Change List

• Fixes message authentication serialization to work with Shield 1.2.1 and earlier.

  • NOTE: if you are upgrading from Shield 1.2.2 a cluster restart upgrade will be necessary. When upgrading from other versions of Shield, follow the normal upgrade procedure.

• The esusers tool no longer warns about missing roles that are properly defined in the roles.yml file.
• The period character, ., is now allowed in usernames and role names.
• The terms filter lookup cache has been disabled to ensure all requests are properly authorized. This removes the need to manually disable the terms filter cache.
• For LDAP client connections, only the protocols and ciphers specified in the shield.ssl.supported_protocols and shield.ssl.ciphers settings will be used.
• The auditing mechanism now logs authentication failed events when a request contains an invalid authentication token.

• Several bug fixes including a fix to ensure that Disk-based Shard Allocation works properly with Shield

• Adds support for elasticsearch 1.5

• Several bug fixes including a fix to ensure that Disk-based Shard Allocation works properly with Shield

new features

• LDAP:

  • Add the ability to bind as a specific user for LDAP searches, which removes the need to specify user_dn_templates. This mode of operation also makes use of connection pooling for better performance. Please see ldap user search for more information.
  • User distinguished names (DNs) can now be used for role mapping.

• Authentication:

  • Anonymous access is now supported (disabled by default).

• IP Filtering:

  • IP Filtering settings can now be dynamically updated using the Cluster Update Settings API.

enhancements

• Significant memory footprint reduction of internal data structures
• Test if SSL/TLS ciphers are supported and warn if any of the specified ciphers are not supported
• Reduce the amount of logging when a non-encrypted connection is opened and https is being used
• Added the kibana4_server role, which is a role that contains the minimum set of permissions required for the Kibana 4 server.
• In-memory user credential caching hash algorithm defaults now to salted SHA-256 (see Cache hash algorithms

bug fixes

• Filter out sensitive settings from the settings APIs

• Filter out sensitive settings from the settings APIs
• Significant memory footprint reduction of internal data structures

• Fixed dependency issues with Elasticsearch 1.4.3 and (Lucene 4.10.3 that comes with it)
• Fixed bug in how user roles were handled. When multiple roles were defined for a user, and one of the roles only had cluster permissions, not all privileges were properly evaluated.
• Updated kibana4 permissions to be compatible with Kibana 4 RC1
• Ensure the mandatory base_dn settings is set in the ldap realm configuration