- Kibana Guide: other versions:
- What is Kibana?
- What’s new in 7.8
- Get started
- Set up Kibana
- Discover
- Dashboard
- Canvas
- Maps
- Machine learning
- Graph
- Visualize
- Logs
- Metrics
- APM
- Uptime
- SIEM
- Dev Tools
- Stack Monitoring
- Management
- Advanced Settings
- Alerts and Actions
- Beats Central Management
- Cross-Cluster Replication
- Index Lifecycle Policies
- Index Management
- Ingest Node Pipelines
- Index patterns and fields
- License Management
- Numeral Formatting
- Remote Clusters
- Rollup Jobs
- Saved Objects
- Security
- Snapshot and Restore
- Spaces
- Upgrade Assistant
- Watcher
- Ingest Manager
- Reporting
- Alerting and Actions
- REST API
- Kibana plugins
- Accessibility
- Limitations
- Breaking Changes
- Release Notes
- Kibana 7.8.1
- Kibana 7.8.0
- Kibana 7.7.1
- Kibana 7.7.0
- Kibana 7.6.2
- Kibana 7.6.1
- Kibana 7.6.0
- Kibana 7.5.2
- Kibana 7.5.1
- Kibana 7.5.0
- Kibana 7.4.2
- Kibana 7.4.1
- Kibana 7.4.0
- Kibana 7.3.2
- Kibana 7.3.1
- Kibana 7.3.0
- Kibana 7.2.1
- Kibana 7.2.0
- Kibana 7.1.1
- Kibana 7.1.0
- Kibana 7.0.1
- Kibana 7.0.0
- Kibana 7.0.0-rc2
- Kibana 7.0.0-rc1
- Kibana 7.0.0-beta1
- Kibana 7.0.0-alpha2
- Kibana 7.0.0-alpha1
- Developer guide
Kibana 7.8.1
editKibana 7.8.1
editSee also breaking changes in 7.8.
Security updates
edit-
In Kibana 7.8.1 and earlier, there is a denial of service (DoS) flaw in Timelion. Attackers can construct a URL that when viewed by a Kibana user, the Kibana process consumes large amounts of CPU and becomes unresponsive, CVE-2020-7016.
You must upgrade to 7.8.1. If you are unable to upgrade, set
timelion.enabled
tofalse
in your kibana.yml file to disable Timelion. -
In all Kibana versions, region map visualizations contain a stored XSS flaw. Attackers that can edit or create region map visualizations can obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization, CVE-2020-7017.
You must upgrade to 7.8.1. If you are unable to upgrade, set
xpack.maps.enabled
,region_map.enabled
, andtile_map.enabled
tofalse
in kibana.yml to disable map visualizations.
Bug fixes
edit- Alerting
- APM
- Discover
- Lens and visualizations
-
- Fixes Date Histogram error when index does not have a time field #69934
- Logs
-
- Avoids CCS-incompatible index name resolution #70179
- Machine Learning
- Management
-
- Updates the "Learn about timing" documentation link when creating a policy in Index Lifecycle Management #68923
- Adds AggConfig.toSerializedFieldFormat #69114
- Fixes a bug in Cross-Cluster Replication where the "Status" column in the follower indices table did not update after pausing or resuming a follower index #69228
- Fixes a bug in Index Lifecycle Management where it was not possible to clear the index priority value when saving a policy #70154
- Fixes a bug in Cross-Cluster Replication where the user was prompted with an error message when attempting to use the UI with missing cluster privileges. The user should now be prompted with a message indicating what privileges are missing #70158
- Ignores url.url fields above 2048 characters #69863
- Maps
- Metrics
- Monitoring
- Operations
-
- Adds spaces settings #69019
- Platform
-
- Don’t allow empty string for server.basePath config #69377
- Reporting
-
- Don’t set a min-length on encryption key for reporting #69827
- SIEM
On this page