Kibana 7.15.2

edit

Review the following information about the 7.15.2 release.

Security updates

edit

Review the security updates that were found in previous versions of Kibana.

Path traversal issue

Details
In Kibana 7.9.0 to 7.15.1, Kibana is unable to validate .pbf file paths on Microsoft Windows operating systems, which allows malicious users to arbitrarily traverse the Kibana host to load internal .pbf files. CVE-2021-37938

Thank you Dominic Couture for finding this issue.

Solution
Upgrade to Kibana 7.15.2.

Information disclosure issue

Details
In Kibana 7.8.0 to 7.15.1, the Kibana JIRA and IBM Resilient connectors could be used to return HTTP response data on internal hosts, which can be hidden from public view. Malicious users with privileges to create connectors can use the JIRA and IBM Resilient connectors to view limited HTTP response data on hosts accessible to the cluster. CVE-2021-37939

Solution
Upgrade to Kibana 7.15.2.

Known issues

edit

Before you upgrade, review the known issues, then mitigate the impact to your application.

There are no known issues in 7.15.12.

For the known issues in the previous releases, refer to the <<known-issue-7.15.0, known issues in 7.15.0>.

Breaking changes

edit

Breaking changes can prevent your application from optimal operation and performance. Before you upgrade to 7.15.2, review the 7.15.0 breaking changes.

To review the breaking changes in previous versions, refer to the following:

7.14 | 7.13 | 7.12 | 7.11 | 7.10 | 7.9 | 7.8 | 7.7 | 7.6 | 7.5 | 7.4 | 7.3 | 7.2 | 7.1 | 7.0

Bug Fixes

edit
APM
  • Only filter on transaction metrics for instance throughput stats #114758
  • Fix loading of latency distribution chart on trace samples tab in load balanced setups #114615
  • Show trace samples even when overall histogram chart fails to load #114247
Elastic Security
For the Elastic Security 7.15.2 release information, refer to Elastic Security Solution Release Notes.
Lens & Visualizations
  • Fixes single percentile case on index with many docs #115214
  • Fixes filters not being cleaned when navigating to another visualisation in Lens #115162
Management
  • Fixes memory leak in a browser when doing a search #113756
Metrics
  • Adds track_total_hits to Metric Threshold query to support alerts with over 10K documents #115465
Uptime
  • TLS and TLS legacy alert translation mismatch #116113
Operations
  • Fixes the creation of multiple processes at start #114940
Osquery Manager
  • Fixes the bug that caused the live query search to return irrelevant results for agents #116332
  • Improves Osquery SQL query parser logic #114932