Kibana 7.12.1edit

For information about the Kibana 7.12.1 release, review the following information.

Security updateedit

A denial of service vulnerability was found in the Kibana webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create webhook actions could drain the Kibana host connection pool, making Kibana unavailable for all other users.

Thank you Dominic Couture for finding this issue.

Affected versions
Affected versions include Kibana 7.12.0 and earlier.

Solution
If you are using Kibana webhook actions, upgrade to 7.12.1.

Breaking changesedit

Breaking changes can prevent your application from optimal operation and performance. Before you upgrade, review the 7.12.0 breaking changes, then mitigate the impact to your application.

Enhancementedit

Design
  • Customize Panel Submit #95704
Management
  • Adds generated copy for all processors #95507

Bug Fixesedit

Dashboard
  • Fixes iFrame Filtering Issues #95997
  • Allows By Value Flow Without Visualize Save Permissions #95951
  • Fixes adding columns from doc viewer table tab #95748
  • Adds Discrete Library Option to Save Modal #94589
Elastic Security
For the Elastic Security 7.12.1 release information, refer to Elastic Security Solution Release Notes.
Machine Learning
  • Data Frame Analytics creation: ensure job config validity persists when switching from/to form/editor #94654
  • Data Frame Analytics results: Ensure outlier detection results view displays feature influence correctly #94493
  • Fixes Index data visualizer not removing query string with loaded saved search #94245
  • Data Frame Analytics: Fix scatterplot matrix boilerplate visibility with no fields selected #96590
  • Data Frame Analytics: Don’t allow user to pick an index pattern or saved search based on CCS #96555
Management
  • Transforms: Wizard displays warning callout for source preview when used with CCS against clusters below 7.10 #96297
  • Fixes updating deleting sessions from non-default space #96123
  • Disables navigation when a step is invalid #95939
  • Fixes 7.12 migration fail if the "timepicker:quickRanges" is null #95767
  • Fixes serialization and deserialization of user input for "patterns" fields #94689
  • Transforms: Fixes missing number of transform nodes and error reporting in stats bar #93956
  • Transforms: Improves error handling for transform wizard when Kibana index pattern or saved search fails to load #93915
  • Improves error message when localStorage quota is reached #93779
Maps
  • Fixes Kibana does not recognize a valid geo_shape index when attempting to create a Tracking Containment alert #96633
  • Shows empty list when all saved maps in list deleted #95126
  • Fixes tooltips with timestamp appear as epoch #95106
Monitoring
  • Fixes issue with loading logstash node page under standalone cluster #93617
  • Fetches status once and change fetchStatus to support an array of clusters #91749
Operations
  • Improves performance of data stream API #97058
  • Migrations v2 ignore fleet agent events #96690
  • Resolves regression where Elastic Endgame rules would warn about unmapped timestamp override field #96394
  • Updates query for ping histogram #95495
  • Migrations v2: Retry tasks that timeout #95305
  • Fixes issues preventing the SysV service from starting Kibana #95018
  • Tolerate log entries for which fields retrieval fails #94972
  • Fixes positioning of space name and avatar in selector dropdown #94169
  • Updates Node.js from version 14.16.0 to 14.16.1 #96382
Security
  • Improves role management error handling for partially authorized users #96468