Kibana 7.7.0edit

See breaking changes in 7.7.

Security updatesedit

  • In 7.7.0 to 7.6.2, the Upgrade Assistant contains a prototype pollution flaw. An authenticated attacker with privileges to write to the Kibana index can insert data that could cause Kibana to execute arbitrary code. This could lead to an attacker executing code with the permissions of the Kibana process on the host system, CVE-2020-7012.

    By default, the Upgrade Assistant flaw is mitigated in all Kibana instances accessed through Elasticsearch Service.

    For all other installations, you must upgrade to 7.7.0. If you are unable to upgrade, set xpack.upgrade_assistant_enabled:false in your kibana.yml file to disable the Upgrade Assistant.

  • In 7.7.0 and earlier, TSVB contains a prototype pollution flaw. Authenticated attackers with privileges to create TSVB visualizations can insert data that could cause Kibana to execute arbitrary code. This could lead to an attacker executing code with the permissions of the Kibana process on the host system, CVE-2020-7013.

    By default, the Upgrade Assistant flaw is mitigated in all Kibana instances accessed through Elasticsearch Service.

    For all other installations, you must upgrade to 7.7.0. If you are unable to upgrade, set metrics.enabled:false in your kibana.yml file to disable TSVB.

Known issuesedit

SIEM
  • When you deactivate an action within a rule, the rule fails #64870
  • When you add a timestamp to the PagerDuty action, the rule fails #64871
Management
  • Editing Saved Objects (eg. Dashboards) via the "Inspect" JSON editor in Management corrupts objects #66542
Configuration
  • The server.customResponseHeaders option prevents Kibana from starting if headers are set using a type other than string. To fix this, convert your boolean and number headers to strings. For example, use my-header: "true" instead of my-header: true. #66146

Enhancementsedit

Alerting
  • Notifies user when security is enabled but TLS is not #60270
  • Displays warning when a permanent encryption key is missing and hides alerting UI appropriately #62772
  • Edits alert flyout #58964
  • Moves index params fields to connector config #60349
  • Adds the AlertDetails page #55671
  • License checks for actions plugin #59070
APM
  • Updates monospace font family variable #57555
  • Shows missing permissions message to the user on the Services overview #56374
  • Settings list page for managing custom actions #56853
  • Divides "Actions menu" into sections to improve readability #56623
  • Creates settings page to manage Custom Links #57788
  • Creates custom link from Trace summary #59648
  • Writes tests for the Custom Link API #60899
  • Threshold alerts #59566
  • Adds additional (java) options #59860
  • Sync badge #55113
  • Client.ip to metadata for RUM transactions #56546
Canvas
  • Adds Lens embeddables #57499
  • Switches to using EUI SuperDatePicker in time filter element #59249
  • Adds Visualize embeddable #60859
  • Adds argument to open all links in new tab within markdown element #57017
  • Updates esdocs datasource #59512
  • Improves expression autocomplete #52035
Dashboard
  • Use Elasticsearch _async_search instead of _search when it is available (excluding TSVB, Timelion, and Vega) https://github.com/elastic/kibana/pull/59224[#59224}
  • When queries run more than 10 seconds, show a pop-up to allow users to run the queries beyond the configured Elasticsearch query timeout or cancel the queries #60706
  • Dashboard/add panel flow #59918
  • Moves the "Create New" button in add panel flyout to the top to make it more visible to the user #56428
Lens and visualizations
  • Creates Lens filters on click with bar, line, area charts #57261
  • Allows number formatting within Lens #56253
  • Shows a warning when you have partially configured a visualization, such as a bar chart with only an X axis #58279
  • Improves suggestion logic when dragging fields into the chart #60687
  • Disallows duplicate percentiles #58299
  • EUICodeEditor for Visualize JSON #58679
  • Supports Histogram Data Type #59387
  • Median aggregation labels now show "Median" instead of "50th percentile of" in Visualize. Custom labels are also used #58521
  • Adds positive_rate as a new aggregation to TSVB #59843
  • Makes linked saved search work when user navigates back using browser back button #59690
  • Visualization editor UI has been updated to the new styles, consistent with the rest of the platform and a more logical left-to-right flow of creating content #49864
Logs
  • Uses the Super date picker in the log stream #54280
  • Adds expandable rows with category examples #54586
  • Shows navigation bar while loading source configuration #59997
Machine Learning
  • Processes delimited files like semi-structured text #56038
  • Supports multi-line JSON notation #58870
  • Validates manual model memory input #59056
  • Clones analytics job #59791
  • Uses a new ML endpoint to estimate a model memory #60376
  • Module setup with dynamic model memory estimation #60656
  • Adds text fields to datafeed start modal #55560
  • Categorization examples privilege check #57375
  • Adds filebeat config to file dataviz #58152
  • Global calendars #57890
  • Adds indices_options to datafeed #59119
  • Displays multi-class results in evaluate panel #60760
  • Adds support for date_nanos time field in anomaly job wizard #59017
  • Uses EuiDataGrid for outlier result page #58235
  • Supports multi-line JSON notation in advanced editor #58015
  • Adds support for percentiles aggregation to Transform wizard #60763
  • Adds clone feature to transforms list #57837
  • Uses EuiDataGrid for transform wizard #52510
  • Replaces KqlFilterBar with QueryStringInput #59723
Management
  • The Remote Clusters UI added support for enabling "proxy" mode when creating or editing a remote cluster #59221
  • Adds filter for ILM phase to Index Management #57402
  • Creates Painless Lab app #57538
  • Moves out of legacy #55331
  • Moves out of legacy and migrates server side to New Platform #55690
  • Updates Console progress bar #56628
  • Auto follow pause & resume #56615
  • Supports triple quoted JSON strings and Painless highlighting to Watcher and SearchProfiler #57563
  • Server-side batch reindexing #58598
  • Better handling of closed indices #58890
  • Advanced settings UI change to centralize save state #53693
  • The autocomplete in the dev console now supports many different types of Elasticsearch pipeline processors #60553
Maps
  • Improves Layer Style UI #58406
  • Shows field type icons in data driven styling field select #55166
  • Style icons by category #55747
  • Adds type icons to SingleFieldSelect component #56313
  • Disables style forms when they are not applied due to other style settings #55858
  • Autocompletes for custom color palettes and custom icon palettes #56446
  • Allows simultaneous opening of multiple tooltips #57226
  • Adds Top term aggregation #57875
  • Direct Discover "visualize" to open Maps application #58549
  • Top term percentage field property #59386
  • Adds UI to disable style meta and get top categories from current features #59707
  • Adds draw control to create distance filter #58163
  • Blended layer that switches between documents and clusters #57879
  • Default ES document layer scaling type to clusters and show scaling UI in the create wizard #60668
  • Disables add layer button when flyout is open #54932
  • Supports categorical styling for numbers and dates #57908
Metrics
  • Setup commonly used time ranges in timepicker #56701
  • Custom Metrics for Inventory View #58072
  • Alerting for metrics explorer and inventory #58779
  • Creates a new menu for observability links #54847
  • Creates Metric Threshold Alert Type and Executor #57606
Monitoring
  • Supports shipping directly to the monitoring cluster #57022
Platform
  • Improves validation in truncate field formatter editor #56521
  • Variable support for interpreter #54788
Reporting
  • Handles page setup errors and capture the page, don’t fail the job #58683
  • Adds the ability to search and delete historical reports in Management > Kibana > Reporting #60077
SIEM
  • Recent cases widget #60993
  • Adds custom reputation link #57814
  • Exports timeline #58368
  • Rule activity monitoring #60816
  • Removes has manage api keys requirement #62446
  • Adds release notes link and updates one UI section #60825
  • Adds rule notifications #59004
  • Version 7.7 rule import #61903
  • Creates ML Rules #58053
  • Case workflow api schema #51535
  • Service Now Kibana Action #53890
  • API with io-ts validation #59265
  • Status / Batch update #59856
  • Imports timeline #60880
  • Bug/clean up phase I #61354
  • Cases clean up Phase II #61750
  • Modifies gap detection util to accept all dateMath formats #56055
  • Adds note markdown field to backend #59796
  • Adds rule markdown field to rule create, detail, and edit flows #60108
  • Adds rule markdown to timeline global notes #61026
  • ServiceNow executor #58894
  • ServiceNow action improvements #60052
Security
  • Uses links instead of click handlers when switching spaces #57730
  • Introduce a login selector screen when multiple auth providers are enabled #53010
  • Warn when using deprecated roles #57209
  • Support for subfeature privileges #60563
Telemetry
  • Application Usage implemented in @kbn/analytics #58401
  • Server-side Migration to NP #60485
  • Use EuiTokens for ES field types #57911
  • Adds 7 day metrics to Application Usage telemetry #59846
Uptime
  • Adds Settings Page #53550
  • Adds Alerting UI #57919
  • Adds configurable page size to monitor list #60573
  • Adds Green Icon for all up Monitors #56770
  • Implements drag and select on charts #57089
  • Fix/filter group autocomplete #57686
  • Ml detection of duration anomalies #59785

Bug fixesedit

Alerting
  • Retains empty AlertsList when filter has removed all items #60501
  • Fixes alert threshold line disappears #61499
  • Cleanup action task params objects after successful execution #55227
  • Disables action plugin functionality when ESO plugin is using an ephemeral encryption key #56906
  • Makes slack param validation handle empty messages #60468
  • Makes user and password secrets optional #56823
APM
  • Changes "url" to "urls" in APM agent instructions #60790
  • Uses ES Permission API to check if a user has permissions to read from APM indices #57311
  • Filters are not prefilled when the custom link flyout is opened from a transaction page #61650
  • .apm-agent-configuration is not created if Kibana is started while ES is not ready #61610
  • Don’t include UI filters when fetching a specific transaction #57934
  • Uses docLinks API for APM doc links #61880
  • Updates APM index pattern #61265
Canvas
  • Toggles footer editable controls when you turn off edit mode #52786 #58044
  • Fixes map embeddables not showing up on PDF reports #61149
  • Limits rows in debug element #60804
Dashboard
  • Puts embed param into short url instead of behind it #58846
  • Allows markdown in error embeddable #62427
Discover
  • Removes flickering when opening filter bar popover #56222
  • Retains pinned filters when loading and clearing saved queries #54307
Graph
  • Specifies valid licenses for the Graph feature #55911
  • Improves graph missing workspace error message #58876
Lens and visualizations
  • Filters out pinned filters from saved object of Lens #57197
  • Adds using queries/filters for field existence endpoint #59033
  • Fixes display single bar in XYChart Bar Vis #61452
  • Resetting a layer generates new suggestions #60674
  • Fixes disabled switches in the editor #62911
  • Fixes broken Handlebar documentation links #55866
  • Shows timepicker in Timelion and TSVB #58857
  • Makes Vega remove filter work #58871
  • Makes d3 place nicely with object values #62004
  • Fixes position calculation of ticks in non-horizontal axes #62309
Logs
  • Correctly update the expanded log rate table rows #60306
Machine Learning
  • Handles Empty Partition Field Values in Single Metric Viewer #61649
  • Fixes job wizard model memory limit warnings #62331
  • Files data viz fix index pattern warning after index change #57807
  • Uses real datafeed ID for datafeed preview #60275
  • Disables start trial option when license management ui is disabled #60987
  • Fixes jobs list filter in url #61822
  • Fixes job ID in edit job flyout #61840
  • Fixes reporting of http request errors #61811
  • Ensures confusion matrix label column is correct #60308
  • Ensures column in correct position after reselect #61342
  • Ensures query bar syntax errors are shown #61333
  • Ensures job state is up to date #61678
  • Increases number of items that can be paged in calendars and filters lists #61842
  • Uses index pattern field format if one exists #61709
  • Ensures filter works as expected #62041
  • Ensures destination index pattern created #62450
  • Fixes page heading structure #56741
  • Fixes handling of index pattern with special characters #59884
  • Fixes to error handling for analytics jobs and file data viz #60249
  • Fixes Anomaly Explorer swimlane label and chart tooltips #61327
  • Prevents training_percent of 0 for analytics job #61789
  • Removes duplicate page main landmarks #56883
  • Fixes license check #58343
  • Clears Kibana index pattern cache on creation or form reset #62184
Management
  • Adds support for additional watch action statuses #55092
  • Fixes the Upgrade Assistant where the reindexing of an index was incorrectly marked as "Done", when it still required to be reindexed. This scenario could occur if a user reindexed an index, deleted it, then restored a snapshot of the index of an older version #60789
  • Fixes several invalid documentation links in the Snapshot and Restore UI #61331
  • Fixes for console error handling and loading of autocomplete #58587
  • Fixes a bug that caused Grokdebugger simulation to break in non-Default Kibana spaces #61423
  • Fixes an issue where Console would not render the request output if localStorage quota was reached #62424
  • Fixes a bug with Console’s Copy As cURL functionality that would not properly escape single quotes in JSON string values which created issues with copying SQL queries from Console to cURL #63229
  • System index templates can’t be edited #55229
  • Not possible to edit a watch that was created with the API if the ID contains a dot #59383
  • Fixes console a11y failures #57520
Maps
  • Do not show border color for icon in legend when border width is zero #57501
  • Uses blended layer when linking discover to maps #61467
  • Fixes tooltip overflow #61564
  • Cleans up unsaved state check #61705
  • Fixes regression in loading left join fields #63325
  • Fixes cross origin error for icon spritesheets when Kibana secured via OAuth proxy #53896
  • Correctly open layer settings from add layer wizard #48971
Metrics
  • Limits group by selector to only 2 fields #56800
  • Uses CPU Usage limits for Kubernetes pods when available #58424
  • Fixes toolbar popover for metrics table row #56796
Monitoring
  • Handles setup mode if security is disabled #53306
  • Protects against no monitoring data near end of time series #61273
  • Adds new config for logging index name #56920
Platform
  • Rollup index pattern error: must match one rollup index #56732
  • In scripted fields, unable to switch the Type #59285
  • Duplicates query filters in es request #60106
  • Bugfix dashboard unpins filters #62301
  • Fixes plugin enabled config options #60998
  • Fixes tabifyAggResponse #61214
  • Fixes parse interval #62267
  • Avoid app not found flickering while awaiting for mount #56483
  • Creates empty string filters when value not specified #57442
  • Range aggregations now use the field formatter from the index pattern, instead of no formatter #58651
Reporting
  • Fixes error handling for job handler in route #60161
Security
  • Handling a 404 when the space’s telemetry collector runs #55921
SIEM
  • Allows Import timeline for authorised users #61438
  • Imports timeline schema update #61622
  • Fixes bug with timeline templates not working #60476
  • Fixes export of single rule and the icons #62394
  • Updates process and TLS tables to use ECS 1.5 fields #60854
Telemetry
  • Fixes bug introduced in #55859 #57441
  • UI Metrics use findAll to retrieve all Saved Objects #59891
Uptime
  • Updates heartbeat index name for 7.7 #62172
  • Shows only total in snapshot heading #58376
  • Fixes PingList pagination #61481
  • Fixes es query function null reference errors #61465
  • Fixes issue with Kibana Icon in Uptime App #56837
  • Adds tests for pages #56736

Deprecationsedit

Monitoring
Platform
  • Migrates Vega and Graph configs to new platform #57011