2026-03-05 Version 2.14.1

Bug Fixes

• Fix breaking changes in otel_logs_source (#6600, #6572)

2026-02-25 Version 2.14.0

Breaking Changes

• Report sinkRequestLatency and sqsSinkRequestLatency metrics with time units. If you were previously using the scale of these metrics is now different. (#6513, #6510)

Features

• Add otel_apm_service_map for application performance monitoring service map along with deriving remote service and operation (#6482, (#6539)
• Streaming Lambda response support in the Data Prepper Lambda processor (#5973)

Enhancements

• Support for ARM architectures (#640)
• Enable cross-region writes in the S3 sink. (#6323)
• Support files larger than 2GB in S3/SQS (#5276)
• RDS source now handles MySql decimal data types when precision value is 19 or higher (#6339)
• Make CloudWatchLogs sink retry indefinitely for retryable errors when no DLQ configured (#6300)
• Reduce the Data Prepper tar.gz and Docker image sizes (#3356)
• Improve Logging for OpenSearch Source when there are no matching indices. (#6341)
• Make shutdown timeout configurable to prevent message loss during scale-down (#6442)
• Support compressed files in file source (#5245)

Bug Fixes

• Flush remaining data to S3 during shutdown (#6424)
• Remove usage of buffer accumulator from Kafka custom consumer (#6357)

Security

• protobuf-4.25.8-cp37-abi3-manylinux2014_x86_64.whl: 1 vulnerabilities (highest severity is: 8.6) (#6441)
• urllib3-2.5.0-py3-none-any.whl: 2 vulnerabilities (highest severity is: 7.5) - autoclosed (#6344)
• werkzeug-3.0.6-py3-none-any.whl: 2 vulnerabilities (highest severity is: 5.3) (#6326)

Maintenance

• OpenSearch 3 Verification (#6485)
• Use a different Gradle plugin for Docker (#5313)

2026-02-16 Version 2.13.1

Bug Fixes

• Remove json creator annotation from no-arg constructor in SinkForward (#6474)

Security

• Rhino 1.7.15.1 (#6522)
• Netty 4.1.131 (#6521)
• Log4j 2.25.3 (#6517)

2025-10-14 Version 2.12.2

Security

• Require full TLS trust in OpenSearch plugins by default unless insecure is configured. Fixes CVE-2025-62371 / GHSA-43ff-rr26-8hx4. (#6171)
• Use standard TLS when downloading the geoip database from an HTTP URL. Fixes GHSA-3xgr-h5hq-7299. (#6167)
• Use the TLS protocol identifier. Fixes GHSA-28gg-8qqj-fhh5. (#6166)
• Updated Netty to 4.1.125 to resolve CVE-2025-55163, CVE-2025-58057, CVE-2025-58056 (#6085, #5998)
• Updated commons-lang to 3.18.0 to resolve CVE-2025-48924 (#6085)
• Updated BouncyCastle to 1.81 to resolve CVE-2025-8916 (#6085)

Maintenance

• Update the bundled JDK to 17.0.16. (#6172)
• Require the smoke tests to pass before attempting to promote. (#6086)

2025-08-05 Version 2.12.1

Bug Fixes

• Service Map does not rotate with multiple workers (#5901)
• Fixes a regression in core where @SingleThread annotated processors are only running the last instance. (#5904)
• geoip S3 download fails to handle existing files during download (#5898)
• geoip local file fails to handle existing files during download (#5899)

Security

• CVE-2025-46762 - Parquet 1.15.2 (#5923)
• CVE-2025-48734 - commons-beanutils 1.11.0 and Checkstyle 10.26.1 (#5923)
• CVE-2024-57699 - json-smart 2.5.2 (#5923)
• CVE-2025-24970 - Netty 4.1.123 (#5923)
• CVE-2025-27817 - Apache Kafka 3.9.1 and Confluent Kafka 7.9.1 (#5923)
• CVE-2024-7254 - protobuf-java 3.25.5 (#5924)
• CVE-2025-49146 - Postgresql JDBC driver 42.7.1 (#5936)
• CVE-2025-23206 - aws-cdk-lib 2.190.0 (#5925)
• CVE-2025-5889 - aws-cdk-lib 2.190.0 (#5925)
• CVE-2025-47273 - setuptools v78 (#5926)

Maintenance

• Updated the smoke tests scripts to use the end-to-end tests (#5913)

2025-06-26 Version 2.12.0

Breaking Changes

Features

• OTel telemetry unified source (#5596)
• Add SQS sink to Data Prepper (#5634)
• KDS cross account stream (#5687)
• Add otlp sink (for AWS X-Ray) (#5663)
• Adds the Modulus operator to Data Prepper expressions (#5685)
• Add API tokens as an Authc/z method for OpenSearch Sink (#5549)
• Add support for convering keys to lowercase/uppercase in RenameKeyProcessor (#5810)
• Add multi-line csv support (#5784)
• Add auto conversion option to convert_type processor (#5782)
• Add detect format processor (#5774)
• Add getEventType() expression function (#5686)

Enhancements

• Allow plugins to access the default pipeline role (#4958)
• Allow disabling metrics (#5431)
• Support enabling specific experimental plugins (#5675)
• Make opensearch source scroll timeout configurable and increase default value (#5679)

Bug Fixes

• [BUG] OpenTelemetry Spans are indexed using the span id causing collisions (#5370)
• [BUG] _default route no longer seems to exist in 2.11.0 (#5763)
• Fix kafka source with glue registry (#5765)

Security

• protobuf-3.19.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl: 1 vulnerabilities (highest severity is: 7.5) (#5802)
• urllib3-2.2.2-py3-none-any.whl: 2 vulnerabilities (highest severity is: 5.3) (#5801)
• protobuf-3.20.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl: 1 vulnerabilities (highest severity is: 7.5) (#5800)
• urllib3-1.26.19-py2.py3-none-any.whl: 2 vulnerabilities (highest severity is: 5.3) (#5799)

Maintenance

• Refactor maven downloading logic to be dynamic (#5826)

2025-04-24 Version 2.11.0

Breaking Changes

• The Docker task no longer runs as root. This may break existing Docker compose configurations. For example, mapping the .aws directory to the /root/.aws directory should map it to /.aws instead.

Features

• Support AWS Aurora/RDS PostgreSQL as source (#5309)
• Support SQS as a Source (#1049)
• Jira Connector - to seamlessly sync all the ticket details to OpenSearch (#4754)
• AWS Lambda as Processor and Sink (#4699)
• Support AWS Aurora/RDS MySQL as source (#4561)
• AWS Lambda as Sink (#4170)
• Integrate OpenSearch Ml-Commons into Data Prepper (#5509)

Enhancements

• Update OTel Protobuf specification (#5434)
• Data Prepper support for dynamic renaming of keys (#4849)
• S3 DLQ should pass expected bucket owner to PutObject request (#5498)
• AWS Secrets Manager Plugin does not support sts_header_overrides (#5475)
• Support configurable stream read constraints max length in the JSON input codec (#5466)
• Support reading S3 object metadata only (#5433)
• Kafka local AWS Glue registry support (#5377)
• Address Scale Items for Lambda Processor and Sink (#5031)
• Add support to skip remote peer forwarding based on configuration (#5127)
• Add index_types for OTel logs and metrics #3148 (#3929)
• Send RetryInfo on OTel timeouts to improve or clarify backpressure on OTel gRPC sources (#4294, #4119)
• Enhance Lambda processor to retry based on certain class of exception (#5340)
• Support multiple delete_when condition in delete_entries processor (#5315)
• Add additional index_types (#3148)
• Add experimental feature concept (#2695)

Bug Fixes

• NullPointerException on S3 Delete Event Due to Null Object Size (#5448)
• Index Template with flat_object type field fails during deserialization (#5425)
• DynamoDB source with acknowledgements expires frequently (#5412)
• Kinesis source doesn't pass the given polling retrieval config to underlying KCL (#5269)
• UTF-8 Character Encoding Issues in opensearchproject/data-prepper container (#5238)
• Validate that routes configured in the sink exist on startup of Data Prepper (#5106)
• Escaping of "/" in json pointers (#5101)
• DynamoDB Source doesn't support parsing data with Control Characters (#5027)

Security

• [docker] Run as non root (#5311)
• werkzeug-3.0.3-py3-none-any.whl: 2 vulnerabilities (highest severity is: 7.5) (#5122)

Maintenance

• Migrate existing plugins to use POJO configuration classes. (#5246)
• Support examples in documentation (#5077)
• End-to-end log test failing when index name has DateTime pattern suffix in OpenSearch Sink Config (#984)

2025-04-16 Version 2.10.3

Security

• Updates Parquet to 1.15.1. Fixes CVE-2025-30065. (#5597)

2024-12-09 Version 2.10.2

Bug Fixes

• FIX: missed exception in plugin error (#5105)

Security

• Fix otel_logs_source server configuration for getHttpAuthenticationService. Fixes CVE-2024-55886. (#5215)