Skip to content

DAVE-6.4.4 release notes

This document is a summary of content, changes, limitations and fixes of this release as compared to DAVE-6.4.3 release.

Refer to the the Punchplatform official site if you look for the complete documentations and resources.

The documentation for this release can be found inside the deployment archives (standalone and deployer versions), and at

Note about upgrades: Please carefully review the documentation for this release before upgrading your clusters. The upgrade notes (e.g. upgrade from 6.3 to 6.4) discuss every critical information about compatibility issues, breaking changes, performance changes, and any other configuration changes that might impact your Punchplatform.


Elasticsearch / Opensearch security

Deploy with another user

It is now possible to deploy security plugins on Elasticsearch / Opensearch with another user than admin:admin. Please refer to Opendistro documentation.

Auto expand replicas on audit index

By default, the Opendistro Security audit index has one replica. As a result, clusters with one node were in yellow state. Now, the deployer pushes an index template with "index.auto_expand_replicas": "0-1" on this index.

Key Value and Escaping

The punchlang key value operator has been fixed. Because it might change the behavior of your parser we insist on explaining the change.

Some logs could not be correctly parsed into key value documents because of the ambiguity between quotes and escaped quotes. Consider the following string:

path="c:\folder\docs\" type="exe" 
The kv operator must have a way to detect that the last '\' is par t of the path, and is not an escape character. The kv operator now deals correctly with this issue. The change in behavior is possible if your parser did not succeed in parsing some pathological strings. With this release, the parser will succeed. Make sure you pay attention to your kv operator usage before updating to this release.

Breaking changes

Refer to the Migration Guide.


  • #0001 upgrade punch feedback plugin to 2.1.3 to fix freeze on refresh
  • #1836 make it possible to deploy elastic with custom user
  • #1759 patch procedure for deployer roles
  • #1849 remove replica on opendistro security audit index on single node clusters
  • #1868 replace deprecated supervisor logrotate to systemd logrotate

Bug Fixes

  • #1850 ansible section in deployment settings does not work
  • #1852 missing sshpass requirement in deployer doc
  • #1856 cannot deploy opendistro security plugin on kibana
  • #1804 Topic config in channel structure is not working
  • #0001 kibana punch documentation not reachable
  • #1783 channelct configure fails if "name" doesn't match a template
  • #1829 failed extractions marked as running
  • #1832 kafka GC log rotation not working as expected
  • #1855 escaping issue in the punchlang key value operator
  • #1865 storm workers-artifacts old logs not removed
  • #1862 enable deployment of multi punch gateway services on the same server
  • #1863 elastalert rule failed when some values are None
  • #1869 elastalert rule loading not working after modification
  • #1873 elasticsearch logs partition filled too quickly

Security Fixes

Internal tasks

  • #1831 script to generate cert with multi interfaces


Known bugs