5.0.2 Release Notesedit

Also see Breaking changes in 5.0.

Security fixesedit

Kibana 5.0.0 and 5.0.1 were making requests to advanced settings and the short URL service on behalf of the kibana server rather than the current user, which means that being authenticated at all was sufficient to have both read and write access to the advanced settings and short URLs.
Kibana 5.0.2 now authenticates requests for each service on behalf of the current user.
ESA-2016-10 (#9214)

Bug fixesedit

Core
  • Elasticsearch version checking no longer causes startup error for non-HTTP nodes #9181
  • Favicons are now embedded as links rather than as data #8961
CLI
  • Spaces are now accepted in plugin URLs and paths during installation #8945
Visualize
  • Visualizations without spy panels no longer trigger errors in browser console #9115