Fleet and Elastic Agent 7.14.0
editFleet and Elastic Agent 7.14.0
editReview important information about the Fleet and Elastic Agent 7.14.0 releases.
Known issues
editCredentials potentially exposed in .fleet-*
and .kibana*
indices
Details
Credentials that you provide for an agent or integration policy are stored in
Elasticsearch. They can be read by any user who has read permissions to the .fleet-*
and .kibana*
indices in Elasticsearch. By default these are the superuser,
fleet-server
service account tokens, and the kibana_system
user. These
secrets are also included in agent policies and shared with agents via Fleet
through TLS. When you use the Elastic Agent installer and enroll agents in Fleet,
the policies are stored on the host file system and, by default, can only be
read by root.
Impact
To avoid exposing secrets, restrict access to the .fleet-*
and .kibana*
indices to trusted users. Do not change file ownership or permissions on policy
files stored on the host file system unless you can secure the files from
malicious users.
Elastic Agent fails to start correctly when enrolled in Fleet through a proxy
Fleet Server policy setup failure may result in Fleet not starting
Details
During setup of the default Fleet Server policy, an error may occur, such as a network error or connectivity issue, that results in a default policy with no input. Fleet will be unable to start.
Impact
To fix this problem:
-
Delete the default Fleet Server policy saved object:
- In Kibana, open the main menu, then go to Management > Dev Tools > Console.
-
In the Console, send the following request:
POST .kibana/_delete_by_query?q=ingest-agent-policies.is_default_fleet_server:true
- Go to Management > Fleet to force reloading of the object.
New features
editThe 7.14.0 release adds the following new and notable features.
- Fleet
-
- Moves integrations to a separate app #99848