6. Elastic Stack 6.6.1 and 5.6.15 Released

Elastic Stack 6.6.1 and 5.6.15 Released


  • Versions 5.6.15 and 6.6.1 of the Elastic Stack were released today. We recommend you upgrade to these latest versions.

    Each includes fixes for a number of security issues in Kibana, Elasticsearch, and Logstash.

    • Resolved a cross-site scripting (XSS) vulnerability in Kibana that could allow an attacker to obtain sensitive information or perform destructive actions.
    • Fixed an issue in the Timelion application in Kibana that could allow an attacker to attempt to execute javascript code.
    • Fixed an issue with Kibana that could allow an attacked to attempt to execute javascript code when audit logging was enabled.
    • Fixed an issue in Elasticsearch that would give an attacker additional permissions against a restricted index when using the _aliases, _shrink, or _split endpoints.
    • Fixed an issue with Logstash where it would inadvertently log credentials as part of an error message.

    For a detailed explanation of these issues, and details on how to solve or mitigate these issues, please visit the security advisory page .

    The 6.6.1 patch contains fixes and small enhancements for the stack. Notable bug fixes in Beats include:

    • Packetbeat no longer crashes on Linux when the TPACKET_V3_af_packet_interface is used. (#10477)
    • Correctly stop all modules when they were started by Kubernetes autodiscover.( #10476)

    For a full list of changes for each product, please refer to the release notes:

    6.6.1 Release Notes

    5.6.15 Release Notes



    https://www.elastic.co/blog/elastic-stack-6-6-1-and-5-6-15-released
Log in to reply
 

© Lightnetics 2024