NOTE: You are looking at documentation for an older release. For the latest information, see the current release documentation.

Elastic Docs Kibana Guide [6.8] Release notes
« Kibana 6.8.15 Kibana 6.8.13 »

Kibana 6.8.14edit

The 6.8.14 release includes a security update and fixes one issue.

Security updateedit

Vega visualizations are susceptible to stored and reflected XSS via a vulnerable version of the Vega library. When you create Vega visualizations or create a vulnerable URL that describes the visualization, an arbitrary JavaScript can execute in your browser.

Affected versionsedit

Affected versions include 6.8.13 and earlier.

Solutionedit

Verify if you use Vega visualizations, then complete the following:

  • If you use Vega visualizations, upgrade to 6.8.14.
  • If you do not use Vega visualizations, open your kibana.yml file, then change vega.enabled: true to vega.enabled: false.

Bug fixedit

Reporting
  • Fixes an issue where a failed request in the headless browser running the screenshot capture would log an obscured error #88118
« Kibana 6.8.15 Kibana 6.8.13 »