25 July 2017 Releases

Kibana 5.5.1 and 4.6.5 released

By Jim Goodwin

Hello, and welcome to the 5.5.1 and 4.6.5 release of Kibana!  These releases contains some small bug fixes and an important security fix. Please see details below.

Kibana 5.5.1 is available on our downloads page and on Elastic Cloud. When you’re finished reading, take a look at the complete release notes for all the goodies.

Kibana 4.6.5 is also available on our  downloads page under "past releases" and only contains the changes for the security update.

Elastic Stack 5.5.1 and Kibana 4.6.5 security update

Kibana Node.js security flaw (ESA-2017-14)

The version of Node.js shipped in all versions of Kibana prior to 5.5.1 contains a Denial of Service flaw in it's HashTable random seed. This flaw could allow a remote attacker to consume resources within Node.js preventing Kibana from servicing requests.

Affected Versions

All versions before 5.5.1 and 4.6.5

Solutions and Mitigations:

Administrators running Kibana in an environment with un-trusted users should upgrade to version 5.5.1 or 4.6.5. There is no workaround for this issue, the flaw can be triggered by an unauthenticated anonymous user.

CVE ID: CVE-2017-11499

Enhancements

Visualization

  • [Fix for 12518, 10851] Display regionmap attribution #12647

Bug fixes

Design

  • [Fix for #12738] [UI Framework] Update LocalNav layout to fix menu button hover state. #12739

Platform

  • Bump node.js to version 6.11.1 #12776
  • [Fix for #10546] Update regex used to detect IE for long length warnings #12617

Other

  • [Fix for #12692] Make filter editor suggestions opt-in #12710
  • [Fix for #12627] do not allow registration of undefined indexpatterns in dashboard state #12628

Visualization

  • [Fix for #12645] fixing point series chart margins #12663
  • [Fix for #11954] removing old point series defaults #11958