Search Guard 6.x-25.3

Release Date: 19.07.2019

25.2 was skipped

• Upgrade Guide from 5.x to 6.x
• Upgrade Guide to 6.5.x

Security Fixes

n/a

Fixes

• [BREAKING] Fix wrong content-type in HTTP responses for REST API #638 (#52)

• Fixed build pipeline to circumvent wrong plugin version info #700

• Fix default permissions to allow Index Lifecycle Management (ILM) for logstash user and beats #694 (#713)
  • Also added new default action groups CLUSTER_MANAGE_ILM, CLUSTER_READ_ILM, INDICES_MANAGE_ILM, CLUSTER_MANAGE_INDEX_TEMPLATES and CLUSTER_MANAGE_PIPELINES
    
    

• Fixed when tenants not handled correctly when using impersonation #714

• Fix JSON unescaping bug which caused issues when JWK KID’s contained forward slashes #49

• Better tolerate SAML IdP problems upon startup #48

• Dependency updates
  • Update Bouncycastle to 1.62
  • Update Jackson databind dependency to 2.9.9
  • Update Kafka client dependency to 2.0.1 (alongside with spring-kafka-test)
  • Upgrade CXF to 3.2.9
    
    

• Fix index resolution for *,-index like patterns #712

• Added searchguard.filter_sgindex_from_all_requests option in elasticsearch.yml to filter out the searchguard index from all-index requests
  • When set to true Search Guard will under the hood filter out the searchguard index from requests targeting all indices like * or _all
  • Default is false to make this change to a breaking change (will be true by default in future releases)
    
    

• [REGRESSION] Respect also non-dn usernames when skipping users for LDAP authorization in ldap2 backend

• Fix access control exception with ldap2 backend