- Installation and Upgrade Guide: other versions:
- Overview
- Installing the Elastic Stack
- Installing in an air-gapped environment
- Serverless changelog
- Breaking changes
- Release notes
- Upgrade to Elastic 9.0.0-beta1
Kibana release notes
editKibana release notes
editKibana version 9.0.0-rc1
editComing in 9.0.0-rc1.
For information about the Kibana 9.0.0 release, review the following information.
This build contains all changes described in 9.0.0-beta1, in addition to the following changes.
Breaking changes
editKibana security
Removed default --openssl-legacy-provider
.
Details
Legacy OpenSSL algorithms have been disabled by default. Further information on which algorithms can be found at https://docs.openssl.org/3.0/man7/OSSL_PROVIDER-legacy. These can be re-enabled by adding --openssl-legacy-provider
to $KBN_PATH_CONF/node.options. For more information, refer to (#213123).
Enhancements and bug fixes
editEnhancements
edit- Elastic Observability solution
-
- Split Up SLO Details from Overview. Static data that describes the SLO definition has been moved to a separate tab, making charts and valuable information about SLIs faster to access. (#212826).
- Adds the reason message to the rules recovery context (#211411).
- Adds a link to the location badge on synthetics SLOs that sends to the Monitors page with a filter applied that matches the location of the origin SLO (#210695).
Bug fixes
editKibana version 9.0.0-beta1
editFor information about the Kibana 9.0.0 release, review the following information.
Highlights
editNew UI theme. Kibana 9.0 introduces a more modern and refined look and feel. This new theme brings improvements at multiple levels of the interface that will make navigating Kibana and visualizing dashboards easier than ever before.
Breaking changes
editBreaking changes can prevent your application from optimal operation and performance. Before you upgrade to 9.0.0, review the breaking changes, then mitigate the impact to your application.
Usage restrictions on Kibana’s internal APIs.
Details
Starting with this release, requests to internal Kibana APIs are globally restricted by default. This change is designed to provide more flexibility in making breaking changes to internal APIs while protecting external consumers from unexpected disruptions.
Key Changes:
- Internal API Access: External consumers no longer have access to Kibana’s internal APIs, which are now strictly reserved for internal development and subject to frequent changes. This helps ensure that external integrations only interact with stable, public APIs.
- Error Handling: When a request is made to an internal API without the proper internal identifier (header or query parameter), Kibana will respond with a 400 Bad Request error, indicating that the route exists but is not allowed under the current Kibana configuration.
For more information, refer to (#193792).
Alerts and cases
Removed 7.x deprecated kibana.yml settings.
Details
The following deprecated configuration settings were removed:
-
xpack.actions.customHostSettings.ssl.rejectUnauthorized
-
xpack.actions.whitelistedHosts
-
xpack.actions.rejectUnauthorized
-
xpack.actions.proxyRejectUnauthorizedCertificates
-
xpack.alerts.healthCheck
-
xpack.alerts.invalidateApiKeysTask.interval
-
xpack.alerts.invalidateApiKeysTask.removalDelay
-
xpack.alerting.defaultRuleTaskTimeout
For more information, refer to (#198435).
Removed deprecated Cases APIs.
Removed deprecated alerts routes.
Details
The deprecated legacy alerts routes api/alerts/alert
were removed. For more information, refer to (#203148).
Discover and dashboards
Disabled search sessions by default.
Details
Search sessions are now disabled by default. For more information, refer to (#203927).
Saved query privileges have been reworked.
Details
Saved query privileges have been reworked to rely solely on a single global savedQueryManagement
privilege, and eliminate app-specific overrides (e.g. implicit access with all
privilege for Discover, Dashboard, Maps, and Visualize apps). This change simplifies the security model and ensures consistency in the saved query management UI across Kibana, but results in different handling of saved query privileges for new user roles, and minor breaking changes to the existing management UX.
For more information, refer to #202863.
Impact
The savedQueryManagement
feature privilege now globally controls access to saved query management for all new user roles. Regardless of privileges for Discover, Dashboard, Maps, or Visualize, new user roles follow this behaviour:
-
If
savedQueryManagement
isnone
, the user cannot see or access the saved query management UI or APIs. -
If
savedQueryManagement
isread
, the user can load queries from the UI and access read APIs, but cannot save queries from the UI or make changes to queries through APIs. -
If
savedQueryManagement
isall
, the user can both load and save queries from the UI and through APIs.
Action
Existing user roles that were previously implicitly granted access to saved queries through the dashboard, discover, visualize, or maps feature privileges will retain that access to prevent breaking changes. While no action is required for existing roles, it’s still advisable to audit relevant roles and re-save them to migrate to the latest privileges model. For new roles, ensure that the savedQueryManagement privilege is set as needed.
Removed discover:searchFieldsFromSource
setting.
Details
For more information, refer to (#202679).
Removed the legacy table in Discover.
Details
It’s no longer possible to use the legacy documents table in Discover. To that effect, the doc_table:legacy
and truncate:maxHeight
deprecated advanced settings have been removed. For more information, refer to (#201254).
Scripted field creation has been disabled in the Data Views management page.
Details
The ability to create new scripted fields has been removed from the Data Views management page in 9.0. Existing scripted fields can still be edited or deleted, and the creation UI can be accessed by navigating directly to /app/management/kibana/dataViews/dataView/{dataViewId}/create-field
, but we recommend migrating to runtime fields or ES|QL queries instead to prepare for removal.
For more information, refer to #202250.
Impact
It will no longer be possible to create new scripted fields directly from the Data Views management page.
Action
Migrate to runtime fields or ES|QL instead of creating new scripted fields. Existing scripted fields can still be edited or deleted.
Elastic Observability solution
Profiling now defaults to 19Hz sampling frequency.
Details
For more information, refer to (#202278).
Disabled log stream and settings pages.
Details
Logs Stream and the logs settings page in Observability are removed. Use the Discover application, which now offers a contextual experience for logs, to explore your logs. The logs stream panel in dashboards is removed, use Discover sessions instead.
For more information, refer to (#203996).
Removed Logs Explorer.
Details
Logs Explorer has been removed. Instead, you can use Discover, that was improved to provide an optimal logs exploration experience. For more information, refer to (#203685).
Elastic Security solution
For the Elastic Security 9.0.0 release information, refer to Elastic Security Solution Release Notes.
Data ingestion and Fleet
Removed deprecated settings API endpoints in Fleet.
Details
-
GET/DELETE/POST enrollment-api-keys
: removed in favor ofGET/DELETE/POST enrollment_api_keys
-
Removed
list
property fromGET enrollment_api_keys
response in favor ofitems
-
GET/POST /settings
:fleet_server_hosts
was removed from the response and body
For more information, refer to (#198799).
Removed deprecated Fleet APIs for agents endpoints.
Details
Removed API endpoints:
-
POST /service-tokens
in favor ofPOST /service_tokens
-
GET /agent-status
in favorGET /agent_status
-
PUT /agents/:agentid/reassign
in favor ofPOST /agents/:agentid/reassign
Removed deprecated parameters or responses:
-
Removed
total
fromGET /agent_status
response -
Removed
list
fromGET /agents
response
For more information, refer to (#198313).
Removed deprecated epm
Fleet APIs.
Details
-
Removed
GET/POST/DELETE /epm/packages/:pkgkey
APIs in favor ofGET/POST/DELETE /epm/packages/:pkgName/:pkgVersion
-
Removed
experimental
query parameter inGET /epm/packages
andGET /epm/categories
-
Removed
response
in response in* /epm/packages*
andGET /epm/categories
-
Removed
savedObject
in/epm/packages
response in favor ofinstallationInfo
For more information, refer to (#198434).
Removed deprecated topics
property for kafka output in favor of the topic
property.
Details
Removed deprecated property topics
from output APIs in response and requests ((GET|POST|PUT) /api/fleet/outputs
) in favor of the topic
property. For more information, refer to (#199226).
Limit pagination size to 100 when retrieving full policy or withAgentCount
in Fleet.
Details
In addition to the new pagination limit size of 100, retrieving agent policies without agent count is now the new default behavior, and a new query parameter withAgentCount
was added to retrieve the agent count.
For more information, refer to (#196887).
Reporting
Now using Kibana feature privileges only to control access to reporting features.
Details
The default system of granting users the privilege to generate reports has changed. Rather than assigning users the reporting_user
role, administrators should create a custom role that grants report-creation privileges using Kibana application privileges. For more information, refer to (#200834).
Removed the "Download CSV" export type functionality.
Details
The functionality that allowed to download a CSV export from a dashboard’s saved search panel without creating a report has been removed. To export CSV data from a dashboard panel, you may use the action menu of a saved search panel in a dashboard to generate a CSV report, and download the report from a toast popup when the report has finished generating. For more information, refer to (#199033).
Kibana security
Removed TLSv1.1
from the default set of supported protocols.
Details
For more information, refer to (#203856).
Renamed integration-assistant
plugin to automatic-import
.
Details
For more information, refer to (#207325).
Deprecations
editThe following functionality is deprecated in 9.0.0, and will be removed in 10.0.0. Deprecated functionality does not have an immediate impact on your application, but we strongly recommend you make the necessary updates after you upgrade to 9.0.0.
Removed ephemeral tasks from task manager, action, and alerting plugins.
Details
Deprecates the following configuration settings:
-
xpack.task_manager.ephemeral_tasks.enabled
-
xpack.task_manager.ephemeral_tasks.request_capacity
-
xpack.alerting.maxEphemeralActionsPerAlert
No action is required on the user’s end. These settings will no longer have any effect as ephemeral tasks are now removed.
For more information, refer to (#201313).
Removed visualization:colorMapping
advanced setting.
Details
The visualization:colorMapping
advanced setting for TSVB and Visualize charts has been removed. You can switch to Lens charts, which offer a more advanced, per-chart color mapping feature with enhanced configuration options. For more details, refer to #162389.
Features
editKibana 9.0.0 adds the following new and notable features.
- Data ingestion and Fleet
-
- New setting allowing automatic deletion of unenrolled agents in Fleet settings (#195544).
- Elastic Security solution
- For the Elastic Security 9.0.0 release information, refer to Elastic Security Solution Release Notes.
- Kibana security
-
- New interface for Automatic Import CEL generation flow (#206491).
Enhancements and bug fixes
editEnhancements
edit- Data ingestion and Fleet
-
-
Improves filtering and visibility of
Uninstalled
andOrphaned
agents in Fleet, by differentiating them fromOffline
agents (#205815). - Introduces air-gapped configuration for bundled packages (#202435).
- Updates removed parameters of the Fleet → Logstash output configurations (#210115).
- Updates max supported package version (#196675).
-
Improves filtering and visibility of
- Elastic Security solution
- For the Elastic Security 9.0.0 release information, refer to Elastic Security Solution Release Notes.
- Kibana security
-
-
Updates
js-yaml
to4.1.0
(#190678).
-
Updates
- Machine Learning
-
-
Removes use of
ignore_throttled
(#199107).
-
Removes use of
- Platform
Bug fixes
edit- Dashboards & Visualizations
-
-
Fixes an issue in Lens where colors behind text were not correctly assigned, such as in
Pie
,Treemap
andMosaic
charts. - Fixes an issue where changing the Ignore timeout results control setting wasn’t taken into account (#208611).
-
Force returns 0 on empty buckets on count if
null
flag is disabled (#207308). - Fixes infinite loading time for some charts due to search context reload (#203150).
-
Fixes an issue in Lens where colors behind text were not correctly assigned, such as in
- Data ingestion and Fleet
-
- Fixes a validation error happening on multi-text input fields (#205768).
- Elastic Observability solution
- Elastic Security solution
- For the Elastic Security 9.0.0 release information, refer to Elastic Security Solution Release Notes.
- Platform
-
- Fixes several interface inconsistencies on the Space creation and settings pages (#197303).
On this page