Kibana 7.10.2edit

For detailed information about the 7.10.2 release, review the following bug fixes. Before you upgrade, review the breaking changes in 7.10 and known issue in 7.10.0.

Security updateedit

Vega visualizations are susceptible to stored and reflected XSS via a vulnerable version of the Vega library. When you create Vega visualizations or create a vulnerable URL that describes the visualization, an arbitrary JavaScript can execute in your browser.

Affected versionsedit

Affected versions include 7.10.1 and earlier.


Verify if you use Vega visualizations, then complete the following:

  • If you use Vega visualizations, upgrade to 7.10.2.
  • If you do not use Vega visualizations, open your kibana.yml file, then change vega.enabled: true to vega.enabled: false.

Bug fixesedit

  • Don’t reset server log level if level is defined #83651
  • Fixes Duplicated Create New Modal #86489
  • Fixes value completion in the logs stream query bar #85772
Machine Learning
  • Fixes watcher URL to the Anomaly Explorer page #85123
  • Fixes Anomaly Explorer data refresh with relative time bounds #86142
  • Fixes zoom missing in Anomaly detection URLs #86182 and #86400
  • Fixes charts grid on the Anomaly Explorer page #86904
  • When number of replicas is set to zero, it is now correctly displayed in Index Lifecycle Management policies #85251
  • The list of data streams in Index Management now sorts numerically by the raw bytes value, which renders them in the correct order #86204
  • Fixes a bug where the enterprise level subscription displayed as platinum #85849
  • From table actions in the Cross-Cluster Replication app, you can now pause/resume index replication, unfollow leader index, or delete an auto-follow pattern #84433
  • Accessibility fix in Rollup Jobs app: when selecting a row in the jobs table, a screen reader pronounces the job’s name #84567
  • Makes alert status fetching more resilient #84676
  • Adds unmapped_type to additional queries #85837
  • Fixes 500 error when using PKI authentication with an incomplete certificate chain #86700