openshift · theashiot · Jun 17, 2025
diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml
@@ -3,6 +3,8 @@ Name: About OpenShift logging
 Dir: about
 Distros: openshift-logging
 Topics:
+- Name: Logging 6.3 release notes
+  File: logging-release-notes
 - Name: Logging overview
   File: about-logging
 - Name: Cluster logging support

diff --git a/about/logging-release-notes.adoc b/about/logging-release-notes.adoc
@@ -0,0 +1,9 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+[id="logging-release-notes"]
+Logging 6.3 release notes
+:context: logging-release-notes
+
+toc::[]
+
+include::modules/logging-release-notes-6-3-0.adoc[leveloffset=+1]
diff --git a/modules/logging-release-notes-6-3-0.adoc b/modules/logging-release-notes-6-3-0.adoc
@@ -0,0 +1,78 @@
+// Module included in the following assemblies:
+//
+// * about/logging-release-notes.adoc
+
+
+:_mod-docs-content-type: REFERENCE
+[id="logging-release-notes-6-3-0_{context}"]
+= Logging 6.3.0 Release Notes
+
+TODO
+//This release includes link:https://access.redhat.com/errata/RHBA-2025:2398[{logging-uc} {for} Bug Fix Release 6.2.0].
+
+[id="openshift-logging-release-notes-6-3-0-enhancements_{context}"]
+== New Features and Enhancements
+
+=== Log Collection
+
+* With this release, you can configure multiple {aws-first} outputs with distinct IAM roles in the `clusterLogForwarder` resource. (https://issues.redhat.com/browse/LOG-6790[LOG-6790])
+
+* With this release, you can configure affinity rules to control collector scheduling. (https://issues.redhat.com/browse/LOG-6858[LOG-6858])
+
+* With this release, default values of Splunk metadata keys: index, indexed fields, source, and message payload are predefined for log forwarders. The values are based on the log type. As a user, you can override these values. (https://issues.redhat.com/browse/LOG-6859[LOG-6859]) 
+
+=== Log Storage
+* With this release, you can specify the S3 secret in the `forcepathstyle` field. Use this field to configure Loki to use either path style or virtual host style S3 URL. By default, {aws-short} endpoints use the virtual host style URL, equivalent to setting the `forcepathstyle` attribute to `false`. (https://issues.redhat.com/browse/LOG-7024?[LOG-7024])
+
+[id="logging-release-notes-6-2-0-technology-preview-features_{context}"]
+== Technology Preview
+
+:FeatureName: The OpenTelemetry Protocol (OTLP) output log forwarder
+include::snippets/technology-preview.adoc[]
+
+
+
+[id="logging-release-notes-6-2-0-bug-fixes_{context}"]
+== Bug Fixes
+
+* Before this update, alerting rules created by the {loki-op} incorrectly used the `message` field to display the message related to the alert. With this update, the alerting rules correctly use the `description` field.
+(https://issues.redhat.com/browse/LOG-6380[LOG-6380]) 
+
+* Before this update, alerting rules were visible in unrelated namespaces due to lack of filtering based on the namespace in the Prometheus rules endpoint. As a consequence, user alerts were visible in unrelated namespaces. With this update, rule label filters have been added to the handler configuration, preventing alerts from being visible in unrelated namespaces. As a result, alert visibility is now restricted to the original namespace. (https://issues.redhat.com/browse/LOG-6148[LOG-6148])
+
+
+* Before this update, `ClusterLogForwarder` CR status updates failed due to an incorrect patching method. As a consequence, the {clo} failed to update objects, causing log data inconsistencies. With this release, `ClusterLogForwarder` CR status uses the `Patch()` method instead of the `Update()` method. As a result, the {clo} no longer fails to update the object, improving log forwarding stability. (https://issues.redhat.com/browse/LOG-6539[LOG-6539]) 
+
+* Before this update, the Vector collector could not forward OpenShift Virtual Network (OVN) and auditd logs. With this update, OTLP semantic conventions table has been improved to support  OVN logs and auditd logs in observability pipelines. As a result, OVN and auditd logs are successfully forwarded. (https://issues.redhat.com/browse/LOG-6711[LOG-6711])
+
+
+* Before this update, the loki-gateway did not enforce fine-grained authorization on the `/series` endpoint for the `application` tenant. As a consequence, users could get unauthorized access to the stream metadata information from different log streams. With this update, the `/series` endpoint uses the `match` parameter instead of the `query` parameter to filter the series metadata that is returned for a request. As a result, loki-gateway correctly enforces fine-grained authorization for the `/series` endpoint for the `application` tenant. (https://issues.redhat.com/browse/LOG-6892[LOG-6892]) 
+
+* Before this update, Loki ingesters that got into an unhealthy state due to networking issues stayed in that state even when the network recovered. With this update, the {loki-op} adds a configuration option that configures Loki to perform service discovery more often, which makes unhealthy ingesters rejoin the group. (https://issues.redhat.com/browse/LOG-6987[LOG-6987])
+
+* Before this update, the Loki distributor returned parsing errors on receiving logs without the `responseStatus.code` field, when using the OpenTelemetry (OTEL) data model. As a consequence, users saw parsing errors in Loki audit logs. With this release, empty `k8s.audit.event.response.code` Loki attributes in logs are ignored. As a result, users do not see parsing errors in Loki audit logs. (https://issues.redhat.com/browse/LOG-7028[LOG-7028])
+
+
+
+////
+* Before this update, the timestamp shown in the console logs did not match the `@timestamp` field in the message. With this update the timestamp is correctly shown in the console. (link:https://issues.redhat.com/browse/LOG-6222[LOG-6222])
+
+* The introduction of `ClusterLogForwarder` 6.x modified the `ClusterLogForwarder` API to allow for a consistent templating mechanism. However, this was not applied to the `syslog` output spec API for the `facility` and `severity` fields. This update adds the required validation to the `ClusterLogForwarder` API for the `facility` and `severity` fields. (https://issues.redhat.com/browse/LOG-6661[LOG-6661])
+
+* Before this update, an error in the {loki-op} generating the Loki configuration caused the amount of workers to delete to be zero when `1x.pico` was set as the `LokiStack` size. With this update, the number of workers to delete is set to 10. (https://issues.redhat.com/browse/LOG-6781[LOG-6781])
+////
+
+[id="logging-release-notes-6-3-0-known-issues_{context}"]
+== Known Issues
+
+
+* When forwarding logs to a syslog output, the produced message format is inconsistent between Fluentd and Vector log collectors. Vector messages are within quotes, whereas Fluentd messages are not. As a consequence, users might face issues with their tool integrations when they migrate from Fluentd to Vector. (link:https://issues.redhat.com/browse/LOG-7007[LOG-7007])
+
+[id="logging-release-notes-6-2-0-CVEs_{context}"]
+== CVEs
+
+TODO
+////
+* link:https://access.redhat.com/security/cve/CVE-2020-11023[CVE-2020-11023]
+* link:https://access.redhat.com/security/cve/CVE-2024-12797[CVE-2024-12797]
+////