16 January 2018 Releases

Kibana 5.6.6 and 6.1.2 released

By Jim Goodwin

Hello, and welcome to the 5.6.6 and 6.1.2 release of Kibana!  

These releases of Kibana include an important security fix, we recommend that you upgrade either to 5.6.6 or 6.1.2 to correct the problem.

Security Issue

  • Kibana XSS issue (ESA-2018-02): Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. CVE ID: CVE-2018-3818

Kibana 5.6.6 and 6.1.2 are available on our downloads page and on Elastic Cloud. Please review the release notes for 5.6.6 and 6.1.2 for the rest of the enhancements and bug fixes.