Change Listedit



  • The esusers tool no longer warns about missing roles that are properly defined in the roles.yml file.
  • The period character, ., is now allowed in usernames and role names.
  • The terms filter lookup cache has been disabled to ensure all requests are properly authorized. This removes the need to manually disable the terms filter cache.
  • For LDAP client connections, only the protocols and ciphers specified in the shield.ssl.supported_protocols and shield.ssl.ciphers settings will be used.
  • The auditing mechanism now logs authentication failed events when a request contains an invalid authentication token.



  • Adds support for elasticsearch 1.5



new features

  • LDAP:

    • Add the ability to bind as a specific user for LDAP searches, which removes the need to specify user_dn_templates. This mode of operation also makes use of connection pooling for better performance. Please see ldap user search for more information.
    • User distinguished names (DNs) can now be used for role mapping.
  • Authentication:

  • IP Filtering:


  • Significant memory footprint reduction of internal data structures
  • Test if SSL/TLS ciphers are supported and warn if any of the specified ciphers are not supported
  • Reduce the amount of logging when a non-encrypted connection is opened and https is being used
  • Added the kibana4_server role, which is a role that contains the minimum set of permissions required for the Kibana 4 server.
  • In-memory user credential caching hash algorithm defaults now to salted SHA-256 (see Cache hash algorithms

bug fixes

  • Filter out sensitive settings from the settings APIs


  • Filter out sensitive settings from the settings APIs
  • Significant memory footprint reduction of internal data structures


  • Fixed dependency issues with Elasticsearch 1.4.3 and (Lucene 4.10.3 that comes with it)
  • Fixed bug in how user roles were handled. When multiple roles were defined for a user, and one of the roles only had cluster permissions, not all privileges were properly evaluated.
  • Updated kibana4 permissions to be compatible with Kibana 4 RC1
  • Ensure the mandatory base_dn settings is set in the ldap realm configuration