Search Guard 6.x-22.3
Release Date: 21.06.2018
Fixes
Search Guard
- Do not serialize inner LdapEntry in LDAPUser
- Fixes performance problems with huge LDAP entries
- Fixed alias resolution when permitted alias is a pattern
- Fixed permission issue when an alias is created together with an index but no permissions given to create an alias
- roleMapSettings.getAsList(“.hosts”) was incorrectly handled
- Demo installer doesn’t check for “xpack.security.enabled” before adding to config
- Valid license gets replaced with Trial license with sgadmin
- Fixed a NullPointerException when caller remote address is null
Features
Search Guard
- strengthen
plugin-security.policy
to allow native library to be loaded from netty-common codebase only - Update Guava to 25.1
- Added .kibana-6 to default configuration for a smoother upgrade from 5.x
- Replace “MONITOR” action group by “INDICES_MONITOR”
- https://github.com/floragunncom/search-guard/pull/479
- Contributed by sylmarch
- Disable user cache automatically for JWT authentication
- Add verbose parameter to authinfo endpoint
- Add
searchguard.dynamic.multi_rolespan_enabled
- If set to true permissions on the same index that are defined in different roles are evaluated
- Default is
false
(for backwards compatibility)
DLS/FLS
- DLS/FLS performance improvements
- Turn off query node cache for fls requests
sgadmin
- Allow disable of auto-expand and setting of replica count in single run
Active Directory / LDAP
- Introduced LDAP custom attributes filtering and whitelisting
- This makes it possible to select which LDAP attributes should be added to the Search Guard user
- https://github.com/floragunncom/search-guard-enterprise-modules/pull/3
- Support for non-DN LDAP roles as user attribute and multiple keys
- Roles as direct user attributes had to be DNs. We now also allow non-DN role names
- You can now define multiple attributes to fetch LDAP roles from
- https://github.com/floragunncom/search-guard-enterprise-modules/pull/2
- Updated ldaptive to 1.2.3 (official version)
Various
Search Guard SSL
- BREAKING: Search Guard SSL will not be released as a separate plugin anymore, due to low usage and high maintenance efforts. The code will eventually be merged into Search Guard beginning with Search Guard 7.