New

The executive guide to generative AI

Read more

Kibana 6.8.6

edit

Bug fix

edit
Maps
  • Fixes a cross-site scripting (XSS) flaw in Coordinate and Region Map visualizations. An attacker could create a malicious visualization that executes JavaScript in a victim’s browser when the visualization, or dashboard containing the visualization, was viewed. Since Kibana 6.7.0, Content Security Policy (CSP), which prevents attackers from using this flaw, is enabled by default. However, an attacker can still inject arbitrary HTML into the page. See https://www.elastic.co/community/security/, CVE-2019-7621.
  • Sanitizes attribution #52309

On this page

Was this helpful?
Feedback