Hi all,
As we noted in Announcing Graylog v4.1.2, Graylog 4.1.2, along with 4.0.10 and 3.3.14 have recently been released and all patch a security flaw within Graylog. It is highly recommended that you upgrade to one of these versions to avoid leaking session IDs. If you’re not able to upgrade, note that you’ll have to manually clear session IDs until you’re able to upgrade. You can find more details here: Graylog Security Patch: Session ID Leak | Graylog