Fleet and Elastic Agent 8.10.3edit
Review important information about the Fleet and Elastic Agent 8.10.3 release.
Security updatesedit
-
Fleet Server Insertion of Sensitive Information into Log File (ESA-2023-20)
An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrollment tokens are being inserted into the Fleet Server’s log file in plain text.
These enrollment tokens could allow someone to enroll an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enroll agents to the clusters and send arbitrary events to Elasticsearch.
The issue is resolved in 8.10.3.
For more information, see our related security announcement.
Known issuesedit
The known issue that prevents successful upgrades in an air-gapped environment for Elastic Agent versions 8.9.0 to 8.10.2 has been resolved in this release. If you’re using an air-gapped environment, we recommend installing version 8.10.3 or any higher version to avoid not being unable to upgrade.
Enhancementsedit
- Elastic Agent
Bug fixesedit
- Fleet
- Elastic Agent