Kibana 7.15.2
editKibana 7.15.2
editReview the following information about the 7.15.2 release.
Security updates
editReview the security updates that were found in previous versions of Kibana.
Path traversal issue
Details
In Kibana 7.9.0 to 7.15.1, Kibana is unable to validate .pbf file paths on Microsoft Windows operating systems, which allows malicious users to arbitrarily traverse the Kibana host to load internal .pbf files. CVE-2021-37938
Thank you Dominic Couture for finding this issue.
Solution
Upgrade to Kibana 7.15.2.
Information disclosure issue
Details
In Kibana 7.8.0 to 7.15.1, the Kibana JIRA and IBM Resilient connectors could be used to return HTTP response data on internal hosts, which can be hidden from public view. Malicious users with privileges to create connectors can use the JIRA and IBM Resilient connectors to view limited HTTP response data on hosts accessible to the cluster. CVE-2021-37939
Solution
Upgrade to Kibana 7.15.2.
Known issues
editBefore you upgrade, review the known issues, then mitigate the impact to your application.
There are no known issues in 7.15.12.
For the known issues in the previous releases, refer to the <<known-issue-7.15.0, known issues in 7.15.0>.
Breaking changes
editBreaking changes can prevent your application from optimal operation and performance. Before you upgrade to 7.15.2, review the 7.15.0 breaking changes.
To review the breaking changes in previous versions, refer to the following:
7.14 | 7.13 | 7.12 | 7.11 | 7.10 | 7.9 | 7.8 | 7.7 | 7.6 | 7.5 | 7.4 | 7.3 | 7.2 | 7.1 | 7.0
Bug Fixes
edit- APM
- Elastic Security
- For the Elastic Security 7.15.2 release information, refer to Elastic Security Solution Release Notes.
- Lens & Visualizations
- Management
-
- Fixes memory leak in a browser when doing a search #113756
- Metrics
-
- Adds track_total_hits to Metric Threshold query to support alerts with over 10K documents #115465
- Uptime
-
- TLS and TLS legacy alert translation mismatch #116113
- Operations
-
- Fixes the creation of multiple processes at start #114940
- Osquery Manager