Kibana 7.13.0
editKibana 7.13.0
editFor information about the Kibana 7.13.0 release, review the following information.
Security updates
editReview the security updates that were found in previous versions of Kibana.
URL redirection flaw
editDetails
In Kibana 7.12.1 and earlier, when a logged in user visits a maliciously created URL, Kibana could redirect users to an arbitrary website. CVE-2021-22141
Solution
Upgrade to Kibana 7.13.0.
Reporting vulnerability
editDetails
In Kibana 7.0.0 to 7.12.1, To generate downloadable reports, Kibana uses an embedded version of the Chromium browser. When a user with permissions to generate reports is able to render arbitrary HTML with the browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent the browser from rendering arbitrary content. CVE-2021-22142
Solution
Upgrade to Kibana 7.13.0.
Known issues
editDev Tools displays a 403 error with the Access to Fleet API require the superuser role
message
Details
When pages load, Kibana calls the Fleet packages API. For more information, refer to #100285.
Impact
In some cases, Dev Tools displays a 403 error with the Access to Fleet API require the superuser role
message, but you can continue to access Fleet.
Elastic Agents unenrolling from a self-managed Fleet Server hang at "Updating" and API keys are not invalidated
Details
In Kibana, when you unenroll an Elastic Agent from a self-managed Fleet Server,
the status may hang at "Updating". This problem only occurs with Elastic Agents
connecting to a Fleet Server started with a service token.
Impact
You must do a force unenroll to remove the Elastic Agent and invalidate the API keys,
or unenrollment hangs indefinitely. #380
Hidden dashboard titles now appear
Details
If you are using Kibana 7.9.x and earlier, and you upgrade to 7.10.0 to 7.17.2, all hidden panel titles now appear on your dashboards.
Impact
Upgrade to Kibana 7.17.3 or later.
Breaking changes
editBreaking changes can prevent your application from optimal operation and performance. Before you upgrade to 7.13.0, review the breaking changes, then mitigate the impact to your application.
Remove Elastic Agent routes and related services
Details
Elastic Agents now use the Fleet Server to enroll agents, get agent policies, collect status information, and more. For more information, refer to #97206.
Impact
To run and manage Elastic Agents, use the Fleet Server instead of Kibana. For more information, refer to Fleet Server.
Invalidate API keys for existing agents
Details
The existing agents in Kibana are not migrated as part of the migration to Fleet. For more information, refer to #95789.
Impact
The existing agent API keys are invalidated and display as Inactive
on the Agents page.
Disable Explore underlying data context menu
Details
The Explore underlying data context menu on dashboards is now disabled by default. For more information, refer to #98039.
Impact
To enable the Explore underlying data context menu, set xpack.discoverEnhanced.actions.exploreDataInContextMenu.enabled
to true
in kibana.yml.
Review the breaking changes in previous versions:
7.12 | 7.11 | 7.10 | 7.9 | 7.8 | 7.7 | 7.6 | 7.5 | 7.4 | 7.3 | 7.2 | 7.1 | 7.0
Deprecations
editThe following functionality is deprecated in 7.13.0, and will be removed in 8.0.0. Deprecated functionality does not have an immediate impact on your application, but we strongly recommend you make the necessary updates after you upgrade to 7.13.0.
Deprecates scripted fields
Details
Scripted fields are deprecated. For more information, refer to #97574.
Impact
For greater flexibility and Painless scripting language support, use runtime fields.
Deprecates the location map from Uptime
Details
The location map is removed from the Uptime monitor page. For more information, refer to #96517.
Impact
For monitoring details, refer to the Availability and Last check columns.
Deprecates migrations.enableV2 setting
Details
Deprecates the migrations.enableV2
setting. For more information, refer to #96398.
Deprecates the /src/legacy directory
Details
The legacy /src/legacy
directory is deprecated. For more information, refer to #95510.
Impact
Use the /src/legacy
directory in the Bazel build system.
Deprecates legacy logging dest, json, verbosity, and rotate configurations
Details
Deprecates legacy logging configuration in favor of the new Kibana Platform logging system. For example, deprecates logging.json
and logging.rotate.*
. For more information, refer to #94238.
Impact
When logging.root.appenders
is configured and won’t show a deprecation warning, --verbose
replaces the legacy-format logs with the Kibana platform log format.
When Kibana platform logging is not configured, --verbose
sets logging.verbose: true
and provides a warning for the deprecated configuration.
Deprecates old alerts APIs
Details
The /api/alerts/*
APIs are deprecated and will be removed in 8.0. For more information, refer to #93977.
Impact
Use the new /api/alerting/*
APIs.
Deprecates old actions APIs
Details
The old /api/actions/*
APIs are deprecated and will be removed in 8.0. For more information, refer to #92451.
Impact
Use the new /api/actions/*
APIs.
Features
editKibana 7.13.0 adds the following new and notable features.
- Discover
- Elastic Security
- For the Elastic Security 7.13.0 release information, refer to Elastic Security Solution Release Notes.
- Kibana Home & Add Data
-
- Update Cloud plugin to handle new config in kibana.yml #95569
- Lens & Visualizations
- Machine Learning
-
- Anomaly detection rule lookback interval improvements #97370
- Adds network ML module with four ML jobs for ECS network data #96480
- Adds runtime support for anomaly charts & add composite validations #96348
- Data frame analytics: Adds support for runtime fields #95734
- Adds Anomaly Explorer charts embeddable #94396
- Data frame analytics creation wizard: Add validation step #93478
- Adding support for saved object based ML modules #92855
- Adds search time runtime support for index based Data Visualizer #95252
- Metrics
-
- Enhanced metrics widget on Observability overview page #90879
- Platform
- Security
-
- Added ability to create API keys #92610
For more information about the features introduced in 7.13.0, refer to What’s new in 7.13.