Search Guard 6.x-21.0

Release Date: 07.02.2018

Upgrade Guide from 5.x to 6.x

Note: This version of Search Guard requires at least v10 of the Kibana plugin

Fixes

Search Guard

  • Password dependent timing side channel in AuthCredentials
  • DLS: Inner hits/nested results not shown
  • Multi tenancy: Do not upgrade Kibana index in ES/KI >= 6.1.0
  • Improved error messages if wrong certificate is used
  • Audit Logging: request body on Transport layer cut off
    • In some cases the request body for events on the transport layer was cut off and contained too many escape signs
  • sgadmin: add ability to prompt for passwords
    • Instead of providing passwords on the command line sgadmin can now prompt for them to avoid storing them in the bash historx
  • sgadmin: warn when cluster consists of nodes with different versions
    • When running a cluster where the nodes have different versions sgadmin now issues a warning
  • sgadmin: warn when admin certificate is also a node certificate (fails if fast fail is given)

Features

  • LDAP: Make connect timeout and response timeout configurable
    • add connect_timeout and response_timeout which maps to com.sun.jndi.ldap.connect.timeout and com.sun.jndi.ldap.read.timeout
  • Make custom attributes available for the internal user database