Versions 5.6.15 and 6.6.1 of the Elastic Stack were released today. We recommend you upgrade to these latest versions.
Each includes fixes for a number of security issues in Kibana, Elasticsearch, and Logstash.
- Resolved a cross-site scripting (XSS) vulnerability in Kibana that could allow an attacker to obtain sensitive information or perform destructive actions.
- Fixed an issue in Elasticsearch that would give an attacker additional permissions against a restricted index when using the
- Fixed an issue with Logstash where it would inadvertently log credentials as part of an error message.
For a detailed explanation of these issues, and details on how to solve or mitigate these issues, please visit the security advisory page .
The 6.6.1 patch contains fixes and small enhancements for the stack. Notable bug fixes in Beats include:
- Packetbeat no longer crashes on Linux when the
TPACKET_V3_af_packet_interfaceis used. (#10477)
- Correctly stop all modules when they were started by Kubernetes autodiscover.( #10476)
For a full list of changes for each product, please refer to the release notes: