Kibana 8.10.3

edit

Security updates

edit
  • Kibana heap buffer overflow vulnerability

    On Sept 11, 2023, Google Chrome announced CVE-2023-4863, described as “Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page”. Kibana includes a bundled version of headless Chromium that is only used for Kibana’s reporting capabilities and which is affected by this vulnerability. An exploit for Kibana has not been identified, however as a resolution, the bundled version of Chromium is updated in this release.

    The issue is resolved in 8.10.3.

    For more information, see our related security announcement.

Enhancements

edit
Elastic Security
For the Elastic Security 8.10.3 release information, refer to Elastic Security Solution Release Notes.

Bug Fixes

edit
Dashboard
  • Fixes an error the panel descriptions weren’t retrieved from the right method (#166825).
Discover
  • Soften saved search content management response sort schema (#166886).
Elastic Security
For the Elastic Security 8.10.3 release information, refer to Elastic Security Solution Release Notes.
Enterprise Search
For the Elastic Enterprise Search 8.10.3 release information, refer to Elastic Enterprise Search Documentation Release notes.
Fleet
  • Fixes incorrect index template used from the data stream name (#166941).
  • Increase package install max timeout limit and add concurrency control to rollovers (#166775).
  • Fixes bulk action dropdown (#166475).
Machine Learning
  • AIOps: Fixes render loop when using a saved search (#166934).
Monitoring
  • Convert node roles into array (#167628).
Observability
  • Fixes a set up process error in Universal Profiling (#167068).
Uptime
  • Fixes an error when updating browser monitor in a project (#168064).