- Kibana Guide: other versions:
- What is Kibana?
- What’s new in 7.15
- Kibana concepts
- Quick start
- Set up
- Install Kibana
- Configure Kibana
- Alerting and action settings
- APM settings
- Banners settings
- Development tools settings
- Graph settings
- Fleet settings
- i18n settings
- Logging settings
- Logs settings
- Metrics settings
- Machine learning settings
- Monitoring settings
- Reporting settings
- Secure settings
- Search sessions settings
- Security settings
- Spaces settings
- Task Manager settings
- Telemetry settings
- URL drilldown settings
- Start and stop Kibana
- Access Kibana
- Securing access to Kibana
- Add data
- Upgrade Kibana
- Configure security
- Configure reporting
- Configure monitoring
- Production considerations
- Discover
- Dashboard and visualizations
- Canvas
- Maps
- Build a map to compare metrics by country or region
- Track, visualize, and alert on assets in real time
- Map custom regions with reverse geocoding
- Heat map layer
- Tile layer
- Vector layer
- Plot big data
- Search geographic data
- Configure map settings
- Connect to Elastic Maps Service
- Import geospatial data
- Troubleshoot
- Reporting and sharing
- Machine learning
- Graph
- Alerting
- Observability
- APM
- Security
- Dev Tools
- Fleet
- Osquery
- Stack Monitoring
- Stack Management
- REST API
- Get features API
- Kibana spaces APIs
- Kibana role management APIs
- User session management APIs
- Saved objects APIs
- Index patterns APIs
- Alerting APIs
- Action and connector APIs
- Import and export dashboard APIs
- Logstash configuration management APIs
- Shorten URL
- Get Task Manager health
- Upgrade assistant APIs
- Kibana plugins
- Accessibility
- Release notes
- Developer guide
Kibana 7.15.2
editKibana 7.15.2
editReview the following information about the 7.15.2 release.
Security updates
editReview the security updates that were found in previous versions of Kibana.
Path traversal issue
Details
In Kibana 7.9.0 to 7.15.1, Kibana is unable to validate .pbf file paths on Microsoft Windows operating systems, which allows malicious users to arbitrarily traverse the Kibana host to load internal .pbf files. CVE-2021-37938
Thank you Dominic Couture for finding this issue.
Solution
Upgrade to Kibana 7.15.2.
Information disclosure issue
Details
In Kibana 7.8.0 to 7.15.1, the Kibana JIRA and IBM Resilient connectors could be used to return HTTP response data on internal hosts, which can be hidden from public view. Malicious users with privileges to create connectors can use the JIRA and IBM Resilient connectors to view limited HTTP response data on hosts accessible to the cluster. CVE-2021-37939
Solution
Upgrade to Kibana 7.15.2.
Known issues
editBefore you upgrade, review the known issues, then mitigate the impact to your application.
There are no known issues in 7.15.12.
For the known issues in the previous releases, refer to the <<known-issue-7.15.0, known issues in 7.15.0>.
Breaking changes
editBreaking changes can prevent your application from optimal operation and performance. Before you upgrade to 7.15.2, review the 7.15.0 breaking changes.
To review the breaking changes in previous versions, refer to the following:
7.14 | 7.13 | 7.12 | 7.11 | 7.10 | 7.9 | 7.8 | 7.7 | 7.6 | 7.5 | 7.4 | 7.3 | 7.2 | 7.1 | 7.0
Bug Fixes
edit- APM
- Elastic Security
- For the Elastic Security 7.15.2 release information, refer to Elastic Security Solution Release Notes.
- Lens & Visualizations
- Management
-
- Fixes memory leak in a browser when doing a search #113756
- Metrics
-
- Adds track_total_hits to Metric Threshold query to support alerts with over 10K documents #115465
- Uptime
-
- TLS and TLS legacy alert translation mismatch #116113
- Operations
-
- Fixes the creation of multiple processes at start #114940
- Osquery Manager