Kibana version 5.3.1 is released, and it includes a couple of important bug fixes and a fix for an open redirect vulnerability in X-Pack security. Shield version 2.4.5 for Kibana has also been released with a fix for the same vulnerability.
With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. Shield versions in Kibana prior to 2.4.5 are also vulnerable. ESA-2017-04. Users are encouraged to update immediately.
Other bug fixes in 5.3.1
- Dashboards no longer trigger an error when top hits aggregations are present with no matching data #10905
- Fixed regression where certain unsaved dashboard links, including links to a dashboard in edit mode, no longer worked #11062
- Saved object import will no longer occasionally fail due to visualizations being imported before searches #10740
- Improved error messages when no indices match the default index pattern #10788
- Time ranges no longer overlap when using the time based navigation controls #11131