Kibana breaking changes
editKibana breaking changes
editThis list summarizes the most important breaking changes in Kibana 7.0.1. For the complete list, go to Kibana breaking changes.
Saved object structure change
editDetails: Saved objects no longer contain ids of other saved objects under attributes
. They have been moved under references
with a named reference in attributes
.
Example structure before:
{ ... "attributes": { ... "panelsJSON": [{ ... "type": "visualization", "id": "dbf71bb0-ffad-11e8-acfd-d359b3d9069" }] } }
Example structure after:
{ { ... "attributes": { ... "panelsJSON": [{ ... "panelRefName": "panel_0" }] }, "references": [{ "name": "panel_0", "type": "visualization", "id": "dbf71bb0-ffad-11e8-acfd-d359b3d9069" }] }
Impact: Users who query directly for ids will have to use the new hasReference
in the find API. Users who save ids within attributes will have to move them into the references
attribute and have a named reference to it.
Removed support for using PhantomJS browser for screenshots in Reporting
editDetails: Since the first release of Kibana Reporting, PhantomJS was used as
the headless browser to capture screenshots of Kibana dashboards and
visualizations. In that short time, Chromium has started offering a new
headless browser library and the PhantomJS maintainers abandoned their project.
We started planning for a transition in 6.5.0, when we made Chromium the
default option, but allowed users to continue using Phantom with the
xpack.reporting.capture.browser.type: phantom
setting. In 7.0, that setting
will still exist for compatibility, but the only valid option will be
chromium
.
Impact: Before upgrading to 7.0, if you have xpack.reporting.capture.browser.type
set in kibana.yml, make sure it is set to chromium
.
Reporting 7.0 uses a version of the Chromium headless browser that RHEL 6, CentOS 6.x, and other old versions of Linux derived from RHEL 6. This change effectively removes RHEL 6 OS server support from Kibana Reporting. Users with RHEL 6 must upgrade to RHEL 7 to use Kibana Reporting starting with version 7.0.0 of the Elastic stack.
Legacy browsers (namely IE11) will see a security warning message whenever they load Kibana
editDetails: Kibana now has a Content Security Policy, but it’s only effective if browsers enforce it, and since older browsers like Internet Explorer 11 do not support CSP, we show them a warning message whenever they load Kibana.
Impact: Nothing needs to be done necessarily, but if you don’t need to support legacy browsers like IE11, we recommend
that you set csp.strict: true
in your kibana.yml to block access to those browsers entirely. If your organization requires
users to use IE11, you might like to disable the warning entirely with csp.warnLegacyBrowsers: false
in your kibana.yml.
Optimization step deferred until server start
editDetails: Prior versions of Kibana would run the optimization step after each plugin installation. This is now run on server start when necessary.
Impact: Users can trigger a standalone optimization after all plugins have been installed with bin/kibana --optimize
or let the server manage it on startup.
Removed support for users relying on direct index privileges to the Kibana index in Elasticsearch
editDetails: With the introduction of Kibana RBAC in 6.4, users no longer require privileges to the Kibana index in Elasticsearch. Instead, users
should be granted Kibana privileges. Prior to 7.0, when a user that relies upon direct index privileges logs into Kibana, a deprecation warning is logged. The only role that should have privileges to the Kibana index in Elasticsearch is the kibana_system
role, or a custom role which the Kibana server uses. If you are using the kibana_user
or kibana_dashboard_only_user
role to grant access to Kibana, or a custom role using Kibana privileges, no changes are required.
Impact: You must change any roles which grant access to Kibana using index privileges to instead use Kibana privileges. Watcher jobs using the Reporting attachment type must be updated as well.
elasticsearch.ssl.ca
is no longer valid
editDetails: The deprecated elasticsearch.ssl.ca
setting in the kibana.yml
file has been removed.
Impact: Use elasticsearch.ssl.certificateAuthorities
instead.
elasticsearch.ssl.cert
is no longer valid
editDetails: The deprecated elasticsearch.ssl.cert
setting in the kibana.yml
file has been removed.
Impact: Use elasticsearch.ssl.certificate
instead.
elasticsearch.ssl.verify
is no longer valid
editDetails: The deprecated elasticsearch.ssl.verify
setting in the kibana.yml
file has been removed.
Impact: Use elasticsearch.ssl.verificationMode
instead. If you set
elasticsearch.ssl.verify
to true
, that is equal to setting
elasticsearch.ssl.verificationMode
to full
.
elasticsearch.url
is no longer valid
editDetails: The deprecated elasticsearch.url
setting in the kibana.yml
file
has been removed.
Impact: Use elasticsearch.hosts
instead. In prior versions of Kibana, if no
port was specified in elasticsearch.url
, a default of 9200 was chosen. The
port in elasticsearch.hosts
is protocol dependent: https ports will use 443,
and http ports will use 80. If your elasticsearch.url
setting was dependent on
an unspecified port set to 9200, append :9200
to the url in the
elasticsearch.hosts
setting.