Elastic Stack 6.6.1 and 5.6.15 Released | Elastic Blog
Releases

Elastic Stack 6.6.1 and 5.6.15 Released

Versions 5.6.15 and 6.6.1 of the Elastic Stack were released today. We recommend you upgrade to these latest versions.

Each includes fixes for a number of security issues in Kibana, Elasticsearch, and Logstash.

  • Resolved a cross-site scripting (XSS) vulnerability in Kibana that could allow an attacker to obtain sensitive information or perform destructive actions.
  • Fixed an issue in the Timelion application in Kibana that could allow an attacker to attempt to execute javascript code.
  • Fixed an issue with Kibana that could allow an attacked to attempt to execute javascript code when audit logging was enabled.
  • Fixed an issue in Elasticsearch that would give an attacker additional permissions against a restricted index when using the _aliases, _shrink, or _split endpoints.
  • Fixed an issue with Logstash where it would inadvertently log credentials as part of an error message.

For a detailed explanation of these issues, and details on how to solve or mitigate these issues, please visit the security advisory page .

The 6.6.1 patch contains fixes and small enhancements for the stack. Notable bug fixes in Beats include:

  • Packetbeat no longer crashes on Linux when the TPACKET_V3_af_packet_interface is used. (#10477)
  • Correctly stop all modules when they were started by Kubernetes autodiscover.( #10476)

For a full list of changes for each product, please refer to the release notes:

6.6.1 Release Notes

5.6.15 Release Notes