github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 01:38:56 -04:00
Code Issues Projects Releases Packages Wiki Activity

[DOCS] Adds security update to 6.8.11 Release Notes (#71712)

Browse source 
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This commit is contained in:
Kaarina Tungseth 2020-07-14 14:46:16 -05:00 committed by GitHub
parent 77cef7dd84
commit ee1f782e03
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
docs/CHANGELOG.asciidoc
View file

@ -101,6 +101,19 @@ This section summarizes the changes in each release.
[[release-notes-6.8.11]]
== {kib} 6.8.11
[float]
[[security-update-6.8.11]]
=== Security updates
* In {kib} 6.8.11 and earlier, there is a denial of service (DoS) flaw in Timelion. Attackers can construct a URL that when viewed by a {kib} user,
the {kib} process consumes large amounts of CPU and becomes unresponsive, CVE-2020-7016.
+
You must upgrade to 6.8.11. If you are unable to upgrade, set `timelion.enabled` to `false` in your kibana.yml file to disable Timelion.
* In all {kib} versions, region map visualizations contain a stored XSS flaw. Attackers that can edit or create region map visualizations can obtain
sensitive information or perform destructive actions on behalf of {kib} users who view the region map visualization, CVE-2020-7017.
+
You must upgrade to 6.8.11. If you are unable to upgrade, set `xpack.maps.enabled`, `region_map.enabled`, and `tile_map.enabled` to `false` in kibana.yml to disable map visualizations.
[float]
[[enhancement-v6.8.11]]
=== Enhancements