Search Guard 6.x-23.1

Release Date: 25.09.2018

Upgrade Guide from 5.x to 6.x

Security Fixes

Search Guard

Fixes

Search Guard

  • Added additional permissions to sg_logstash role
  • Regression: Snapshot restore against client nodes not working
  • Regression: Reducing indices to only allowed indices not working with multiple roles
    • When using multiple roles that grant access to different indices, the “do not fail on forbidden” feature would not work correctly when using aliases with wildcards on these indices. This affects mainly Kibana users.
    • This was fixed in the compliance edition code tree and is now working consistently in the new merged code trees as well
  • Reducing aliases to only allowed indices not working with multiple roles
    • When using aliases with wildcards, Search Guard would not always reduce the indices to the allowed indices correctly when using the “do not fail on forbidden” feature. This affects mainly Kibana users.
  • License keys generated with new code signing key not working
  • SAML module would not be listed as enterprise module on _searchguard/license HTTP endpoint

JWT

  • BREAKING: The JWT module now requires a minimum shared secret length of 32 characters
    • This is mandated by the JWT specification, so it should only affect non-spec conformant use cases