Search Guard FLX 1.3.0
Release Date: 2023-08-28
This is a new minor release of Search Guard FLX.
It brings some new features especially for the Audit Log, some bug fixes and updates a number of dependencies.
Audit Log: New categories for Kibana login and logout
If a users logs in into Kibana a
KIBANA_LOGIN event is generated and when the user logs out a
KIBANA_LOGOUT event is generated.
Audit Log: Custom fields
You can now add custom fields with static values, that should be stored in Audit Logs.
Audit Log: New field in the Audit Logs containing the Elasticsearch version
A new field
audit_node_elasticsearch_version, which contains the Elasticsearch version when the event was created, is now logged.
Audit Log: New events in Audit Logs for index template creation/update/deletion
Add new category
COMPLIANCE_INDEX_TEMPLATE_WRITE to track modification on index templates.
Audit Log: New events in Audit Logs for operations on indices (create, delete, update settings/mappings)
Add new category
INDEX_WRITE to track modification on indices (created index, updated index settings/mappings or deleted index).
Authentication: Renamed OIDC Endpoint
Search Guard implements OIDC which is not the same as OpenID. To avoid confusion, the endpoint were renamed from
/auth/oidc/login. In order to keep backwards compatibility
/auth/openid/login is kept, but usage is not recommended.
Signals: Global config for trusted certs of external HTTP interfaces
Simplify the management for trusted certificates with Webhook action and HTTP input and Jira actions. It is now possible to manage truststores via an API and then reference them in watches.
Signals: Convert runtime data to JSON in Webhook action and HTTP input
Make it possible to directly convert runtime data to JSON in Webhook action and HTTP input.
Signals: Global setting to configure a lower bound for throttling
Introduces a configurable lower bound for throttling. This can serve as a rate limiting feature for watches.
Fix handling of
Kibana: Fails to edit a user created with API call and no backend_roles
Fix Kibana when edit a user created with an API call and no backend_roles.
LDAP: connection pool min and max values are not respected
Kibana: Missing privilege for kibanaserver user on Kibana 8.6
Signals: Slack’s attachment is sent as a string instead of an array
Signals: Painless script execution fails when endpoint /_scripts/painless/_execute is used
- See the complete changes in the Gitlab Milestone