Changelog
(2025-05-17) What's new in ROR 1.64.2
🚀New (KBN) 9.0.3, 9.0.2, 8.18.3, 8.18.2, 8.17.8, 8.17.7, 7.17.29 support
🚀New (ES) 9.0.3, 9.0.2, 8.18.3, 8.18.2, 8.17.8, 8.17.7, 7.17.29 support
(2025-05-13) What's new in ROR 1.64.1
🐞Fix (ES) Correct patching verification in ROR Docker image entrypoint
(2025-05-11) What's new in ROR 1.64.0
🚨Security Fix (KBN) CVE-2024-53382, CVE-2025-27789, CVE-2025-29774
🚨Security Fix (ES) CVE-2023-3894, CVE-2025-25193
⚠️Warning (ES) Acknowledgement needs to be accepted before the Elasticsearch patching process. For scripts, you can set the flag to automate the process.
🚀New (KBN) Added an endpoint to retrieve all user tenancies via the ReadonlyREST API. See the ReadonlyREST API Documentation for usage details.
🚀New (KBN) Introduced support for passing
x-ror-tenancy-idin direct Kibana requests. See the ReadonlyREST API Documentation for details.🚀New (KBN) Introduced support for passing
x-ror-impersonatingin direct Kibana requests. See the ReadonlyREST API Documentation for details.🧐Enhancement (KBN) Retains the currently selected group information after user logout. This setting is user-configurable and disabled by default.
🧐Enhancement (KBN) Displays detailed "reason" messages from the ROR Elasticsearch response in the login form instead of a generic "Wrong credentials" message.
🧐Enhancement (KBN) Adjusted ReadonlyREST plugin UI styles for compatibility with Kibana 9.x.
🧐Enhancement (ES) Username duplication check in the "users" section of ROR ES settings can be optionally disabled.
🧐Enhancement (ES) Added support for
readonlyrest.global_settingsin Elasticsearch ROR settings.🐞Fix (KBN) Resolved an unhandled error when
logging.root.levelis set toallinkibana.yml.🐞Fix (KBN) Fixed an issue with retrieving username and group information in AFDS OIDC.
🐞Fix (KBN) Fixed an issue with passing
x-ror-correlation-idto the ReadonlyREST API request.
(2025-03-12) What's new in ROR 1.63.0
🚨Security Fix (KBN) CVE-2025-26791, CWE-772
🚨Security Fix (ES) CVE-2024-57699 CVE-2025-25193 CVE-2025-24970
🚀New (KBN) 9.0.1, 9.0.0, 9.0.0-rc1, 9.0.0-beta1, 8.18.1, 8.18.0, 8.17.6, 8.17.5, 8.17.4, 8.16.6 support
🚀New (ES) 9.0.1, 9.0.0, 9.0.0-rc1, 9.0.0-beta1, 8.18.1, 8.18.0, 8.17.6, 8.17.5, 8.17.4, 8.16.6 support
🧐Enhancement (KBN) For Kibana >= 8.14.0: Added backward compatibility to hide the Dashboard app by declaring Analytics|Dashboard and Analytics|Dashboards in the
kibana.hide_appsrule🧐Enhancement (KBN) Added information about skipping patching confirmation prompt to the patching helper
🧐Enhancement (KBN) [When Kibana is opened in multiple browser tabs, logging into Kibana in one tab automatically logs in all browser tabs]
🐞Fix (KBN) Don't terminate Kibana when disk reaches low watermark
🐞Fix (KBN) For Kibana >= 8.15.0: Added support for reporting data stream multitenancy
🐞Fix (KBN) Silenced "Error fetching fields for index pattern" toast messages due to forbidden response in Kibana Dashboard and Discover page
🐞Fix (KBN) For Kibana >= 8.17.0: Fixed Elasticsearch navigation header being visible when
kibana.hide_apps: [ "Elasticsearch" ]🐞Fix (KBN) Fixed an issue with hiding the dashboard app when using regular expressions in the kibana_hide_apps field
🐞Fix (ES) Fixed various issues with restoring snapshot API
🐞Fix (ES) Fixed data streams, index, and component templates being forbidden for RW users in stack management
(2025-01-24) What's new in ROR 1.62.0
🚨Security Fix (ES) CVE-2024-53990
🚨Security Fix (KBN) CVE-2024-21538, CVE-2024-47764, CVE-2024-52798
⚠️Warning (KBN) Updated
readonlyrest_kbn: license: activationKeyRefreshInterval- the maximum refresh interval is now set to 1 day.🚀New (ES|KBN) Introduced support for Elastic APM (Application Performance Monitoring).
🚀New (KBN) 8.17.3, 8.17.2, 8.17.1, 8.16.5, 8.16.4, 8.16.3, 7.17.28 support
🚀New (ES) 8.17.3, 8.17.2, 8.17.1, 8.16.5, 8.16.4, 8.16.3, 7.17.28 support
🚀New (KBN) Added Kibana images with the preinstalled ReadonlyREST plugin for the arm64 platform on Docker Hub.
🚀New (ES) Added Elasticsearch images with the preinstalled ReadonlyREST plugin for the arm64 platform on Docker Hub.
🐞Fix (KBN) Addressed a bug in Kibana 8.16.0 and later versions to hide the permissions tab in a space.
🐞Fix (KBN) Fixed a compatibility issue where OIDC and SAML didn't work in Kibana versions earlier than 7.11.0.
🐞Fix (KBN) Ensured user settings are overridden only for the default space.
🐞Fix (ES) Relaxed restrictions on snapshot restoration during index checks.
🐞Fix (ES) Resolved issue with Stack Monitoring access when
xpack.security.enabled: trueis configured.
(2024-11-20) What's new in ROR 1.61.1
🚨Security Fix (ES) Data leak through the ESQL API (for ES >= 8.11.0)
🚨Security Fix (KBN) CVE-2024-21538, CVE-2024-47764
🚨Security Fix (ES) CVE-2024-47535
🚀New (KBN) 8.17.0, 8.16.2, 8.16.1, 8.16.0, 8.15.5, 7.17.27, 7.17.26 support
🚀New (ES) 8.17.0, 8.16.2, 8.16.1, 8.15.5, 7.17.27, 7.17.26 support
🚀New (ES) ESQL support
🐞Fix (KBN) Elasticsearch red status shouldn't kill the Kibana process on initialization
(2024-11-12) What's new in ROR 1.61.0
🚨Security Fix (KBN) CVE-2024-47764
⚠️Warning (KBN) Acknowledgement needs to be accepted before a Kibana patching process. For scripts, you can set a flag to automate a process (edited)
🚀New (KBN) 8.15.4 support
🚀New (ES) 8.16.0, 8.15.4 support
🚀New (ES) There is an option to define a custom response for users in ACL block with the 'forbid' policy
🧐Enhancement (KBN) Set-Cookie is not returned with KBN API response
🧐Enhancement (KBN) Reduce the amount of ReadonlyREST session updates
🧐Enhancement (KBN) Kibana plugin won't start until the connection with Elasticsearch is established
🧐Enhancement (KBN) API and activation key tabs in the Security settings are visible only for the admin or unrestricted access users
🧐Enhancement (KBN) detecting issues related to high disk watermark warning
🧐Enhancement (KBN) License expiration info only for admin and unrestricted access users
🧐Enhancement (ES) index exclusion (dash) syntax support
🐞Fix (KBN) Don't stop Kibana when correlationId is not available in the session
🐞Fix (KBN) Provide additional SAML configuration options to handle Active Directory Federation Services (ADFS) properly
🐞Fix (KBN) login page customization should be a PRO feature instead of an Enterprise
🐞Fix (KBN) Logging to file doesn't work for Kibana 8.x
🐞Fix (ES) Snapshot Status API - forbidden response while checking the status of all snapshots of the given repository
🐞Fix (ES) Snapshot API - misc issues for ES 6.x
(2024-09-15) What's new in ROR 1.60.0
🚀New (KBN) 8.15.3, 8.15.2, 7.17.25 support
🚀New (ES) 8.15.3, 8.15.2, 7.17.25 support
🚀New (KBN|ES) ECK support documentation
🚀New (ES) configurable ROR YAML settings max size
⚠️Warning (ES) The prompt for basic authorization is disabled by default. To keep the previous behavior, set
readonlyrest.prompt_for_basic_authtotruein the ROR configuration🧐Enhancement (KBN) There is an option to define client authentication methods in the
kibana.ymlviareadonlyrest_kbn.auth.<YOUR_OIDC_CONFIG>.tokenEndpointAuthMethod, 'client_secret_post' or ''client_secret_basic'🧐Enhancement (KBN) Stop Kibana when enabled features are not available
🐞Fix (KBN) HTTP 400 (bad request) issue when there is a Nginx proxy server between es and Kibana
🐞Fix (KBN) Fix for the problem with correctly hiding Management features
ROR Manage Kibanadefined in the readonlyrest.ymlkibana_hide_appsproperty🐞Fix (ES) ROR KBN docker image: passing ROR settings as ENVs fixes
(2024-08-01) What's new in ROR 1.59.0
🚀New (ES) 8.15.1, 8.15.0, 7.17.24, 7.17.23, 6.7.x support
🚀New (KBN) 8.15.1, 8.15.0, 7.17.24, 7.17.23 support
🧐Enhancement (KBN) Replace a broken Alert and Connectors applications with the link to our new tool for Reports and alerting for Kibana > 8.6.0 (edited)
🐞Fix (KBN) Handling reporting URL for report generation
🐞Fix (KBN) Embedding with inline JWT is a feature available only in ReadonlyREST PRO and Enterprise
🐞Fix (ES) for the problem with
_async_searchon ES 8.14.x
(2024-06-30) What's new in ROR 1.58.0
🚀New (KBN) 8.14.3, 8.14.2 support
🚀New (ES) 8.14.3, 8.14.2 support
🚀New (ES) "structured groups" feature (authorization rules group names and group IDs can be defined separately)
🧐Enhancement (KBN) New
readonlyrest_kbn.cookies.secureandreadonlyrest_kbn.cookies.sameSitecookie settings via kibana.yml🧐Enhancement (ES) improved error logging on the creation of LDAP connectors
🧐Enhancement (ES) Patcher - invalid state after patching detection improvements
🐞Fix (KBN) Impersonation and session probe logout issue
🐞Fix (KBN) Fix problem with multi-tenancy features when xpack.security.enabled: true
(2024-05-18) What's new in ROR 1.57.3
🚨Security Fix (ES) CVE-2024-34447
🚀New (KBN) 8.14.1, 8.14.0, 7.17.22 support
🚀New (ES) 8.14.1, 8.14.0, 7.17.22 support
🐞Fix (KBN) The CSRF cookie name issue that caused the "Wrong credentials" error during login
🐞Fix (KBN) Automatic migration issue for Kibana >= 8.8.0 that caused the "mapping set to strict, dynamic introduction of... error
(2024-05-05) What's new in ROR 1.57.2
🚀New (KBN) 8.13.4, 8.13.3, 7.17.21 support
🚀New (ES) 8.13.4, 8.13.3, 7.17.21 support
🐞Fix (KBN) Kibana <= 7.2.1 doesn't run
🐞Fix (KBN) Provides a way to migrate an existing session index to the new session
🐞Fix (ES) Patching issue for Elasticsearch OSS versions
(2024-04-29) What's new in ROR 1.57.1
🐞Fix (ES) configuration parsing regression: one group definition can be a string
(2024-04-28) What's new in ROR 1.57.0
🚨Security Fix (ES) CVE-2024-29025
🚀New (ES) LDAP Connector feature: groups server-side filtering
🚀New (ES) LDAP Connector feature: skip user search option when user attribute is
cn⚠️Warning (KBN|ES) Internal API incompatibilities (to take advantage of rolling update capabilities, upgrade ROR KBN first)
⚠️Warning (ES) Support for ES < 6.8.0 was dropped
🧐Enhancement (KBN) User settings available for all access type users
🧐Enhancement (KBN) Add option to change the Default Route and Time zone in User settings
🧐Enhancement (KBN) Provide correlation ID to Kibana logs
🧐Enhancement (ES) Rich, context-based debug logging in the LDAP connector and LDAP-related rules
🧐Enhancement (ES) Additional validations:
kibanarule should not be used with some other rules in the same block🐞Fix (KBN) Sometimes reports are not generated correctly for Kibana < 8.0.0 and the "Max attempt reached" error appears
🐞Fix (KBN) Adjust interactive API swagger dark mode colors
🐞Fix (KBN) CSRF problem when multiple ECK Kibana instances
🐞Fix (KBN) Plugin doesn't run for a version Kibana < 7.11.0 when the OIDC proxy is enabled
🐞Fix (KBN) Session probe should log out the user when empty metadata was returned from ES ROR
🐞Fix (ES) Misc issues when
xpack.security.enabled: trueis set🐞Fix (ES) Patched files permission issue
(2024-03-15) What's new in ROR 1.56.0
🚀New (KBN) Provide a way to switch light/dark mode per user
🚀New (KBN) 8.13.2, 8.13.1, 8.13.0, 7.17.20, 7.17.19 support
🚀New (ES) 8.13.2, 8.13.1, 8.13.0, 7.17.20, 7.17.19 support
⚠️Warning (ES) for ES > 6.5 patching is required since this version of ROR
🧐Enhancement (KBN) The activation key will be revalidated in the interval
🧐Enhancement (KBN) Provide a way to define Activation key retrieval mode
🐞Fix (KBN) Sometimes reports are not generated correctly for Kibana >= 8.0.0 and "Max attempt reached" error appears
🐞Fix (KBN) The OIDC scope configuration property was not applied and the default configuration was used instead.
🐞Fix (KBN) The OIDC proxy parameter was not handled properly in case of HTTPs connection over HTTP proxy server
🐞Fix (KBN) Missing information when Kibana is not patched
🐞Fix (ES) Missing
x-elastic-productheader in the response whenfieldsandfilterrules were used🐞Fix (ES) Proper
forbidpolicy handling during processing ROR login request🐞Fix (ES)
application/nd-jsonmedia type handling (in case of ES7.xversions)
(2024-01-29) What's new in ROR 1.55.0
🚨Security Fix (ES) CVE-2023-51074
🚀New (KBN) 8.12.2 ,8.12.1, 7.17.18, 7.17.17 support
🚀New (ES) 8.12.2, 8.12.1, 7.17.18 support
🧐Enhancement (KBN) Optional
readonlyrest_kbn.auth.oidc_kc.proxyURLkibana.yml configuration for the OIDC connection which allows declaring your proxy URL🧐Enhancement (KBN) Upon successful activation and edition changes all sessions are cleared and users are logged out
🐞Fix (KBN) Saved objects are not visible for the users on Kibana >= 8.8.0
🐞Fix (ES) Logout when a user with restricted
kibana.accesstried to see a restoration status of snapshots in Kibana
(2023-12-17) What's new in ROR 1.54.0
🚀New (KBN) 8.12.0, 8.11.4 support
🚀New (ES) 8.12.0, 8.11.4, 7.17.17 support
🧐Enhancement (KBN) Provide automatic cleaning of stale sessions
🧐Enhancement (KBN) Provide automatic cleaning of stale CSRF cookies
🐞Fix (KBN) Adjust the ROR API POST license endpoint body to the contract to respect the
licensebody parameter instead of atoken🐞Fix (KBN) `CorelationId`` is changed on every session refresh
(2023-11-20) What's new in ROR 1.53.0
🚨Security Fix (ES) CVE-2023-4586, CVE-2023-5072
🚀New (KBN) 8.11.3, 8.11.2, 8.11.1, 8.11.0, 7.17.16 support
🚀New (ES) 8.11.3, 8.11.2, 8.11.1, 8.11.0, 7.17.16 support
🧐Enhancement (KBN) Provide Activate license endpoint to the ReadonlyREST API
🧐Enhancement (ES) when the
kibanarule and theindicesrule are defined in the same block, there is no need to explicitly allow kibana-related indices🐞Fix (KBN) problem with reports generation when
kibana.indexin kibana.yml is used🐞Fix (KBN) crash loop during license service initialization
🐞Fix (KBN) problem with logging in in KBN 7.17.13 (and above) and 8.10.4 (and above) when deployed using ECK
🐞Fix (KBN) problem with multi-tenancy and ECK
🐞Fix (KBN) problem with forbidden
/_create/configresponse on Login to the Kibana
(2023-10-09) What's new in ROR 1.52.0
🚨Security Fix (ES) CVE-2023-4586
🚀New (KBN) 8.10.4, 8.10.3, 7.17.15, 7.17.14 support
🚀New (ES) 8.10.4, 8.10.3, 7.17.15, 7.17.14 support
🚀New (ES) New
token_authenticationrule🧐Enhancement (KBN) Permanently hide Kibana|ES features that are impossible to support
🧐Enhancement (KBN) License expiration reminder
🧐Enhancement (KBN) Make
kibana.indexsetting from kibana.yml an invalid property for an Enterprise user🐞Fix (KBN) Issue with not adding
elasticsearch.customHeaderssetting from kibana.yml to ROR requests🐞Fix (KBN) Logout after opening Stack management Upgrading assistant
🐞Fix (KBN) Problem with logging in of two users in two tabs when two Kibana instances are used
🐞Fix (KBN) Problem with logging in when multi-tenancy is enabled and the
indicesrule is defined in the ROR settings
(2023-09-25) What's new in ROR 1.51.1
🐞Fix (KBN) issue with Observability Overview-based applications hiding
🐞Fix (KBN) Correct
kibana.indexhandling for KBN >= 7.9.0 when multi-tenancy is disabled or unavailable🐞Fix (KBN) Unrestricted Kibana Access on the tenancy switch when a selected tenant is not available anymore
🐞Fix (KBN) Unhandled error during login when
multiTenancyEnabled: false🐞Fix (ES) LDAP connectivity improvements
(2023-09-10) What's new in ROR 1.51.0
🚨Security Fix (KBN) the issue with api_only access level user and accessing via Kibana UI
🚀New (KBN) 8.10.2, 8.10.1, 8.9.2, 7.17.13 support
🚀New (ES) 8.10.2, 8.10.1, 8.10.0, 8.9.2, 7.17.13 support
🚀New (ES) Dynamic variables transformation support
🧐Enhancement (KBN) Expose interactive Swagger as a new Security settings tab
🧐Enhancement (KBN) Provide detailed information about the invalid activation key
🧐Enhancement (ES) additional
hide_appsvalidation in thekibanarule🐞Fix (KBN) the issue with the persistence of an activation key provided via UI when
readonlyrest_kbn.cookiePasswas not provided. The readonlyrest_kbn.cookiePass is requiredkibana.ymlproperty🐞Fix (KBN) issues for Kibana versions between 7.9.0 and 7.10.2, related to the activation key, Spaces, and readonlyREST menu crash
🐞Fix (KBN) The issue with a logout from Kibana when the link to the Kibana is open from a third-party application like
Gmail🐞Fix (ES) stack-management screen fix in case of
xpack.security.enabled: true
(2023-07-25) What's new in ROR 1.50.0
🚀New (KBN/ES) ECK support
🚀New (KBN) 8.9.1, 8.9.0, 7.17.12 support
🚀New (ES) 8.9.1, 8.9.0, 7.17.12 support
🚀New (KBN) Introduce the new ReadonlyREST API
🧐Enhancement (KBN) Remove application item info from URL on the tenant switch to avoid a 404 not found message
🧐Enhancement (KBN) Provide Reordering available tenancies for proxy auth authentication
🧐Enhancement (KBN) Provide information about granted/rejected log-in users to debug logs
(2023-06-27) What's new in ROR 1.49.1
🚨Security Fix (ES) CVE-2023-2976
🚨Security Fix (ES) CVE-2023-34462
🚀New (KBN) 8.8.2, 8.8.1, 8.8.0, 7.17.11 support
🚀New (ES) 8.8.2, 7.17.11 support
🚀New (ES) LDAP nested groups support
(2023-05-28) What's new in ROR 1.49.0
🚀New (ES) 8.8.1 support
🧐Enhancement (KBN) Handle
elasticsearch.serviceAccountSupportconfiguration property🧐Enhancement (KBN) Provide a way to Hidden apps Stack management items hiding
🧐Enhancement (KBN) Provide an automated migration of tenancy indices on major Kibana version upgrade
🧐Enhancement (ES) external group ID patterns support in the external to local groups mapping
🐞Fix (KBN) the issue with the replica number being set to 0 on tenant index creation
🐞Fix (KBN) users won't log out from Kibana on the 500 status error
🐞Fix (KBN) the issue with Kibana keystore not being read by the Kibana plugin
🐞Fix (KBN < 7.9.0) logging issue when two Kibanas are handled by one browser at the same time
🐞Fix (ES) resolving ENVs to YAML number in ROR settings
(2023-04-15) What's new in ROR 1.48.0
🚨Security Fix (ES) CVE-2022-45688
🚀New (KBN) 8.7.1, 7.17.10 support
🚀New (ES) 8.8.0, 8.7.1, 7.17.10 support
🚀New (KBN/ES) Introducing "Custom Middleware" functionality
🚀New (KBN/ES)
allowed_api_pathssupport in thekibanaACL rule🚀New (KBN) Add CSRF protection in the login form
🚀New (KBN) Restore deprecated "kibana.index" support for Kibana > 8.x
🚀New (ES) audit supports a new output type:
log🧐Enhancement (KBN) Provide a way to disable multi-tenancy in ROR Enterprise
🧐Enhancement (KBN) Realign index templates behaviour to the old platform
🧐Enhancement (KBN) Error logs when SAML obtains an unusable username from the assertion
🧐Enhancement (KBN) Test configuration warnings improvement
🧐Enhancement (ES) Added support to override default response code for not started ROR
🐞Fix (KBN) Security card not hidden by default
🐞Fix (KBN) Hidden apps regex with two "or" operators don't hide all kibana apps
🐞Fix (KBN) Fix Alerting Rules resulting in logout issue
🐞Fix (KBN) Fix audit dashboard
🐞Fix (KBN) Stop handling 500 error from
api/lens/existing_fields🐞Fix (KBN) Fix lens app
🐞Fix (KBN < 7.9.x) using a custom kibana index in cooperation with ROR Free
(2023-02-13) What's new in ROR 1.47.0
🚨Security Fix (ES) "/" endpoint was not protected for ES 8.x
🚨Security Fix (ES) "/_cat" endpoint was not protected for all ES versions
🚀New (KBN) 8.7.0, 8.6.2 support
🚀New (ES) 8.7.0, 8.6.2 support
🚀New (ES) the
data_streamsrule🧐Enhancement (KBN) optimisation in hidden apps feature
🐞Fix (KBN) Opening index management mappings tab forces logout
🐞Fix (KBN) Fix dark mode in the ROR menu
🐞Fix (KBN) YAML editor updates and fixes
🐞Fix (ES) Data streams support in the
indicesrule🐞Fix (ES) NPE when
_searchwith aggregations (script) and thefieldsrule were used together
(2023-01-02) What's new in ROR 1.46.0
🚨Security Fix (ES) CVE-2022-1471, CVE-2022-41915, CVE-2022-36944 in audit Scala 2.13 jar
🚀New (KBN) 8.6.1, 8.6.0, 7.17.9 support
🚀New (ES) 8.6.1, 8.6.0, 7.17.9 support
🧐Enhancement (KBN) Activation key management UI
🧐Enhancement (KBN) Less verbose logging in info mode
🧐Enhancement (KBN) "Stack management" kibana compatibility
🐞Fix (KBN) Test settings pop up won't show
🐞Fix (KBN) hide apps behaviour when "Management" is hidden
🐞Fix (KBN) Data view with a ":" symbol forces logout from a kibana
🐞Fix (KBN) Session probe causes constant refresh when no
kibana_accessdefined🐞Fix (ES) large report generation using data from a remote cluster with enabled x-pack security
(2022-12-05) What's new in ROR 1.45.1
🚀New (KBN) 8.5.3, 7.17.8 support
🚀New (ES) 8.5.3, 7.17.8 support
🐞Fix (KBN) ROR KBN patching script
(2022-11-29) What's new in ROR 1.45.0
🚨Security Fix (ES) CVE-2022-42003, CVE-2022-45146
🚀New (KBN) Activation Key API: read AK from ROR_ACTIVATION_KEY.txt
🚀New (KBN) Activation Key API: submit AK via POST /pkp/license (Basic auth)
🚀New (KBN) Inject CSS/JS files in login page
🚀New (KBN) Add user metadata to for extra UI customization
🚀New (ES) Added groups_and mode to groups_provider_authorization rule
🧐Enhancement (ES) all authorization rules support wildcards in group IDs
🧐Enhancement (ES) connections in the LDAP pool should not be closed unnecessarily
🧐Enhancement (KBN) Deterministic reporting index detection
🧐Enhancement (KBN) Move free type impersonation to the local users area
🧐Enhancement (KBN) don't logout when initial JWT token expires
🐞Fix (KBN) Direct Kibana API requests not aware of kibana_index
🐞Fix (KBN) RO and RO_strict kibana accesses
🐞Fix (ES) Data streams creation issue fix
🐞Fix (ES) Unknown structure of index settings issue fix
🐞Fix (ES) resolving index names with wildcards should take into consideration the current index state and request indices options
(2022-10-09) What's new in ROR 1.44.0
🚨Security Fix (ES) CVE-2022-25857
🚀New (KBN) 8.5.2, 8.5.1, 8.5.0, 7.17.7 support
🚀New (ES) 8.5.2, 8.5.1, 8.5.0, 7.17.7 support
🚀New (KBN) plugin packages are now universal
🚀New (KBN) Manage your activation keys through the customer portal
🚀New (ES) Added support for certificates in PEM format
🧐Enhancement (KBN) SAML groups list duplication made header size exceed limits
🧐Enhancement (KBN) kibana_access: admin has now privileges to manage a Kibana cluster
🧐Enhancement (ES) added distributed and persistent Test Settings & Auth Mocks configuration for the Impersonation Feature
🧐Enhancement (ES) handling high load when LDAP rules are used
🧐Enhancement (ES)
client_authenticationsettings in internode SSL configuration🧐Enhancement (ES)
acl:available_groupsdynamic variable can be used in a single value context🐞Fix (ES) SNI handling (internode SSL)
(2022-08-22) What's new in ROR 1.43.0
🚀New (KBN) 8.4.3, 8.4.2, 8.4.1, 8.4.0, 7.17.6 support
🚀New (ES) 8.4.3, 8.4.2, 8.4.1, 8.4.0, 7.17.6 support
🚀New (KBN)
kibana_custom_js_inject_filefeature🐞Fix (ES) resolving indices in the remote x-pack cluster
🐞Fix (KBN|PRO) ROR menu title wraps when version text is too short (cosmetic)
🐞Fix (KBN) infinite loading when kibana_access not defined for user
🐞Fix (KBN) transient error with randomly choosing off range bind port on localhost
🐞Fix (KBN) 404 on login when
xpack.spaces.enabled: false
(2022-07-25) What's new in ROR 1.42.0
🚀New (KBN|ES) 8.3.3, 8.3.2, 8.3.1, 8.3.0, 7.15.5 support
🧐Enhancement (KBN) Search box in tenancy switcher (when #tenancies > 5)
🧐Enhancement (ES) added configuration warnings in the Impersonation Feature
🐞Fix (KBN) Logout didn't delete the SAML session on the IdP
🐞Fix (KBN) 5xx errors from Elasticsearch break Kibana users' session unrecoverably
🐞Fix (ES) ROR node cooperation with X-pack nodes
(2022-06-21) What's new in ROR 1.41.0
🚀New (ES) Added
groups_andmode toror_kbn_authandjwt_authrules🧐Enhancement (KBN) Prevent native credentials dialogue to appear in Kibana when ES responds 401
🧐Enhancement (KBN) Logging in after logout shows the same page you last visited
🧐Enhancement (KBN) x-ror-correlation-id header lets you audit a whole Kibana session
🐞Fix (ES|KBN) tenancy selector didn't work well with
jwt_authandror_kbn_authrules🐞Fix (KBN) Support for special characters in tenancy names
🐞Fix (KBN) OIDC logout flow redirecting to bad request error
🐞Fix (KBN) OIDC connector not working in Kibana < 7.12.0
(2022-05-24) What's new in ROR 1.40.0
🚨Security Fix (ES) CVE-2022-25647 & CVE-2022-24823 & CVE-2020-13956 & CVE-2020-36518 & CVE-2020-13956 & CVE-2020-36518
🚨Security Fix (KBN) "Security" app not entirely hidden in 8.2.x
🚀New (ES) New Support for 8.2.3, 8.2.2, 8.2.1, 7.17.4
🚀New (KBN) New Support for 8.2.2 8.2.1, 7.17.4
🚀New (ES & KBN) The Impersonation feature
🚀New (ES) FIPS compliant SSL mode
🧐Enhancement (KBN) SAML cert is now required
🧐Enhancement (KBN) moved OIDC to better library
🧐Enhancement (KBN) OIDC jwksURL is now required
🐞Fix (ES)
indices: ["1"]interpreted as integer and fails to parse🐞Fix (KBN) /login?jwt=xxx authorization now works again
🐞Fix (KBN) OIDC/SAML assertion claims were not forwarded to ES
🐞Fix (KBN) include whitelisted headers while logging
🐞Fix (KBN) basepath handling fixes (too many redirects)
🐞Fix (KBN) Make ROR default space the actual default one
🐞Fix (KBN) OIDC connection error
(2022-03-19) What's new in ROR 1.39.0
🚨Security Fix (KBN) XSS sanitize path requested
🚨Security Fix (ES) CVE-2020-36518 & CVE-2022-21653
🚀New (KBN) New Support for 8.2.0 8.1.3, 8.1.2, 8.1.1, 8.1.0, 8.0.0, 8.0.1, 7.17.3, 7.17.2
🚀New (ES) New Support for 8.2.0, 8.1.3, 8.1.2, 8.1.1, 8.1.0, 8.0.0, 8.0.1 (required additional patching step)
🚀New (ES) New Support for 7.17.3, 7.17.2
🚀New (ES) New
groups_andACL rule🧐Enhancement (KBN) Stop inlining whitelisted headers into Authorization header
🧐Enhancement (KBN) Log additional errors and info related to HA
🧐Enhancement (KBN) Misc internal dependencies upgrades
🐞Fix (KBN) Mandatory elasticsearch credentials in kibana.yml
🐞Fix (KBN) whitelistedPaths: log errors when 404 occurs
🐞Fix (KBN) Issue uploading large payload
🐞Fix (KBN)
elasticsearch.requestHeadersWhitelistshould be case insensitive🐞Fix (ES) X-Pack SSL nodes cooperation with ROR SSL nodes
🐞Fix (ES) _msearch issue when filter rules was used in matched block
(2022-01-17) What's new in ROR 1.38.0
🚀New (ES) New Support for 7.17.0, 7.17.1
🚀New (KBN) New Support for 7.17.0
🚀New (ES) Configuration for custom audit cluster
🧐Enhancement (ES) Separate "audit" section for all audit settings
🐞Fix (KBN) Editor rendering issue with kibana basePath enabled
(2021-12-14) What's new in ROR 1.37.0
🚨Security Fix (ES) CVE-2021-43797
🚀New (ES) New Support for 7.16.3, 7.16.2, 6.8.23, 6.8.22
🚀New (KBN) New Support for 7.16.3, 7.16.2, 7.16.1, 7.16.10, 6.8.23, 6.8.22, 6.8.21
🧐Enhancement (ES) fields rule handling in the context of x-Pack SQL requests
🐞Fix (ES) filter rule handling in the context of x-Pack SQL requests
🐞Fix (KBN) POST / bulk cause an 400 error in devtools console
🐞Fix (KBN) More robust Kibana patcher + better logs messages
(2021-11-21) What's new in ROR 1.36.0
🚀New (ES) New Support for 7.16.1, 7.16.0, 6.8.21
🚀New (KBN) Support Kibana 7.15.2
🧐Enhancement (KBN) kibana_hide_apps: [ror|kibana] to remove kibana mgmt button
🐞Fix (ES) Adding policy to index template bug
🐞Fix (KBN) Index management tabs result in "forbidden" error
🐞Fix (KBN) corrupted patch file for Kibana 7.9.x
🐞Fix (KBN) Devtools not working
🐞Fix (KBN) Monitoring not working in multi-tenancy
🐞Fix (KBN) Regression in Kibana < 6.8.x front end crash
🐞Fix (KBN) Kibana < 7.8.x prevent navigation to hidden apps from home links
🐞Fix (KBN) Kibana < 7.8.x implicitly hide kibana:dashboard when kibana:dashboards is hidden (and viceversa)
🐞Fix (KBN) Kibana < 7.8.x broken
clearSessionOnEvents: [tenancyHop]
(2021-10-17) What's new in ROR 1.35.1
🚨Security Fix (ES) CVE-2021-21409 & CVE-2021-27568
🚀New (KBN) Support Kibana 7.15.1
🚀New (ES) New Support for 7.15.2
🧐Enhancement (KBN) Support "server.ssl.supportedProtocols" settings
🧐Enhancement (KBN) Support "server.ssl.cipherSuites"
🧐Enhancement (KBN) Always honor SSL cipher order
🐞Fix (KBN) Don'thide "Add/Remove field as column" in Discover app for RO users
🐞Fix (KBN) More alerting fixes (only for main tenancy)
(2021-10-12) What's new in ROR 1.35.0
🚀New (KBN) Support Kibana 7.15.0, 7.14.2
🚀New (ES) New Support for 7.15.1, 6.8.19, 6.8.20
🧐Enhancement (ES) local->external groups detailed mapping for groups rule
🧐Enhancement (ES) when ROR is starting any request is going to end up with HTTP 403 response, instead of HTTP 503
🧐Enhancement (KBN) "server.basePath" kibana option implementation
🧐Enhancement (KBN) Support full regex in kibana_hidden_apps rule
🧐Enhancement Crash if Kibana is not patched
🧐Enhancement (KBN) Honour kibana setting "logging.dest"
🧐Enhancement (KBN) Confirm before overwriting audit log dashboard
🐞Fix (ES) verbosity: error fix in case of ROR KBN login request
🐞Fix (KBN) Make alerting work on primary tenancy
🐞Fix (KBN) OIDC fix sameSite / secure cookie options
🐞Fix (KBN) Login form is stretched when long error
🐞Fix (KBN) Login form is stretched when long error
🐞Fix (KBN-PRO) Don't send x-ror-currentgroup in PRO
🐞Fix (KBN) Resolve browser console errors on a popover close
(2021-09-24) What's new in ROR 1.34.0
🚀New (ES) New Support for 7.15.0, 7.14.2
🚀New (KBN) VS Code style YAML editor
🚀New (KBN) Skip rendering hidden app groups entirely
🚀New (KBN) Redesigned ROR Menu
🚀New (KBN) Dark theme awareness
🐞Fix (KBN) Broken Kibana Spaces
🐞Fix (KBN) Support Kibana's undocumented "server.ssl.*" settings
🐞Fix (KBN) cookiePass config parsing broke load balancing
(2021-08-14) What's new in ROR 1.33.1
🚀New (ES) New Support for 7.14.1
🐞Fix (KBN) Error in patching for 7.14.0
🐞Fix (KBN) clearSessionOnEvents now works as expected
🐞Fix (KBN) login form font loads correctly
(2021-08-09) What's new in ROR 1.33.0
🚨Security Fix (KBN) xml-crypto dependency update
🚀New (KBN) New Support for 7.14.0, 6.8.18
🧐Enhancement (KBN) Parse credentials in /api/* requests, no need for valid cookie. Supersedes whitelistedPaths
🐞Fix (KBN)Caching issues switching tenancies with dark/light theme
🐞Fix (KBN) Newly created Space shows in all tenancies when using default kibana index
🐞Fix (KBN < 7.9.x) nextUrl works again with SAML and OIDC
(2021-07-25) What's new in ROR 1.32.0
🚨Security Fix (ES) Apache Commons Codec vulnerability
🚨Security Fix (KBN) upgraded dependencies due to security fixes
🚨Security Fix (KBN) disable x-powered-by to avoid fingerprinting
🚀New (ES) Support for ES 7.14.0 & 6.8.18
🚀New (KBN) Support for Kibana 7.13.x series
🧐Enhancement (KBN) honor configurations coming from ENV and CLI options
🧐Enhancement (KBN) when metadata has no username, login must be denied
🧐Enhancement (KBN) audit tab ported to new platform
🧐Enhancement (ES) improved ES resources cleaning when ROR returns FORBIDDEN response
🧐Enhancement (KBN < 7.9.x) auto clean-up dangling SAML/OIDC cookies
🐞Fix (ES) not allowed aliases should not present in a response for a Get Index API request
🐞Fix (KBN) fix dev-tools and import saved object not working
🐞Fix (KBN) honor
requestHeadersWhitelistin user metadata request (login)🐞Fix (KBN < 7.9.x) do not crash on invalid metadata
(2021-06-29) What's new in ROR 1.31.0
🚨Security Fix (KBN) prevent direct navigation to hidden apps
🚀New (ES) 7.13.4, 7.13.3, 7.13.2, 6.8.17 support
🚀New (KBN) new minimal Kibana Management menu when "Management" app is hidden
🧐Enhancement (KBN) logout active Kibana session if key metadata/permissions change in ACL
🧐Enhancement (KBN) better port number validation
🧐Enhancement (ES) improved cluster indices handling
🐞Fix (ES) Kibana access rule regression fix
🐞Fix (ES) search template API handling with
filterandfieldsrule🐞Fix (ES) multi-tenancy issue when groups_provider_authorization is used
🐞Fix (ES)
x_forwarded_forrule: wrong handling of / request🐞Fix (ES) Issue with handling ResizeRequest which made it unable to upgrade Kibana to version 7.12.0+
🐞Fix (KBN) some Kibana requests arrive to ES without credentials
🐞Fix (KBN) inconsistent read after write in session storage lead to issues with round robin load balancing
🐞Fix (KBN) bad multipart POST handling leads to saved object import errors
(2021-05-26) What's new in ROR 1.30.1
🚨Security Fix (ES) CVE-2021-27568
🚀New (ES) 7.13.0, 7.13.1 support
🐞Fix (ES) Regression in multi-tenancy handling
🐞Fix (ES) Proper handling of _snapshot/_status endpoint
(2021-05-16) What's new in ROR 1.30.0
🚀New (KBN) 7.12.x compatibility
🚀New (ES) LDAP connector circuit breaker
🧐Enhancement (ES) Username with wildcard support in users section and groups mapping
🧐Enhancement (KBN < 7.9.x) OIDC errors visibility
🧐Enhancement (KBN < 7.9.x) Smarter session probe algorithm
🐞Fix (KBN >= 7.9.x) Load CertificateAuthorities as an array if not specified as an array
🐞Fix (KBN < 7.9.x) Don't hide visualizations list search box in RO mode
(2021-04-09) What's new in ROR 1.29.0
🚨Security Fix (ES) Security Fix (ES) CVE-2021-21409
🚀New (KBN) support 7.9.0, 7.9.1, 7.10.0, 7.10.1, 7.10.2, 7.11.0, 7.11.1, 7.11.2 (with ROR new platform)
🚀New (ES) 7.12.1 support
🧐Enhancement (KBN) logout if the credentials/metadata of the current user change in the ACL
(2021-04-01) What's new in ROR 1.28.2
🚨Security Fix (ES) CVE-2021-21295
🐞Fix (KBN) prevent SAML/OIDC initiated Kibana sessions from expiring after
session_timeout_minutesdespite continued interaction
(2021-03-24) What's new in ROR 1.28.1
🐞Fix (ES) Getting index templates issue when no
indicesrule was used in matched block🐞Fix (ES) NPE on getting template aliases
(2021-03-14) What's new in ROR 1.28.0
🚀New (ES) 7.12.0, 7.11.2 support
🚀New (ES) full Index and Component Templates API support
🧐Enhancement (ES) Username case sensitivity settings
🐞Fix (ES) Kibana logout event storing fix
🐞Fix (KBN) Prevent cookie expiration deadlock in browsers when using SAML/OIDC
🐞Fix (KBN) When credentials change in the ACL, make it possible to login again
🐞Fix (KBN) Kibana management app ID changed from "kibana:management" to "kibana:stack_management"
(2021-02-27) What's new in ROR 1.27.1
🚨Security Fix (ES) CVE-2021-21290
🚀New (ES) 7.11.1 support
(2021-02-16) What's new in ROR 1.27.0
🚀New (ES) 7.11.0, 7.10.2, 6.8.14 support
🧐Enhancement (KBN) X-Forwarded-For copied from incoming request (or filled with source IP) before forwarding to ES
🧐Enhancement (KBN) Kibana logout event generates a special audit log entry in ROR audit logs index
🧐Enhancement (KBN) ROR panel shows "reports" button if kibana:management app is hidden
🐞Fix (ES) SQL API - better handling of invalid query
(2021-01-11) What's new in ROR 1.26.1
🐞Fix (ES) wrong behaviour of
kibana_accessrule for ROR actions when ADMIN value is set
(2021-01-02) What's new in ROR 1.26.0
🚨Security Fix (ES) CVE-2020-35490 & CVE-2020-35490 (removed Jackson dependency from ROR core)
🚀New (ES) New response_fields rule
🧐Enhancement (ES) Full support for ILM API
🧐Enhancement (KBN) Enforce read-after-write consistency between kibana nodes
🧐Enhancement (KBN ENT) OIDC custom claims incorporated in "assertion" claim
🧐Enhancement (KBN ENT) OIDC support for configurable kibanaExternalHost (good for Docker)
🧐Enhancement (KBN ENT) ROR adds "ror-user_" class to "body" tag for easy per-user CSS/JS
🧐Enhancement (KBN ENT/PRO) ROR adds "ror-group_" class to "body" tag for easy per-group CSS/JS
🐞Fix (ES) ROR authentication endpoint action
🐞Fix (ES) "username" in audit entry when request is rejected
What's new in 1.25.2
🐞Fix (ES) removed verbose logging
What's new in 1.25.1
🚨Security Fix (ES) CVE-2020-25649
🚀New (ES) 7.10.1 support
What's new in 1.25.0
🚨Security Fix (ES) Common Vulnerabilities and Exposures (CVE)
🚀New (ES) 7.10.0 support
🚀New (ES) auth_key_pbkdf2 rule
🧐Enhancement (ES) Fields rule performance improvement
🧐Enhancement (ES) Resolved index API support
🐞Fix (ES) index resolve action should be treated as readonly action
🐞Fix (ES) /_snapshot and /_snapshot/_all should behave the same
What's new in 1.24.0
🚨Security Fix (ES) search template handling fix
🚀New (ES) 7.9.3 & 6.8.13 support
🧐Enhancement (ES) full support for ES Snapshots and Restore APIs
🐞Fix (KBN) fix crash in error handling
🐞Fix (ES) don't remove ES response warning headers
🐞Fix (ES) issue when entropy of /dev/random could have been exhausted when using JwtToken rule
What's new in 1.23.1
🚀New (ES) 7.9.2 support
🐞Fix (KBN) fix code 500 error on login in Kibana
What's new in 1.23.0
🚀New (ES) introduced must_involve_indices option for indices rule
🧐Enhancement (ES) negation support in headers rules
🧐Enhancement (ES) x-pack rollup API handling
🐞Fix (KBN) deep links query parameters are now handled
🐞Fix (KBN) make sure default kibana index is always discovered (fixes reporting in 6.x)
🐞Fix (ES) /_cluster/allocation/explain request should not be forbidden if matched block doesn't have indices rules
🐞Fix (ES) remote address extracting issue
What's new in 1.22.1
🐞Fix (ES) missing handling of aliases API for ES 7.9.0
What's new in 1.22.0
🚀New (ES) 7.9.0 support
🧐Enhancement (ES) aliases API handling
🧐Enhancement (ES) dynamic variables support in fields rule
🐞Fix (ES) adding aliases issue
🐞Fix (ES) potential memory leak for ES 7.7.x and above
🐞Fix (ES) cross cluster search issue fix for X-Pack _async_search action
🐞Fix (ES) XFF entry in audit issue
🐞Fix (KBN) SAML certificate loading
🐞Fix (KBN) SAML loading groups from assertion
🐞Fix (KBN) fix reporting in pre-7.7.0
What's new in 1.21.0
🧐Enhancement (ES) cluster API support improvements
🐞Fix (ES) X-Pack _async_search support
🐞Fix (ES) _rollover request handling
🐞Fix (KBN) multitenancy+reporting regression fix (for 7.6.x and earlier)
🐞Fix (KBN) "x-" headers should be forwarded in /login route when proxy passthrough is enabled
🐞Fix (KBN) SAML metadata.xml endpoint not responding
🐞Fix (KBN) NAT/reverse proxy support for SAML
🐞Fix (KBN) SAML login redirect error
🐞Fix (ES) _readonlyrest/metadata/current_user should be always allowed by filter/fields rule
What's new in 1.20.0
🚀New 7.7.1, 7.8.0 support
🧐Enhancement (KBN) tidy up audit page
🧐Enhancement (KBN FREE) clearly inform when features are not available
🧐Enhancement (KBN) ship license report of libraries
🧐Enhancement (ES) filter rule performance improvement
🐞Fix (KBN) proxy_auth: avoid logout-login loop
🐞Fix (KBN) 404 error on font CSS file
🐞Fix (ES) wildcard in filter query issue
🐞Fix (ES) forbidden /_snapshot issue
🐞Fix (ES) /_mget handling by indices rule when no index from a list is found
🐞Fix (ES) available groups order in metadata response should match the order in which groups appear in ACL
🐞Fix (ES) .readonlyrest and audit index - removed usage of explicit index type
🐞Fix (ES) tasks leak bug
What's new in 1.19.5
🚀New 7.7.0, 7.6.2, 6.8.9, 6.8.8 support
🧐Enhancement (ES/KBN) kibana_access can be explicitly set to unrestricted
🧐Enhancement (ES) LDAP connection pool improvement
🐞Fix (ES) better LDAP request timeout handling
🐞Fix (ES) remote indices searching bug
🐞Fix (ES) cross cluster search support for _field_caps request
🚨Security Fix (ES) create and delete templates handling
🐞Fix (KBN) Regression in proxy_auth_passthrough
🧐Enhancement (KBN) whitelistedPaths now accepts basic auth credentials
🧐Enhancement (KBN) Dump logout button, new ROR Panel
🧐Enhancement (KBN) removed ROR from Kibana sidebar. Admins have a link in new panel.
🧐Enhancement (KBN) avoid show login form redirecting from SAML IdP
🚨Security Fix (KBN) server-side navigation prevention to hidden apps
What's new in 1.19.4
🐞Fix (ES) Interpolating config with environment variables in SSL section
🐞Fix (KBN Ent 6.x) Fixed default space creation in
🐞Fix (KBN 6.x) Fixed error toast notification not showing
🐞Fix (KBN Ent) Fixed missing Axios dependency
🐞Fix (KBN Ent) Fixed SAML connector
🐞Fix (KBN) Toast notification overlap with logout bar
🧐Enhancement (KBN) Restyled logout bar
🧐Enhancement (KBN) Configurable periodic session checker
What's new in 1.19.3
🚀New (ES/KBN) 7.6.1 compatibility
🚀New (ES) customizable name of settings index
🧐Enhancement (KBN) configurable ROR cookie name
🧐Enhancement (ES/KBN) handling of encoded ROR headers in Authorization header values
🧐Enhancement (KBN) user feedback on why login failed
🐞Fix (ES) support for multiple header values
🐞Fix (ES) releasing LDAP connection pool on reloading ROR settings
🐞Fix (KBN) multitenancy issue with 7.6.0+
🐞Fix (KBN) creation of default space for new tenant
🐞Fix (KBN 6.x) in RO mode, don't hide add/remove over fields in discovery
🐞Fix (KBN 6.x) index template & in-index session manager issues
What's new in 1.19.2
🚀New (KBN) 7.6.0 support
🧐Enhancement (KBN) less verbose info logging
🧐Enhancement (KBN) start up time semantic check for settings
🐞Fix (KBN Free) missing logout button
🐞Fix (KBN) error message creating internal proxy
🐞Fix (KBN 6.x) add field to filter button invisible in RO mode
What's new in 1.19.1
🎁Product (KBN) Launched ReadonlyREST Free for Kibana!
🚀New (ES) 7.6.0 support, Kibana support coming soon
🚀New (KBN) Audit log dashboard
🚀New (KBN) Template index can now be declared per tenant instead of globally
🚀New (ES) custom trust store file and password options in ROR settings
🧐Enhancement (ES) When "prompt_for_basic_auth" is enabled, ROR is going to return 401 instead of 404 when the index is not found or a user is not allowed to see the index
🧐Enhancement (ES) literal ipv6 with zone Id is acceptable network address
🧐Enhancement (ES) LDAP client cache improvements
🐞Fix (ES) /_all/_settings API issue
🐞Fix (ES) Index stats API & Index shard stores API issue
🐞Fix (ES) readonlyrest.force_load_from_file setting decoding issue
🐞Fix (KBN) allowing user to be logged in in two tabs at the same time
🐞Fix (KBN) logging with JWT parameter issue
🐞Fix (KBN) parsing of sessions fetched from ES index
🐞Fix (KBN) logout issue
What's new in 1.19.0
🚀New (KBN) Configurable option to delete docs from tenant index when not present in template
🧐Enhancement (ES) Less verbose logging of blocks history
🧐Enhancement (ES) Enriched logs and audit with attempted username
🧐Enhancement (ES) Better settings validation - only one authentication rule can be used in given block
🧐Enhancement (ES/KBN) Plugin versions printing in logs on launch
🧐Enhancement (ES) When user doesn't have access to given index, ROR pretends that the index doesn't exist and return 404 instead of 403
🐞Fix (ES) Searching for nonexistent/forbidden index with wildcard mirrors default ES behaviour instead of returning 403
🐞Fix (KBN) Switching groups bug
What's new in 1.18.10
🚀New (ES/KBN) Support v6.8.6, v7.5.0, v7.5.1
🚀New (KBN) Group IDs can now be mapped to aliases
🚀New (ES) New, more robust and simple method of creating custom audit log serializers
🚀New (ES) Example projects with custom audit log serializers
🐞Fix (KBN) Prevent index migration after kibana startup
🧐Enhancement (KBN) If default space doesn't exist in kibana index then copy from default one
🧐Enhancement (KBN) Crypto improvements - store init vector with encrypted data as base64 encoded json.
🧐Enhancement (ES) Better settings validation - prevent duplicated keys in readonlyrest.yml
What's new in 1.18.9
🚀New (ES/KBN) Support v7.4.1, v7.4.2
🚀New (KBN) Kibana sessions stored in ES index
🐞Fix (ES) issue with in-index settings auto-reloading
🐞Fix (ES) _cat/indices empty response when matched block doesn't contain 'indices' rule
What's new in 1.18.8
🚀New (ES/KBN) Support v7.4.0
🚀New (ES) Elasticsearch SQL Support
🚀New (ES) Internode ssl support for es5x, es60x, es61x and es62x
🚀New (ES) new runtime variable @{acl:current_group}
🚀New (ES) namespace for user variable and support for both versions: @{user} and @{acl:user}
🚀New (ES) support for multiple values in uri_re rule
🧐Enhancement (ES) more reliable in-index settings loading of ES with ROR startup
🧐Enhancement (ES) less verbose logs in JWT rules
🧐Enhancement (ES) Better response from ROR API when plugin is disabled
🧐Enhancement (ES) Splitting verification ssl property to client_authentication and certificate_verification
🐞Fix (ES) issue with backward compatibility of proxy_auth settings
🐞Fix (ES) /_render/template request NPE
🐞Fix (ES) _cat/indices API bug fixes
🐞Fix (ES) _cat/templates API return empty list instead of FORBIDDEN when no indices are found
🐞Fix (ES) updated regex for kibana access rule to support 7.3 ES
🐞Fix (ES) proper resolving of non-string ENV variables in readonlyrest.yml
🐞Fix (ES) lang-mustache search template handling
What's new in 1.18.7
🚀New (ES) Field level security (FLS) supports nested JSON fields
🐞Security Fix (ES) Authorization headers appeared in clear in logs
🧐Enhancement (KBN) Don't logout users when they are not allowed to search a index-pattern
🧐Enhancement (ES) Headers obfuscation is now case insensitive
What's new in 1.18.6
🚀New (ES/KBN) Support v7.3.1, v7.3.2
🚀New (ES) Configurable header names whose value should be obfuscated in logs
🚀New (KBN) Dynamic variables from user identity available in custom_logout_link
🧐Enhancement (ES) Richer logs for JWT errors
🧐Enhancement (ENT) nextUrl works also with SAML now
🧐Enhancement (ENT) SAML assertion object available in ACL dynamic variables
🧐Enhancement (KBN) Validate LDAP server(s) before accepting new YAML settings
🧐Enhancement (KBN) Ensure a read-only UX for 'ro' users in older Kibana
🐞Fix (ES) Fix memory leak from dependency (snakeYAML)
What's new in 1.18.5
🐞Security Fix (ES) indices rule can now properly handle also the templates API
🧐Enhancement (ES) Array dynamic variables are serialized as CSV wrapped in double quotes
🧐Enhancement (ES) Cleaner debug logs (no stacktraces on forbidden requests)
🧐Enhancement (ES) LDAP debug logs fire also when cache is hit
🚀New (ES/KBN) Support v7.2.1, v7.3.0
🐞Fix (PRO) PRO plugin crashing for some Kibana versions
🐞Fix (ENT) SAML library wrote a too large cookie sometimes
🐞Fix (ENT) SAML logout not working
🐞Fix (ENT) JWT fix exception "cannot set requestHeadersWhitelist"
🐞Fix (PRO/ENT) Hide more UI elements for RO users
🐞Fix (PRO/ENT) Sometimes not all the available groups appear in tenancy selector
🐞Fix (PRO/ENT) Feature "nextUrl" broke
🐞Fix (PRO/ENT) prevent user kick-out when APM is not configured and you are not an admin
🚀New (PRO/ENT) Kibana request path/method now sent to ES (good for policing dev-tools)
What's new in 1.18.4
🚀New (ES) User impersonation API
🚀New (ES) Support latest 6.x and 5.x versions
🐞Security Fix (ES) filter/fields rules leak
🐞Fix (KBN/ENT) allow more action for kibana_access, prevent sudden logout
🐞Fix (KBN/ENT) temporarily roll back "support for unlimited tenancies"
What's new in 1.18.3
🚀New Support added for ES/Kibana 6.8.1
🧐Enhancement (ES) Crash ES on invalid settings instead of stalling forever
🧐Enhancement (ES) Better logging on JWT, JSON-paths, LDAP, YAML errors
🧐Enhancement (ES) Block level settings validation to user with precious hints
🧐Enhancement (ES) If force_load_from_file: true, don't poll index settings
🧐Enhancement (ES) Order now counts declaring LDAP Failover HA servers
🐞Fix (ES) "EsIndexJsonContentProvider" had a null pointer exception
🐞Fix (ES) "es.set.netty.runtime.available.processors" exception
🧐Enhancement (KBN) Collapsible logout button
🧐Enhancement (KBN) ROR App now uses a HA http client
🧐Enhancement (KBN) Automatic logout for inactivity
🧐Enhancement (KBN) Support unlimited amount of tenancies
🐞Fix (KBN/ENT) concurrent multitenancy bug
🐞Fix (KBN) Avoid sporadic errors on Save/Load buttons
What's new in 1.18.2
🚀New Support for Elasticsearch & Kibana 7.2.0
🐞Fix (ES) restore indices ("IDX") in audit logging
🧐Enhancement (ES) New algorithm of setting evaluation order
🚀New (ES) JWT claims as dynamic variables. I.e. "@{jwt:claim.json.path}"
🚀New (ES) "explode" dynamic variables. I.e. indices: ["@explode{x-indices}"]
🐞Fix (PRO/Enterprise) preserve comments and formatting in YAML editor
🐞Fix (PRO/Enterprise) Print error message when session is expired
🐞Regression (PRO/Enterprise) Redirect to original link after login
🐞Regression (PRO/Enterprise) Broken CSV reporting
🧐Enhancement (PRO/Enterprise) Prevent navigating away from YAML editor w/ unsaved changes
🐞Fix (Enterprise) Exception when SAML connectors were all disabled
🐞Fix (Enterprise) Concurrent tenants could mix up each other kibana index
🐞Fix (Enterprise) Cannot inject custom JS if no custom CSS was also declared
🐞Fix (Enterprise) Injected JS had no effect on ROR logout button
🐞Fix (Enterprise) On narrow screens, the YAML editor showed buttons twice
What's new in 1.18.1
🐞Fix (Elasticsearch) Reindex requests failed for a regression in indices extraction
🐞Fix (Elasticsearch) Groups rule erratically failed
🐞Fix (Elasticsearch) JWT claims can now contain special characters
🧐Enhancement (Elasticsearch) Better ACL History logging
🧐Enhancement (Elasticsearch) QueryLogSerializer and old custom log serializers work again
🐞Fix (PRO/Enterprise) ReadonlyREST icon in Kibana was white on white
🐞Fix (Enterprise) SAML connectors could not be disabled
🐞Fix (Enterprise) SAML connector "buttonName" didn't work
What's new in 1.18.0
🚀New Support for Elasticsearch & Kibana 7.0.1
🧐Enhancement (Elasticsearch) empty array values in settings are invalid
🐞Security Fix (Elasticsearch) arbitrary x-cluster search referencing local cluster
🐞Fix (Elasticsearch) ArrayOutOfBoundException on snapshot operations
🧐Enhancement (PRO/Enterprise) History cleaning can now be disabled ("clearSessionOnEvents")
What's new in 1.17.7
🚀New Support for Elasticsearch 7.0.0 (Kibana is coming soon)
🧐Enhancement (Elasticsearch) rewritten LDAP connector
🧐Enhancement (Elasticsearch) new core written in Scala is now GA
🐞Fix (Enterprise) devtools requests now honor the currently selected tenancy
🐞Security Fix (Enterprise/PRO) Fix "connectorsService" error in installation
What's new in 1.17.5
🚀New Support for Kibana/Elasticsearch 6.7.1
🧐Enhancement (Enterprise >= Kibana 6.6.0) Multiple SAML identity provider
🐞Security Fix (Enterprise/PRO) Don't pass auth headers back to the browser
🐞Fix (Enterprise/PRO) Missing null check caused error in reporting (CSV)
🐞Fix (Enterprise) Don't reject requests if SAML groups are not configured
🐞Fix filter/fields rules not working in msearch (in 6.7.x)
🧐Enhancement Print whole LDAP search query in debug log
What's new in 1.17.4
🚀New Support for Kibana/Elasticsearch 6.7.0
🧐Enhancement (PRO/Enterprise) JWT query param is the preferred credentials provider
🧐Enhancement (PRO/Enterprise) admin users can use indices management
🧐Enhancement (PRO/Enterprise) ro users can dismiss telemetry form
🐞Fix Audit logging in 5.1.x now works again
🐞Fix unpredictable behaviour of "filter" and "fields" when using external auth
🐞Fix LDAP ConcurrentModificationException
🐞Fix Audit logging in 5.1.x now works again
🐞Fix (PRO/Enterprise) JWT deep-link works again
What's new in 1.17.3
1.17.2 went unreleased, all changes have been merged in 1.17.3 directly
🐞Fix (Enterprise) Tenancy selector showing if user belonged to one group
🐞Fix (PRO/Enterprise) RW buttons not hiding for RO users in React Kibana apps
🐞Fix (Enterprise) Tenancy templating now works much more reliably
🐞Fix (Enterprise) Missing tenancy selector icon after switching tenancy
🐞Fix (PRO/Enterprise) barring static files requests caused sudden logout
🐞Fix Numerous fixes to better support Kibana 6.6.x
🐞Fix Critical fixes in new Scala core
🐞Fix Exception in reindex requests caused tenancy templating to fail
🧐Enhancement Bypass cross-cluster search logic if single cluster
What's new in 1.17.1
🐞Fix (PRO/Enterprise) SAML now works well in 6.6.x
🐞Fix (PRO/Enterprise) "undefined" authentication error before login
🐞Fix (Enterprise) Default space creation failures for new tenants
🐞Fix (Enterprise) Icons/titles CSS misalignment in sidebar (Firefox)
🧐Enhancement(Enterprise) UX: Larger tenancy selector
🐞Security Fix (Enterprise) Privilege escalation when changing tenancies under monitoring
🐞Fix (Elasticsearch) compatibility fixes to support new Kibana features
🧐Enhancements (Elasticsearch) New core and LDAP connector written in Scala is finished, now under QA.
What's new in 1.17.0
🚀New Feature Support for Kibana/Elasticsearch 6.6.0, 6.6.1
🚀New Feature Internode SSL (ES 6.3.x onwards)
🧐Enhancement(PRO/Enterprise) UI appearence
🧐Enhancement Made HTTP Connection configurable (PR #410)
🐞Fix slow boot due to SecureRandom waiting for sufficient entropy
🐞Fix Enable kibana_access:ro to create short urls in es6.3+ (PR #408)
What's new in 1.16.34
🧐Enhancement X-Forwarded-For header in printed es logs ("XFF")
🧐Enhancement kibana_index: ".kibana_@{user}" when user is "John Doe" becomes .kibana_john_doe
🐞Fix (Enteprise) parse SAML groups from assertion as array of strings
🐞Fix (Enteprise) SAMLRequest in location header was URLEncoded twice, broke on some IdP
🐞Fix (PRO/Enteprise) "cookiePass" works again, no more need for sticky cookies in load balancers!
🐞Fix (PRO/Enteprise) fix redirect loop with JWT deep linking when JWT token expires
🧐Enhancement (PRO/Enteprise) fix audit demo page CSS
🧐Enhancement (Enteprise) SAML more configuration parameters available
🚀New Feature (PRO/Enteprise) set ROR to debug mode (readonlyrest_kbn.logLevel: "debug")
What's new in 1.16.33
🐞Fix(PRO/Enteprise) compatibility problems with older Kibana versions
🐞Fix(PRO/Enteprise) compatibility problems with OSS Kibana version
What's new in 1.16.32
🚀New Feature "kibanaIndexTemplate": default dashboards and spaces for new tenants
🧐Enhancement Support for ES/Kibana 6.5.4
🧐Enhancement Upgraded LDAP library
🧐Enhancement (Enterprise) Now tenants save their CSV exports in their own reporting index
🐞Fix(PRO/Enteprise) Support passwords that start and/or end with spaces
🐞Fix (PRO/Enterprise) Now reporting works again
What's new in 1.16.31
🧐Enhancement Support for ES/Kibana 6.5.2, 6.5.3
🚧WIP: Laid out the foundation for LDAP HA support
What's new in 1.16.29
🧐Enhancement Support for ES/Kibana 6.4.3
🚀New Feature (PRO/Enterprise) configurable server side session duration
🚀New Feature [LDAP] High Availability: Round Robin or Failover
What's new in 1.16.28
🧐Enhancement Support for ES/Kibana 6.4.2
🐞Fix (Enterprise) Multi tenancy: sometimes changing tenancy would not change kibana index
🐞Security Fix (Enterprise/PRO) Avoid echoing Base64 encoded credentials in login form error message
🧐Enhancement (Enterprise/PRO) Remove latest search/visualization/dashboard history on logout
🧐Enhancement (Enterprise/PRO) Clear transient authentication cookies on login error to avoid authentication deadlocks
🐞Fix: External JWT verification may throw ArrayOutOfBoundException
🚧WIP: Laid out the foundation for internode SSL transport (port 9300)
What's new in 1.16.27
🚀New Feature [JWT] external validator: it's now possible to avoid storing the private key in settings
🧐Enhancement Support for ES/Kibana 6.4.1
🧐Enhancement Rewritten big part of ES plugin documentation
🧐Enhancement SAML Single log out flow
🐞Fix (Enterprise/PRO) cookiePass works again, but only for Kibana 5.x. Newer Kibana needs sticky sessions in LB.
🧐Enhancement (Enterprise/PRO) much faster logout
What's new in 1.16.26
🐞 Fix (PRO/Enterprise) bugs during plugin packaging and installation process
What's new in 1.16.25
🚀New Feature Users rule: easily restrict external authentication to a list of users
🧐Enhancement Support for ES 5.6.11
🐞Hot Fix (Enterprise/PRO) Error 404 when logging in with older versions of Kibana
What's new in 1.16.24
🚀New Feature (Enterprise) SAML Authentication
🚀New Feature Support for Elasticsearch and Kibana 6.4.0
🚀New Feature Headers rule now split in headers_or and headers_and
🧐Enhancement Headers rule now allows wildcards
🚀New Feature (Enterprise) Multi-tenancy now works also with JSON groups provider
🐞 Fix Multi-tenancy (Enterprise) incoherent initial kibana_index and current group
What's new in 1.16.23
🧐Enhancement Support for Elastic Stack 6.3.1 and 5.6.10
🚀New Feature (Enterprise) Custom CSS injection for Kibana
🚀New Feature (Enterprise) Custom Javascript injection for Kibana
🚀New Feature (PRO/Enterprise) access paths without need to login (i.e. /api/status)
🐞Fix (PRO/Enterprise) Navigating to X-Pack APM caused hidden Kibana apps to reappear
What's new in 1.16.22
🚀New Feature: map LDAP groups to local groups (a.k.a. role mapping)
🐞 Fix (Elasticsearch) wildcard aliases resolution not working in "indices" rule.
🧐Enhancement: it is now possible now to use JDK 9 and 10
🐞 Fix (PRO/Enterprise) wait forever for login request (i.e. slow LDAP servers)
🐞 Fix (PRO/Enterprise) add spinner and block UI if login request is being sent
🐞 Fix (PRO/Enterprise) if user is logged out because of LDAP cache expiring + slow authentication, redirect to login.
🐞 Fix (PRO/Enterprise) let RO users delete/edit search filters
What's new in 1.16.21
🚀New Feature: Introducing support for Elasticsearch and Kibana v6.3.0
🐞 Fix (Enterprise) multi tenancy - switching tenancy does not always switch kibana index
What's new in 1.16.20
ReadonlyREST PRO/Enterprise for Kibana
🧐 Enhancement: when login, forward "elasticsearch.requestHeadersWhitelist" headers. (useful for "headers" rule and "proxy_auth" to work well.)
ReadonlyREST for Elasticsearch
🚀New Feature: DLS (with dynamic variables suppoort) Thanks DataSweet!
🚀 New feature: Field level security
🚀 New rules: Snapshot, Repositories, Headers
🧐 Enhancement: custom audit serializers: the request content is available
🐞 Fix readonlyrest.yml path discovery
🐞 Fix: LDAP available groups discovery (tenancy switcher) corner cases
🐞 Fix: auth_key_sha1, auth_key_sha256 hashes in settings should be case insensitive
🐞 Fix: LDAP authentication didn't work with local group
Last updated
Was this helpful?