Also see Breaking changes in 5.0.
Kibana markdown parser Cross Site Scripting (XSS) error (ESA-2017-16). Kibana versions prior to 5.5.2 had a cross-site scripting (XSS) vulnerability in the markdown parser that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Affected Versions: All prior to 5.5.2 and 4.6.6
Solutions and Mitigations:
Users should upgrade to Kibana version 5.5.2 or 4.6.6
Reporting impersonation error (ESA-2017-17). The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. A user with the reporting_user role could execute a report with the permissions of another reporting user, possibly gaining access to sensitive data.
Affected Versions: All prior to 5.5.2 and 2.4.6
Solutions and Mitigations:
Reporting users should upgrade to X-Pack version 5.5.2 or Reporting Plugin version 2.4.6. A mitigation for this issue is to remove the reporting_user role from any untrusted users of your Elastic Stack.
CVE ID: CVE-2017-8446
Visualization regression in Internet Explorer 11 causes fatal errors. A bug was introduced in Kibana version 5.5.2, when a user is using Internet Explorer 11 a full-page fatal error occurs when mousing over buckets in a bar or line chart. A workaround for this issue is to use any of the other supported browsers until a fix is released.
- [Fix for #13365] Truncate long field names in filter editor #13379
- [Fix for #12728] Ensure conflicted fields can be searchable and/or aggregatable #13070
- [Fix for #13255] Ensure we are working with data-series to avoid tooltip errors #13266
- [Fix for #12724] by default metric should not define color #12993
[Fix for #12391] in percentage mode tooltip should also show percentages #13217
- Tooltips now correctly display the percentage-value in area charts where the Y-Axis is formatted in percentage mode.
- Use the customMetric’s formatter for pipeline aggregations #11933
[Fix for #12220] Should only fit on shapes that are part of the result #12881
- When clicking the fit-data button in a Region Map, the map now zooms correctly to the relevant data instead of showing the entire layer.
[Fix for #12172] Save layer setting in the region map UI #12956
- The layer selection is now preserved in the UI dropdown when saving a Region Map.
[Fix for #12189] Region map should respect saved center and zoom #12883
- The location of the map is now stored correctly when saving a Region Map.
[Fix for #12963] Exclude stacktrace from error response of Timelion backend #12973
- the Timelion backend no longer includes the stacktrace as part of the server response. This stacktrace is now logged to the server console.