Search Guard Kibana Plugin 7.x-36.1.0
Release Date: 03.09.2019
Security Fixes
- Issue a warning and refuse to start if
alwaysPresentCertificate
is set true and the Kibana server user is configured to use client TLS certificate authentication. In this scenario, a regular user can gain the privileges of the Kibana server user,
Fixes
- Fixed an issue with proxy cache authentication where the session was not cleared correctly after expiration
- Issue a warning if “do not fail on forbidden” is set to false. Kibana requires this feature to run correctly
Features
n/a