github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 01:38:56 -04:00
Code Issues Projects Releases Packages Wiki Activity

docs: 5.3.3 security issue

Browse source
This commit is contained in:
Court Ewing 2017-06-01 12:52:23 -04:00
parent 4c0c840916
commit afadbc0b21
1 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
docs/release-notes/5.3.3.asciidoc
View file

@ -3,6 +3,19 @@
Also see <<breaking-changes-5.0>>.
[float]
[[security-5.3.3]]
=== Security fix
Beginning in Kibana 5.3.0, the discovery app in Kibana is vulnerable to an
cross-site scripting attack (XSS) that would allow an attacker to inject
JavaScript into other user's browsers via Elasticsearch documents. This was
made possible by the field formatters plugin API and how it handled
compiling of template values in the discover doc table.
Versions 5.3.3 and 5.4.1 include a fix for this vulnerability
by changing the binding and compilation behavior for field formatters.
Thanks to Thomas Gøytil for reporting this issue. +
{security}[ESA-2017-08] ({pull}11911[#11911])
[float]
[[bug-5.3.3]]
=== Bug fixes