3.4.8

3.4.8

Splunk 3.4.7 contained an issue related to password encryption affecting all passwords over 8 characters in length, and was removed from distribution. If you installed or upgraded to version 3.4.7, you must ensure that any user password over 8 characters in length is temporarily reset to be 8 characters or fewer before upgrading to 3.4.8. Once you have upgraded to 3.4.8, user passwords can be any length desired. If you are upgrading from 3.4.6 or earlier, this issue will not affect you.

The following issues have been resolved in this release:

• An issue relating to editing user role mappings when using LDAP auth has been resolved. (SPL-20189)
• The Admin user can now specify whether other users can change their own passwords using the Change_own_password capability. (SPL-19922)
• A file descriptor leak related to failed LDAP binds has been resolved. (SPL-19377)
• Splunk forwarder will now correctly monitor files when monitored directory is moved/deleted and then recreated. (SPL-19196)
• A memory leak on Splunk for Windows related to searching over DST has been resolved. (SPL-20014)
• A command line upgrade on Windows in quiet mode no longer prompts for user input on "Perform migration and upgrade without previewing configuration changes? [y/n]" if the appropriate flag (--answer-yes or --answer-no) has been passed. (SPL-17789)
• Splunk will now clear any index lock files present at startup (SPL-19387)
• EventTypes now properly support negated equality clauses such as NOT= or !=. (SPL-18302)
• An issue with timestamp parsing of Windows Event Log events for ASP.Net errors in IIS deployments (and similarly structured events) has been resolved. (SPL-18697)
• The correct response code is now returned (200) when making an API call that returns no results. (SPL-19217)