WARNING: Version 5.6 of Kibana has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Kibana 5.0.2
editKibana 5.0.2
editSecurity Fixes
editKibana 5.0.0 and 5.0.1 were making requests to advanced settings and the short
URL service on behalf of the kibana server rather than the current user, which
means that being authenticated at all was sufficient to have both read and
write access to the advanced settings and short URLs.
Kibana 5.0.2 now authenticates requests for each service on behalf of the
current user.
ESA-2016-10 (#9214)