06 December 2017 Releases

Kibana 5.6.5 and 6.0.1 released

By Jim Goodwin

Hello, and welcome to the 5.6.5 and 6.0.1 release of Kibana!  

These releases of Kibana include an important security fix, we recommend that you upgrade either to 5.6.5 or 6.0.1 to correct the problem.

Security Issues

  • Kibana cross site scripting issue (ESA-2017-22): Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. CVE ID: CVE-2017-11481
  • Kibana open redirect flaw (ESA-2017-23) : The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. CVE ID: CVE-2017-11482

Kibana 5.6.5 and 6.0.1 are available on our downloads page and on Elastic Cloud. Please review the release notes for 5.6.5 and 6.0.1 for the rest of the enhancements and bug fixes.