github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

[DOCS] Adds security fixes to release notes (#73299)

Browse source
This commit is contained in:
Lisa Cawley 2020-07-27 08:59:01 -07:00 committed by GitHub
parent f8715b561a
commit 6ad7b4f086
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

15
docs/CHANGELOG.asciidoc
View file

@ -101,7 +101,20 @@ This section summarizes the changes in each release.
[[release-notes-6.8.11]]
== {kib} 6.8.11
coming::[6.8.11]
[float]
[[security-update-6.8.11]]
=== Security updates
* In {kib} 6.8.11 and earlier, there is a denial of service (DoS) flaw in Timelion. Attackers can construct a URL that when viewed by a {kib} user,
the {kib} process consumes large amounts of CPU and becomes unresponsive,
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7016[CVE-2020-7016].
+
You must upgrade to 6.8.11. If you are unable to upgrade, set `timelion.enabled` to `false` in your kibana.yml file to disable Timelion.
* In all {kib} versions, region map visualizations contain a stored XSS flaw. Attackers that can edit or create region map visualizations can obtain
sensitive information or perform destructive actions on behalf of {kib} users who view the region map visualization,
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7017[CVE-2020-7017].
+
You must upgrade to 6.8.11. If you are unable to upgrade, set `xpack.maps.enabled`, `region_map.enabled`, and `tile_map.enabled` to `false` in kibana.yml to disable map visualizations.
[float]
[[enhancement-v6.8.11]]