Kibana 7.8.1
editKibana 7.8.1
editSee also breaking changes in 7.8.
Security updates
edit-
In Kibana 7.8.1 and earlier, there is a denial of service (DoS) flaw in Timelion. Attackers can construct a URL that when viewed by a Kibana user, the Kibana process consumes large amounts of CPU and becomes unresponsive, CVE-2020-7016.
You must upgrade to 7.8.1. If you are unable to upgrade, set
timelion.enabled
tofalse
in your kibana.yml file to disable Timelion. -
In all Kibana versions, region map visualizations contain a stored XSS flaw. Attackers that can edit or create region map visualizations can obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization, CVE-2020-7017.
You must upgrade to 7.8.1. If you are unable to upgrade, set
xpack.maps.enabled
,region_map.enabled
, andtile_map.enabled
tofalse
in kibana.yml to disable map visualizations.
Bug fixes
edit- Alerting
- APM
- Discover
- Lens and visualizations
-
- Fixes Date Histogram error when index does not have a time field #69934
- Logs
-
- Avoids CCS-incompatible index name resolution #70179
- Machine Learning
- Management
-
- Updates the "Learn about timing" documentation link when creating a policy in Index Lifecycle Management #68923
- Adds AggConfig.toSerializedFieldFormat #69114
- Fixes a bug in Cross-Cluster Replication where the "Status" column in the follower indices table did not update after pausing or resuming a follower index #69228
- Fixes a bug in Index Lifecycle Management where it was not possible to clear the index priority value when saving a policy #70154
- Fixes a bug in Cross-Cluster Replication where the user was prompted with an error message when attempting to use the UI with missing cluster privileges. The user should now be prompted with a message indicating what privileges are missing #70158
- Ignores url.url fields above 2048 characters #69863
- Maps
- Metrics
- Monitoring
- Operations
-
- Adds spaces settings #69019
- Platform
-
- Don’t allow empty string for server.basePath config #69377
- Reporting
-
- Don’t set a min-length on encryption key for reporting #69827
- SIEM