Search Guard 6.x-25.0

Release Date: 24.04.2019

Security Fixes

n/a

Fixes

Search Guard

  • [BREAKING] Align transport impersonation with rest impersonation #684
  • Fix an issue where user attributes are not populated in case of impersonation [Credits @turettn] #678
  • Fix “X-Opaque-Id header not propagated when using SearchGuard” #669
  • Fix an issue where the CCS index patterns could to be created in Kibana #675
  • Update Bouncy Castle dependency to 1.61 - For ES 6.5 and higher #682
  • Don’t allow anyone to freeze the searchguard index or update mapping, settings or aliases #683
  • Also fix a bug where “searchguard.unsupported.restore.sgindex.enabled” was not working correctly #683

sgadmin

  • Fix sgadmin swallows stderr + show more details in case of config parse exceptions #679

Kerberos

  • Reduce loglevel of Kerberos GSSException #43

JWT

  • JWT signature validation adopted to JWK without alg header #44

DLS

  • Allow DLS query with date-math #677

Snapshot/Restore

  • Better error message if ‘rename_pattern’ during snapshot restore is invalid #663

Features

  • Support environment variables in sg_*.yml files to make them passwordless #676
  • Introduce authentication rate limiting feature to prevent brute force attacks #685
  • Return empty result instead of 403 when no indices permitted an dnfof is enabled #680