(-stable has 5.2.2 which isn't affected)
ESA-2017-07 CVE-2017-8439 2017-06-01 Kibana version 5.4.0 was affected
by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder.
This bug could allow an attacker to obtain sensitive information from
Kibana users. All Kibana 5.4.0 users should upgrade to version 5.4.1.
If upgrading is impossible, the time series visual builder can be
disabled by setting metrics.enabled: false in the kibana.yml. Note that
this will trigger a re-optimization when you restart Kibana.
ESA-2017-08 CVE-2017-8440 2017-06-01 Starting in version 5.3.0, Kibana
had a cross-site scripting (XSS) vulnerability in the Discover page
that could allow an attacker to obtain sensitive information from or
perform destructive actions on behalf of other Kibana users. Thanks to
Thomas G ytil for reporting this issue. All users of Kibana 5.3 or 5.4
should upgrade to versions 5.3.3 and 5.4.1.
https://www.elastic.co/blog/kibana-4-5-3-and-4-1-10:
"Kibana has important fix regarding tile maps, it stopped working
yesterday due to MapQuest discontinued tile API access which was used by Kibana"
from Pavel Korovin (MAINTAINER)
ok aja@ sthen@
Original submission from Pavel Korovin, hints from me, jasper and sebastia@
ok sebastia@ and jasper@ on a previous diff.
pkg/DESCR
Kibana is an open source data visualization platform that allows
you to interact with your data through stunning, powerful graphics
that can be combined into custom dashboards that help you share
insights from your data far and wide.
