Fleet and Elastic Agent 8.10.3
editFleet and Elastic Agent 8.10.3
editReview important information about the Fleet and Elastic Agent 8.10.3 release.
Security updates
edit-
Fleet Server Insertion of Sensitive Information into Log File (ESA-2023-20)
An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrollment tokens are being inserted into the Fleet Server’s log file in plain text.
These enrollment tokens could allow someone to enroll an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enroll agents to the clusters and send arbitrary events to Elasticsearch.
The issue is resolved in 8.10.3.
For more information, see our related security announcement.
Known issues
editThe known issue that prevents successful upgrades in an air-gapped environment for Elastic Agent versions 8.9.0 to 8.10.2 has been resolved in this release. If you’re using an air-gapped environment, we recommend installing version 8.10.3 or any higher version to avoid not being unable to upgrade.
Enhancements
edit- Elastic Agent
Bug fixes
edit- Fleet
- Elastic Agent