Today we're releasing Kibana version 4.6.1, which includes a fix for a regression that we introduced in last week's release, and Reporting version 2.4.1, which includes a high severity security fix.
We recommend that users upgrade as soon as possible. Users of Elastic Cloud will get these updates automatically.
To upgrade Kibana, follow the instructions in the docs. If you had previously installed Kibana 4.6.0 with apt or yum, you should be able to upgrade Kibana through your package manager instead.
To upgrade Reporting, uninstall the current version and reinstall version 2.4.1:
bin/kibana plugin --remove reporting bin/kibana plugin --install kibana/reporting/2.4.1
The regression that was fixed in 4.6.1 would cause a fatal error whenever an aggregation would order by Term.
Reporting 2.4.1 includes a fix for a CSRF vulnerability (ESA-2016-05) that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page.