5.5.2 Release Notesedit

Also see Breaking changes in 5.0.

Security fixesedit

Kibana markdown parser Cross Site Scripting (XSS) error (ESA-2017-16)Kibana versions prior to 5.5.2 had a cross-site scripting (XSS) vulnerability in the markdown parser that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Affected Versions: All prior to 5.5.2 and 4.6.6

Solutions and Mitigations:

Users should upgrade to Kibana version 5.5.2 or 4.6.6

Reporting impersonation error (ESA-2017-17)The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. A user with the reporting_user role could execute a report with the permissions of another reporting user, possibly gaining access to sensitive data.

Affected Versions: All prior to 5.5.2 and 2.4.6

Solutions and Mitigations:

Reporting users should upgrade to X-Pack version 5.5.2 or Reporting Plugin version 2.4.6. A mitigation for this issue is to remove the reporting_user role from any untrusted users of your Elastic Stack.

CVE ID: CVE-2017-8446

Known issuesedit

Visualization regression in Internet Explorer 11 causes fatal errorsA bug was introduced in Kibana version 5.5.2, when a user is using Internet Explorer 11 a full-page fatal error occurs when mousing over buckets in a bar or line chart. A workaround for this issue is to use any of the other supported browsers until a fix is released.


Bug fixesedit

  • [Fix for #13365] Truncate long field names in filter editor #13379
  • [Fix for #12728] Ensure conflicted fields can be searchable and/or aggregatable #13070
  • [Fix for #13255] Ensure we are working with data-series to avoid tooltip errors #13266
  • [Fix for #12724] by default metric should not define color #12993
  • [Fix for #12391] in percentage mode tooltip should also show percentages #13217

    • Tooltips now correctly display the percentage-value in area charts where the Y-Axis is formatted in percentage mode.
  • Use the customMetric’s formatter for pipeline aggregations #11933
  • [Fix for #12220] Should only fit on shapes that are part of the result #12881

    • When clicking the fit-data button in a Region Map, the map now zooms correctly to the relevant data instead of showing the entire layer.
  • [Fix for #12172] Save layer setting in the region map UI #12956

    • The layer selection is now preserved in the UI dropdown when saving a Region Map.
  • [Fix for #12189] Region map should respect saved center and zoom #12883

    • The location of the map is now stored correctly when saving a Region Map.
  • [Fix for #12963] Exclude stacktrace from error response of Timelion backend #12973

    • the Timelion backend no longer includes the stacktrace as part of the server response. This stacktrace is now logged to the server console.