- Kibana Guide: other versions:
- Introduction
- Set Up Kibana
- Getting Started
- Discover
- Visualize
- Dashboard
- Timelion
- Canvas
- Graphing connections in your data
- Machine learning
- Maps
- Infrastructure
- Logs
- APM
- Uptime
- Dev Tools
- Monitoring
- Management
- Reporting from Kibana
- REST API
- Kibana Plugins
- Limitations
- Release Highlights
- Breaking changes
- Release notes
- Kibana 6.8.23
- Kibana 6.8.22
- Kibana 6.8.21
- Kibana 6.8.20
- Kibana 6.8.19
- Kibana 6.8.18
- Kibana 6.8.17
- Kibana 6.8.16
- Kibana 6.8.15
- Kibana 6.8.14
- Kibana 6.8.13
- Kibana 6.8.12
- Kibana 6.8.11
- Kibana 6.8.10
- Kibana 6.8.9
- Kibana 6.8.8
- Kibana 6.8.7
- Kibana 6.8.6
- Kibana 6.8.5
- Kibana 6.8.4
- Kibana 6.8.3
- Kibana 6.8.2
- Kibana 6.8.1
- Kibana 6.8.0
- Kibana 6.7.2
- Kibana 6.7.1
- Kibana 6.7.0
- Kibana 6.6.2
- Kibana 6.6.1
- Kibana 6.6.0
- Kibana 6.5.4
- Kibana 6.5.3
- Kibana 6.5.2
- Kibana 6.5.1
- Kibana 6.5.0
- Kibana 6.4.3
- Kibana 6.4.2
- Kibana 6.4.1
- Kibana 6.4.0
- Kibana 6.3.2
- Kibana 6.3.1
- Kibana 6.3.0
- Kibana 6.2.4
- Kibana 6.2.3
- Kibana 6.2.2
- Kibana 6.2.1
- Kibana 6.2.0
- Kibana 6.1.4
- Kibana 6.1.3
- Kibana 6.1.2
- Kibana 6.1.1
- Kibana 6.1.0
- Kibana 6.0.1
- Kibana 6.0.0
- Kibana 6.0.0-rc2
- Kibana 6.0.0-rc1
- Kibana 6.0.0-beta2
- Kibana 6.0.0-beta1
- Kibana 6.0.0-alpha2
- Kibana 6.0.0-alpha1
- Developer guide
NOTE: You are looking at documentation for an older release. For the latest information, see the current release documentation.
Kibana 6.8.7
editKibana 6.8.7
editBug fixes
editSecurity issues
editIn Kibana 6.8.7 and earlier, Node.js contains the following security issues:
-
The TLS handling code for Node.js includes a Denial of Service (DoS) issue. Successful exploitation of the flaw could result in Kibana crashing. Refer to https://www.elastic.co/community/security/, CVE-2019-15604.
There are no known workarounds for this issue.
-
There are issues with how Node.js handles malformed HTTP headers. The malformed headers could result in an HTTP request smuggling attack when Kibana is running behind a proxy that is vulnerable to HTTP request smuggling attacks. Refer to https://www.elastic.co/community/security/, CVE-2019-15605 and CVE-2019-15606.
For instructions on how to mitigate HTTP request smuggling attacks, contact your proxy vendor.
Administrators running Kibana in an environment with untrusted users should upgrade to Kibana 6.8.7, which updates Node.js to 10.19.0.
On this page