Search Guard 6.x-25.0

Release Date: 24.04.2019

• Upgrade Guide from 5.x to 6.x
• Upgrade Guide to 6.5.x

Security Fixes

n/a

Fixes

Search Guard

• [BREAKING] Align transport impersonation with rest impersonation #684
• [BREAKING] Don’t allow anyone to freeze the searchguard index or update mapping, settings or aliases #683
• Fix an issue where user attributes are not populated in case of impersonation [Credits @turettn] #678
• Fix “X-Opaque-Id header not propagated when using SearchGuard” #669
• Fix an issue where the CCS index patterns could to be created in Kibana #675
• Update Bouncy Castle dependency to 1.61 - For ES 6.5 and higher #682
• Also fix a bug where “searchguard.unsupported.restore.sgindex.enabled” was not working correctly #683

sgadmin

• Fix sgadmin swallows stderr + show more details in case of config parse exceptions #679

Kerberos

• Reduce loglevel of Kerberos GSSException #43

JWT

• JWT signature validation adopted to JWK without alg header #44

DLS

• Allow DLS query with date-math #677

Snapshot/Restore

• Better error message if ‘rename_pattern’ during snapshot restore is invalid #663

Features

• Support environment variables in sg_*.yml files to make them passwordless #676
• Introduce authentication rate limiting feature to prevent brute force attacks #685
• Return empty result instead of 403 when no indices permitted an dnfof is enabled #680