Kibana 7.7.0
editKibana 7.7.0
editSecurity updates
edit-
In 7.7.0 to 7.6.2, the Upgrade Assistant contains a prototype pollution flaw. An authenticated attacker with privileges to write to the Kibana index can insert data that could cause Kibana to execute arbitrary code. This could lead to an attacker executing code with the permissions of the Kibana process on the host system, CVE-2020-7012.
By default, the Upgrade Assistant flaw is mitigated in all Kibana instances accessed through Elasticsearch Service.
For all other installations, you must upgrade to 7.7.0. If you are unable to upgrade, set
xpack.upgrade_assistant_enabled:false
in your kibana.yml file to disable the Upgrade Assistant. -
In 7.7.0 and earlier, TSVB contains a prototype pollution flaw. Authenticated attackers with privileges to create TSVB visualizations can insert data that could cause Kibana to execute arbitrary code. This could lead to an attacker executing code with the permissions of the Kibana process on the host system, CVE-2020-7013.
By default, the Upgrade Assistant flaw is mitigated in all Kibana instances accessed through Elasticsearch Service.
For all other installations, you must upgrade to 7.7.0. If you are unable to upgrade, set
metrics.enabled:false
in your kibana.yml file to disable TSVB.
Deprecations
editThe following functionality is deprecated in 7.7.0, and will be removed in 8.0.0. Deprecated functionality does not have an immediate impact on your application, but we strongly recommend you make the necessary updates after you upgrade to 7.7.0.
Deprecates authentication settings
editDetails
Deprecates the xpack.security.authc.saml.realm
and xpack.security.authc.saml.maxRedirectURLSize
settings used for Kibana SAML authentication.
Deprecates the xpack.security.authc.oidc.realm
settings used for Kibana OpenID Connect authentication.
For more information, refer to #53010.
Impact
-
Instead of
xpack.security.authc.saml.realm
, usexpack.security.authc.providers.saml.<provider-name>.realm
. -
Instead of
xpack.security.authc.saml.maxRedirectURLSize
, usexpack.security.authc.providers.saml.<provider-name>.maxRedirectURLSize
. -
Instead of
xpack.security.authc.oidc.realm
, usexpack.security.authc.providers.oidc.<provider-name>.realm
.
Known issues
edit- SIEM
- Management
-
- Editing Saved Objects (eg. Dashboards) via the "Inspect" JSON editor in Management corrupts objects #66542
- Configuration
-
-
The
server.customResponseHeaders
option prevents Kibana from starting if headers are set using a type other than string. To fix this, convert your boolean and number headers to strings. For example, usemy-header: "true"
instead ofmy-header: true
. #66146
-
The
Enhancements
edit- Alerting
-
- Notifies user when security is enabled but TLS is not #60270
- Displays warning when a permanent encryption key is missing and hides alerting UI appropriately #62772
- Edits alert flyout #58964
- Moves index params fields to connector config #60349
- Adds the AlertDetails page #55671
- License checks for actions plugin #59070
- APM
-
- Updates monospace font family variable #57555
- Shows missing permissions message to the user on the Services overview #56374
- Settings list page for managing custom actions #56853
- Divides "Actions menu" into sections to improve readability #56623
- Creates settings page to manage Custom Links #57788
- Creates custom link from Trace summary #59648
- Writes tests for the Custom Link API #60899
- Threshold alerts #59566
- Adds additional (java) options #59860
- Sync badge #55113
- Client.ip to metadata for RUM transactions #56546
- Canvas
- Dashboard
-
-
Use Elasticsearch
_async_search
instead of_search
when it is available (excluding TSVB, Timelion, and Vega) https://github.com/elastic/kibana/pull/59224[#59224} - When queries run more than 10 seconds, show a pop-up to allow users to run the queries beyond the configured Elasticsearch query timeout or cancel the queries #60706
- Dashboard/add panel flow #59918
- Moves the "Create New" button in add panel flyout to the top to make it more visible to the user #56428
-
Use Elasticsearch
- Lens and visualizations
-
- Creates Lens filters on click with bar, line, area charts #57261
- Allows number formatting within Lens #56253
- Shows a warning when you have partially configured a visualization, such as a bar chart with only an X axis #58279
- Improves suggestion logic when dragging fields into the chart #60687
- Disallows duplicate percentiles #58299
- EUICodeEditor for Visualize JSON #58679
- Supports Histogram Data Type #59387
- Median aggregation labels now show "Median" instead of "50th percentile of" in Visualize. Custom labels are also used #58521
- Adds positive_rate as a new aggregation to TSVB #59843
- Makes linked saved search work when user navigates back using browser back button #59690
- Visualization editor UI has been updated to the new styles, consistent with the rest of the platform and a more logical left-to-right flow of creating content #49864
- Logs
- Machine Learning
-
- Processes delimited files like semi-structured text #56038
- Supports multi-line JSON notation #58870
- Validates manual model memory input #59056
- Clones analytics job #59791
- Uses a new ML endpoint to estimate a model memory #60376
- Module setup with dynamic model memory estimation #60656
- Adds text fields to datafeed start modal #55560
- Categorization examples privilege check #57375
- Adds filebeat config to file dataviz #58152
- Global calendars #57890
- Adds indices_options to datafeed #59119
- Displays multi-class results in evaluate panel #60760
- Adds support for date_nanos time field in anomaly job wizard #59017
- Uses EuiDataGrid for outlier result page #58235
- Supports multi-line JSON notation in advanced editor #58015
- Adds support for percentiles aggregation to Transform wizard #60763
- Adds clone feature to transforms list #57837
- Uses EuiDataGrid for transform wizard #52510
- Replaces KqlFilterBar with QueryStringInput #59723
- Management
-
- The Remote Clusters UI added support for enabling "proxy" mode when creating or editing a remote cluster #59221
- Adds filter for ILM phase to Index Management #57402
- Creates Painless Lab app #57538
- Moves out of legacy #55331
- Moves out of legacy and migrates server side to New Platform #55690
- Updates Console progress bar #56628
- Auto follow pause & resume #56615
- Supports triple quoted JSON strings and Painless highlighting to Watcher and SearchProfiler #57563
- Server-side batch reindexing #58598
- Better handling of closed indices #58890
- Advanced settings UI change to centralize save state #53693
- The autocomplete in the dev console now supports many different types of Elasticsearch pipeline processors #60553
- Maps
-
- Improves Layer Style UI #58406
- Shows field type icons in data driven styling field select #55166
- Style icons by category #55747
- Adds type icons to SingleFieldSelect component #56313
- Disables style forms when they are not applied due to other style settings #55858
- Autocompletes for custom color palettes and custom icon palettes #56446
- Allows simultaneous opening of multiple tooltips #57226
- Adds Top term aggregation #57875
- Direct Discover "visualize" to open Maps application #58549
- Top term percentage field property #59386
- Adds UI to disable style meta and get top categories from current features #59707
- Adds draw control to create distance filter #58163
- Blended layer that switches between documents and clusters #57879
- Default ES document layer scaling type to clusters and show scaling UI in the create wizard #60668
- Disables add layer button when flyout is open #54932
- Supports categorical styling for numbers and dates #57908
- Metrics
- Monitoring
-
- Supports shipping directly to the monitoring cluster #57022
- Platform
- Reporting
- SIEM
-
- Recent cases widget #60993
- Adds custom reputation link #57814
- Exports timeline #58368
- Rule activity monitoring #60816
- Removes has manage api keys requirement #62446
- Adds release notes link and updates one UI section #60825
- Adds rule notifications #59004
- Version 7.7 rule import #61903
- Creates ML Rules #58053
- Case workflow api schema #51535
- Service Now Kibana Action #53890
- API with io-ts validation #59265
- Status / Batch update #59856
- Imports timeline #60880
- Bug/clean up phase I #61354
- Cases clean up Phase II #61750
- Modifies gap detection util to accept all dateMath formats #56055
- Adds note markdown field to backend #59796
- Adds rule markdown field to rule create, detail, and edit flows #60108
- Adds rule markdown to timeline global notes #61026
- ServiceNow executor #58894
- ServiceNow action improvements #60052
- Security
- Telemetry
- Uptime
Bug fixes
edit- Alerting
-
- Retains empty AlertsList when filter has removed all items #60501
- Fixes alert threshold line disappears #61499
- Cleanup action task params objects after successful execution #55227
- Disables action plugin functionality when ESO plugin is using an ephemeral encryption key #56906
- Makes slack param validation handle empty messages #60468
- Makes user and password secrets optional #56823
- APM
-
- Changes "url" to "urls" in APM agent instructions #60790
- Uses ES Permission API to check if a user has permissions to read from APM indices #57311
- Filters are not prefilled when the custom link flyout is opened from a transaction page #61650
- .apm-agent-configuration is not created if Kibana is started while ES is not ready #61610
- Don’t include UI filters when fetching a specific transaction #57934
- Uses docLinks API for APM doc links #61880
- Updates APM index pattern #61265
- Canvas
- Dashboard
- Discover
- Graph
- Lens and visualizations
-
- Filters out pinned filters from saved object of Lens #57197
- Adds using queries/filters for field existence endpoint #59033
- Fixes display single bar in XYChart Bar Vis #61452
- Resetting a layer generates new suggestions #60674
- Fixes disabled switches in the editor #62911
- Fixes broken Handlebar documentation links #55866
- Shows timepicker in Timelion and TSVB #58857
- Makes Vega remove filter work #58871
- Makes d3 place nicely with object values #62004
- Fixes position calculation of ticks in non-horizontal axes #62309
- Logs
-
- Correctly update the expanded log rate table rows #60306
- Machine Learning
-
- Handles Empty Partition Field Values in Single Metric Viewer #61649
- Fixes job wizard model memory limit warnings #62331
- Files data viz fix index pattern warning after index change #57807
- Uses real datafeed ID for datafeed preview #60275
- Disables start trial option when license management ui is disabled #60987
- Fixes jobs list filter in url #61822
- Fixes job ID in edit job flyout #61840
- Fixes reporting of http request errors #61811
- Ensures confusion matrix label column is correct #60308
- Ensures column in correct position after reselect #61342
- Ensures query bar syntax errors are shown #61333
- Ensures job state is up to date #61678
- Increases number of items that can be paged in calendars and filters lists #61842
- Uses index pattern field format if one exists #61709
- Ensures filter works as expected #62041
- Ensures destination index pattern created #62450
- Fixes page heading structure #56741
- Fixes handling of index pattern with special characters #59884
- Fixes to error handling for analytics jobs and file data viz #60249
- Fixes Anomaly Explorer swimlane label and chart tooltips #61327
- Prevents training_percent of 0 for analytics job #61789
- Removes duplicate page main landmarks #56883
- Fixes license check #58343
- Clears Kibana index pattern cache on creation or form reset #62184
- Management
-
- Adds support for additional watch action statuses #55092
- Fixes the Upgrade Assistant where the reindexing of an index was incorrectly marked as "Done", when it still required to be reindexed. This scenario could occur if a user reindexed an index, deleted it, then restored a snapshot of the index of an older version #60789
- Fixes several invalid documentation links in the Snapshot and Restore UI #61331
- Fixes for console error handling and loading of autocomplete #58587
- Fixes a bug that caused Grokdebugger simulation to break in non-Default Kibana spaces #61423
- Fixes an issue where Console would not render the request output if localStorage quota was reached #62424
- Fixes a bug with Console’s Copy As cURL functionality that would not properly escape single quotes in JSON string values which created issues with copying SQL queries from Console to cURL #63229
- System index templates can’t be edited #55229
- Not possible to edit a watch that was created with the API if the ID contains a dot #59383
- Fixes console a11y failures #57520
- Maps
-
- Do not show border color for icon in legend when border width is zero #57501
- Uses blended layer when linking discover to maps #61467
- Fixes tooltip overflow #61564
- Cleans up unsaved state check #61705
- Fixes regression in loading left join fields #63325
- Fixes cross origin error for icon spritesheets when Kibana secured via OAuth proxy #53896
- Correctly open layer settings from add layer wizard #48971
- Metrics
- Monitoring
- Platform
-
- Rollup index pattern error: must match one rollup index #56732
-
In scripted fields, unable to switch the
Type
#59285 - Duplicates query filters in es request #60106
- Bugfix dashboard unpins filters #62301
- Fixes plugin enabled config options #60998
- Fixes tabifyAggResponse #61214
- Fixes parse interval #62267
- Avoid app not found flickering while awaiting for mount #56483
- Creates empty string filters when value not specified #57442
- Range aggregations now use the field formatter from the index pattern, instead of no formatter #58651
- Reporting
-
- Fixes error handling for job handler in route #60161
- Security
-
- Handling a 404 when the space’s telemetry collector runs #55921
- SIEM
- Telemetry
- Uptime