Kibana 7.13.0edit

For information about the Kibana 7.13.0 release, review the following information.

Security updatesedit

Review the security updates that were found in previous versions of Kibana.

URL redirection flawedit

Details
In Kibana 7.12.1 and earlier, when a logged in user visits a maliciously created URL, Kibana could redirect users to an arbitrary website. CVE-2021-22141

Solution
Upgrade to Kibana 7.13.0.

Reporting vulnerabilityedit

Details
In Kibana 7.0.0 to 7.12.1, To generate downloadable reports, Kibana uses an embedded version of the Chromium browser. When a user with permissions to generate reports is able to render arbitrary HTML with the browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent the browser from rendering arbitrary content. CVE-2021-22142

Solution
Upgrade to Kibana 7.13.0.

Known issuesedit

Dev Tools displays a 403 error with the Access to Fleet API require the superuser role message

Details
When pages load, Kibana calls the Fleet packages API. For more information, refer to #100285.

Impact
In some cases, Dev Tools displays a 403 error with the Access to Fleet API require the superuser role message, but you can continue to access Fleet.

Elastic Agents unenrolling from a self-managed Fleet Server hang at "Updating" and API keys are not invalidated

Details
In Kibana, when you unenroll an Elastic Agent from a self-managed Fleet Server, the status may hang at "Updating". This problem only occurs with Elastic Agents connecting to a Fleet Server started with a service token.

Impact
You must do a force unenroll to remove the Elastic Agent and invalidate the API keys, or unenrollment hangs indefinitely. #380

Breaking changesedit

Breaking changes can prevent your application from optimal operation and performance. Before you upgrade to 7.13.0, review the breaking changes, then mitigate the impact to your application.

Remove Elastic Agent routes and related services

Details
Elastic Agents now use the Fleet Server to enroll agents, get agent policies, collect status information, and more. For more information, refer to #97206.

Impact
To run and manage Elastic Agents, use the Fleet Server instead of Kibana. For more information, refer to Fleet Server.

Invalidate API keys for existing agents

Details
The existing agents in Kibana are not migrated as part of the migration to Fleet. For more information, refer to #95789.

Impact
The existing agent API keys are invalidated and display as Inactive on the Agents page.

Disable Explore underlying data context menu

Details
The Explore underlying data context menu on dashboards is now disabled by default. For more information, refer to #98039.

Impact
To enable the Explore underlying data context menu, set xpack.discoverEnhanced.actions.exploreDataInContextMenu.enabled to true in kibana.yml.

Deprecationsedit

The following functionality is deprecated in 7.13.0, and will be removed in 8.0.0. Deprecated functionality does not have an immediate impact on your application, but we strongly recommend you make the necessary updates after you upgrade to 7.13.0.

Deprecates scripted fields

Details
Scripted fields are deprecated. For more information, refer to #97574.

Impact
For greater flexibility and Painless scripting language support, use runtime fields.

Deprecates the location map from Uptime

Details
The location map is removed from the Uptime monitor page. For more information, refer to #96517.

Impact
For monitoring details, refer to the Availability and Last check columns.

Deprecates migrations.enableV2 setting

Details
Deprecates the migrations.enableV2 setting. For more information, refer to #96398.

Deprecates the /src/legacy directory

Details
The legacy /src/legacy directory is deprecated. For more information, refer to #95510.

Impact
Use the /src/legacy directory in the Bazel build system.

Deprecates legacy logging dest, json, verbosity, and rotate configurations

Details
Deprecates legacy logging configuration in favor of the new Kibana Platform logging system. For example, deprecates logging.json and logging.rotate.*. For more information, refer to #94238.

Impact
When logging.root.appenders is configured and won’t show a deprecation warning, --verbose replaces the legacy-format logs with the Kibana platform log format. When Kibana platform logging is not configured, --verbose sets logging.verbose: true and provides a warning for the deprecated configuration.

Deprecates old alerts APIs

Details
The /api/alerts/* APIs are deprecated and will be removed in 8.0. For more information, refer to #93977.

Impact
Use the new /api/alerting/* APIs.

Deprecates old actions APIs

Details
The old /api/actions/* APIs are deprecated and will be removed in 8.0. For more information, refer to #92451.

Impact
Use the new /api/actions/* APIs.

Featuresedit

Kibana 7.13.0 adds the following new and notable features.

Discover
  • Adds runtime field editor to Discover #96762
  • Integration of Runtime Fields editor - edit operation #95498
Elastic Security
For the Elastic Security 7.13.0 release information, refer to Elastic Security Solution Release Notes.
Kibana Home & Add Data
  • Update Cloud plugin to handle new config in kibana.yml #95569
Lens & Visualizations
  • Visualize runtime fields in TSVB #95772
  • Enables url drilldowns for range selection in TSVB #95296
  • Enable dual mode, support index patterns and strings in TSVB #92812
Machine Learning
  • Anomaly detection rule lookback interval improvements #97370
  • Adds network ML module with four ML jobs for ECS network data #96480
  • Adds runtime support for anomaly charts & add composite validations #96348
  • Data frame analytics: Adds support for runtime fields #95734
  • Adds Anomaly Explorer charts embeddable #94396
  • Data frame analytics creation wizard: Add validation step #93478
  • Adding support for saved object based ML modules #92855
  • Adds search time runtime support for index based Data Visualizer #95252
Metrics
  • Enhanced metrics widget on Observability overview page #90879
Platform
  • Enable osquery plugin #97422
  • Client side search cache #92439
Security
  • Added ability to create API keys #92610

For more information about the features introduced in 7.13.0, refer to What’s new in 7.13.