For information about the Kibana 7.13.0 release, review the following information.
Review the security updates that were found in previous versions of Kibana.
URL redirection flawedit
In Kibana 7.12.1 and earlier, when a logged in user visits a maliciously created URL, Kibana could redirect users to an arbitrary website. CVE-2021-22141
Upgrade to Kibana 7.13.0.
In Kibana 7.0.0 to 7.12.1, To generate downloadable reports, Kibana uses an embedded version of the Chromium browser. When a user with permissions to generate reports is able to render arbitrary HTML with the browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent the browser from rendering arbitrary content. CVE-2021-22142
Upgrade to Kibana 7.13.0.
Dev Tools displays a 403 error with the
Access to Fleet API require the superuser role message
When pages load, Kibana calls the Fleet packages API. For more information, refer to #100285.
In some cases, Dev Tools displays a 403 error with the
Access to Fleet API require the superuser role message, but you can continue to access Fleet.
Elastic Agents unenrolling from a self-managed Fleet Server hang at "Updating" and API keys are not invalidated
In Kibana, when you unenroll an Elastic Agent from a self-managed Fleet Server, the status may hang at "Updating". This problem only occurs with Elastic Agents connecting to a Fleet Server started with a service token.
You must do a force unenroll to remove the Elastic Agent and invalidate the API keys, or unenrollment hangs indefinitely. #380
TSVB references to the index pattern are not embedded
TSVB references to the index pattern are not embedded when exporting a saved object. This issue was reported at #103059 and was originally related to moving a TSVB visualization from one space to another. It should be noted that there may be different variants of this problem due to the fact that the used index pattern is not exported correctly.
You should export the used index patterns separately.
Breaking changes can prevent your application from optimal operation and performance. Before you upgrade to 7.13.0, review the breaking changes, then mitigate the impact to your application.
Remove Elastic Agent routes and related services
Invalidate API keys for existing agents
The existing agents in Kibana are not migrated as part of the migration to Fleet. For more information, refer to #95789.
The existing agent API keys are invalidated and display as
Inactive on the Agents page.
Disable Explore underlying data context menu
The Explore underlying data context menu on dashboards is now disabled by default. For more information, refer to #98039.
To enable the Explore underlying data context menu, set
true in kibana.yml.
The following functionality is deprecated in 7.13.0, and will be removed in 8.0.0. Deprecated functionality does not have an immediate impact on your application, but we strongly recommend you make the necessary updates after you upgrade to 7.13.0.
Deprecates scripted fields
Scripted fields are deprecated. For more information, refer to #97574.
For greater flexibility and Painless scripting language support, use runtime fields.
Deprecates the location map from Uptime
The location map is removed from the Uptime monitor page. For more information, refer to #96517.
For monitoring details, refer to the Availability and Last check columns.
Deprecates migrations.enableV2 setting
migrations.enableV2 setting. For more information, refer to #96398.
Deprecates the /src/legacy directory
/src/legacy directory is deprecated. For more information, refer to #95510.
/src/legacy directory in the Bazel build system.
Deprecates legacy logging dest, json, verbosity, and rotate configurations
Deprecates legacy logging configuration in favor of the new Kibana Platform logging system. For example, deprecates
logging.rotate.*. For more information, refer to #94238.
logging.root.appenders is configured and won’t show a deprecation warning,
--verbose replaces the legacy-format logs with the Kibana platform log format.
When Kibana platform logging is not configured,
logging.verbose: true and provides a warning for the deprecated configuration.
Deprecates old alerts APIs
/api/alerts/* APIs are deprecated and will be removed in 8.0. For more information, refer to #93977.
Use the new
Deprecates old actions APIs
/api/actions/* APIs are deprecated and will be removed in 8.0. For more information, refer to #92451.
Use the new
Kibana 7.13.0 adds the following new and notable features.
- Elastic Security
- For the Elastic Security 7.13.0 release information, refer to Elastic Security Solution Release Notes.
- Kibana Home & Add Data
- Update Cloud plugin to handle new config in kibana.yml #95569
- Lens & Visualizations
- Machine Learning
- Anomaly detection rule lookback interval improvements #97370
- Adds network ML module with four ML jobs for ECS network data #96480
- Adds runtime support for anomaly charts & add composite validations #96348
- Data frame analytics: Adds support for runtime fields #95734
- Adds Anomaly Explorer charts embeddable #94396
- Data frame analytics creation wizard: Add validation step #93478
- Adding support for saved object based ML modules #92855
- Adds search time runtime support for index based Data Visualizer #95252
- Enhanced metrics widget on Observability overview page #90879
- Added ability to create API keys #92610
For more information about the features introduced in 7.13.0, refer to What’s new in 7.13.