I see that Splunk 5.0.3 was released a few days ago to resolve some security issues. I was unaware of this security update until my security team informed me of a security notice passed on via CERT.
http://www.splunk.com/page/securityportal tells me that I can receive security alerts via RSS:
Stay up to date on security announcements. Subscribe to our RSS feed to be alerted of new announcements.
In addition, my Splunk installation is not informing me of a new release. There is no mention of any update within the application, anywhere. Splunk does not use yum/RPM repositories for Red Hat Enterprise Linux-derived OSes and does not provide an apt-repository for Debian & Ubuntu OSes, which are other tools that helps system administrators with our busy busy work.
I don't use RSS feeds, nor do most people. I manage a hundred different applications, and Splunk is just one of them. I really don't have time to constantly check the website for each and every application to see if an update is available. Normally I have tools such as Yum, apt and email-lists that automate most of this work for me. Email is the standard mechanism that most vendors use for Security Notifications. How can I receive Splunk security alerts via email?
I use Splunk with Single Sign On. Therefore the update notice never appears on the Login screen. I tried the old Splunk login page and it doesn't mention anything about an update.
sorry, that was me--i deleted Yann's answer because it wasn't really about your original question (email subscription). i'm getting someone from prodsec to answer that. my apologies! (ps i asked Yann first :))
Great questions Stefan! Thank you for your ideas and input. Splunk tremendously values and encourages this medium for sharing and realizing the future of the big data scientific community.
First, we agree - stay tuned for the email solution you've requested. We're also exploring other communication mechanisms to unify such messaging across digital channels; We're explicitly discussing each of the tools you've proposed. Your Yum question is in immediate focus, and if there's anywhere else you're listening that Splunk ought to be, please do let us know.
Second, 5.0.x versions of Splunk were not affected, and this may be why you didn't receive an alert within Splunk itself. As an example of in-Splunk notification, a 6.0.2 English-language Splunk should show an alert placard with the message "A new maintenance release of Splunk is here" on the login page. If you're on 6.0.x and not receiving this alert, please confirm the Splunk version you are running and any tips for reproduction.
Thanks for the answer. I look forward to the new solution. To confirm, I am using Splunk 5 not Splunk 6. I suppose things are better in Splunk 6 but I'm unable to find the time to upgrade. Hopefully soon.