Kibana 8.10.3edit
Security updatesedit
-
Kibana heap buffer overflow vulnerability
On Sept 11, 2023, Google Chrome announced CVE-2023-4863, described as “Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page”. Kibana includes a bundled version of headless Chromium that is only used for Kibana’s reporting capabilities and which is affected by this vulnerability. An exploit for Kibana has not been identified, however as a resolution, the bundled version of Chromium is updated in this release.
The issue is resolved in 8.10.3.
For more information, see our related security announcement.
Enhancementsedit
- Elastic Security
- For the Elastic Security 8.10.3 release information, refer to Elastic Security Solution Release Notes.
Bug Fixesedit
- Dashboard
-
- Fixes an error the panel descriptions weren’t retrieved from the right method (#166825).
- Discover
-
-
Soften saved search content management response
sortschema (#166886).
-
Soften saved search content management response
- Elastic Security
- For the Elastic Security 8.10.3 release information, refer to Elastic Security Solution Release Notes.
- Enterprise Search
- For the Elastic Enterprise Search 8.10.3 release information, refer to Elastic Enterprise Search Documentation Release notes.
- Fleet
- Machine Learning
-
- AIOps: Fixes render loop when using a saved search (#166934).
- Monitoring
-
- Convert node roles into array (#167628).
- Observability
-
- Fixes a set up process error in Universal Profiling (#167068).
- Uptime
-
- Fixes an error when updating browser monitor in a project (#168064).