Today we're releasing Kibana version 5.2.1, which includes multiple important bug fixes, including a security fix for an issue that can crash the Kibana process.
In all previous versions of Kibana 5, when configured with SSL, Kibana will fail to release file descriptors on certain requests, which over time will build up until the process crashes. Requests that are canceled before data is sent can also crash the process. We've assigned this vulnerability the identifier ESA-2017-02. Kibana 4 is not affected by this vulnerability.
Other bug fixes in 5.2.1
- Bump Node.js to version 6.9.5. This was a low severity security release for Node.js, which has minimal impact to Kibana, but is still worth upgrading. #10135
- Prevented a background action that was causing unnecessary CPU cycles #10036
- Delete button for color formatters no longer overlaps format dropdown #8864
- Fixed regression where certain visualizations were being limited to 25 series #10132
- Fixed typo on a tag cloud warning message #10092
- Fixed a bug where data table visualizations would incorrectly appear empty in certain circumstances #9757