NOTE: You are looking at documentation for an older release. For the latest information, see the current release documentation.
Kibana 6.8.14edit
The 6.8.14 release includes a security update and fixes one issue.
Security updateedit
Vega visualizations are susceptible to stored and reflected XSS via a vulnerable version of the Vega library. When you create Vega visualizations or create a vulnerable URL that describes the visualization, an arbitrary JavaScript can execute in your browser.
Affected versionsedit
Affected versions include 6.8.13 and earlier.
Solutionedit
Verify if you use Vega visualizations, then complete the following:
- If you use Vega visualizations, upgrade to 6.8.14.
-
If you do not use Vega visualizations, open your kibana.yml file, then change
vega.enabled: true
tovega.enabled: false
.
Bug fixedit
- Reporting
-
- Fixes an issue where a failed request in the headless browser running the screenshot capture would log an obscured error #88118