c718b17465
(-stable has 5.2.2 which isn't affected) ESA-2017-07 CVE-2017-8439 2017-06-01 Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. This bug could allow an attacker to obtain sensitive information from Kibana users. All Kibana 5.4.0 users should upgrade to version 5.4.1. If upgrading is impossible, the time series visual builder can be disabled by setting metrics.enabled: false in the kibana.yml. Note that this will trigger a re-optimization when you restart Kibana. ESA-2017-08 CVE-2017-8440 2017-06-01 Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. Thanks to Thomas G ytil for reporting this issue. All users of Kibana 5.3 or 5.4 should upgrade to versions 5.3.3 and 5.4.1. |
||
|---|---|---|
| .. | ||
| patches | ||
| pkg | ||
| distinfo | ||
| Makefile | ||