Hello, and welcome to the 5.5.1 and 4.6.5 release of Kibana! These releases contains some small bug fixes and an important security fix. Please see details below.
Kibana 5.5.1 is available on our downloads page and on Elastic Cloud. When you’re finished reading, take a look at the complete release notes for all the goodies.
Kibana 4.6.5 is also available on our downloads page under "past releases" and only contains the changes for the security update.
Elastic Stack 5.5.1 and Kibana 4.6.5 security update
Kibana Node.js security flaw (ESA-2017-14)
The version of Node.js shipped in all versions of Kibana prior to 5.5.1 contains a Denial of Service flaw in it's HashTable random seed. This flaw could allow a remote attacker to consume resources within Node.js preventing Kibana from servicing requests.
All versions before 5.5.1 and 4.6.5
Solutions and Mitigations:
Administrators running Kibana in an environment with un-trusted users should upgrade to version 5.5.1 or 4.6.5. There is no workaround for this issue, the flaw can be triggered by an unauthenticated anonymous user.
CVE ID: CVE-2017-11499
- [Fix for 12518, 10851] Display regionmap attribution #12647
- [Fix for #12738] [UI Framework] Update LocalNav layout to fix menu button hover state. #12739
- Bump node.js to version 6.11.1 #12776
- [Fix for #10546] Update regex used to detect IE for long length warnings #12617
- [Fix for #12692] Make filter editor suggestions opt-in #12710
- [Fix for #12627] do not allow registration of undefined indexpatterns in dashboard state #12628