Kibana 7.10.2

edit

For detailed information about the 7.10.2 release, review the following bug fixes. Before you upgrade, review the breaking changes in 7.10 and known issue in 7.10.0.

Security update

edit

Vega visualizations are susceptible to stored and reflected XSS via a vulnerable version of the Vega library. When you create Vega visualizations or create a vulnerable URL that describes the visualization, an arbitrary JavaScript can execute in your browser.

Affected versions

edit

Affected versions include 7.10.1 and earlier.

Solution

edit

Verify if you use Vega visualizations, then complete the following:

  • If you use Vega visualizations, upgrade to 7.10.2.
  • If you do not use Vega visualizations, open your kibana.yml file, then change vega.enabled: true to vega.enabled: false.

Bug fixes

edit
Alerting
  • Don’t reset server log level if level is defined #83651
Dashboard
  • Fixes Duplicated Create New Modal #86489
Logs
  • Fixes value completion in the logs stream query bar #85772
Machine Learning
  • Fixes watcher URL to the Anomaly Explorer page #85123
  • Fixes Anomaly Explorer data refresh with relative time bounds #86142
  • Fixes zoom missing in Anomaly detection URLs #86182 and #86400
  • Fixes charts grid on the Anomaly Explorer page #86904
Management
  • When number of replicas is set to zero, it is now correctly displayed in Index Lifecycle Management policies #85251
  • The list of data streams in Index Management now sorts numerically by the raw bytes value, which renders them in the correct order #86204
  • Fixes a bug where the enterprise level subscription displayed as platinum #85849
  • From table actions in the Cross-Cluster Replication app, you can now pause/resume index replication, unfollow leader index, or delete an auto-follow pattern #84433
  • Accessibility fix in Rollup Jobs app: when selecting a row in the jobs table, a screen reader pronounces the job’s name #84567
Monitoring
  • Makes alert status fetching more resilient #84676
  • Adds unmapped_type to additional queries #85837
Security
  • Fixes 500 error when using PKI authentication with an incomplete certificate chain #86700