Also see Breaking changes in 6.0.
- Kibana cross site scripting issue (ESA-2017-22): Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. CVE ID: CVE-2017-11481
- Kibana open redirect flaw (ESA-2017-23) : The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. CVE ID: CVE-2017-11482
Users should upgrade to Kibana version 6.0.1 or 5.6.5. There are no known workarounds for these issues.
- [UI Framework] Fix IE11 bug which caused kuiToolBarSearch to grow too wide when there is only a single kuiToolBarSection sibling. #15215
Fix fieldFormat plugins #14984
- In 6.0.0 we accidentally included a breaking change that prevented plugins from supplying custom FieldFormatters. This has been fixed but, also changes the way that they need to be defined. Take a look at the field formatters Kibana supplies to see how you should update your custom FieldFormats.
- Fix: exponent values in table view #15309
- Prepend relative urls #14994
- [eslint] add eslint dev script #14889
- [dev/ci_setup] generalize jenkins_setup script for other CI environments #15178
- [Fixes #13436] allows to hide warnings in gauge #15139
- [Fixes #14833] Fix Kibana crashing when resizing a tag cloud too small #15001
- [Fixes #13947] uses maximum space for arc gauge and center aligns it #15140
- [Fixes #15146] fixes the visualizeLoader error in IE #15150
- fixing field formatters for gauge #15145
- [Fixes #13947] fix metric align and size #15141