Elastic Stack 6.6.1 and 5.6.15 Released
Versions 5.6.15 and 6.6.1 of the Elastic Stack were released today. We recommend you upgrade to these latest versions.
Each includes fixes for a number of security issues in Kibana, Elasticsearch, and Logstash.
- Resolved a cross-site scripting (XSS) vulnerability in Kibana that could allow an attacker to obtain sensitive information or perform destructive actions.
- Fixed an issue in the Timelion application in Kibana that could allow an attacker to attempt to execute javascript code.
- Fixed an issue with Kibana that could allow an attacked to attempt to execute javascript code when audit logging was enabled.
- Fixed an issue in Elasticsearch that would give an attacker additional permissions against a restricted index when using the
_aliases
,_shrink
, or_split
endpoints. - Fixed an issue with Logstash where it would inadvertently log credentials as part of an error message.
For a detailed explanation of these issues, and details on how to solve or mitigate these issues, please visit the security advisory page .
The 6.6.1 patch contains fixes and small enhancements for the stack. Notable bug fixes in Beats include:
- Packetbeat no longer crashes on Linux when the
TPACKET_V3_af_packet_interface
is used. (#10477) - Correctly stop all modules when they were started by Kubernetes autodiscover.( #10476)
For a full list of changes for each product, please refer to the release notes: