Search Guard 6.x-25.3
Release Date: 19.07.2019
25.2 was skipped
Security Fixes
n/a
Fixes
-
[BREAKING] Fix wrong content-type in HTTP responses for REST API #638 (#52)
-
Fixed build pipeline to circumvent wrong plugin version info #700
- Fix default permissions to allow Index Lifecycle Management (ILM) for logstash user and beats #694 (#713)
- Also added new default action groups CLUSTER_MANAGE_ILM, CLUSTER_READ_ILM, INDICES_MANAGE_ILM, CLUSTER_MANAGE_INDEX_TEMPLATES and CLUSTER_MANAGE_PIPELINES
- Also added new default action groups CLUSTER_MANAGE_ILM, CLUSTER_READ_ILM, INDICES_MANAGE_ILM, CLUSTER_MANAGE_INDEX_TEMPLATES and CLUSTER_MANAGE_PIPELINES
-
Fixed when tenants not handled correctly when using impersonation #714
-
Fix JSON unescaping bug which caused issues when JWK KID’s contained forward slashes #49
-
Better tolerate SAML IdP problems upon startup #48
- Dependency updates
- Update Bouncycastle to 1.62
- Update Jackson databind dependency to 2.9.9
- Update Kafka client dependency to 2.0.1 (alongside with spring-kafka-test)
- Upgrade CXF to 3.2.9
-
Fix index resolution for
*,-index
like patterns #712 - Added
searchguard.filter_sgindex_from_all_requests
option in elasticsearch.yml to filter out the searchguard index from all-index requests- When set to
true
Search Guard will under the hood filter out the searchguard index from requests targetingall
indices like*
or_all
- Default is
false
to make this change to a breaking change (will betrue
by default in future releases)
- When set to
-
[REGRESSION] Respect also non-dn usernames when skipping users for LDAP authorization in
ldap2
backend - Fix access control exception with
ldap2
backend