NOTE: You are looking at documentation for an older release. For the latest information, see the current release documentation.
Kibana 6.8.14
editKibana 6.8.14
editThe 6.8.14 release includes a security update and fixes one issue.
Security update
editVega visualizations are susceptible to stored and reflected XSS via a vulnerable version of the Vega library. When you create Vega visualizations or create a vulnerable URL that describes the visualization, an arbitrary JavaScript can execute in your browser.
Affected versions
editAffected versions include 6.8.13 and earlier.
Solution
editVerify if you use Vega visualizations, then complete the following:
- If you use Vega visualizations, upgrade to 6.8.14.
-
If you do not use Vega visualizations, open your kibana.yml file, then change
vega.enabled: true
tovega.enabled: false
.
Bug fix
edit- Reporting
-
- Fixes an issue where a failed request in the headless browser running the screenshot capture would log an obscured error #88118