Elastic Stack 6.6.1 and 5.6.15 Released

Versions 5.6.15 and 6.6.1 of the Elastic Stack were released today. We recommend you upgrade to these latest versions.

Each includes fixes for a number of security issues in Kibana, Elasticsearch, and Logstash.

  • Resolved a cross-site scripting (XSS) vulnerability in Kibana that could allow an attacker to obtain sensitive information or perform destructive actions.
  • Fixed an issue in the Timelion application in Kibana that could allow an attacker to attempt to execute javascript code.
  • Fixed an issue with Kibana that could allow an attacked to attempt to execute javascript code when audit logging was enabled.
  • Fixed an issue in Elasticsearch that would give an attacker additional permissions against a restricted index when using the _aliases, _shrink, or _split endpoints.
  • Fixed an issue with Logstash where it would inadvertently log credentials as part of an error message.

For a detailed explanation of these issues, and details on how to solve or mitigate these issues, please visit the security advisory page .

The 6.6.1 patch contains fixes and small enhancements for the stack. Notable bug fixes in Beats include:

  • Packetbeat no longer crashes on Linux when the TPACKET_V3_af_packet_interface is used. (#10477)
  • Correctly stop all modules when they were started by Kubernetes autodiscover.( #10476)

For a full list of changes for each product, please refer to the release notes:

6.6.1 Release Notes

5.6.15 Release Notes

  • We're hiring

    Work for a global, distributed team where finding someone like you is just a Zoom meeting away. Flexible work with impact? Development opportunities from the start?