Kibana 7.7.1
Security update
In Kibana 5.4.0 and later, TSVB visualizations contain a stored XSS flaw. Attackers that can edit and create TSVB visualizations can obtain sensitive information, or perform destructive actions, on behalf of the Kibana users who edit the TSVB visualization, CVE-2020-7015.
You must upgrade to 7.7.1. If you are unable to upgrade, set metrics.enabled:false
in your kibana.yml file to disable TSVB.
Bug fixes
Alerting
- Fixes bug with no possibility to edit the index name after adding #64033
- Corrects validation and errors handling in PagerDuty action #63954
- Fixes saving doc count alerts #63750
- Fixes issue when connectors dropdown not showing all avaliable connectors #63636
- Fixes inability to clear numeric field in a “Group over top docs” condition #63543
- Handles when an Alerting Task fails due to its Alert object being deleted mid flight #63093 APM:
- Encodes spaces when creating ML job #63683
Canvas
Dashboard
- Shows visualization in Safari in dashboard fullscreen #66894
- Fixes saved object share link #66771
- Don’t lose dashboard/visualize/discover state when navigating to other applications #66766
Discover
- Don’t lose dashboard/visualize/discover state when navigating to other applications #66766
Lens and visualizations
- Fixes redirect on reload #66491
- Timelion graph is not refreshing content after searching or filtering #67023
- Don’t lose dashboard/visualize/discover state when navigating to other applications #66766
- Fixes redirect on reload #66491
- Shows missing values on chart setting #66375
- Usage of custom plugins using the @plugin statement and inline JavaScript in less code used in the TSVB Markdown visualization is not allowed anymore. Using it will simply not apply the styles #65467
- Fixes std deviation band mode #64413
- Reloads on ui state change and fix ui state for tsvb #63699 Machine Learning:
- Fixes watch creation #65956
- Fixes new job wizard with multiple indices #64567
- Fixes optional plugin dependency types #64450
- Ensures both keyword/text types are excluded for selected excluded field #62712
Management
- Fixes an integration issue with the security plugin in Ingest Pipelines and Snapshot and Restore that would incorrectly report requiring security to be enabled when the plugins should work normally without security. This affects the default docker distribution #67308
- Preserves saved object references when saving the object #66584
- Fixes detail panel for indices with % in the name #66435
- Setting dev_tools.enabled: false in kibana.yml will no longer crash Kibana #66276
- Fixes
mappings
keyword in Index Management plugin (Index detail pane, Mapping tab) https://github.com/elastic/kibana/pull/66012#66012]
Maps
Metrics
- Migrating Docker network fields #65133
- Removes APM Hard Dependency #64952
- Fixes for editing alerts in alert management #64597
- Fixes alerting when a filter query is present #64575
- Allows users to create alerts from the central Alerts UI #63803
- Remove remaining field filtering #63398
Monitoring
- Uses custom route to ensure global state is preserved #63891
- Ensures time picker is actually disabled #63709
- Fixes server response errors #63181
Platform
- Allows any type for customResponseHeaders config #66689
Security
- Allows IdP initiated SAML login with session containing expired token #59686
SIEM
- Updates alert apiKey when the rule is updated #67364
- Fixes Network Map empty tooltip #66828
- Changes find_statuses route HTTP method from GET to POST #63508
Uptime
- Updates duration chart query filters #63620