Search Guard 6.x-25.0

Release Date: 24.04.2019

Security Fixes



Search Guard

  • [BREAKING] Align transport impersonation with rest impersonation #684
  • [BREAKING] Don’t allow anyone to freeze the searchguard index or update mapping, settings or aliases #683
  • Fix an issue where user attributes are not populated in case of impersonation [Credits @turettn] #678
  • Fix “X-Opaque-Id header not propagated when using SearchGuard” #669
  • Fix an issue where the CCS index patterns could to be created in Kibana #675
  • Update Bouncy Castle dependency to 1.61 - For ES 6.5 and higher #682
  • Also fix a bug where “searchguard.unsupported.restore.sgindex.enabled” was not working correctly #683


  • Fix sgadmin swallows stderr + show more details in case of config parse exceptions #679


  • Reduce loglevel of Kerberos GSSException #43


  • JWT signature validation adopted to JWK without alg header #44


  • Allow DLS query with date-math #677


  • Better error message if ‘rename_pattern’ during snapshot restore is invalid #663


  • Support environment variables in sg_*.yml files to make them passwordless #676
  • Introduce authentication rate limiting feature to prevent brute force attacks #685
  • Return empty result instead of 403 when no indices permitted an dnfof is enabled #680