Why:
Keep the scheduled 8.2606 release notes current after recent
user-visible and maintainer-visible changes accumulated.
Impact:
Release-note readers see the important recent changes.
Before/After:
Before, the block stopped at older entries. After, it covers
recent selected fixes and features without listing generic churn.
Technical Overview:
- Add selective entries for new modules and user-visible fixes.
- Keep broad hardening and testbench work under the existing umbrella.
- Preserve the established 8.2606 ChangeLog style and issue links.
- Leave build, CI, and low-signal documentation churn out of the block.
With the help of AI-Agents: Codex
Why:
Large rsyslog deployments cannot flip a fleet of omfwd clients to
stream compression in lockstep. Until now imptcp listeners had to
be configured as either "stream:always" or "none", which forces a
flag-day migration or running two parallel listeners on different
ports. This blocks staged roll-outs across hundreds of senders.
Impact:
Adds a new compression.mode value "stream:auto". Default behaviour
is unchanged. A new testbench script,
tests/imptcp-stream-compression-auto.sh, exercises a mixed
compressed/plain session pair on a single listener.
Before/After:
Before: one imptcp listener accepts only compressed OR plain.
After: "stream:auto" accepts both; detection is per-session and
locked-in after the first 2 bytes.
Technical overview:
- First 2 bytes of every new session are matched against the
RFC 1950 zlib header: CMF byte must equal 0x78 (deflate, default
32 KiB window - what every omfwd build emits via deflateInit()),
the FCHECK must be valid, and FDICT must be clear.
- A plain syslog frame always starts with an ASCII digit
(octet-counted framing) or '<' (non-transparent framing), so the
probe is conclusive in practice and avoids false positives.
- Detection state lives in ptcpsess_s; after the verdict the
per-session compressionMode field is rewritten to STREAM_ALWAYS
or NEVER so the steady-state DataRcvd() path is unchanged and
stays branch-free.
- Sniffed bytes are re-injected into the chosen path so no data
is lost across the probe boundary.
- Documentation, ChangeLog and a new testbench entry are included.
Why:
Keep the scheduled 8.2606 release notes current with recent
user-visible changes.
Impact:
Release notes now cover selected important changes through
2026-05-20.
Before/After:
Before, recent fixes and features were missing. After, they are
summarized in the current release block.
Technical Overview:
Add entries for imptcp hardening and truncation fixes.
Document maxOpenFiles, gtls diagnostics, and wolfSSL revocation
support.
Include selected config, runtime, build, ommail, and
omelasticsearch changes.
Leave CI, test-only, and minor documentation churn out of the
release notes.
With the help of AI-Agents: Codex
Why: Distro builds must not silently change rsyslog features based
on whether libyaml development files happen to be installed.
Impact: Default builds now require yaml-0.1 unless --disable-libyaml
is passed explicitly.
Before/After: Before, configure auto-disabled libyaml features;
after, the default fails fast and opt-out builds are explicit.
Technical Overview: Add an AC_ARG_ENABLE(libyaml) configure switch
with default yes. When enabled, require the yaml-0.1 pkg-config
module and define HAVE_LIBYAML only on success. When disabled,
keep HAVE_LIBYAML unset and preserve the existing runtime behavior
for YAML files in no-libyaml builds.
Add libyaml development packages to GitHub Actions dependency
installation paths and make the container CI helper install libyaml
inside stale prebuilt CI images when yaml-0.1 is absent. Update the
YAML configuration documentation and add a maintainer-facing ChangeLog
note for the packaging behavior change.
Closes https://github.com/rsyslog/rsyslog/issues/6914
With the help of AI-Agents: Codex
Why
The DTLS modules (imdtls and omdtls) have a runtime dependency on the
OpenSSL network stream driver (lmnsd_ossl.la). Previously, the build
would succeed in a broken state if OpenSSL support was not also
explicitly enabled, leading to runtime failures or test crashes.
Impact
Build configuration. The configure script will now fail with a
descriptive error message if DTLS is enabled but OpenSSL is not.
Before/After
Before: configure --enable-imdtls succeeded even with OpenSSL disabled,
resulting in a missing lmnsd_ossl.la driver.
After: configure --enable-imdtls fails unless --enable-openssl is also
active.
Closes: https://github.com/rsyslog/rsyslog/issues/5339
Why:
The YAML policy file should cover the full transformation behavior that
mmjsontransform exposes, so operators can update policy-driven JSON
normalization in one place and reload it on HUP.
Impact: Policy files can now control mode as well as rename/drop rules,
and HUP reload swaps the effective policy atomically.
Before/After:
Before: policy files could only rename or drop keys and the action
parameter mode stayed fixed until restart.
After: policy files can also select flatten or unflatten mode, and HUP
reload updates that mode together with the other policy rules.
Technical Overview:
The action parameter mode remains the fallback default, while the active
policy can now carry its own mode override inside the reloadable policy
state.
The YAML loader validates a top-level mode key, swaps it together with
the rename/drop structures, and keeps the previous in-memory policy when
reload fails.
Action execution resolves the effective mode under the policy lock, so a
single HUP can switch both preprocessing rules and the final transform.
The focused policy test now covers startup flatten mode, HUP reload to
unflatten mode, and invalid-mode reload rejection with retention of the
previous policy.
The docs and ChangeLog were updated to describe the expanded policy
schema and the HUP-reload behavior.
Validation:
- ./devtools/format-code.sh --git-changed
- make -j$(nproc)
- ./tests/mmjsontransform-policy-basic.sh
With the help of AI-Agents: Codex
