Changelog
π New (KBN) 9.2.3, 9.2.2, 9.1.9, 9.1.8, 8.19.9, 8.19.8 support
π New (ES) 9.2.3, 9.2.2, 9.1.9, 9.1.8, 8.19.9, 8.19.8 support
π Fix (ES) Resolved index resolution compatibility issue with Elasticsearch 9.1.7
π New (KBN) 9.2.1, 9.1.7, 8.19.7 support
π New (ES) 9.2.1, 9.1.7, 8.19.7 support
π Fix (KBN) Fixed SAML/OIDC provider support behind a reverse proxy when
server.rewriteBasePath: falseis set in kibana.ymlπ Fix (ES) Delegated handling of certain internal exceptions to Elasticsearch, preserving native error responses
π New (KBN) 9.2.0, 9.1.6, 8.19.6 support
π New (ES) 9.2.0, 9.1.6, 8.19.6 support
π§ Enhancement (ES) Allow using the
actionsrule with thekibanarule in the same block whenkibana.access: unrestrictedπ Fix (KBN) Fixed JWT handling for wrong license edition
π Fix (KBN) Suppressed βForbiddenβ toast in Discover/Dashboard on Kibana 8.xβ9.x
π Fix (KBN) Resolved report download failure on Kibana 9.1.x
π Fix (KBN) Fixed timeout when saving Security settings
π Fix (KBN) Restored visibility of reports when multiple data streams exist for a reporting index
π Fix (KBN) Fixed invisible reports for non-tenancy users on Kibana 9.1.x
π¨ Security Fix (KBN) CVE-2025-58754
π¨ Security Fix (ES) CVE-2025-58057, CVE-2025-58056
π New (ES) Added new rules:
ror_kbn_authenticationandror_kbn_authorization, as alternatives to the existingror_kbn_authruleπ§ Enhancement (KBN) Added OIDC
clock-skew-toleranceconfiguration option inkibana.ymlπ§ Enhancement (KBN) Added option to disable Kibana termination on watermark errors in
kibana.ymlπ Fix (KBN) Logout did not invalidate the app session when the
ror_kbn_authrule was used with local group definitionsπ Fix (KBN) Integration-based options were visible in search results even when the app was marked as hidden
π Fix (KBN) Index Management appeared in app search results even when the app was declared as hidden
π Fix (KBN) Resolved an issue with CSRF token override when multiple browser tabs were open
π Fix (KBN) Fixed OIDC compatibility for Kibana 7.10.2 and earlier
π Fix (ES) Restored backward compatibility for custom audit log serializer implementations extending the
DefaultAuditLogSerializerclass. Custom serializers compiled against ROR 1.65 or 1.66 that useDefaultAuditLogSerializermust be recompiled to work correctlyπ Fix (ES) Fixed a defect that broke the "Snapshot and Restore" functionality in Kibana
π New (KBN) 9.1.5, 9.1.4, 9.0.8, 9.0.7 8.19.5, 8.19.4, 8.18.7 support
π New (ES) 9.1.5, 9.1.4, 9.0.8, 9.0.7, 8.19.5, 8.19.4, 8.18.8, 8.18.7 support
π¨Security Fix (KBN) CVE-2025-7339, CVE-2025-7783, CVE-2025-54419, CVE-2025-9288
π¨Security Fix (KBN) Prevented visibility of hidden functions through Kibana UI search
π¨Security Fix (ES) Removed internal failure details from error responses to prevent unintended information disclosure
πNew (KBN) 9.1.3, 9.1.2, 9.0.6, 8.19.3, 8.18.6 support
πNew (ES) 9.1.3, 9.1.2, 9.0.6, 8.19.3, 8.18.6 support
π§Enhancement (ES) Refined user metadata selection logic during login to prioritize matched blocks associated with a defined Kibana index
π§Enhancement (ES) Patching: improved handling of the consent flag when provided via environment variables for more reliable configuration
πFix (KBN) Resolved issue with index deletion in Index Management via Kibana UI
πFix (KBN) Corrected document display in Discover when indices are defined in the user ACL block
πFix (KBN) Fixed an error preventing Spaces from being deleted in Kibana 9.1.0
πFix (KBN) Corrected handling of
readonlyrest_kbn.whitelistedPathsinkibana.ymlwhenxpack.security.enabled: trueπFix (KBN) Resolved startup issues for Kibana versions 7.9.0 β 7.10.2
πFix (KBN) Fixed report generation when
xpack.security.enabled: trueandxpack.encryptedSavedObjects.encryptionKeyis set in Kibana 8.19.x and 9.1.xπNew (KBN) 9.1.1, 9.1.0, 9.0.5, 9.0.4, 8.19.2, 8.19.1, 8.19.0, 8.18.5, 8.18.4, 8.17.10, 8.17.9 support
πNew (ES) 9.1.1, 9.1.0, 9.0.5, 9.0.4, 8.19.2, 8.19.1, 8.19.0, 8.18.5, 8.18.4, 8.17.10, 8.17.9 support
πNew (ECK) 3.1.0 support
πFix (ES) Docker images now start correctly when
I_UNDERSTAND_AND_ACCEPT_ES_PATCHINGis set.π¨Security Fix (KBN) CVE-2025-5889
π¨Security Fix (ES) CVE-2024-29857 (when FIPS SSL is used)
πNew (KBN) Added support for configuring JSON log format in
kibana.yml.πNew (ES) Included Elasticsearch node name and cluster name in the audit reports.
π§Enhancement (KBN) Logged detailed messages when the CSRF token has expired.
π§Enhancement (KBN) Added
id_tokenas a valid option foruserInfoSource.π§Enhancement (ES) Improved handling of JVM properties related to ROR settings.
πFix (KBN) Fixed OIDC logout redirection issue by switching
redirect_uritoid_token_hintand usingpost_logout_redirect_uri.πFix (KBN) The ReadonlyREST Kibana plugin now accepts custom appender names defined in
kibana.yml.πFix (KBN) When "Remember Group After Logout" is enabled, groups without access are correctly ignored during login.
πFix (KBN) Fixed issue where the Kibana index template was not applied for Kibana versions β₯ 8.8.0.
πFix (KBN) Resolved a bug with
readonlyrest_kbn.resetKibanaIndexToTemplate: truefor Kibana 7.x.πFix (KBN) Fixed an issue where a custom session index name was not respected after Kibana restart.
πFix (ES) Fixed an issue preventing snapshots from being restored when no indices were specified.
πFix (ES) File ownership and permissions are now preserved during
ror-toolspatch and unpatch operations.πNew (KBN) 9.0.3, 9.0.2, 8.18.3, 8.18.2, 8.17.8, 8.17.7, 7.17.29 support
πNew (ES) 9.0.3, 9.0.2, 8.18.3, 8.18.2, 8.17.8, 8.17.7, 7.17.29 support
πFix (ES) Correct patching verification in ROR Docker image entrypoint
(2025-05-11) What's new in ROR 1.64.0
π¨Security Fix (KBN) CVE-2024-53382, CVE-2025-27789, CVE-2025-29774
π¨Security Fix (ES) CVE-2023-3894, CVE-2025-25193
β οΈWarning (ES) Acknowledgement needs to be accepted before the Elasticsearch patching process. For scripts, you can set the flag to automate the process.
πNew (KBN) Added an endpoint to retrieve all user tenancies via the ReadonlyREST API. See the ReadonlyREST API Documentation for usage details.
πNew (KBN) Introduced support for passing x-ror-tenancy-id in direct Kibana requests. See the ReadonlyREST API Documentation for details.
πNew (KBN) Introduced support for passing x-ror-impersonating in direct Kibana requests. See the ReadonlyREST API Documentation for details.
π§Enhancement (KBN) Retains the currently selected group information after user logout. This setting is user-configurable and disabled by default.
π§Enhancement (KBN) Displays detailed "reason" messages from the ROR Elasticsearch response in the login form instead of a generic "Wrong credentials" message.
π§Enhancement (KBN) Added support for passing additional SAML and OIDC config parameters via kibana.yml.
π§Enhancement (KBN) Adjusted ReadonlyREST plugin UI styles for compatibility with Kibana 9.x.
π§Enhancement (ES) Username duplication check in the "users" section of ROR ES settings can be optionally disabled.
π§Enhancement (ES) Added support for readonlyrest.global_settings in Elasticsearch ROR settings.
πFix (KBN) Resolved an unhandled error when logging.root.level is set to all in kibana.yml.
πFix (KBN) Fixed an issue with retrieving username and group information in AFDS OIDC.
πFix (KBN) Fixed an issue with passing x-ror-correlation-id to the ReadonlyREST API request.
(2025-03-12) What's new in ROR 1.63.0
π¨Security Fix (KBN) CVE-2025-26791, CWE-772
π¨Security Fix (ES) CVE-2024-57699 CVE-2025-25193 CVE-2025-24970
πNew (KBN) 9.0.1, 9.0.0, 9.0.0-rc1, 9.0.0-beta1, 8.18.1, 8.18.0, 8.17.6, 8.17.5, 8.17.4, 8.16.6 support
πNew (ES) 9.0.1, 9.0.0, 9.0.0-rc1, 9.0.0-beta1, 8.18.1, 8.18.0, 8.17.6, 8.17.5, 8.17.4, 8.16.6 support
πNew (ES) Added groups_not_any_of and groups_not_all_of rules
πNew (ES) New unified and simplified syntax for groups rules
π§Enhancement (KBN) For Kibana >= 8.14.0: Added backward compatibility to hide the Dashboard app by declaring Analytics|Dashboard and Analytics|Dashboards in the kibana.hide_apps rule
π§Enhancement (KBN) Added information about skipping patching confirmation prompt to the patching helper
π§Enhancement (KBN) [When Kibana is opened in multiple browser tabs, logging into Kibana in one tab automatically logs in all browser tabs]
πFix (KBN) Don't terminate Kibana when disk reaches low watermark
πFix (KBN) For Kibana >= 8.15.0: Added support for reporting data stream multitenancy
πFix (KBN) Silenced "Error fetching fields for index pattern" toast messages due to forbidden response in Kibana Dashboard and Discover page
πFix (KBN) For Kibana >= 8.17.0: Fixed Elasticsearch navigation header being visible when kibana.hide_apps: [ "Elasticsearch" ]
πFix (KBN) For Kibana >= 8.5.0: Fixed Dev tools play buttons not being visible for RO users
πFix (KBN) Fixed an issue with hiding the dashboard app when using regular expressions in the kibana_hide_apps field
πFix (ES) Fixed various issues with restoring snapshot API
πFix (ES) Fixed data streams, index, and component templates being forbidden for RW users in stack management
(2025-01-24) What's new in ROR 1.62.0
π¨Security Fix (ES) CVE-2024-53990
π¨Security Fix (KBN) CVE-2024-21538, CVE-2024-47764, CVE-2024-52798
β οΈWarning (KBN) Updated readonlyrest_kbn: license: activationKeyRefreshInterval - the maximum refresh interval is now set to 1 day.
πNew (ES|KBN) Introduced support for Elastic APM (Application Performance Monitoring).
πNew (KBN) 8.17.3, 8.17.2, 8.17.1, 8.16.5, 8.16.4, 8.16.3, 7.17.28 support
πNew (ES) 8.17.3, 8.17.2, 8.17.1, 8.16.5, 8.16.4, 8.16.3, 7.17.28 support
πNew (KBN) Added Kibana images with the preinstalled ReadonlyREST plugin for the arm64 platform on Docker Hub.
πNew (ES) Added Elasticsearch images with the preinstalled ReadonlyREST plugin for the arm64 platform on Docker Hub.
π§Enhancement (ES) Introduced validation to prevent multiple username entries in the users section.
πFix (KBN) Resolved an issue with exit patching-based commands.
πFix (KBN) Addressed a bug in Kibana 8.16.0 and later versions to hide the permissions tab in a space.
πFix (KBN) Fixed a compatibility issue where OIDC and SAML didn't work in Kibana versions earlier than 7.11.0.
πFix (KBN) Ensured user settings are overridden only for the default space.
πFix (ES) Relaxed restrictions on snapshot restoration during index checks.
πFix (ES) Resolved issue with Stack Monitoring access when xpack.security.enabled: true is configured.
(2024-11-20) What's new in ROR 1.61.1
π¨Security Fix (ES) Data leak through the ESQL API (for ES >= 8.11.0)
π¨Security Fix (KBN) CVE-2024-21538, CVE-2024-47764
π¨Security Fix (ES) CVE-2024-47535
πNew (KBN) 8.17.0, 8.16.2, 8.16.1, 8.16.0, 8.15.5, 7.17.27, 7.17.26 support
πNew (ES) 8.17.0, 8.16.2, 8.16.1, 8.15.5, 7.17.27, 7.17.26 support
πNew (ES) ESQL support
πFix (KBN) Elasticsearch red status shouldn't kill the Kibana process on initialization
(2024-11-12) What's new in ROR 1.61.0
π¨Security Fix (KBN) CVE-2024-47764
β οΈWarning (KBN) Acknowledgement needs to be accepted before a Kibana patching process. For scripts, you can set a flag to automate a process (edited)
πNew (KBN) 8.15.4 support
πNew (ES) 8.16.0, 8.15.4 support
πNew (ES) There is an option to define a custom response for users in ACL block with the 'forbid' policy
π§Enhancement (KBN) Set-Cookie is not returned with KBN API response
π§Enhancement (KBN) Reduce the amount of ReadonlyREST session updates
π§Enhancement (KBN) Kibana plugin won't start until the connection with Elasticsearch is established
π§Enhancement (KBN) API and activation key tabs in the Security settings are visible only for the admin or unrestricted access users
π§Enhancement (KBN) detecting issues related to high disk watermark warning
π§Enhancement (KBN) License expiration info only for admin and unrestricted access users
π§Enhancement (ES) index exclusion (dash) syntax support
πFix (KBN) Don't stop Kibana when correlationId is not available in the session
πFix (KBN) Provide additional SAML configuration options to handle Active Directory Federation Services (ADFS) properly
πFix (KBN) login page customization should be a PRO feature instead of an Enterprise
πFix (KBN) Logging to file doesn't work for Kibana 8.x
πFix (ES) Snapshot Status API - forbidden response while checking the status of all snapshots of the given repository
πFix (ES) Snapshot API - misc issues for ES 6.x
(2024-09-15) What's new in ROR 1.60.0
πNew (KBN) 8.15.3, 8.15.2, 7.17.25 support
πNew (ES) 8.15.3, 8.15.2, 7.17.25 support
πNew (KBN|ES) ECK support documentation
πNew (ES) configurable ROR YAML settings max size
β οΈWarning (ES) The prompt for basic authorization is disabled by default. To keep the previous behavior, set readonlyrest.prompt_for_basic_auth to true in the ROR configuration
π§Enhancement (KBN) There is an option to define client authentication methods in the kibana.yml via readonlyrest_kbn.auth.<YOUR_OIDC_CONFIG>.tokenEndpointAuthMethod, 'client_secret_post' or ''client_secret_basic'
π§Enhancement (KBN) Stop Kibana when enabled features are not available
πFix (KBN) HTTP 400 (bad request) issue when there is a Nginx proxy server between es and Kibana
πFix (KBN) Fix for the problem with correctly hiding Management features ROR Manage Kibana defined in the readonlyrest.yml kibana_hide_apps property
πFix (ES) ROR KBN docker image: passing ROR settings as ENVs fixes
πFix (ES) Data stream backing indices access issue with the indices rule
πFix (ES) Fix for the problem with remote access to data stream aliases
(2024-08-01) What's new in ROR 1.59.0
πNew (ES) 8.15.1, 8.15.0, 7.17.24, 7.17.23, 6.7.x support
πNew (KBN) 8.15.1, 8.15.0, 7.17.24, 7.17.23 support
π§Enhancement (KBN) Replace a broken Alert and Connectors applications with the link to our new tool for Reports and alerting for Kibana > 8.6.0 (edited)
πFix (KBN) Handling reporting URL for report generation
πFix (KBN) Embedding with inline JWT is a feature available only in ReadonlyREST PRO and Enterprise
πFix (ES) Patcher UnsupportedOperationException issue on Windows
πFix (ES) for the problem with _async_search on ES 8.14.x
(2024-06-30) What's new in ROR 1.58.0
π¨Security Fix(KBN) CVE-2022-39353, CVE-2020-7753, CVE-2022-37616, CVE-2024-29041, CVE-2022-0691, CVE-2021-3801, CVE-2022-25883, CVE-2022-0512, CVE-2022-0686, CVE-2022-0639, CVE-2022-25881, CVE-2023-0842, CVE-2017-16137, CVE-2022-33987, CVE-2022-23647, CVE-2022-36083, CVE-2024-28176
πNew (KBN) Kibana images with preinstalled ReadonlyREST plugin in Docker Hub
πNew (KBN) 8.14.3, 8.14.2 support
πNew (ES) 8.14.3, 8.14.2 support
πNew (ES) "structured groups" feature (authorization rules group names and group IDs can be defined separately)
π§Enhancement (KBN) New readonlyrest_kbn.cookies.secure and readonlyrest_kbn.cookies.sameSite cookie settings via kibana.yml
π§Enhancement (ES) improved error logging on the creation of LDAP connectors
π§Enhancement (ES) Patcher - invalid state after patching detection improvements
πFix (KBN) Impersonation and session probe logout issue
πFix (KBN) Fix problem with multi-tenancy features when xpack.security.enabled: true
(2024-05-18) What's new in ROR 1.57.3
π¨Security Fix (ES) CVE-2024-34447
πNew (KBN) 8.14.1, 8.14.0, 7.17.22 support
πNew (ES) 8.14.1, 8.14.0, 7.17.22 support
πFix (KBN) The CSRF cookie name issue that caused the "Wrong credentials" error during login
πFix (KBN) Automatic migration issue for Kibana >= 8.8.0 that caused the "mapping set to strict, dynamic introduction of... error
(2024-05-05) What's new in ROR 1.57.2
πNew (KBN) 8.13.4, 8.13.3, 7.17.21 support
πNew (ES) 8.13.4, 8.13.3, 7.17.21 support
πFix (KBN) Kibana <= 7.2.1 doesn't run
πFix (KBN) Provides a way to migrate an existing session index to the new session
πFix (ES) Patching issue for Elasticsearch installed from packages
πFix (ES) Patching issue for Elasticsearch OSS versions
(2024-04-29) What's new in ROR 1.57.1
πFix (ES) configuration parsing regression: one group definition can be a string
(2024-04-28) What's new in ROR 1.57.0
π¨Security Fix (ES) CVE-2024-29025
πNew (ES) LDAP Connector feature: groups server-side filtering
πNew (ES) LDAP Connector feature: skip user search option when user attribute is cn
β οΈWarning (KBN|ES) Internal API incompatibilities (to take advantage of rolling update capabilities, upgrade ROR KBN first)
β οΈWarning (ES) Support for ES < 6.8.0 was dropped
π§Enhancement (KBN) User settings available for all access type users
π§Enhancement (KBN) Add option to change the Default Route and Time zone in User settings
π§Enhancement (KBN) Provide correlation ID to Kibana logs
π§Enhancement (ES) Rich, context-based debug logging in the LDAP connector and LDAP-related rules
π§Enhancement (ES) Additional validations: kibana rule should not be used with some other rules in the same block
πFix (KBN) Sometimes reports are not generated correctly for Kibana < 8.0.0 and the "Max attempt reached" error appears
πFix (KBN) Adjust interactive API swagger dark mode colors
πFix (KBN) CSRF problem when multiple ECK Kibana instances
πFix (KBN) Plugin doesn't run for a version Kibana < 7.11.0 when the OIDC proxy is enabled
πFix (KBN) Session probe should log out the user when empty metadata was returned from ES ROR
πFix (ES) Misc issues when xpack.security.enabled: true is set
πFix (ES) Patched files permission issue
(2024-03-15) What's new in ROR 1.56.0
πNew (KBN) Provide a way to switch light/dark mode per user
πNew (KBN) 8.13.2, 8.13.1, 8.13.0, 7.17.20, 7.17.19 support
πNew (ES) 8.13.2, 8.13.1, 8.13.0, 7.17.20, 7.17.19 support
β οΈWarning (ES) for ES > 6.5 patching is required since this version of ROR
π§Enhancement (KBN) The activation key will be revalidated in the interval
π§Enhancement (KBN) Provide a way to define Activation key retrieval mode
πFix (KBN) Sometimes reports are not generated correctly for Kibana >= 8.0.0 and "Max attempt reached" error appears
πFix (KBN) The OIDC scope configuration property was not applied and the default configuration was used instead.
πFix (KBN) The OIDC proxy parameter was not handled properly in case of HTTPs connection over HTTP proxy server
πFix (KBN) Missing information when Kibana is not patched
πFix (ES) Repositories and Snapshots handling by ES coordinating nodes
πFix (ES) Internode SSL certificate_verification: true was causing problems with nodes discovery
πFix (ES) Missing x-elastic-product header in the response when fields and filter rules were used
πFix (ES) Proper forbid policy handling during processing ROR login request
πFix (ES) application/nd-json media type handling (in case of ES 7.x versions)
(2024-01-29) What's new in ROR 1.55.0
π¨Security Fix (ES) CVE-2023-51074
πNew (KBN) 8.12.2 ,8.12.1, 7.17.18, 7.17.17 support
πNew (ES) 8.12.2, 8.12.1, 7.17.18 support
πNew (ES) Elasticsearch images with preinstalled ReadonlyREST plugin in Docker Hub
π§Enhancement (KBN) Optional readonlyrest_kbn.auth.oidc_kc.proxyURL kibana.yml configuration for the OIDC connection which allows declaring your proxy URL
π§Enhancement (KBN) Upon successful activation and edition changes all sessions are cleared and users are logged out
πFix (KBN) Saved objects are not visible for the users on Kibana >= 8.8.0
πFix (ES) LDAP nested group IDs are properly escaped
πFix (ES) Logout when a user with restricted kibana.access tried to see a restoration status of snapshots in Kibana
(2023-12-17) What's new in ROR 1.54.0
π¨Security Fix (ES) Scroll API: protected data could leak when the fields rule was used with fls_engine set to es or es_with_lucene
πNew (KBN) 8.12.0, 8.11.4 support
πNew (ES) 8.12.0, 8.11.4, 7.17.17 support
π§Enhancement (KBN) Provide automatic cleaning of stale sessions
π§Enhancement (KBN) Provide automatic cleaning of stale CSRF cookies
πFix (KBN) Adjust the ROR API POST license endpoint body to the contract to respect the license body parameter instead of a token
πFix (KBN) `CorelationId`` is changed on every session refresh
πFix (ES) "missing authorization info" problem in some situations when xpack.security.enabled was configured to be true
(2023-11-20) What's new in ROR 1.53.0
π¨Security Fix (ES) CVE-2023-4586, CVE-2023-5072
πNew (KBN) 8.11.3, 8.11.2, 8.11.1, 8.11.0, 7.17.16 support
πNew (ES) 8.11.3, 8.11.2, 8.11.1, 8.11.0, 7.17.16 support
π§Enhancement (KBN) Provide Activate license endpoint to the ReadonlyREST API
π§Enhancement (ES) when the kibana rule and the indices rule are defined in the same block, there is no need to explicitly allow kibana-related indices
πFix (KBN) problem with reports generation when kibana.index in kibana.yml is used
πFix (KBN) crash loop during license service initialization
πFix (KBN) problem with logging in in KBN 7.17.13 (and above) and 8.10.4 (and above) when deployed using ECK
πFix (KBN) problem with multi-tenancy and ECK
πFix (KBN) problem with forbidden /_create/config response on Login to the Kibana
πFix (ES) patching fix, when a non-default ES path is used (e.g. on K8s)
(2023-10-09) What's new in ROR 1.52.0
π¨Security Fix (ES) CVE-2023-4586
πNew (KBN) 8.10.4, 8.10.3, 7.17.15, 7.17.14 support
πNew (ES) 8.10.4, 8.10.3, 7.17.15, 7.17.14 support
πNew (ES) New token_authentication rule
π§Enhancement (KBN) Permanently hide Kibana|ES features that are impossible to support
π§Enhancement (KBN) License expiration reminder
π§Enhancement (KBN) Make kibana.index setting from kibana.yml an invalid property for an Enterprise user
πFix (KBN) Issue with not adding elasticsearch.customHeaders setting from kibana.yml to ROR requests
πFix (KBN) Logout after opening Stack management Upgrading assistant
πFix (KBN) Problem with logging in of two users in two tabs when two Kibana instances are used
πFix (KBN) Problem with logging in when multi-tenancy is enabled and the indices rule is defined in the ROR settings
(2023-09-25) What's new in ROR 1.51.1
π¨Security Fix (ES) fields rule didn't work well in the case of ES 7.10.0 and later and more than 10 documents in the response
πFix (KBN) issue with Observability Overview-based applications hiding
πFix (KBN) Correct kibana.index handling for KBN >= 7.9.0 when multi-tenancy is disabled or unavailable
πFix (KBN) Unrestricted Kibana Access on the tenancy switch when a selected tenant is not available anymore
πFix (KBN) Unhandled error during login when multiTenancyEnabled: false
πFix (ES) LDAP connectivity improvements
(2023-09-10) What's new in ROR 1.51.0
π¨Security Fix (KBN) the issue with api_only access level user and accessing via Kibana UI
πNew (KBN) 8.10.2, 8.10.1, 8.9.2, 7.17.13 support
πNew (ES) 8.10.2, 8.10.1, 8.10.0, 8.9.2, 7.17.13 support
πNew (ES) Dynamic variables transformation support
π§Enhancement (KBN) Expose interactive Swagger as a new Security settings tab
π§Enhancement (KBN) Provide detailed information about the invalid activation key
π§Enhancement (ES) additional hide_apps validation in the kibana rule
πFix (KBN) the issue with the persistence of an activation key provided via UI when readonlyrest_kbn.cookiePass was not provided. The readonlyrest_kbn.cookiePass is required kibana.yml property
πFix (KBN) issues for Kibana versions between 7.9.0 and 7.10.2, related to the activation key, Spaces, and readonlyREST menu crash
πFix (KBN) The issue with a logout from Kibana when the link to the Kibana is open from a third-party application like Gmail
πFix (ES) getting data streams when not full names of backing indices are declared in the indices rule
πFix (ES) stack-management screen fix in case of xpack.security.enabled: true
(2023-07-25) What's new in ROR 1.50.0
πNew (KBN/ES) ECK support
πNew (KBN) 8.9.1, 8.9.0, 7.17.12 support
πNew (ES) 8.9.1, 8.9.0, 7.17.12 support
πNew (KBN) Introduce the new ReadonlyREST API
π§Enhancement (KBN) Remove application item info from URL on the tenant switch to avoid a 404 not found message
π§Enhancement (KBN) Provide Reordering available tenancies for proxy auth authentication
π§Enhancement (KBN) Provide information about granted/rejected log-in users to debug logs
(2023-06-27) What's new in ROR 1.49.1
π¨Security Fix (ES) CVE-2023-2976
π¨Security Fix (ES) CVE-2023-34462
πNew (KBN) 8.8.2, 8.8.1, 8.8.0, 7.17.11 support
πNew (ES) 8.8.2, 7.17.11 support
πNew (ES) LDAP nested groups support
π§Enhancement (KBN) Allow setting default tenancy via /login?defaultGroup query param. To be used with "Custom Middleware" feature for reordering available tenancies in the ROR menu
πFix (ES) Fix for ES warnings in logs about custom action names (ROR internal actions)
πFix (ES) kibana access rw and admin should allow to manage component templates
(2023-05-28) What's new in ROR 1.49.0
πNew (ES) 8.8.1 support
π§Enhancement (KBN) Handle elasticsearch.serviceAccountSupport configuration property
π§Enhancement (KBN) Provide a way to Hidden apps Stack management items hiding
π§Enhancement (KBN) Provide an automated migration of tenancy indices on major Kibana version upgrade
π§Enhancement (ES) external group ID patterns support in the external to local groups mapping
πFix (KBN) the issue with the replica number being set to 0 on tenant index creation
πFix (KBN) users won't log out from Kibana on the 500 status error
πFix (KBN) the issue with Kibana keystore not being read by the Kibana plugin
πFix (KBN < 7.9.0) logging issue when two Kibanas are handled by one browser at the same time
πFix (ES) resolving ENVs to YAML number in ROR settings
(2023-04-15) What's new in ROR 1.48.0
π¨Security Fix (ES) CVE-2022-45688
πNew (KBN) 8.7.1, 7.17.10 support
πNew (ES) 8.8.0, 8.7.1, 7.17.10 support
πNew (KBN/ES) Introducing "Custom Middleware" functionality
πNew (KBN/ES) allowed_api_paths support in the kibana ACL rule
πNew (KBN) Add CSRF protection in the login form
πNew (KBN) Restore deprecated "kibana.index" support for Kibana > 8.x
πNew (ES) all Kibana-related rules are gathered in one, new kibana ACL rule
πNew (ES) audit supports a new output type: log
π§Enhancement (KBN) Provide a way to disable multi-tenancy in ROR Enterprise
π§Enhancement (KBN) Realign index templates behaviour to the old platform
π§Enhancement (KBN) Error logs when SAML obtains an unusable username from the assertion
π§Enhancement (KBN) Test configuration warnings improvement
π§Enhancement (ES) Added support to override default response code for not started ROR
πFix (KBN) Security card not hidden by default
πFix (KBN) Hidden apps regex with two "or" operators don't hide all kibana apps
πFix (KBN) Fix Alerting Rules resulting in logout issue
πFix (KBN) Fix audit dashboard
πFix (KBN) Stop handling 500 error from api/lens/existing_fields
πFix (KBN) Fix lens app
πFix (KBN < 7.9.x) using a custom kibana index in cooperation with ROR Free
(2023-02-13) What's new in ROR 1.47.0
π¨Security Fix (ES) "/" endpoint was not protected for ES 8.x
π¨Security Fix (ES) "/_cat" endpoint was not protected for all ES versions
πNew (KBN) 8.7.0, 8.6.2 support
πNew (ES) 8.7.0, 8.6.2 support
πNew (ES) the data_streams rule
π§Enhancement (KBN) optimisation in hidden apps feature
πFix (KBN) Opening index management mappings tab forces logout
πFix (KBN) Fix dark mode in the ROR menu
πFix (KBN) YAML editor updates and fixes
πFix (ES) Data streams support in the indices rule
πFix (ES) NPE when _search with aggregations (script) and the fields rule were used together
(2023-01-02) What's new in ROR 1.46.0
π¨Security Fix (ES) CVE-2022-1471, CVE-2022-41915, CVE-2022-36944 in audit Scala 2.13 jar
πNew (KBN) 8.6.1, 8.6.0, 7.17.9 support
πNew (ES) 8.6.1, 8.6.0, 7.17.9 support
π§Enhancement (KBN) Activation key management UI
π§Enhancement (KBN) Less verbose logging in info mode
π§Enhancement (KBN) "Stack management" kibana compatibility
πFix (KBN) Test settings pop up won't show
πFix (KBN) hide apps behaviour when "Management" is hidden
πFix (KBN) Data view with a ":" symbol forces logout from a kibana
πFix (KBN) Session probe causes constant refresh when no kibana_access defined
πFix (ES) large report generation using data from a remote cluster with enabled x-pack security
(2022-12-05) What's new in ROR 1.45.1
πNew (KBN) 8.5.3, 7.17.8 support
πNew (ES) 8.5.3, 7.17.8 support
πFix (KBN) ROR KBN patching script
(2022-11-29) What's new in ROR 1.45.0
π¨Security Fix (ES) CVE-2022-42003, CVE-2022-45146
πNew (KBN) Activation Key API: read AK from ROR_ACTIVATION_KEY.txt
πNew (KBN) Activation Key API: submit AK via POST /pkp/license (Basic auth)
πNew (KBN) Inject CSS/JS files in login page
πNew (KBN) Add user metadata to for extra UI customization
πNew (ES) Added groups_and mode to groups_provider_authorization rule
π§Enhancement (ES) all authorization rules support wildcards in group IDs
π§Enhancement (ES) connections in the LDAP pool should not be closed unnecessarily
π§Enhancement (KBN) Deterministic reporting index detection
π§Enhancement (KBN) Move free type impersonation to the local users area
π§Enhancement (KBN) don't logout when initial JWT token expires
πFix (KBN) Direct Kibana API requests not aware of kibana_index
πFix (KBN) RO and RO_strict kibana accesses
πFix (ES) when fls_engine: es is configured and fields rule is used, aggregations should be available only for allowed fields
πFix (ES) Data streams creation issue fix
πFix (ES) Unknown structure of index settings issue fix
πFix (ES) resolving index names with wildcards should take into consideration the current index state and request indices options
(2022-10-09) What's new in ROR 1.44.0
π¨Security Fix (ES) CVE-2022-25857
πNew (KBN) 8.5.2, 8.5.1, 8.5.0, 7.17.7 support
πNew (ES) 8.5.2, 8.5.1, 8.5.0, 7.17.7 support
πNew (KBN) plugin packages are now universal
πNew (KBN) Manage your activation keys through the customer portal
πNew (ES) Added support for certificates in PEM format
π§Enhancement (KBN) SAML groups list duplication made header size exceed limits
π§Enhancement (KBN) kibana_access: admin has now privileges to manage a Kibana cluster
π§Enhancement (ES) added distributed and persistent Test Settings & Auth Mocks configuration for the Impersonation Feature
π§Enhancement (ES) handling high load when LDAP rules are used
π§Enhancement (ES) client_authentication settings in internode SSL configuration
π§Enhancement (ES) acl:available_groups dynamic variable can be used in a single value context
πFix (ES) SNI handling (internode SSL)
(2022-08-22) What's new in ROR 1.43.0
πNew (KBN) 8.4.3, 8.4.2, 8.4.1, 8.4.0, 7.17.6 support
πNew (ES) 8.4.3, 8.4.2, 8.4.1, 8.4.0, 7.17.6 support
πNew (KBN) kibana_custom_js_inject_file feature
πFix (ES) ror-tools fix for Windows OS (patching ES 3.x issue)
πFix (ES) resolving indices in the remote x-pack cluster
πFix (KBN|PRO) ROR menu title wraps when version text is too short (cosmetic)
πFix (KBN) infinite loading when kibana_access not defined for user
πFix (KBN) transient error with randomly choosing off range bind port on localhost
πFix (KBN) 404 on login when xpack.spaces.enabled: false
(2022-07-25) What's new in ROR 1.42.0
πNew (KBN|ES) 8.3.3, 8.3.2, 8.3.1, 8.3.0, 7.15.5 support
π§Enhancement (KBN) Search box in tenancy switcher (when #tenancies > 5)
π§Enhancement (ES) added configuration warnings in the Impersonation Feature
πFix (KBN) Logout didn't delete the SAML session on the IdP
πFix (KBN) 5xx errors from Elasticsearch break Kibana users' session unrecoverably
πFix (ES) ROR node cooperation with X-pack nodes
(2022-06-21) What's new in ROR 1.41.0
πNew (ES) Added groups_and mode to ror_kbn_auth and jwt_auth rules
π§Enhancement (KBN) Prevent native credentials dialogue to appear in Kibana when ES responds 401
π§Enhancement (KBN) Logging in after logout shows the same page you last visited
π§Enhancement (KBN) x-ror-correlation-id header lets you audit a whole Kibana session
πFix (ES|KBN) tenancy selector didn't work well with jwt_auth and ror_kbn_auth rules
πFix (KBN) Support for special characters in tenancy names
πFix (KBN) OIDC logout flow redirecting to bad request error
πFix (KBN) OIDC connector not working in Kibana < 7.12.0
(2022-05-24) What's new in ROR 1.40.0
π¨Security Fix (ES) CVE-2022-25647 & CVE-2022-24823 & CVE-2020-13956 & CVE-2020-36518 & CVE-2020-13956 & CVE-2020-36518
π¨Security Fix (KBN) "Security" app not entirely hidden in 8.2.x
πNew (ES) New Support for 8.2.3, 8.2.2, 8.2.1, 7.17.4
πNew (KBN) New Support for 8.2.2 8.2.1, 7.17.4
πNew (ES & KBN) The Impersonation feature
πNew (ES) FIPS compliant SSL mode
π§Enhancement (KBN) SAML cert is now required
π§Enhancement (KBN) moved OIDC to better library
π§Enhancement (KBN) OIDC jwksURL is now required
πFix (ES) indices: ["1"] interpreted as integer and fails to parse
πFix (KBN) /login?jwt=xxx authorization now works again
πFix (KBN) OIDC/SAML assertion claims were not forwarded to ES
πFix (KBN) include whitelisted headers while logging
πFix (KBN) basepath handling fixes (too many redirects)
πFix (KBN) Make ROR default space the actual default one
πFix (KBN) OIDC connection error
(2022-03-19) What's new in ROR 1.39.0
π¨Security Fix (KBN) XSS sanitize path requested
π¨Security Fix (ES) CVE-2020-36518 & CVE-2022-21653
πNew (KBN) New Support for 8.2.0 8.1.3, 8.1.2, 8.1.1, 8.1.0, 8.0.0, 8.0.1, 7.17.3, 7.17.2
πNew (ES) New Support for 8.2.0, 8.1.3, 8.1.2, 8.1.1, 8.1.0, 8.0.0, 8.0.1 (required additional patching step)
πNew (ES) New Support for 7.17.3, 7.17.2
πNew (ES) New groups_and ACL rule
π§Enhancement (KBN) Stop inlining whitelisted headers into Authorization header
π§Enhancement (KBN) Log additional errors and info related to HA
π§Enhancement (KBN) Misc internal dependencies upgrades
πFix (KBN) Mandatory elasticsearch credentials in kibana.yml
πFix (KBN) Reporting page redirect on refresh when kibana_hide_apps: ["Stack Management"]
πFix (KBN) whitelistedPaths: log errors when 404 occurs
πFix (KBN) Issue uploading large payload
πFix (KBN) elasticsearch.requestHeadersWhitelist should be case insensitive
πFix (ES) Issue with handling data streams by indices rule
πFix (ES) X-Pack SSL nodes cooperation with ROR SSL nodes
πFix (ES) _msearch issue when filter rules was used in matched block
(2022-01-17) What's new in ROR 1.38.0
πNew (ES) New Support for 7.17.0, 7.17.1
πNew (KBN) New Support for 7.17.0
πNew (ES) Configuration for custom audit cluster
π§Enhancement (ES) Separate "audit" section for all audit settings
πFix (KBN) Editor rendering issue with kibana basePath enabled
(2021-12-14) What's new in ROR 1.37.0
π¨Security Fix (ES) CVE-2021-43797
πNew (ES) New Support for 7.16.3, 7.16.2, 6.8.23, 6.8.22
πNew (KBN) New Support for 7.16.3, 7.16.2, 7.16.1, 7.16.10, 6.8.23, 6.8.22, 6.8.21
π§Enhancement (ES) fields rule handling in the context of x-Pack SQL requests
πFix (ES) filter rule handling in the context of x-Pack SQL requests
πFix (KBN) POST / bulk cause an 400 error in devtools console
πFix (KBN) More robust Kibana patcher + better logs messages
(2021-11-21) What's new in ROR 1.36.0
πNew (ES) New Support for 7.16.1, 7.16.0, 6.8.21
πNew (KBN) Support Kibana 7.15.2
π§Enhancement (KBN) kibana_hide_apps: [ror|kibana] to remove kibana mgmt button
πFix (ES) /_snapshot/_status should return only running snapshots
πFix (ES) Adding policy to index template bug
πFix (KBN) Index management tabs result in "forbidden" error
πFix (KBN) corrupted patch file for Kibana 7.9.x
πFix (KBN) YAML editor not working in air-gapped environments
πFix (KBN) Devtools not working
πFix (KBN) Monitoring not working in multi-tenancy
πFix (KBN) Regression in Kibana < 6.8.x front end crash
πFix (KBN) Kibana < 7.8.x prevent navigation to hidden apps from home links
πFix (KBN) Kibana < 7.8.x implicitly hide kibana:dashboard when kibana:dashboards is hidden (and viceversa)
πFix (KBN) Kibana < 7.8.x broken clearSessionOnEvents: [tenancyHop]
(2021-10-17) What's new in ROR 1.35.1
π¨Security Fix (ES) CVE-2021-21409 & CVE-2021-27568
πNew (KBN) Support Kibana 7.15.1
πNew (ES) New Support for 7.15.2
π§Enhancement (KBN) Support "server.ssl.supportedProtocols" settings
π§Enhancement (KBN) Support "server.ssl.cipherSuites"
π§Enhancement (KBN) Always honor SSL cipher order
πFix (KBN) Don'thide "Add/Remove field as column" in Discover app for RO users
πFix (KBN) More alerting fixes (only for main tenancy)
(2021-10-12) What's new in ROR 1.35.0
(2021-09-24) What's new in ROR 1.34.0
(2021-08-14) What's new in ROR 1.33.1
(2021-08-09) What's new in ROR 1.33.0
(2021-07-25) What's new in ROR 1.32.0
(2021-06-29) What's new in ROR 1.31.0
(2021-05-26) What's new in ROR 1.30.1
(2021-05-16) What's new in ROR 1.30.0
(2021-04-09) What's new in ROR 1.29.0
(2021-04-01) What's new in ROR 1.28.2
(2021-03-24) What's new in ROR 1.28.1
(2021-03-14) What's new in ROR 1.28.0
(2021-02-27) What's new in ROR 1.27.1
(2021-02-16) What's new in ROR 1.27.0
(2021-01-11) What's new in ROR 1.26.1
(2021-01-02) What's new in ROR 1.26.0
π¨Security Fix (ES) CVE-2020-35490 & CVE-2020-35490 (removed Jackson dependency from ROR core)
πNew (ES) New response_fields rule
π§Enhancement (ES) Full support for ILM API
π§Enhancement (KBN) Enforce read-after-write consistency between kibana nodes
π§Enhancement (KBN ENT) OIDC custom claims incorporated in "assertion" claim
π§Enhancement (KBN ENT) OIDC support for configurable kibanaExternalHost (good for Docker)
π§Enhancement (KBN ENT) ROR adds "ror-user_" class to "body" tag for easy per-user CSS/JS
π§Enhancement (KBN ENT/PRO) ROR adds "ror-group_" class to "body" tag for easy per-group CSS/JS
πFix (ES) ROR authentication endpoint action
πFix (ES) "username" in audit entry when request is rejected
What's new in 1.25.2
πFix (ES) removed verbose logging
What's new in 1.25.1
π¨Security Fix (ES) CVE-2020-25649
πNew (ES) 7.10.1 support
What's new in 1.25.0
π¨Security Fix (ES) Common Vulnerabilities and Exposures (CVE)
πNew (ES) 7.10.0 support
πNew (ES) auth_key_pbkdf2 rule
π§Enhancement (ES) Fields rule performance improvement
π§Enhancement (ES) Resolved index API support
πFix (ES) index resolve action should be treated as readonly action
πFix (ES) /_snapshot and /_snapshot/_all should behave the same
What's new in 1.24.0
π¨Security Fix (ES) search template handling fix
πNew (ES) 7.9.3 & 6.8.13 support
π§Enhancement (ES) full support for ES Snapshots and Restore APIs
πFix (KBN) fix crash in error handling
πFix (ES) don't remove ES response warning headers
πFix (ES) issue when entropy of /dev/random could have been exhausted when using JwtToken rule
What's new in 1.23.1
πNew (ES) 7.9.2 support
πFix (KBN) fix code 500 error on login in Kibana
What's new in 1.23.0
πNew (ES) introduced must_involve_indices option for indices rule
π§Enhancement (ES) negation support in headers rules
π§Enhancement (ES) x-pack rollup API handling
πFix (KBN) deep links query parameters are now handled
πFix (KBN) make sure default kibana index is always discovered (fixes reporting in 6.x)
πFix (ES) /_cluster/allocation/explain request should not be forbidden if matched block doesn't have indices rules
πFix (ES) remote address extracting issue
πFix (ES) fixed TYP audit field for some request types
What's new in 1.22.1
πFix (ES) missing handling of aliases API for ES 7.9.0
What's new in 1.22.0
πNew (ES) 7.9.0 support
π§Enhancement (ES) aliases API handling
π§Enhancement (ES) dynamic variables support in fields rule
πFix (ES) adding aliases issue
πFix (ES) potential memory leak for ES 7.7.x and above
πFix (ES) cross cluster search issue fix for X-Pack _async_search action
πFix (ES) XFF entry in audit issue
πFix (KBN) SAML certificate loading
πFix (KBN) SAML loading groups from assertion
πFix (KBN) fix reporting in pre-7.7.0
What's new in 1.21.0
π§Enhancement (ES) cluster API support improvements
πFix (ES) X-Pack _async_search support
πFix (ES) _rollover request handling
πFix (ES) handling numeric ssl configuration properties
πFix (KBN) multitenancy+reporting regression fix (for 7.6.x and earlier)
πFix (KBN) "x-" headers should be forwarded in /login route when proxy passthrough is enabled
πFix (KBN) SAML metadata.xml endpoint not responding
πFix (KBN) NAT/reverse proxy support for SAML
πFix (KBN) SAML login redirect error
πFix (ES) _readonlyrest/metadata/current_user should be always allowed by filter/fields rule
What's new in 1.20.0
πNew 7.7.1, 7.8.0 support
π§Enhancement (KBN) tidy up audit page
π§Enhancement (KBN FREE) clearly inform when features are not available
π§Enhancement (KBN) ship license report of libraries
π§Enhancement (ES) filter rule performance improvement
πFix (KBN) proxy_auth: avoid logout-login loop
πFix (KBN) 404 error on font CSS file
πFix (ES) wildcard in filter query issue
πFix (ES) forbidden /_snapshot issue
πFix (ES) /_mget handling by indices rule when no index from a list is found
πFix (ES) available groups order in metadata response should match the order in which groups appear in ACL
πFix (ES) .readonlyrest and audit index - removed usage of explicit index type
πFix (ES) tasks leak bug
What's new in 1.19.5
πNew 7.7.0, 7.6.2, 6.8.9, 6.8.8 support
π§Enhancement (ES/KBN) kibana_access can be explicitly set to unrestricted
π§Enhancement (ES) LDAP connection pool improvement
πFix (ES) better LDAP request timeout handling
πFix (ES) remote indices searching bug
πFix (ES) cross cluster search support for _field_caps request
π¨Security Fix (ES) create and delete templates handling
πFix (KBN) Regression in proxy_auth_passthrough
π§Enhancement (KBN) whitelistedPaths now accepts basic auth credentials
π§Enhancement (KBN) Dump logout button, new ROR Panel
π§Enhancement (KBN) removed ROR from Kibana sidebar. Admins have a link in new panel.
π§Enhancement (KBN) avoid show login form redirecting from SAML IdP
πNew (KBN) OpenID Connect (OIDC) authentication connector
πNew (KBN) login_title, login_subtitle enable 2 column login page
π¨Security Fix (KBN) server-side navigation prevention to hidden apps
What's new in 1.19.4
πFix (ES) Interpolating config with environment variables in SSL section
πFix (KBN Ent 6.x) Fixed default space creation in
πFix (KBN 6.x) Fixed error toast notification not showing
πFix (KBN Ent) Fixed missing Axios dependency
πFix (KBN Ent) Fixed SAML connector
πFix (KBN) Toast notification overlap with logout bar
π§Enhancement (KBN) Restyled logout bar
π§Enhancement (KBN) Configurable periodic session checker
What's new in 1.19.3
πNew (ES/KBN) 7.6.1 compatibility
πNew (ES) customizable name of settings index
π§Enhancement (KBN) configurable ROR cookie name
π§Enhancement (ES/KBN) handling of encoded ROR headers in Authorization header values
π§Enhancement (KBN) user feedback on why login failed
πFix (ES) support for multiple header values
πFix (ES) releasing LDAP connection pool on reloading ROR settings
πFix (KBN) multitenancy issue with 7.6.0+
πFix (KBN) creation of default space for new tenant
πFix (KBN 6.x) in RO mode, don't hide add/remove over fields in discovery
πFix (KBN 6.x) index template & in-index session manager issues
What's new in 1.19.2
πNew (KBN) 7.6.0 support
π§Enhancement (KBN) less verbose info logging
π§Enhancement (KBN) start up time semantic check for settings
πFix (KBN Free) missing logout button
πFix (KBN) error message creating internal proxy
πFix (KBN 6.x) add field to filter button invisible in RO mode
What's new in 1.19.1
πProduct (KBN) Launched ReadonlyREST Free for Kibana!
πNew (ES) 7.6.0 support, Kibana support coming soon
πNew (KBN) Audit log dashboard
πNew (KBN) Template index can now be declared per tenant instead of globally
πNew (ES) custom trust store file and password options in ROR settings
π§Enhancement (ES) When "prompt_for_basic_auth" is enabled, ROR is going to return 401 instead of 404 when the index is not found or a user is not allowed to see the index
π§Enhancement (ES) literal ipv6 with zone Id is acceptable network address
π§Enhancement (ES) LDAP client cache improvements
πFix (ES) /_all/_settings API issue
πFix (ES) Index stats API & Index shard stores API issue
πFix (ES) readonlyrest.force_load_from_file setting decoding issue
πFix (KBN) allowing user to be logged in in two tabs at the same time
πFix (KBN) logging with JWT parameter issue
πFix (KBN) parsing of sessions fetched from ES index
πFix (KBN) logout issue
What's new in 1.19.0
πNew (KBN) Configurable option to delete docs from tenant index when not present in template
π§Enhancement (ES) Less verbose logging of blocks history
π§Enhancement (ES) Enriched logs and audit with attempted username
π§Enhancement (ES) Better settings validation - only one authentication rule can be used in given block
π§Enhancement (ES/KBN) Plugin versions printing in logs on launch
π§Enhancement (ES) When user doesn't have access to given index, ROR pretends that the index doesn't exist and return 404 instead of 403
πFix (ES) Searching for nonexistent/forbidden index with wildcard mirrors default ES behaviour instead of returning 403
πFix (KBN) Switching groups bug
What's new in 1.18.10
πNew (ES/KBN) Support v6.8.6, v7.5.0, v7.5.1
πNew (KBN) Group IDs can now be mapped to aliases
πNew (ES) New, more robust and simple method of creating custom audit log serializers
πNew (ES) Example projects with custom audit log serializers
πFix (KBN) Prevent index migration after kibana startup
π§Enhancement (KBN) If default space doesn't exist in kibana index then copy from default one
π§Enhancement (KBN) Crypto improvements - store init vector with encrypted data as base64 encoded json.
π§Enhancement (ES) Better settings validation - prevent duplicated keys in readonlyrest.yml
What's new in 1.18.9
πNew (ES/KBN) Support v7.4.1, v7.4.2
πNew (KBN) Kibana sessions stored in ES index
πFix (ES) issue with in-index settings auto-reloading
πFix (ES) _cat/indices empty response when matched block doesn't contain 'indices' rule
What's new in 1.18.8
πNew (ES/KBN) Support v7.4.0
πNew (ES) Elasticsearch SQL Support
πNew (ES) Internode ssl support for es5x, es60x, es61x and es62x
πNew (ES) new runtime variable @{acl:current_group}
πNew (ES) namespace for user variable and support for both versions: @{user} and @{acl:user}
πNew (ES) support for multiple values in uri_re rule
π§Enhancement (ES) more reliable in-index settings loading of ES with ROR startup
π§Enhancement (ES) less verbose logs in JWT rules
π§Enhancement (ES) Better response from ROR API when plugin is disabled
π§Enhancement (ES) Splitting verification ssl property to client_authentication and certificate_verification
πFix (ES) issue with backward compatibility of proxy_auth settings
πFix (ES) /_render/template request NPE
πFix (ES) _cat/indices API bug fixes
πFix (ES) _cat/templates API return empty list instead of FORBIDDEN when no indices are found
πFix (ES) updated regex for kibana access rule to support 7.3 ES
πFix (ES) proper resolving of non-string ENV variables in readonlyrest.yml
πFix (ES) lang-mustache search template handling
What's new in 1.18.7
πNew (ES) Field level security (FLS) supports nested JSON fields
πSecurity Fix (ES) Authorization headers appeared in clear in logs
π§Enhancement (KBN) Don't logout users when they are not allowed to search a index-pattern
π§Enhancement (ES) Headers obfuscation is now case insensitive
What's new in 1.18.6
πNew (ES/KBN) Support v7.3.1, v7.3.2
πNew (ES) Configurable header names whose value should be obfuscated in logs
πNew (KBN) Dynamic variables from user identity available in custom_logout_link
π§Enhancement (ES) Richer logs for JWT errors
π§Enhancement (ENT) nextUrl works also with SAML now
π§Enhancement (ENT) SAML assertion object available in ACL dynamic variables
π§Enhancement (KBN) Validate LDAP server(s) before accepting new YAML settings
π§Enhancement (KBN) Ensure a read-only UX for 'ro' users in older Kibana
πFix (ES) Fix memory leak from dependency (snakeYAML)
What's new in 1.18.5
πSecurity Fix (ES) indices rule can now properly handle also the templates API
π§Enhancement (ES) Array dynamic variables are serialized as CSV wrapped in double quotes
π§Enhancement (ES) Cleaner debug logs (no stacktraces on forbidden requests)
π§Enhancement (ES) LDAP debug logs fire also when cache is hit
πNew (ES/KBN) Support v7.2.1, v7.3.0
πFix (PRO) PRO plugin crashing for some Kibana versions
πFix (ENT) SAML library wrote a too large cookie sometimes
πFix (ENT) SAML logout not working
πFix (ENT) JWT fix exception "cannot set requestHeadersWhitelist"
πFix (PRO/ENT) Hide more UI elements for RO users
πFix (PRO/ENT) Sometimes not all the available groups appear in tenancy selector
πFix (PRO/ENT) Feature "nextUrl" broke
πFix (PRO/ENT) prevent user kick-out when APM is not configured and you are not an admin
πNew (PRO/ENT) Kibana request path/method now sent to ES (good for policing dev-tools)
What's new in 1.18.4
πNew (ES) User impersonation API
πNew (ES) Support latest 6.x and 5.x versions
πSecurity Fix (ES) filter/fields rules leak
πFix (KBN/ENT) allow more action for kibana_access, prevent sudden logout
πFix (KBN/ENT) temporarily roll back "support for unlimited tenancies"
What's new in 1.18.3
πNew Support added for ES/Kibana 6.8.1
π§Enhancement (ES) Crash ES on invalid settings instead of stalling forever
π§Enhancement (ES) Better logging on JWT, JSON-paths, LDAP, YAML errors
π§Enhancement (ES) Block level settings validation to user with precious hints
π§Enhancement (ES) If force_load_from_file: true, don't poll index settings
π§Enhancement (ES) Order now counts declaring LDAP Failover HA servers
πFix (ES) "EsIndexJsonContentProvider" had a null pointer exception
πFix (ES) "es.set.netty.runtime.available.processors" exception
π§Enhancement (KBN) Collapsible logout button
π§Enhancement (KBN) ROR App now uses a HA http client
π§Enhancement (KBN) Automatic logout for inactivity
π§Enhancement (KBN) Support unlimited amount of tenancies
πFix (KBN/ENT) concurrent multitenancy bug
πFix (KBN) Avoid sporadic errors on Save/Load buttons
What's new in 1.18.2
πNew Support for Elasticsearch & Kibana 7.2.0
πFix (ES) restore indices ("IDX") in audit logging
π§Enhancement (ES) New algorithm of setting evaluation order
πNew (ES) JWT claims as dynamic variables. I.e. "@{jwt:claim.json.path}"
πNew (ES) "explode" dynamic variables. I.e. indices: ["@explode{x-indices}"]
πFix (PRO/Enterprise) preserve comments and formatting in YAML editor
πFix (PRO/Enterprise) Print error message when session is expired
πRegression (PRO/Enterprise) Redirect to original link after login
πRegression (PRO/Enterprise) Broken CSV reporting
π§Enhancement (PRO/Enterprise) Prevent navigating away from YAML editor w/ unsaved changes
πFix (Enterprise) Exception when SAML connectors were all disabled
πFix (Enterprise) Concurrent tenants could mix up each other kibana index
πFix (Enterprise) Cannot inject custom JS if no custom CSS was also declared
πFix (Enterprise) Injected JS had no effect on ROR logout button
πFix (Enterprise) On narrow screens, the YAML editor showed buttons twice
What's new in 1.18.1
πFix (Elasticsearch) Reindex requests failed for a regression in indices extraction
πFix (Elasticsearch) Groups rule erratically failed
πFix (Elasticsearch) JWT claims can now contain special characters
π§Enhancement (Elasticsearch) Better ACL History logging
π§Enhancement (Elasticsearch) QueryLogSerializer and old custom log serializers work again
πFix (PRO/Enterprise) ReadonlyREST icon in Kibana was white on white
πFix (Enterprise) SAML connectors could not be disabled
πFix (Enterprise) SAML connector "buttonName" didn't work
What's new in 1.18.0
πNew Support for Elasticsearch & Kibana 7.0.1
π§Enhancement (Elasticsearch) empty array values in settings are invalid
πSecurity Fix (Elasticsearch) arbitrary x-cluster search referencing local cluster
πFix (Elasticsearch) ArrayOutOfBoundException on snapshot operations
π§Enhancement (PRO/Enterprise) History cleaning can now be disabled ("clearSessionOnEvents")
What's new in 1.17.7
πNew Support for Elasticsearch 7.0.0 (Kibana is coming soon)
π§Enhancement (Elasticsearch) rewritten LDAP connector
π§Enhancement (Elasticsearch) new core written in Scala is now GA
πFix (Enterprise) devtools requests now honor the currently selected tenancy
πSecurity Fix (Enterprise/PRO) Fix "connectorsService" error in installation
What's new in 1.17.5
πNew Support for Kibana/Elasticsearch 6.7.1
π§Enhancement (Enterprise >= Kibana 6.6.0) Multiple SAML identity provider
πSecurity Fix (Enterprise/PRO) Don't pass auth headers back to the browser
πFix (Enterprise/PRO) Missing null check caused error in reporting (CSV)
πFix (Enterprise) Don't reject requests if SAML groups are not configured
πFix filter/fields rules not working in msearch (in 6.7.x)
π§Enhancement Print whole LDAP search query in debug log
What's new in 1.17.4
πNew Support for Kibana/Elasticsearch 6.7.0
π§Enhancement (PRO/Enterprise) JWT query param is the preferred credentials provider
π§Enhancement (PRO/Enterprise) admin users can use indices management
π§Enhancement (PRO/Enterprise) ro users can dismiss telemetry form
πFix Audit logging in 5.1.x now works again
πFix unpredictable behaviour of "filter" and "fields" when using external auth
πFix LDAP ConcurrentModificationException
πFix Audit logging in 5.1.x now works again
πFix (PRO/Enterprise) JWT deep-link works again
What's new in 1.17.3
1.17.2 went unreleased, all changes have been merged in 1.17.3 directly
πFix (Enterprise) Tenancy selector showing if user belonged to one group
πFix (PRO/Enterprise) RW buttons not hiding for RO users in React Kibana apps
πFix (Enterprise) Tenancy templating now works much more reliably
πFix (Enterprise) Missing tenancy selector icon after switching tenancy
πFix (PRO/Enterprise) barring static files requests caused sudden logout
πFix Numerous fixes to better support Kibana 6.6.x
πFix Critical fixes in new Scala core
πFix Exception in reindex requests caused tenancy templating to fail
π§Enhancement Bypass cross-cluster search logic if single cluster
What's new in 1.17.1
πFix (PRO/Enterprise) SAML now works well in 6.6.x
πFix (PRO/Enterprise) "undefined" authentication error before login
πFix (Enterprise) Default space creation failures for new tenants
πFix (Enterprise) Icons/titles CSS misalignment in sidebar (Firefox)
π§Enhancement(Enterprise) UX: Larger tenancy selector
πSecurity Fix (Enterprise) Privilege escalation when changing tenancies under monitoring
πFix (Elasticsearch) compatibility fixes to support new Kibana features
π§Enhancements (Elasticsearch) New core and LDAP connector written in Scala is finished, now under QA.
What's new in 1.17.0
πNew Feature Support for Kibana/Elasticsearch 6.6.0, 6.6.1
πNew Feature Internode SSL (ES 6.3.x onwards)
π§Enhancement(PRO/Enterprise) UI appearence
π§Enhancement Made HTTP Connection configurable (PR #410)
πFix slow boot due to SecureRandom waiting for sufficient entropy
πFix Enable kibana_access:ro to create short urls in es6.3+ (PR #408)
What's new in 1.16.34
π§Enhancement X-Forwarded-For header in printed es logs ("XFF")
π§Enhancement kibana_index: ".kibana_@{user}" when user is "John Doe" becomes .kibana_john_doe
πFix (Enteprise) parse SAML groups from assertion as array of strings
πFix (Enteprise) SAMLRequest in location header was URLEncoded twice, broke on some IdP
πFix (PRO/Enteprise) "cookiePass" works again, no more need for sticky cookies in load balancers!
πFix (PRO/Enteprise) fix redirect loop with JWT deep linking when JWT token expires
π§Enhancement (PRO/Enteprise) fix audit demo page CSS
π§Enhancement (Enteprise) SAML more configuration parameters available
πNew Feature (PRO/Enteprise) set ROR to debug mode (readonlyrest_kbn.logLevel: "debug")
What's new in 1.16.33
πFix(PRO/Enteprise) compatibility problems with older Kibana versions
πFix(PRO/Enteprise) compatibility problems with OSS Kibana version
What's new in 1.16.32
πNew Feature "kibanaIndexTemplate": default dashboards and spaces for new tenants
π§Enhancement Support for ES/Kibana 6.5.4
π§Enhancement Upgraded LDAP library
π§Enhancement (Enterprise) Now tenants save their CSV exports in their own reporting index
πFix(PRO/Enteprise) Support passwords that start and/or end with spaces
πFix (PRO/Enterprise) Now reporting works again
What's new in 1.16.31
π§Enhancement Support for ES/Kibana 6.5.2, 6.5.3
π§WIP: Laid out the foundation for LDAP HA support
What's new in 1.16.29
π§Enhancement Support for ES/Kibana 6.4.3
πNew Feature (PRO/Enterprise) configurable server side session duration
πNew Feature [LDAP] High Availability: Round Robin or Failover
What's new in 1.16.28
π§Enhancement Support for ES/Kibana 6.4.2
πFix (Enterprise) Multi tenancy: sometimes changing tenancy would not change kibana index
πSecurity Fix (Enterprise/PRO) Avoid echoing Base64 encoded credentials in login form error message
π§Enhancement (Enterprise/PRO) Remove latest search/visualization/dashboard history on logout
π§Enhancement (Enterprise/PRO) Clear transient authentication cookies on login error to avoid authentication deadlocks
πFix: External JWT verification may throw ArrayOutOfBoundException
π§WIP: Laid out the foundation for internode SSL transport (port 9300)
What's new in 1.16.27
πNew Feature [JWT] external validator: it's now possible to avoid storing the private key in settings
π§Enhancement Support for ES/Kibana 6.4.1
π§Enhancement Rewritten big part of ES plugin documentation
π§Enhancement SAML Single log out flow
πFix (Enterprise/PRO) cookiePass works again, but only for Kibana 5.x. Newer Kibana needs sticky sessions in LB.
π§Enhancement (Enterprise/PRO) much faster logout
What's new in 1.16.26
π Fix (PRO/Enterprise) bugs during plugin packaging and installation process
What's new in 1.16.25
πNew Feature Users rule: easily restrict external authentication to a list of users
π§Enhancement Support for ES 5.6.11
πHot Fix (Enterprise/PRO) Error 404 when logging in with older versions of Kibana
What's new in 1.16.24
πNew Feature (Enterprise) SAML Authentication
πNew Feature Support for Elasticsearch and Kibana 6.4.0
πNew Feature Headers rule now split in headers_or and headers_and
π§Enhancement Headers rule now allows wildcards
πNew Feature (Enterprise) Multi-tenancy now works also with JSON groups provider
π Fix Multi-tenancy (Enterprise) incoherent initial kibana_index and current group
What's new in 1.16.23
π§Enhancement Support for Elastic Stack 6.3.1 and 5.6.10
πNew Feature (Enterprise) Custom CSS injection for Kibana
πNew Feature (Enterprise) Custom Javascript injection for Kibana
πNew Feature (PRO/Enterprise) access paths without need to login (i.e. /api/status)
πFix (PRO/Enterprise) Navigating to X-Pack APM caused hidden Kibana apps to reappear
What's new in 1.16.22
πNew Feature: map LDAP groups to local groups (a.k.a. role mapping)
π Fix (Elasticsearch) wildcard aliases resolution not working in "indices" rule.
π§Enhancement: it is now possible now to use JDK 9 and 10
π Fix (PRO/Enterprise) wait forever for login request (i.e. slow LDAP servers)
π Fix (PRO/Enterprise) add spinner and block UI if login request is being sent
π Fix (PRO/Enterprise) if user is logged out because of LDAP cache expiring + slow authentication, redirect to login.
π Fix (PRO/Enterprise) let RO users delete/edit search filters
What's new in 1.16.21
πNew Feature: Introducing support for Elasticsearch and Kibana v6.3.0
π Fix (Enterprise) multi tenancy - switching tenancy does not always switch kibana index
What's new in 1.16.20
ReadonlyREST PRO/Enterprise for Kibana
π§ Enhancement: when login, forward "elasticsearch.requestHeadersWhitelist" headers. (useful for "headers" rule and "proxy_auth" to work well.)
ReadonlyREST for Elasticsearch
πNew Feature: DLS (with dynamic variables suppoort) Thanks DataSweet!
π New feature: Field level security
π New rules: Snapshot, Repositories, Headers
π§ Enhancement: custom audit serializers: the request content is available
π Fix readonlyrest.yml path discovery
π Fix: LDAP available groups discovery (tenancy switcher) corner cases
π Fix: auth_key_sha1, auth_key_sha256 hashes in settings should be case insensitive
π Fix: LDAP authentication didn't work with local group
Last updated