Kibana 5.0.2edit

Security Fixesedit

Kibana 5.0.0 and 5.0.1 were making requests to advanced settings and the short URL service on behalf of the kibana server rather than the current user, which means that being authenticated at all was sufficient to have both read and write access to the advanced settings and short URLs.
Kibana 5.0.2 now authenticates requests for each service on behalf of the current user.
ESA-2016-10 (#9214)

Bug Fixesedit

  • Elasticsearch version checking no longer causes startup error for non-HTTP nodes #9181
  • Favicons are now embedded as links rather than as data #8961
  • Spaces are now accepted in plugin URLs and paths during installation #8945
  • Visualizations without spy panels no longer trigger errors in browser console #9115