For information about the Kibana 7.12.1 release, review the following information.
A denial of service vulnerability was found in the Kibana webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create webhook actions could drain the Kibana host connection pool, making Kibana unavailable for all other users.
Thank you Dominic Couture for finding this issue.
Affected versions include Kibana 7.12.0 and earlier.
If you are using Kibana webhook actions, upgrade to 7.12.1.
Breaking changes can prevent your application from optimal operation and performance. Before you upgrade, review the 7.12.0 breaking changes, then mitigate the impact to your application.
- Elastic Security
- For the Elastic Security 7.12.1 release information, refer to Elastic Security Solution Release Notes.
- Machine Learning
- Data Frame Analytics creation: ensure job config validity persists when switching from/to form/editor #94654
- Data Frame Analytics results: Ensure outlier detection results view displays feature influence correctly #94493
- Fixes Index data visualizer not removing query string with loaded saved search #94245
- Data Frame Analytics: Fix scatterplot matrix boilerplate visibility with no fields selected #96590
- Data Frame Analytics: Don’t allow user to pick an index pattern or saved search based on CCS #96555
- Transforms: Wizard displays warning callout for source preview when used with CCS against clusters below 7.10 #96297
- Fixes updating deleting sessions from non-default space #96123
- Disables navigation when a step is invalid #95939
- Fixes 7.12 migration fail if the "timepicker:quickRanges" is null #95767
- Fixes serialization and deserialization of user input for "patterns" fields #94689
- Transforms: Fixes missing number of transform nodes and error reporting in stats bar #93956
- Transforms: Improves error handling for transform wizard when Kibana index pattern or saved search fails to load #93915
- Improves error message when localStorage quota is reached #93779
- Improves performance of data stream API #97058
- Migrations v2 ignore fleet agent events #96690
- Resolves regression where Elastic Endgame rules would warn about unmapped timestamp override field #96394
- Updates query for ping histogram #95495
- Migrations v2: Retry tasks that timeout #95305
- Fixes issues preventing the SysV service from starting Kibana #95018
- Tolerate log entries for which fields retrieval fails #94972
- Fixes positioning of space name and avatar in selector dropdown #94169
- Updates Node.js from version 14.16.0 to 14.16.1 #96382
- Improves role management error handling for partially authorized users #96468