From version 5.0 onward, Shield is part of X-Pack. For more information, see
Securing the Elastic Stack.
Change List
editChange List
edit1.2.3
edit-
Fixes message authentication serialization to work with Shield 1.2.1 and earlier.
- NOTE: if you are upgrading from Shield 1.2.2 a cluster restart upgrade will be necessary. When upgrading from other versions of Shield, follow the normal upgrade procedure.
1.2.2
edit-
The
esusers
tool no longer warns about missing roles that are properly defined in theroles.yml
file. -
The period character,
.
, is now allowed in usernames and role names. - The terms filter lookup cache has been disabled to ensure all requests are properly authorized. This removes the need to manually disable the terms filter cache.
-
For LDAP client connections, only the protocols and ciphers specified in the
shield.ssl.supported_protocols
andshield.ssl.ciphers
settings will be used. - The auditing mechanism now logs authentication failed events when a request contains an invalid authentication token.
1.2.1
edit- Several bug fixes including a fix to ensure that Disk-based Shard Allocation works properly with Shield
1.2.0
edit- Adds support for elasticsearch 1.5
1.1.1
edit- Several bug fixes including a fix to ensure that Disk-based Shard Allocation works properly with Shield
1.1.0
editnew features
-
LDAP:
-
Add the ability to bind as a specific user for LDAP searches, which removes the need to specify
user_dn_templates
. This mode of operation also makes use of connection pooling for better performance. Please see ldap user search for more information. - User distinguished names (DNs) can now be used for role mapping.
-
Add the ability to bind as a specific user for LDAP searches, which removes the need to specify
-
Authentication:
- Anonymous access is now supported (disabled by default).
-
IP Filtering:
- IP Filtering settings can now be dynamically updated using the Cluster Update Settings API.
enhancements
- Significant memory footprint reduction of internal data structures
- Test if SSL/TLS ciphers are supported and warn if any of the specified ciphers are not supported
-
Reduce the amount of logging when a non-encrypted connection is opened and
https
is being used -
Added the
kibana4_server
role, which is a role that contains the minimum set of permissions required for the Kibana 4 server. - In-memory user credential caching hash algorithm defaults now to salted SHA-256 (see Cache hash algorithms
bug fixes
- Filter out sensitive settings from the settings APIs
1.0.2
edit- Filter out sensitive settings from the settings APIs
- Significant memory footprint reduction of internal data structures
1.0.1
edit- Fixed dependency issues with Elasticsearch 1.4.3 and (Lucene 4.10.3 that comes with it)
- Fixed bug in how user roles were handled. When multiple roles were defined for a user, and one of the roles only had cluster permissions, not all privileges were properly evaluated.
-
Updated
kibana4
permissions to be compatible with Kibana 4 RC1 -
Ensure the mandatory
base_dn
settings is set in theldap
realm configuration