Search Guard 6.x-21.0
Release Date: 07.02.2018
Note: This version of Search Guard requires at least v10 of the Kibana plugin
Fixes
Search Guard
- Password dependent timing side channel in AuthCredentials
- When checking if credentials are present in cache, use MessageDigest.isEqual() instead of Arrays.equals()
- https://github.com/floragunncom/search-guard/issues/439
- DLS: Inner hits/nested results not shown
- When a document contained nested objects they were not present in the search results under certain conditions
- https://groups.google.com/forum/#!searchin/search-guard/nested/search-guard/-9JTfDbJS4U/474EfzOUBAAJ
- Multi tenancy: Do not upgrade Kibana index in ES/KI >= 6.1.0
- Due to changes in Kibana it is not necessary anymore to upgrade the tenant indices in the multi tenancy module
- https://github.com/floragunncom/search-guard/issues/444
- Improved error messages if wrong certificate is used
- Audit Logging: request body on Transport layer cut off
- In some cases the request body for events on the transport layer was cut off and contained too many escape signs
- sgadmin: add ability to prompt for passwords
- Instead of providing passwords on the command line sgadmin can now prompt for them to avoid storing them in the bash historx
- sgadmin: warn when cluster consists of nodes with different versions
- When running a cluster where the nodes have different versions sgadmin now issues a warning
- sgadmin: warn when admin certificate is also a node certificate (fails if fast fail is given)
Features
- LDAP: Make connect timeout and response timeout configurable
- add connect_timeout and response_timeout which maps to com.sun.jndi.ldap.connect.timeout and com.sun.jndi.ldap.read.timeout
- Make custom attributes available for the internal user database