mirror of
https://github.com/elastic/kibana.git
synced 2025-04-23 17:28:26 -04:00
docs: release notes for 5.5.1 and 5.5.2
This commit is contained in:
Court Ewing
parent
3a1f8721e6
commit
96704e114d
2 changed files with 91 additions and 0 deletions
34
docs/release-notes/5.5.1.asciidoc
Normal file
34
docs/release-notes/5.5.1.asciidoc
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
[[release-notes-5.5.1]]
|
||||
== 5.5.1 Release Notes
|
||||
|
||||
Also see <<breaking-changes-5.0>>.
|
||||
|
||||
[float]
|
||||
[[security-5.5.1]]
|
||||
=== Security fix
|
||||
Kibana Node.js security flaw ({security-ref}[ESA-2017-14] {pull}12776[#12776])::
|
||||
The version of Node.js shipped in all versions of Kibana prior to 5.5.1
|
||||
contains a Denial of Service flaw in it's HashTable random seed. This
|
||||
flaw could allow a remote attacker to consume resources within Node.js
|
||||
preventing Kibana from servicing requests.
|
||||
|
||||
[float]
|
||||
[[enhancement-5.5.1]]
|
||||
=== Enhancements
|
||||
Visualization::
|
||||
* Display regionmap attribution {pull}12647[#12647]
|
||||
|
||||
[float]
|
||||
[[bug-5.5.1]]
|
||||
=== Bug fixes
|
||||
Design::
|
||||
* [Fix for #12738] [UI Framework] Update LocalNav layout to fix menu button hover state. {pull}12739[#12739]
|
||||
Platform::
|
||||
* Bump node.js to version 6.11.1 {pull}12776[#12776]
|
||||
* [Fix for #10546] Update regex used to detect IE for long length warnings {pull}12617[#12617]
|
||||
Other::
|
||||
* [Fix for #12692] Make filter editor suggestions opt-in {pull}12710[#12710]
|
||||
* [Fix for #12627] do not allow registration of undefined indexpatterns in dashboard state {pull}12628[#12628]
|
||||
Visualization::
|
||||
* [Fix for #12645] fixing point series chart margins {pull}12663[#12663]
|
||||
* [Fix for #11954] removing old point series defaults {pull}11958[#11958]
|
||||
57
docs/release-notes/5.5.2.asciidoc
Normal file
57
docs/release-notes/5.5.2.asciidoc
Normal file
|
|
@ -0,0 +1,57 @@
|
|||
[[release-notes-5.5.2]]
|
||||
== 5.5.2 Release Notes
|
||||
|
||||
Also see <<breaking-changes-5.0>>.
|
||||
|
||||
[float]
|
||||
[[security-5.5.2]]
|
||||
=== Security fixes
|
||||
.Kibana markdown parser Cross Site Scripting (XSS) error (ESA-2017-16)
|
||||
|
||||
|
||||
Kibana versions prior to 5.5.2 had a cross-site scripting (XSS) vulnerability in the markdown parser that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
|
||||
|
||||
Affected Versions: All prior to 5.5.2 and 4.6.6
|
||||
|
||||
Solutions and Mitigations:
|
||||
|
||||
Users should upgrade to Kibana version 5.5.2 or 4.6.6
|
||||
|
||||
.Reporting impersonation error (ESA-2017-17)
|
||||
|
||||
|
||||
The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. A user with the reporting_user role could execute a report with the permissions of another reporting user, possibly gaining access to sensitive data.
|
||||
|
||||
Affected Versions: All prior to 5.5.2 and 2.4.6
|
||||
|
||||
Solutions and Mitigations:
|
||||
|
||||
Reporting users should upgrade to X-Pack version 5.5.2 or Reporting Plugin version 2.4.6. A mitigation for this issue is to remove the reporting_user role from any untrusted users of your Elastic Stack.
|
||||
|
||||
CVE ID: CVE-2017-8446
|
||||
|
||||
[float]
|
||||
[[enhancement-5.5.2]]
|
||||
=== Enhancements
|
||||
|
||||
[float]
|
||||
[[bug-5.5.2]]
|
||||
=== Bug fixes
|
||||
Discover::
|
||||
* [Fix for #13365] Truncate long field names in filter editor {pull}13379[#13379]
|
||||
Management::
|
||||
* [Fix for #12728] Ensure conflicted fields can be searchable and/or aggregatable {pull}13070[#13070]
|
||||
Visualization::
|
||||
* [Fix for #13255] Ensure we are working with data-series to avoid tooltip errors {pull}13266[#13266]
|
||||
* [Fix for #12724] by default metric should not define color {pull}12993[#12993]
|
||||
* [Fix for #12391] in percentage mode tooltip should also show percentages {pull}13217[#13217]
|
||||
- Tooltips now correctly display the percentage-value in area charts where the Y-Axis is formatted in percentage mode.
|
||||
* Use the customMetric's formatter for pipeline aggregations {pull}11933[#11933]
|
||||
* [Fix for #12220] Should only fit on shapes that are part of the result {pull}12881[#12881]
|
||||
- When clicking the fit-data button in a Region Map, the map now zooms correctly to the relevant data instead of showing the entire layer.
|
||||
* [Fix for #12172] Save layer setting in the region map UI {pull}12956[#12956]
|
||||
- The layer selection is now preserved in the UI dropdown when saving a Region Map.
|
||||
* [Fix for #12189] Region map should respect saved center and zoom {pull}12883[#12883]
|
||||
- The location of the map is now stored correctly when saving a Region Map.
|
||||
* [Fix for #12963] Exclude stacktrace from error response of Timelion backend {pull}12973[#12973]
|
||||
- the Timelion backend no longer includes the stacktrace as part of the server response. This stacktrace is now logged to the server console.
|
||||
Loading…
Add table
Add a link
Reference in a new issue