_retry
+        }
 
-        if with_config = qs['with_config'.freeze].first
-          opts[:with_config] = Fluent::Config.bool_value(with_config)
-        else
-          opts[:with_config] = @agent.include_config
-        end
+        if @agent.include_debug_info
+          # if ?debug=1 is set, set :with_debug_info for get_monitor_info
+          # and :pretty_json for render_json_error
+          if qs['debug'.freeze].first
+            opts[:with_debug_info] = true
+            opts[:pretty_json] = true
+          end
 
-        if with_retry = qs['with_retry'.freeze].first
-          opts[:with_retry] = Fluent::Config.bool_value(with_retry)
-        else
-          opts[:with_retry] = @agent.include_retry
+          if ivars = qs['with_ivars'.freeze].first
+            opts[:ivars] = ivars.split(',')
+          end
         end
 
         opts

data/lib/fluent/plugin/out_file.rb

@@ -117,7 +117,17 @@ module Fluent::Plugin
       configured_time_slice_format = conf['time_slice_format']
 
       if conf.elements(name: 'buffer').empty?
+        # no <buffer> section, default time chunk key and timekey (1d) will be used.
+        log.warn "default timekey interval (1d) will be used because of missing <buffer> section. To change the output frequency, please modify the timekey value"
+
         conf.add_element('buffer', 'time')
+      else
+        unless conf.elements(name: 'buffer').first.has_key?('timekey')
+          if conf.elements(name: 'buffer').first.arg != "[]"
+            # with <buffer> section (except <buffer []>), and no timekey
+            log.warn "default timekey interval (1d) will be used. To change the output frequency, please modify the timekey value"
+          end
+        end
       end
       buffer_conf = conf.elements(name: 'buffer').first
       # Fluent::PluginId#configure is not called yet, so we can't use #plugin_root_dir here.

data/lib/fluent/plugin/out_forward/socket_cache.rb

@@ -31,20 +31,26 @@ module Fluent::Plugin
       end
 
       def checkout_or(key)
+        obsolete_sockets = []
+
         @mutex.synchronize do
-          tsock = pick_socket(key)
+          tsock, obsolete_sockets = pick_socket(key)
 
           if tsock
-            tsock.sock
+            return tsock.sock
           else
             sock = yield
             new_tsock = TimedSocket.new(timeout, key, sock)
             @log.debug("connect new socket #{new_tsock}")
 
             @inflight_sockets[sock] = new_tsock
-            new_tsock.sock
+            return new_tsock.sock
           end
         end
+      ensure
+        obsolete_sockets.each do |sock|
+          sock.sock.close rescue nil
+        end
       end
 
       def checkin(sock)
@@ -117,17 +123,32 @@ module Fluent::Plugin
       # this method is not thread safe
       def pick_socket(key)
         if @available_sockets[key].empty?
-          return nil
+          return nil, []
         end
 
         t = Time.now
-        if (s = @available_sockets[key].find { |sock| !expired_socket?(sock, time: t) })
-          @inflight_sockets[s.sock] = @available_sockets[key].delete(s)
-          s.timeout = timeout
-          s
-        else
-          nil
+        selected = nil
+        remaining = []
+        obsolete_sockets = []
+
+        @available_sockets[key].each do |sock|
+          if expired_socket?(sock, time: t) || unavailable_socket?(sock.sock)
+            obsolete_sockets << sock
+          elsif selected.nil?
+            selected = sock
+          else
+            remaining << sock
+          end
+        end
+
+        @available_sockets[key] = remaining
+
+        if selected
+          @inflight_sockets[selected.sock] = selected
+          selected.timeout = timeout
         end
+
+        [selected, obsolete_sockets]
       end
 
       def timeout
@@ -137,6 +158,20 @@ module Fluent::Plugin
       def expired_socket?(sock, time: Time.now)
         sock.timeout ? sock.timeout < time : false
       end
+
+      def unavailable_socket?(sock)
+        return sock.closed? if sock.respond_to?(:closed?) && sock.closed?
+
+        io = if sock.respond_to?(:to_io)
+               sock.to_io
+             elsif sock.is_a?(IO)
+               sock
+             end
+
+        io ? !!IO.select([io], nil, nil, 0) : false
+      rescue IOError, SystemCallError
+        true
+      end
     end
   end
 end

data/lib/fluent/plugin/out_http.rb

@@ -17,6 +17,7 @@
 require 'net/http'
 require 'uri'
 require 'openssl'
+require 'securerandom'
 require 'fluent/tls'
 require 'fluent/plugin/output'
 require 'fluent/plugin_helper/socket'
@@ -58,6 +59,9 @@ module Fluent::Plugin
     desc 'Compress HTTP request body'
     config_param :compress, :enum, list: [:text, :gzip], default: :text
 
+    desc 'Allowed hosts list for dynamic endpoints'
+    config_param :allowed_hosts, :array, default: []
+
     desc 'The connection open timeout in seconds'
     config_param :open_timeout, :integer, default: nil
     desc 'The read timeout in seconds'
@@ -106,6 +110,11 @@ module Fluent::Plugin
       config_param :aws_role_arn, :string, default: nil
     end
 
+    # To prevent URI::InvalidURIError, we replace Fluentd placeholders with a dummy string.
+    # We use the ".invalid" TLD (RFC 2606) to ensure it is RFC-compliant for URI parsing,
+    # while guaranteeing it will never conflict with a real-world hostname.
+    REPLACED_ENDPOINT_PLACEHOLDER = "#{SecureRandom.uuid}.invalid".freeze
+
     def connection_cache_id_thread_key
       "#{plugin_id}_connection_cache_id"
     end
@@ -146,6 +155,15 @@ module Fluent::Plugin
         @retryable_response_codes = [503]
       end
 
+      begin
+        # Replace all Fluentd placeholder syntaxes (${...} or %{...})
+        endpoint = @endpoint.gsub(%r([$%]{[^}]+}), REPLACED_ENDPOINT_PLACEHOLDER)
+        # If @endpoint has placeholder as host name, then, @endpoint_host == REPLACED_ENDPOINT_PLACEHOLDER
+        @endpoint_host = URI.parse(endpoint).host
+      rescue URI::InvalidURIError => e
+        raise Fluent::ConfigError, "Invalid endpoint URI: #{@endpoint} (#{e.message})"
+      end
+
       @http_opt = setup_http_option
       @proxy_uri = URI.parse(@proxy) if @proxy
       @formatter = formatter_create
@@ -278,7 +296,19 @@ module Fluent::Plugin
 
     def parse_endpoint(chunk)
       endpoint = extract_placeholders(@endpoint, chunk)
-      URI.parse(endpoint)
+      uri = URI.parse(endpoint)
+
+      if @endpoint_host != uri.host
+        if @allowed_hosts.empty?
+          raise Fluent::UnrecoverableError, "allowed_hosts is strictly required when using placeholders in the endpoint host"
+        end
+
+        unless @allowed_hosts.include?(uri.host)
+          raise Fluent::UnrecoverableError, "Not allowed host: #{uri.host}"
+        end
+      end
+
+      uri
     end
 
     def set_headers(req, uri, chunk)

data/lib/fluent/plugin/output.rb

@@ -44,6 +44,8 @@ module Fluent
       CHUNK_KEY_PLACEHOLDER_PATTERN = /\$\{([-_.@$a-zA-Z0-9]+)\}/
       CHUNK_TAG_PLACEHOLDER_PATTERN = /\$\{(tag(?:\[-?\d+\])?)\}/
       CHUNK_ID_PLACEHOLDER_PATTERN = /\$\{chunk_id\}/
+      INVALID_PATH_COMPONENT_PATTERN = %r{\.\.[/\\]|^[/\\]}
+      PARENT_DIRECTORY_PATTERN = %r{\.\.[/\\]}
 
       CHUNKING_FIELD_WARN_NUM = 4
 
@@ -372,6 +374,13 @@ module Fluent
             buf_type = Plugin.lookup_type_from_class(@buffer.class)
             log.warn "'flush_at_shutdown' is false, and buffer plugin '#{buf_type}' is not persistent buffer."
             log.warn "your configuration will lose buffered data at shutdown. please confirm your configuration again."
+          else
+            if Fluent.windows? && @buffer.persistent?
+              service_timeout = read_wait_to_kill_service_timeout
+              if service_timeout && service_timeout <= 5000 # default value might varies on windows client/server
+                log.warn "your WaitToKillServiceTimeout=#{service_timeout} registry configuration seems too short. Recommend to extend the value of 'HKLM\\SYSTEM\\CurrentControlSet\\Control\\WaitToKillServiceTimeout' to prevent buffer corruption from a forced shutdown"
+              end
+            end
           end
 
           if (@flush_mode != :interval) && buffer_conf.has_key?('flush_interval')
@@ -418,6 +427,22 @@ module Fluent
         self
       end
 
+      def read_wait_to_kill_service_timeout
+        if Fluent.windows?
+          begin
+            require "win32/registry"
+            Win32::Registry::HKEY_LOCAL_MACHINE.open("SYSTEM\\CurrentControlSet\\Control",
+                                                     Win32::Registry::KEY_READ) do |reg|
+              reg["WaitToKillServiceTimeout"].to_i
+            end
+          rescue => e
+            log.warn "'flush_at_shutdown' is true, but can't check WaitToKillServiceTimeout registry configuration", error: e
+          end
+        else
+          nil # not supported
+        end
+      end
+
       def keep_buffer_config_compat
         # Need this to call `@buffer_config.disable_chunk_backup` just as before,
         # since some plugins may use this option in this way.
@@ -802,9 +827,17 @@ module Fluent
           # ${tag}, ${tag[0]}, ${tag[1]}, ... , ${tag[-2]}, ${tag[-1]}
           if @chunk_key_tag
             if str.include?('${tag}')
+              if metadata.tag.match?(INVALID_PATH_COMPONENT_PATTERN)
+                raise Fluent::UnrecoverableError, "Invalid path component detected in tag: #{metadata.tag}"
+              end
+
               rvalue = rvalue.gsub('${tag}', metadata.tag)
             end
             if CHUNK_TAG_PLACEHOLDER_PATTERN.match?(str)
+              if metadata.tag.match?(INVALID_PATH_COMPONENT_PATTERN)
+                raise Fluent::UnrecoverableError, "Invalid path component detected in tag: #{metadata.tag}"
+              end
+
               hash = {}
               tag_parts = metadata.tag.split('.')
               tag_parts.each_with_index do |part, i|
@@ -835,10 +868,21 @@ module Fluent
             end
 
             rvalue = rvalue.gsub(CHUNK_KEY_PLACEHOLDER_PATTERN) do |matched|
-              hash.fetch(matched) do
+              replace = hash.fetch(matched) do
                 log.warn "chunk key placeholder '#{matched[2..-2]}' not replaced. template:#{str}"
                 ''
               end
+              if replace.to_s.match?(INVALID_PATH_COMPONENT_PATTERN)
+                raise Fluent::UnrecoverableError, "Invalid path component detected in #{matched}: #{replace}"
+              end
+
+              replace
+            end
+            # Check if the number of parent directory components (../) has increased due to variable substitution
+            if rvalue.match?(PARENT_DIRECTORY_PATTERN)
+              if rvalue.scan(PARENT_DIRECTORY_PATTERN).size > str.scan(PARENT_DIRECTORY_PATTERN).size
+                raise Fluent::UnrecoverableError, "Invalid path component detected, replaced to: #{rvalue}"
+              end
             end
           end
 

data/lib/fluent/plugin/parser_csv.rb

@@ -47,6 +47,11 @@ module Fluent
 
       def parse(text, &block)
         values = CSV.parse_line(text, col_sep: @delimiter)
+        unless values
+          yield nil, nil
+          return
+        end
+
         r = Hash[@keys.zip(values)]
         time, record = convert_values(parse_time(r), r)
         yield time, record

data/lib/fluent/plugin/storage_local.rb

@@ -85,7 +85,7 @@ module Fluent
           if File.exist?(@path)
             raise Fluent::ConfigError, "Plugin storage path '#{@path}' is not readable/writable" unless File.readable?(@path) && File.writable?(@path)
             begin
-              data = File.open(@path, 'r:utf-8') { |io| io.read }
+              data = File.open(@path, 'r:utf-8:utf-8') { |io| io.read }
               if data.empty?
                 log.warn "detect empty plugin storage file during startup. Ignored: #{@path}"
                 return
@@ -113,7 +113,7 @@ module Fluent
         return if @on_memory
         return unless File.exist?(@path)
         begin
-          json_string = File.open(@path, 'r:utf-8'){ |io| io.read }
+          json_string = File.open(@path, 'r:utf-8:utf-8'){ |io| io.read }
           json = JSON.parse(json_string)
           unless json.is_a?(Hash)
             log.error "broken content for plugin storage (Hash required: ignored)", type: json.class

data/lib/fluent/supervisor.rb

@@ -814,6 +814,20 @@ module Fluent
         @conf += additional_conf
       end
 
+      if Fluent.windows?
+        @conf.elements.each do |element|
+          next unless element.name == 'source'
+          if element['@type'] == 'tail' && element['pos_file']
+            $log.warn("Recommend adding #{File.dirname(element['pos_file'])} to the exclusion path of your antivirus software on Windows")
+          else
+            storage = element.elements.find { |v| v.name == 'storage' and v['@type'] == 'local' }
+            if storage
+              $log.warn("Recommend adding #{File.dirname(storage['path'])} to the exclusion path of your antivirus software on Windows")
+            end
+          end
+        end
+      end
+
       @libs.each do |lib|
         require lib
       end

data/lib/fluent/test/base.rb

@@ -70,7 +70,12 @@ module Fluent
           num_waits.times { sleep 0.05 }
           return yield
         ensure
+          @instance.stop
+          @instance.before_shutdown
           @instance.shutdown
+          @instance.after_shutdown
+          @instance.close
+          @instance.terminate
         end
       end
     end

data/lib/fluent/version.rb

@@ -16,6 +16,6 @@
 
 module Fluent
 
-  VERSION = '1.19.2'
+  VERSION = '1.19.3'
 
 end

metadata

@@ -1,13 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluentd
 version: !ruby/object:Gem::Version
-  version: 1.19.2
+  version: 1.19.3
 platform: ruby
 authors:
 - Sadayuki Furuhashi
+autorequire:
 bindir: bin
 cert_chain: []
-date: 1980-01-02 00:00:00.000000000 Z
+date: 2026-06-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -531,7 +532,6 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- ".deepsource.toml"
 - ".rubocop.yml"
 - ADOPTERS.md
 - AUTHORS
@@ -691,6 +691,7 @@ files:
 - lib/fluent/plugin/buffer/memory_chunk.rb
 - lib/fluent/plugin/compressable.rb
 - lib/fluent/plugin/exec_util.rb
+- lib/fluent/plugin/extractor.rb
 - lib/fluent/plugin/file_util.rb
 - lib/fluent/plugin/filter.rb
 - lib/fluent/plugin/filter_grep.rb
@@ -869,6 +870,7 @@ metadata:
   source_code_uri: https://github.com/fluent/fluentd
   changelog_uri: https://github.com/fluent/fluentd/blob/master/CHANGELOG.md
   bug_tracker_uri: https://github.com/fluent/fluentd/issues
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -883,7 +885,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.9
+rubygems_version: 3.5.22
+signing_key:
 specification_version: 4
 summary: Fluentd event collector
 test_files: []

data/.deepsource.toml

@@ -1,13 +0,0 @@
-version = 1
-
-test_patterns = ["test/**/test_*.rb"]
-
-exclude_patterns = [
-    "bin/**",
-    "docs/**",
-    "example/**"
-]
-
-[[analyzers]]
-name = "ruby"
-enabled = true