IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Kibana 7.10.2
editKibana 7.10.2
editFor detailed information about the 7.10.2 release, review the following bug fixes. Before you upgrade, review the breaking changes in 7.10 and known issue in 7.10.0.
Security update
editVega visualizations are susceptible to stored and reflected XSS via a vulnerable version of the Vega library. When you create Vega visualizations or create a vulnerable URL that describes the visualization, an arbitrary JavaScript can execute in your browser.
Affected versions
editAffected versions include 7.10.1 and earlier.
Solution
editVerify if you use Vega visualizations, then complete the following:
- If you use Vega visualizations, upgrade to 7.10.2.
-
If you do not use Vega visualizations, open your kibana.yml file, then change
vega.enabled: true
tovega.enabled: false
.
Bug fixes
edit- Alerting
-
- Don’t reset server log level if level is defined #83651
- Dashboard
-
- Fixes Duplicated Create New Modal #86489
- Logs
-
- Fixes value completion in the logs stream query bar #85772
- Machine Learning
- Management
-
- When number of replicas is set to zero, it is now correctly displayed in Index Lifecycle Management policies #85251
- The list of data streams in Index Management now sorts numerically by the raw bytes value, which renders them in the correct order #86204
- Fixes a bug where the enterprise level subscription displayed as platinum #85849
- From table actions in the Cross-Cluster Replication app, you can now pause/resume index replication, unfollow leader index, or delete an auto-follow pattern #84433
- Accessibility fix in Rollup Jobs app: when selecting a row in the jobs table, a screen reader pronounces the job’s name #84567
- Monitoring
- Security
-
- Fixes 500 error when using PKI authentication with an incomplete certificate chain #86700