Product release

Kibana 4.3.1, 4.2.2, and 4.1.4 released

Today we're releasing stability and security updates to Kibana 4.3, 4.2, and 4.1. We strongly recommend that all users upgrade their Kibana installs immediately.

Due to the security fixes, Found customers are being updated automatically.

4.3.1 Changes

  • Fixes XSS vulnerability (CVE pending) - Thanks to Vladimir Ivanov for responsibly reporting
  • Fixes a caching issue when creating new index patterns #5469
  • Prevents exception on discover panel when using non-time-based patterns #5509
  • Non-standard cookie format no longer causes fatal error #5525
  • Fixes broken image links on URL formatter #5536
  • Uses a modern cipher list for TLS #5542
  • Removes brushing ability when dealing with non-time-based indices #5560
  • Fixes fatal error when using Shield and a time range with no results #5571
  • Improves Elasticsearch version verification #5572
  • No longer relabels legend when only one series exists #5582
  • Fixes fatal error when trying to “export all” on large datasets #5586
  • Fixes xsrf-token-related fatal error when server restarts #5587
  • Allows passing node flags via NODE_OPTIONS #5598
  • Bump node.js version from 0.12.7 to 0.12.9 due to security fixes in node #5603
  • Fixes bug that would cause plugin install to fail #5636
  • Fixes sorting behavior when wildcard index pattern matches multiple prefixes #5642

4.2.2 Changes

  • Fixes XSS vulnerability (CVE pending) - Thanks to Vladimir Ivanov for responsibly reporting
  • Fixes broken links when copying examples from URL formatter #5078
  • Fixes compatibility issue with large result sets in Elasticsearch 2.1 #5288
  • Allow base path to be configured for reverse proxies #5337
  • Fixes incorrect sorting on bar charts in some situations #5398
  • Fixes fatal error in Firefox when attempting to overwrite an index pattern #5418
  • Fixes a caching issue when creating new index patterns #5460
  • Prevents exception on discover panel when using non-time-based patterns #5509
  • Non-standard cookie format no longer causes fatal error #5525
  • Fixes broken image links on URL formatter #5536
  • Uses a modern cipher list for TLS #5542
  • Removes brushing ability when dealing with non-time-based indices #5560
  • Improves Elasticsearch version verification #5572
  • No longer relabels legend when only one series exists #5582
  • Fixes fatal error when trying to “export all” on large datasets #5586
  • Fixes xsrf-token-related fatal error when server restarts #5587
  • Allows passing node flags via NODE_OPTIONS #5598
  • Bump node.js version from 0.12.7 to 0.12.9 due to security fixes in node #5603

4.1.4 Changes

  • Fixes XSS vulnerability (CVE pending) - Thanks to Vladimir Ivanov for responsibly reporting
  • Fixes fatal error in Firefox when attempting to overwrite an index pattern #5418
  • Prevents exception on discover panel when using non-time-based patterns #5509
  • Improves Elasticsearch version verification #5576
  • Fixes xsrf-token-related fatal error when server restarts #5639

Where to download

You can download Kibana at our downloads page.

If you encounter any bugs with either of these versions, please file them on the github issues page. If you have any questions or concerns, do no hesitate to reach out on twitter or our discussion forum.