[{"version": "1.56.0", "changes": ["\ud83d\ude80New (KBN) Provide a way to switch light/dark mode per user", "\ud83d\ude80New (KBN) 8.13.2, 8.13.1, 8.13.0, 7.17.20, 7.17.19 support", "\ud83d\ude80New (ES) 8.13.2, 8.13.1, 8.13.0, 7.17.20, 7.17.19 support", "\u26a0\ufe0fWarning (ES) for ES > 6.5 patching is required since this version of ROR", "\ud83e\uddd0Enhancement (KBN) The activation key will be revalidated in the interval ", "\ud83e\uddd0Enhancement (KBN) Provide a way to define Activation key retrieval mode", "\ud83d\udc1eFix (KBN) Sometimes reports are not generated correctly for Kibana >= 8.0.0 and \"Max attempt reached\" error  appears ", "\ud83d\udc1eFix (KBN) The OIDC scope configuration property was not applied and the default configuration was used instead.", "\ud83d\udc1eFix (KBN) The OIDC proxy parameter was not handled properly in case of HTTPs connection over HTTP proxy server", "\ud83d\udc1eFix (KBN) Missing information when Kibana is not patched", "\ud83d\udc1eFix (ES) Repositories and Snapshots handling by ES coordinating nodes", "\ud83d\udc1eFix (ES) Internode SSL certificate_verification: true was causing problems with nodes discovery", "\ud83d\udc1eFix (ES) Missing x-elastic-product header in the response when fields and filter rules were used", "\ud83d\udc1eFix (ES) Proper forbid policy handling during processing ROR login request", "\ud83d\udc1eFix (ES) application/nd-json media type handling (in case of ES 7.x versions)"]}, {"version": "1.55.0", "changes": ["\ud83d\udea8Security Fix (ES) CVE-2023-51074", "\ud83d\ude80New (KBN) 8.12.2 ,8.12.1, 7.17.18, 7.17.17 support", "\ud83d\ude80New (ES) 8.12.2, 8.12.1, 7.17.18 support", "\ud83d\ude80New (ES) Elasticsearch images with preinstalled ReadonlyREST plugin in Docker Hub", "\ud83e\uddd0Enhancement (KBN) Optional readonlyrest_kbn.auth.oidc_kc.proxyURL kibana.yml configuration for the OIDC connection which allows declaring your proxy URL", "\ud83e\uddd0Enhancement (KBN) Upon successful activation and edition changes all sessions are cleared and users are logged out", "\ud83d\udc1eFix (KBN) Saved objects are not visible for the users on Kibana >= 8.8.0", "\ud83d\udc1eFix (ES) LDAP nested group names are properly escaped", "\ud83d\udc1eFix (ES) Logout when a user with restricted kibana.access tried to see a restoration status of snapshots in Kibana"]}, {"version": "1.54.0", "changes": ["\ud83d\udea8Security Fix (ES) Scroll API: protected data could leak when the fields rule was used with fls_engine set to es or es_with_lucene", "\ud83d\ude80New (KBN) 8.12.0, 8.11.4 support", "\ud83d\ude80New (ES) 8.12.0, 8.11.4, 7.17.17 support", "\ud83e\uddd0Enhancement (KBN) Provide automatic cleaning of stale sessions", "\ud83e\uddd0Enhancement (KBN) Provide automatic cleaning of stale CSRF cookies", "\ud83d\udc1eFix (KBN) Adjust the ROR API POST license endpoint body to the contract to respect the license body parameter instead of a token", "\ud83d\udc1eFix (KBN) `CorelationId`` is changed on every session refresh", "\ud83d\udc1eFix (ES) \"missing authorization info\" problem in some situations when xpack.security.enabled was configured to be true"]}, {"version": "1.53.0", "changes": ["\ud83d\udea8Security Fix (ES) CVE-2023-4586, CVE-2023-5072", "\ud83d\ude80New (KBN) 8.11.3, 8.11.2, 8.11.1, 8.11.0, 7.17.16 support", "\ud83d\ude80New (ES) 8.11.3, 8.11.2, 8.11.1, 8.11.0, 7.17.16 support", "\ud83e\uddd0Enhancement (KBN) Provide Activate license endpoint to the ReadonlyREST API", "\ud83e\uddd0Enhancement (ES) when the kibana rule and the indices rule are defined in the same block, there is no need to explicitly allow kibana-related indices", "\ud83d\udc1eFix (KBN) problem with reports generation when kibana.index in kibana.yml is used", "\ud83d\udc1eFix (KBN) crash loop during license service initialization", "\ud83d\udc1eFix (KBN) problem with logging in in KBN 7.17.13 (and above) and 8.10.4 (and above) when deployed using ECK", "\ud83d\udc1eFix (KBN) problem with multi-tenancy and ECK", "\ud83d\udc1eFix (KBN) problem with forbidden /_create/config response on Login to the Kibana", "\ud83d\udc1eFix (ES) patching fix, when a non-default ES path is used (e.g. on K8s)"]}, {"version": "1.52.0", "changes": ["\ud83d\udea8Security Fix (ES) CVE-2023-4586", "\ud83d\ude80New (KBN) 8.10.4, 8.10.3, 7.17.15, 7.17.14 support", "\ud83d\ude80New (ES) 8.10.4, 8.10.3, 7.17.15, 7.17.14 support", "\ud83d\ude80New (ES) New token_authentication rule", "\ud83e\uddd0Enhancement (KBN) Permanently hide Kibana|ES features that are impossible to support", "\ud83e\uddd0Enhancement (KBN) License expiration reminder", "\ud83e\uddd0Enhancement (KBN) Make kibana.index setting from kibana.yml an invalid property for an Enterprise user", "\ud83d\udc1eFix (KBN) Issue with not adding elasticsearch.customHeaders setting from kibana.yml to ROR requests", "\ud83d\udc1eFix (KBN) Logout after opening Stack management Upgrading assistant", "\ud83d\udc1eFix (KBN) Problem with logging in of two users in two tabs when two Kibana instances are used", "\ud83d\udc1eFix (KBN) Problem with logging in when multi-tenancy is enabled and the indices rule is defined in the ROR settings"]}, {"version": "1.51.1", "changes": ["\ud83d\udea8Security Fix (ES) fields rule didn't work well in the case of ES 7.10.0 and later and more than 10 documents in the response", "\ud83d\udc1eFix (KBN) issue with Observability Overview-based applications hiding", "\ud83d\udc1eFix (KBN) Correct kibana.index handling for KBN >= 7.9.0 when multi-tenancy is disabled or unavailable", "\ud83d\udc1eFix (KBN) Unrestricted Kibana Access on the tenancy switch when a selected tenant is not available anymore", "\ud83d\udc1eFix (KBN) Unhandled error during login when multiTenancyEnabled: false", "\ud83d\udc1eFix (ES) LDAP connectivity improvements"]}, {"version": "1.51.0", "changes": ["\ud83d\udea8Security Fix (KBN) the issue with api_only access level user and accessing via Kibana UI", "\ud83d\ude80New (KBN) 8.10.2, 8.10.1, 8.9.2, 7.17.13 support", "\ud83d\ude80New (ES) 8.10.2, 8.10.1, 8.10.0, 8.9.2, 7.17.13 support", "\ud83d\ude80New (ES) Dynamic variables transformation support", "\ud83e\uddd0Enhancement (KBN) Expose interactive Swagger as a new Security settings tab", "\ud83e\uddd0Enhancement (KBN) Provide detailed information about the invalid activation key", "\ud83e\uddd0Enhancement (ES) additional hide_apps validation in the kibana rule", "\ud83d\udc1eFix (KBN) the issue with the persistence of an activation key provided via UI when readonlyrest_kbn.cookiePass was not provided. The readonlyrest_kbn.cookiePass is required kibana.yml property", "\ud83d\udc1eFix (KBN) issues for Kibana versions between 7.9.0 and 7.10.2, related to the activation key, Spaces, and readonlyREST menu crash", "\ud83d\udc1eFix (KBN) The issue with a logout from Kibana when the link to the Kibana is open from a third-party application like Gmail", "\ud83d\udc1eFix (ES) getting data streams when not full names of backing indices are declared in the indices rule", "\ud83d\udc1eFix (ES) stack-management screen fix in case of xpack.security.enabled: true"]}, {"version": "1.50.0", "changes": ["\ud83d\ude80New (KBN/ES) ECK support", "\ud83d\ude80New (KBN) 8.9.1, 8.9.0, 7.17.12 support", "\ud83d\ude80New (ES) 8.9.1, 8.9.0, 7.17.12 support", "\ud83d\ude80New (KBN) Introduce the new ReadonlyREST API", "\ud83e\uddd0Enhancement (KBN) Remove application item info from URL on the tenant switch to avoid a 404 not found message", "\ud83e\uddd0Enhancement (KBN) Provide Reordering available tenancies for proxy auth authentication", "\ud83e\uddd0Enhancement (KBN) Provide information about granted/rejected log-in users to debug logs"]}, {"version": "1.49.1", "changes": ["\ud83d\udea8Security Fix (ES) CVE-2023-2976", "\ud83d\udea8Security Fix (ES) CVE-2023-34462", "\ud83d\ude80New (KBN) 8.8.2, 8.8.1, 8.8.0, 7.17.11 support", "\ud83d\ude80New (ES) 8.8.2, 7.17.11 support", "\ud83d\ude80New (ES) LDAP nested groups support", "\ud83e\uddd0Enhancement (KBN) Allow setting default tenancy via /login?defaultGroup query param. To be used with \u201cCustom Middleware\u201d feature for reordering available tenancies in the ROR menu ", "\ud83d\udc1eFix (ES) Fix for ES warnings in logs about custom action names (ROR internal actions)", "\ud83d\udc1eFix (ES) kibana access rw and admin should allow to manage component templates"]}, {"version": "1.49.0", "changes": ["\ud83d\ude80New (ES) 8.8.1 support", "\ud83e\uddd0Enhancement (KBN) Handle elasticsearch.serviceAccountSupport configuration property", "\ud83e\uddd0Enhancement (KBN) Provide a way to Hidden apps Stack management items hiding", "\ud83e\uddd0Enhancement (KBN) Provide an automated migration of tenancy indices on major Kibana version upgrade", "\ud83e\uddd0Enhancement (ES) external group name patterns support in the external to local groups mapping", "\ud83d\udc1eFix (KBN) the issue with the replica number being set to 0 on tenant index creation", "\ud83d\udc1eFix (KBN) users won\u2019t log out from Kibana on the 500 status error", "\ud83d\udc1eFix (KBN) the issue with Kibana keystore not being read by the Kibana plugin", "\ud83d\udc1eFix (KBN < 7.9.0) logging issue when two Kibanas are handled by one browser at the same time", "\ud83d\udc1eFix (ES) resolving ENVs to YAML number in ROR settings"]}, {"version": "1.48.0", "changes": ["\ud83d\udea8Security Fix (ES) CVE-2022-45688", "\ud83d\ude80New (KBN) 8.7.1, 7.17.10 support", "\ud83d\ude80New (ES) 8.8.0, 8.7.1, 7.17.10 support", "\ud83d\ude80New (KBN/ES) Introducing \"Custom Middleware\" functionality", "\ud83d\ude80New (KBN/ES) allowed_api_paths support in the kibana ACL rule", "\ud83d\ude80New (KBN) Add CSRF protection in the login form", "\ud83d\ude80New (KBN) Restore deprecated \u201ckibana.index\u201d support for Kibana > 8.x", "\ud83d\ude80New (ES) all Kibana-related rules are gathered in one, new kibana ACL rule", "\ud83d\ude80New (ES) audit supports a new output type: log", "\ud83e\uddd0Enhancement (KBN) Provide a way to disable multi-tenancy in ROR Enterprise", "\ud83e\uddd0Enhancement (KBN) Realign index templates behaviour to the old platform", "\ud83e\uddd0Enhancement (KBN) Error logs when SAML obtains an unusable username from the assertion", "\ud83e\uddd0Enhancement (KBN) Test configuration warnings improvement", "\ud83e\uddd0Enhancement (ES) Added support to override default response code for not started ROR", "\ud83d\udc1eFix (KBN) Security card not hidden by default", "\ud83d\udc1eFix (KBN) Hidden apps regex with two \u201cor\u201d operators don\u2019t hide all kibana apps", "\ud83d\udc1eFix (KBN) Fix Alerting Rules resulting in logout issue", "\ud83d\udc1eFix (KBN) Fix audit dashboard", "\ud83d\udc1eFix (KBN) Stop handling 500 error from api/lens/existing_fields", "\ud83d\udc1eFix (KBN) Fix lens app", "\ud83d\udc1eFix (KBN < 7.9.x) using a custom kibana index in cooperation with ROR Free"]}, {"version": "1.47.0", "changes": ["\ud83d\udea8Security Fix (ES) \"/\" endpoint was not protected for ES 8.x", "\ud83d\udea8Security Fix (ES) \"/_cat\" endpoint was not protected for all ES versions", "\ud83d\ude80New (KBN) 8.7.0, 8.6.2 support", "\ud83d\ude80New (ES) 8.7.0, 8.6.2 support", "\ud83d\ude80New (ES) the data_streams rule", "\ud83e\uddd0Enhancement (KBN) optimisation in hidden apps feature", "\ud83d\udc1eFix (KBN) Opening index management mappings tab forces logout", "\ud83d\udc1eFix (KBN) Fix dark mode in the ROR menu", "\ud83d\udc1eFix (KBN) YAML editor updates and fixes", "\ud83d\udc1eFix (ES) Data streams support in the indices rule", "\ud83d\udc1eFix (ES) NPE when _search with aggregations (script) and the fields rule were used together"]}, {"version": "1.46.0", "changes": ["\ud83d\udea8Security Fix (ES) CVE-2022-1471, CVE-2022-41915, CVE-2022-36944 in audit Scala 2.13 jar", "\ud83d\ude80New (KBN) 8.6.1, 8.6.0, 7.17.9 support", "\ud83d\ude80New (ES) 8.6.1, 8.6.0, 7.17.9 support", "\ud83e\uddd0Enhancement (KBN) Activation key management UI", "\ud83e\uddd0Enhancement (KBN) Less verbose logging in info mode", "\ud83e\uddd0Enhancement (KBN) \u201cStack management\u201d kibana compatibility", "\ud83d\udc1eFix (KBN) Test settings pop up won\u2019t show", "\ud83d\udc1eFix (KBN) hide apps behaviour when \u201cManagement\u201d is hidden", "\ud83d\udc1eFix (KBN) Data view with a \u201c:\u201d symbol forces logout from a kibana", "\ud83d\udc1eFix (KBN) Session probe causes constant refresh when no kibana_access defined", "\ud83d\udc1eFix (ES) large report generation using data from a remote cluster with enabled x-pack security"]}, {"version": "1.45.1", "changes": ["\ud83d\ude80New (KBN) 8.5.3, 7.17.8 support", "\ud83d\ude80New (ES) 8.5.3, 7.17.8 support", "\ud83d\udc1eFix (KBN) ROR KBN patching script "]}, {"version": "1.45.0", "changes": ["\ud83d\udea8Security Fix (ES) CVE-2022-42003, CVE-2022-45146", "\ud83d\ude80New (KBN) Activation Key API: read AK from ROR_ACTIVATION_KEY.txt", "\ud83d\ude80New (KBN) Activation Key API: submit AK via POST /pkp/license (Basic auth)", "\ud83d\ude80New (KBN) Inject CSS/JS files in login page", "\ud83d\ude80New (KBN) Add user metadata to  for extra UI customization", "\ud83d\ude80New (ES) Added groups_and mode to groups_provider_authorization rule", "\ud83e\uddd0Enhancement (ES) all authorization rules support wildcards in group names ", "\ud83e\uddd0Enhancement (ES) connections in the LDAP pool should not be closed unnecessarily ", "\ud83e\uddd0Enhancement (KBN) Deterministic reporting index detection", "\ud83e\uddd0Enhancement (KBN) Move free type impersonation to the local users area", "\ud83e\uddd0Enhancement (KBN) don\u2019t logout when initial JWT token expires", "\ud83d\udc1eFix (KBN) Direct Kibana API requests not aware of kibana_index", "\ud83d\udc1eFix (KBN) RO and RO_strict kibana accesses", "\ud83d\udc1eFix (ES) when fls_engine: es is configured and fields rule is used, aggregations should be available only for allowed fields", "\ud83d\udc1eFix (ES) Data streams creation issue fix", "\ud83d\udc1eFix (ES) Unknown structure of index settings issue fix", "\ud83d\udc1eFix (ES) resolving index names with wildcards should take into consideration the current index state and request indices options"]}, {"version": "1.44.0", "changes": ["\ud83d\udea8Security Fix (ES) CVE-2022-25857", "\ud83d\ude80New (KBN) 8.5.2, 8.5.1, 8.5.0, 7.17.7 support", "\ud83d\ude80New (ES) 8.5.2, 8.5.1, 8.5.0, 7.17.7 support", "\ud83d\ude80New (KBN) plugin packages are now universal", "\ud83d\ude80New (KBN) Manage your activation keys through the customer portal", "\ud83d\ude80New (ES) Added support for certificates in PEM format", "\ud83e\uddd0Enhancement (KBN) SAML groups list duplication made header size exceed limits", "\ud83e\uddd0Enhancement (KBN) kibana_access: admin has now privileges to manage a Kibana cluster", "\ud83e\uddd0Enhancement (ES) added distributed and persistent Test Settings & Auth Mocks configuration for the Impersonation Feature", "\ud83e\uddd0Enhancement (ES) handling high load when LDAP rules are used", "\ud83e\uddd0Enhancement (ES) client_authentication settings in internode SSL configuration", "\ud83e\uddd0Enhancement (ES) acl:available_groups dynamic variable can be used in a single value context", "\ud83d\udc1eFix (ES) SNI handling (internode SSL)"]}, {"version": "1.43.0", "changes": ["\ud83d\ude80New (KBN) 8.4.3, 8.4.2, 8.4.1, 8.4.0, 7.17.6 support", "\ud83d\ude80New (ES) 8.4.3, 8.4.2, 8.4.1, 8.4.0, 7.17.6 support", "\ud83d\ude80New (KBN) kibana_custom_js_inject_file feature", "\ud83d\udc1eFix (ES) ror-tools fix for Windows OS (patching ES 3.x issue)", "\ud83d\udc1eFix (ES) resolving indices in the remote x-pack cluster", "\ud83d\udc1eFix (KBN|PRO) ROR menu title wraps when version text is too short (cosmetic)", "\ud83d\udc1eFix (KBN) infinite loading when kibana_access not defined for user", "\ud83d\udc1eFix (KBN) transient error with randomly choosing off range bind port on localhost", "\ud83d\udc1eFix (KBN) 404 on login when xpack.spaces.enabled: false"]}, {"version": "1.42.0", "changes": ["\ud83d\ude80New (KBN|ES) 8.3.3, 8.3.2, 8.3.1, 8.3.0, 7.15.5 support", "\ud83e\uddd0Enhancement (KBN) Search box in tenancy switcher (when #tenancies > 5)", "\ud83e\uddd0Enhancement (ES) added configuration warnings in the Impersonation Feature", "\ud83d\udc1eFix (KBN) Logout didn\u2019t delete the SAML session on the IdP", "\ud83d\udc1eFix (KBN) 5xx errors from Elasticsearch break Kibana users\u2019 session unrecoverably", "\ud83d\udc1eFix (ES) ROR node cooperation with X-pack nodes"]}, {"version": "1.41.0", "changes": ["\ud83d\ude80New (ES) Added groups_and mode to ror_kbn_auth and jwt_auth rules", "\ud83e\uddd0Enhancement (KBN) Prevent native credentials dialogue to appear in Kibana when ES responds 401", "\ud83e\uddd0Enhancement (KBN) Logging in after logout shows the same page you last visited", "\ud83e\uddd0Enhancement (KBN) x-ror-correlation-id header lets you audit a whole Kibana session", "\ud83d\udc1eFix (ES|KBN) tenancy selector didn't work well with jwt_auth and ror_kbn_auth rules", "\ud83d\udc1eFix (KBN) Support for special characters in tenancy names", "\ud83d\udc1eFix (KBN) OIDC logout flow redirecting to bad request error", "\ud83d\udc1eFix (KBN) OIDC connector not working in Kibana < 7.12.0"]}, {"version": "1.40.0", "changes": ["\ud83d\udea8Security Fix (ES) CVE-2022-25647 & CVE-2022-24823 & CVE-2020-13956 & CVE-2020-36518 &  CVE-2020-13956 & CVE-2020-36518", "\ud83d\udea8Security Fix (KBN) \u201cSecurity\u201d app not entirely hidden in 8.2.x", "\ud83d\ude80New (ES) New Support for 8.2.3, 8.2.2, 8.2.1, 7.17.4", "\ud83d\ude80New (KBN) New Support for 8.2.2 8.2.1, 7.17.4", "\ud83d\ude80New (ES & KBN) The Impersonation feature", "\ud83d\ude80New (ES) FIPS compliant SSL mode", "\ud83e\uddd0Enhancement (KBN) SAML cert is now required", "\ud83e\uddd0Enhancement (KBN) moved OIDC to better library", "\ud83e\uddd0Enhancement (KBN) OIDC jwksURL is now required", "\ud83d\udc1eFix (ES) indices: [\"1\"] interpreted as integer and fails to parse", "\ud83d\udc1eFix (KBN) /login?jwt=xxx authorization now works again", "\ud83d\udc1eFix (KBN) OIDC/SAML assertion claims were not forwarded to ES", "\ud83d\udc1eFix (KBN) include whitelisted headers while logging", "\ud83d\udc1eFix (KBN) basepath handling fixes (too many redirects)", "\ud83d\udc1eFix (KBN) Make ROR default space the actual default one", "\ud83d\udc1eFix (KBN) OIDC connection error"]}, {"version": "1.39.0", "changes": ["\ud83d\udea8Security Fix (KBN) XSS sanitize path requested", "\ud83d\udea8Security Fix (ES) CVE-2020-36518 & CVE-2022-21653", "\ud83d\ude80New (KBN) New Support for 8.2.0 8.1.3, 8.1.2, 8.1.1, 8.1.0, 8.0.0, 8.0.1, 7.17.3, 7.17.2", "\ud83d\ude80New (ES) New Support for 8.2.0, 8.1.3, 8.1.2, 8.1.1, 8.1.0, 8.0.0, 8.0.1 (required additional patching step)", "\ud83d\ude80New (ES) New Support for 7.17.3, 7.17.2", "\ud83d\ude80New (ES) New groups_and ACL rule", "\ud83e\uddd0Enhancement (KBN) Stop inlining whitelisted headers into Authorization header", "\ud83e\uddd0Enhancement (KBN) Log additional errors and info related to HA", "\ud83e\uddd0Enhancement (KBN) Misc internal dependencies upgrades ", "\ud83d\udc1eFix (KBN) Mandatory elasticsearch credentials in kibana.yml ", "\ud83d\udc1eFix (KBN) Reporting page redirect on refresh when kibana_hide_apps: [\"Stack Management\"]", "\ud83d\udc1eFix (KBN) whitelistedPaths: log errors when 404 occurs", "\ud83d\udc1eFix (KBN) Issue uploading large payload", "\ud83d\udc1eFix (KBN) elasticsearch.requestHeadersWhitelist should be case insensitive", "\ud83d\udc1eFix (ES) Issue with handling data streams by indices rule", "\ud83d\udc1eFix (ES) X-Pack SSL nodes cooperation with ROR SSL nodes", "\ud83d\udc1eFix (ES) _msearch issue when filter rules was used in matched block"]}, {"version": "1.38.0", "changes": ["\ud83d\ude80New (ES) New Support for 7.17.0, 7.17.1", "\ud83d\ude80New (KBN) New Support for 7.17.0", "\ud83d\ude80New (ES) Configuration for custom audit cluster", "\ud83e\uddd0Enhancement (ES) Separate \"audit\" section for all audit settings", "\ud83d\udc1eFix (KBN) Editor rendering issue with kibana basePath enabled"]}, {"version": "1.37.0", "changes": ["\ud83d\udea8Security Fix (ES) CVE-2021-43797", "\ud83d\ude80New (ES) New Support for 7.16.3, 7.16.2, 6.8.23, 6.8.22", "\ud83d\ude80New (KBN) New Support for 7.16.3, 7.16.2, 7.16.1, 7.16.10, 6.8.23, 6.8.22, 6.8.21", "\ud83e\uddd0Enhancement (ES) fields rule handling in the context of x-Pack SQL requests", "\ud83d\udc1eFix (ES) filter rule handling in the context of x-Pack SQL requests", "\ud83d\udc1eFix (KBN) POST / bulk cause an 400 error in devtools console", "\ud83d\udc1eFix (KBN) More robust Kibana patcher + better logs messages"]}, {"version": "1.36.0", "changes": ["\ud83d\ude80New (ES) New Support for 7.16.1, 7.16.0, 6.8.21", "\ud83d\ude80New (KBN) Support Kibana 7.15.2", "\ud83d\ude80New (ES) Added support for setting up cluster containing ES with ROR (with disabled XPack security) and ES with XPack security enabled", "\ud83e\uddd0Enhancement (KBN) kibana_hide_apps: [ror|kibana] to remove kibana mgmt button", "\ud83d\udc1eFix (ES) /_snapshot/_status should return only running snapshots", "\ud83d\udc1eFix (ES) Adding policy to index template bug", "\ud83d\udc1eFix (KBN) Index management tabs result in \"forbidden\" error", "\ud83d\udc1eFix (KBN) corrupted patch file for Kibana 7.9.x", "\ud83d\udc1eFix (KBN) YAML editor not working in air-gapped environments", "\ud83d\udc1eFix (KBN) Devtools not working", "\ud83d\udc1eFix (KBN) Monitoring not working in multi-tenancy", "\ud83d\udc1eFix (KBN) Regression in Kibana < 6.8.x front end crash", "\ud83d\udc1eFix (KBN) Kibana < 7.8.x prevent navigation to hidden apps from home links", "\ud83d\udc1eFix (KBN) Kibana < 7.8.x implicitly hide kibana:dashboard when kibana:dashboards is hidden (and viceversa)", "\ud83d\udc1eFix (KBN) Kibana < 7.8.x broken clearSessionOnEvents: [tenancyHop]"]}, {"version": "1.35.1", "changes": ["\ud83d\udea8Security Fix (ES) CVE-2021-21409 & CVE-2021-27568", "\ud83d\ude80New (KBN) Support Kibana 7.15.1", "\ud83d\ude80New (ES) New Support for 7.15.2", "\ud83e\uddd0Enhancement (KBN) Support \"server.ssl.supportedProtocols\" settings", "\ud83e\uddd0Enhancement (KBN) Support \"server.ssl.cipherSuites\"", "\ud83e\uddd0Enhancement (KBN) Always honor SSL cipher order", "\ud83d\udc1eFix (KBN) Don'thide \"Add/Remove field as column\" in Discover app for RO users", "\ud83d\udc1eFix (KBN) More alerting fixes (only for main tenancy)"]}, {"version": "1.35.0", "changes": ["\ud83d\ude80New (KBN) Support Kibana 7.15.0, 7.14.2", "\ud83d\ude80New (ES) New Support for 7.15.1, 6.8.19, 6.8.20", "\ud83e\uddd0Enhancement (ES) local->external groups detailed mapping for groups rule", "\ud83e\uddd0Enhancement (ES) when ROR is starting any request is going to end up with HTTP 403 response, instead of HTTP 503", "\ud83e\uddd0Enhancement (KBN) \"server.basePath\" kibana option implementation", "\ud83e\uddd0Enhancement (KBN) Support full regex in kibana_hidden_apps rule", "\ud83e\uddd0Enhancement Crash if Kibana is not patched", "\ud83e\uddd0Enhancement (KBN) Honour kibana setting \"logging.dest\"", "\ud83e\uddd0Enhancement (KBN) Confirm before overwriting audit log dashboard", "\ud83d\udc1eFix (ES) verbosity: error fix in case of ROR KBN login request", "\ud83d\udc1eFix (KBN) Make alerting work on primary tenancy", "\ud83d\udc1eFix (KBN) OIDC fix sameSite / secure cookie options", "\ud83d\udc1eFix (KBN) Login form is stretched when long error", "\ud83d\udc1eFix (KBN) Login form is stretched when long error", "\ud83d\udc1eFix (KBN-PRO) Don't send x-ror-currentgroup in PRO", "\ud83d\udc1eFix (KBN) Resolve browser console errors on a popover close"]}, {"version": "1.34.0", "changes": ["\ud83d\ude80New (ES) New Support for 7.15.0, 7.14.2", "\ud83d\ude80New (KBN) VS Code style YAML editor", "\ud83d\ude80New (KBN) Skip rendering hidden app groups entirely", "\ud83d\ude80New (KBN) Redesigned ROR Menu", "\ud83d\ude80New (KBN) Dark theme awareness", "\ud83d\udc1eFix (KBN) Broken Kibana Spaces", "\ud83d\udc1eFix (KBN) Support Kibana's undocumented \"server.ssl.*\" settings", "\ud83d\udc1eFix (KBN) cookiePass config parsing broke load balancing"]}, {"version": "1.33.1", "changes": ["\ud83d\ude80New (ES) New Support for 7.14.1", "\ud83d\udc1eFix (KBN) Error in patching for 7.14.0", "\ud83d\udc1eFix (KBN) clearSessionOnEvents now works as expected", "\ud83d\udc1eFix (KBN) login form font loads correctly"]}, {"version": "1.33.0", "changes": ["\ud83d\udea8Security Fix (KBN) xml-crypto dependency update", "\ud83d\ude80New (KBN) New Support for 7.14.0, 6.8.18", "\ud83e\uddd0Enhancement (KBN) Parse credentials in /api/* requests, no need for valid cookie. Supersedes whitelistedPaths", "\ud83d\udc1eFix (KBN)Caching issues switching tenancies with dark/light theme", "\ud83d\udc1eFix (KBN) Newly created Space shows in all tenancies when using default kibana index", "\ud83d\udc1eFix (KBN < 7.9.x) nextUrl works again with SAML and OIDC"]}, {"version": "1.32.0", "changes": ["\ud83d\udea8Security Fix (ES) Apache Commons Codec vulnerability", "\ud83d\udea8Security Fix (KBN) upgraded dependencies due to security fixes", "\ud83d\udea8Security Fix (KBN) disable x-powered-by to avoid fingerprinting", "\ud83d\ude80New (ES) Support for ES 7.14.0 & 6.8.18", "\ud83d\ude80New (KBN) Support for Kibana 7.13.x series", "\ud83e\uddd0Enhancement (KBN) honor configurations coming from ENV and CLI options", "\ud83e\uddd0Enhancement (KBN) when metadata has no username, login must be denied", "\ud83e\uddd0Enhancement (KBN) audit tab ported to new platform", "\ud83e\uddd0Enhancement (ES) improved ES resources cleaning when ROR returns FORBIDDEN response", "\ud83e\uddd0Enhancement (KBN < 7.9.x) auto clean-up dangling SAML/OIDC cookies", "\ud83d\udc1eFix (ES) incomplete response for request GET */_alias", "\ud83d\udc1eFix (ES) not allowed aliases should not present in a response for a Get Index API request", "\ud83d\udc1eFix (KBN) fix dev-tools and import saved object not working", "\ud83d\udc1eFix (KBN) honor requestHeadersWhitelist in user metadata request (login)", "\ud83d\udc1eFix (KBN < 7.9.x) do not crash on invalid metadata"]}, {"version": "1.31.0", "changes": ["\ud83d\udea8Security Fix (KBN) prevent direct navigation to hidden apps", "\ud83d\ude80New (ES) 7.13.4, 7.13.3, 7.13.2, 6.8.17 support", "\ud83d\ude80New (KBN) new minimal Kibana Management menu when \"Management\" app is hidden", "\ud83e\uddd0Enhancement (KBN) logout active Kibana session if key metadata/permissions change in ACL", "\ud83e\uddd0Enhancement (KBN) better port number validation", "\ud83e\uddd0Enhancement (ES) improved cluster indices handling", "\ud83d\udc1eFix (ES) Kibana access rule regression fix", "\ud83d\udc1eFix (ES) search template API handling with filter and fields rule", "\ud83d\udc1eFix (ES) multi-tenancy issue when groups_provider_authorization is used", "\ud83d\udc1eFix (ES) x_forwarded_for rule: wrong handling of / request", "\ud83d\udc1eFix (ES) Issue with handling ResizeRequest which made it unable to upgrade Kibana to version 7.12.0+", "\ud83d\udc1eFix (KBN) some Kibana requests arrive to ES without credentials", "\ud83d\udc1eFix (KBN) inconsistent read after write in session storage lead to issues with round robin load balancing", "\ud83d\udc1eFix (KBN) bad multipart POST handling leads to saved object import errors"]}, {"version": "1.30.1", "changes": ["\ud83d\udea8Security Fix (ES) CVE-2021-27568", "\ud83d\ude80New (ES) 7.13.0, 7.13.1 support", "\ud83d\udc1eFix (ES) Regression in multi-tenancy handling", "\ud83d\udc1eFix (ES) Proper handling of _snapshot/_status endpoint"]}, {"version": "1.30.0", "changes": ["\ud83d\ude80New (KBN) 7.12.x compatibility", "\ud83d\ude80New (ES) LDAP connector circuit breaker", "\ud83e\uddd0Enhancement (ES) Username with wildcard support in users section and groups mapping", "\ud83e\uddd0Enhancement (KBN < 7.9.x) OIDC errors visibility", "\ud83e\uddd0Enhancement (KBN < 7.9.x) Smarter session probe algorithm", "\ud83d\udc1eFix (KBN >= 7.9.x) Load CertificateAuthorities as an array if not specified as an array", "\ud83d\udc1eFix (KBN < 7.9.x) Don't hide visualizations list search box in RO mode"]}, {"version": "1.29.0", "changes": ["\ud83d\udea8Security Fix (ES) Security Fix (ES) CVE-2021-21409", "\ud83d\ude80New (KBN) support 7.9.0, 7.9.1, 7.10.0, 7.10.1, 7.10.2, 7.11.0, 7.11.1, 7.11.2 (with ROR new platform) ", "\ud83d\ude80New (ES) 7.12.1 support ", "\ud83e\uddd0Enhancement (KBN) logout if the credentials/metadata of the current user change in the ACL"]}, {"version": "1.28.2", "changes": ["\ud83d\udea8Security Fix (ES) CVE-2021-21295", "\ud83d\udc1eFix (KBN) prevent SAML/OIDC initiated Kibana sessions from expiring after session_timeout_minutes despite continued interaction"]}, {"version": "1.28.1", "changes": ["\ud83d\udc1eFix (ES) Getting index templates issue when no indices rule was used in matched block", "\ud83d\udc1eFix (ES) NPE on getting template aliases"]}, {"version": "1.28.0", "changes": ["\ud83d\ude80New (ES) 7.12.0, 7.11.2 support ", "\ud83d\ude80New (ES) full Index and Component Templates API support ", "\ud83e\uddd0Enhancement (ES) Username case sensitivity settings", "\ud83d\udc1eFix (ES) Kibana logout event storing fix", "\ud83d\udc1eFix (ES) Fixed remote reindex operation with \"type\" parameter", "\ud83d\udc1eFix (KBN) Prevent cookie expiration deadlock in browsers when using SAML/OIDC", "\ud83d\udc1eFix (KBN) When credentials change in the ACL, make it possible to login again", "\ud83d\udc1eFix (KBN) Kibana management app ID changed from \"kibana:management\" to \"kibana:stack_management\""]}, {"version": "1.27.1", "changes": ["\ud83d\udea8Security Fix (ES) CVE-2021-21290", "\ud83d\ude80New (ES) 7.11.1 support "]}, {"version": "1.27.0", "changes": ["\ud83d\ude80New (ES) 7.11.0, 7.10.2, 6.8.14 support", "\ud83e\uddd0Enhancement (KBN) X-Forwarded-For copied from incoming request (or filled with source IP) before forwarding to ES", "\ud83e\uddd0Enhancement (KBN) Kibana logout event generates a special audit log entry in ROR audit logs index", "\ud83e\uddd0Enhancement (KBN) ROR panel shows \"reports\" button if kibana:management app is hidden", "\ud83d\udc1eFix (ES) blocks containing filter and/or fields won't match internal kibana requests, so kibana_* rules won't have to be placed in such blocks", "\ud83d\udc1eFix (ES) SQL API - better handling of invalid query"]}, {"version": "1.26.1", "changes": ["\ud83d\udc1eFix (ES) wrong behaviour of kibana_access rule for ROR actions when ADMIN value is set"]}, {"version": "1.26.0", "changes": ["\ud83d\udea8Security Fix (ES) CVE-2020-35490 & CVE-2020-35490 (removed Jackson dependency from ROR core)", "\ud83d\ude80New (ES) New response_fields rule", "\ud83d\ude80New (ES) Support for LDAP server discovery using _ldaps._tcp SRV record", "\ud83d\ude80 New (ES) New configuration option allowing to ignore LDAP connectivity problems", "\ud83e\uddd0Enhancement (ES) Full support for ILM API", "\ud83e\uddd0Enhancement (KBN) Enforce read-after-write consistency between kibana nodes", "\ud83e\uddd0Enhancement (KBN ENT) OIDC custom claims incorporated in \"assertion\" claim", "\ud83e\uddd0Enhancement (KBN ENT) OIDC support for configurable kibanaExternalHost (good for Docker)", "\ud83e\uddd0Enhancement (KBN ENT) ROR adds \"ror-user_\" class to \"body\" tag for easy per-user CSS/JS", "\ud83e\uddd0Enhancement (KBN ENT/PRO) ROR adds \"ror-group_\" class to \"body\" tag for easy per-group CSS/JS", "\ud83d\udc1eFix (ES) ROR authentication endpoint action", "\ud83d\udc1eFix (ES) \"username\" in audit entry when request is rejected"]}, {"version": "1.25.2", "changes": ["\ud83d\udc1eFix (ES) removed verbose logging"]}, {"version": "1.25.1", "changes": ["\ud83d\udea8Security Fix (ES) CVE-2020-25649", "\ud83d\ude80New (ES) 7.10.1 support"]}, {"version": "1.25.0", "changes": ["\ud83d\udea8Security Fix (ES) Common Vulnerabilities and Exposures (CVE)", "\ud83d\ude80New (ES) 7.10.0 support", "\ud83d\ude80New (ES) auth_key_pbkdf2 rule", "\ud83d\ude80New (ES) Introduced configuration property defining FLS engine used by fields rule", "\ud83e\uddd0Enhancement (ES) Fields rule performance improvement", "\ud83e\uddd0Enhancement (ES) Resolved index API support", "\ud83d\udc1eFix (ES) \"username\" in audit entry when user is authenticated via proxy_auth", "\ud83d\udc1eFix (ES) index resolve action should be treated as readonly action", "\ud83d\udc1eFix (ES) /_snapshot and /_snapshot/_all should behave the same"]}, {"version": "1.24.0", "changes": ["\ud83d\udea8Security Fix (ES) search template handling fix", "\ud83d\ude80New (ES) 7.9.3 & 6.8.13 support", "\ud83e\uddd0Enhancement (ES) full support for ES Snapshots and Restore APIs", "\ud83d\udc1eFix (KBN) fix crash in error handling", "\ud83d\udc1eFix (ES) don't remove ES response warning headers", "\ud83d\udc1eFix (ES) issue when entropy of /dev/random could have been exhausted when using JwtToken rule"]}, {"version": "1.23.1", "changes": ["\ud83d\ude80New (ES) 7.9.2 support", "\ud83d\udc1eFix (KBN) fix code 500 error on login in Kibana"]}, {"version": "1.23.0", "changes": ["\ud83d\ude80New (ES) introduced must_involve_indices option for indices rule", "\ud83e\uddd0Enhancement (ES) negation support in headers rules", "\ud83e\uddd0Enhancement (ES) x-pack rollup API handling", "\ud83d\udc1eFix (KBN) deep links query parameters are now handled", "\ud83d\udc1eFix (KBN) make sure default kibana index is always discovered (fixes reporting in 6.x)", "\ud83d\udc1eFix (ES) settings file permission issue with JDK 1.8.0 25.262-b10", "\ud83d\udc1eFix (ES) /_cluster/allocation/explain request should not be forbidden if matched block doesn't have indices rules", "\ud83d\udc1eFix (ES) remote address extracting issue", "\ud83d\udc1eFix (ES) fixed TYP audit field for some request types"]}, {"version": "1.22.1", "changes": ["\ud83d\udc1eFix (ES) missing handling of aliases API for ES 7.9.0"]}, {"version": "1.22.0", "changes": ["\ud83d\ude80New (ES) 7.9.0 support", "\ud83e\uddd0Enhancement (ES) aliases API handling", "\ud83e\uddd0Enhancement (ES) dynamic variables support in fields rule", "\ud83d\udc1eFix (ES) adding aliases issue", "\ud83d\udc1eFix (ES) potential memory leak for ES 7.7.x and above", "\ud83d\udc1eFix (ES) cross cluster search issue fix for X-Pack _async_search action", "\ud83d\udc1eFix (ES) XFF entry in audit issue", "\ud83d\udc1eFix (KBN) SAML certificate loading", "\ud83d\udc1eFix (KBN) SAML loading groups from assertion", "\ud83d\udc1eFix (KBN) fix reporting in pre-7.7.0"]}, {"version": "1.21.0", "changes": ["\ud83e\uddd0Enhancement (ES) cluster API support improvements", "\ud83d\udc1eFix (ES) X-Pack _async_search support", "\ud83d\udc1eFix (ES) _rollover request handling", "\ud83d\udc1eFix (ES) handling numeric ssl configuration properties", "\ud83d\udc1eFix (KBN) multitenancy+reporting regression fix (for 7.6.x and earlier)", "\ud83d\udc1eFix (KBN) \"x-\" headers should be forwarded in /login route when proxy passthrough is enabled", "\ud83d\udc1eFix (KBN) Logout now redirects to login screen when using proxy", "\ud83d\udc1eFix (KBN) SAML metadata.xml endpoint not responding", "\ud83d\udc1eFix (KBN) NAT/reverse proxy support for SAML", "\ud83d\udc1eFix (KBN) SAML login redirect error", "\ud83d\udc1eFix (ES) _readonlyrest/metadata/current_user should be always allowed by filter/fields rule"]}, {"version": "1.20.0", "changes": ["\ud83d\ude80New 7.7.1, 7.8.0 support", "\ud83e\uddd0Enhancement (KBN) tidy up audit page", "\ud83e\uddd0Enhancement (KBN FREE) clearly inform when features are not available", "\ud83e\uddd0Enhancement (KBN) ship license report of libraries", "\ud83e\uddd0Enhancement (ES) filter rule performance improvement", "\ud83d\udc1eFix (KBN) proxy_auth: avoid logout-login loop", "\ud83d\udc1eFix (KBN) 404 error on font CSS file", "\ud83d\udc1eFix (ES) wildcard in filter query issue", "\ud83d\udc1eFix (ES) forbidden /_snapshot issue", "\ud83d\udc1eFix (ES) /_mget handling by indices rule when no index from a list is found", "\ud83d\udc1eFix (ES) available groups order in metadata response should match the order in which groups appear in ACL", "\ud83d\udc1eFix (ES) .readonlyrest and audit index - removed usage of explicit index type", "\ud83d\udc1eFix (ES) tasks leak bug"]}, {"version": "1.19.5", "changes": ["\ud83d\ude80New 7.7.0, 7.6.2, 6.8.9, 6.8.8 support", "\ud83e\uddd0Enhancement (ES/KBN) kibana_access can be explicitly set to unrestricted", "\ud83e\uddd0Enhancement (ES) LDAP connection pool improvement", "\ud83d\udc1eFix (ES) better LDAP request timeout handling", "\ud83d\udc1eFix (ES) remote indices searching bug", "\ud83d\udc1eFix (ES) cross cluster search support for _field_caps request", "\ud83d\udea8Security Fix (ES) create and delete templates handling", "\ud83d\udc1eFix (KBN) Regression in proxy_auth_passthrough", "\ud83e\uddd0Enhancement (KBN) whitelistedPaths now accepts basic auth credentials", "\ud83e\uddd0Enhancement (KBN) Dump logout button, new ROR Panel", "\ud83e\uddd0Enhancement (KBN) removed ROR from Kibana sidebar. Admins have a link in new panel.", "\ud83e\uddd0Enhancement (KBN) avoid show login form redirecting from SAML IdP", "\ud83d\ude80New (KBN) OpenID Connect (OIDC) authentication connector", "\ud83d\ude80New (KBN) login_title, login_subtitle enable 2 column login page", "\ud83d\udea8Security Fix (KBN) server-side navigation prevention to hidden apps"]}, {"version": "1.19.4", "changes": ["\ud83d\udc1eFix (ES) Interpolating config with environment variables in SSL section", "\ud83d\udc1eFix (KBN Ent 6.x) Fixed default space creation in", "\ud83d\udc1eFix (KBN 6.x) Fixed error toast notification not showing", "\ud83d\udc1eFix (KBN Ent) Fixed missing Axios dependency", "\ud83d\udc1eFix (KBN Ent) Fixed SAML connector", "\ud83d\udc1eFix (KBN) Toast notification overlap with logout bar", "\ud83e\uddd0Enhancement (KBN) Restyled logout bar", "\ud83e\uddd0Enhancement (KBN) Configurable periodic session checker"]}, {"version": "1.19.3", "changes": ["\ud83d\ude80New (ES/KBN) 7.6.1 compatibility", "\ud83d\ude80New (ES) customizable name of settings index", "\ud83e\uddd0Enhancement (KBN) configurable ROR cookie name", "\ud83e\uddd0Enhancement (ES/KBN) handling of encoded ROR headers in Authorization header values", "\ud83e\uddd0Enhancement (KBN) user feedback on why login failed", "\ud83d\udc1eFix (ES) support for multiple header values", "\ud83d\udc1eFix (ES) releasing LDAP connection pool on reloading ROR settings", "\ud83d\udc1eFix (KBN) multitenancy issue with 7.6.0+", "\ud83d\udc1eFix (KBN) creation of default space for new tenant", "\ud83d\udc1eFix (KBN 6.x) in RO mode, don't hide add/remove over fields in discovery", "\ud83d\udc1eFix (KBN 6.x) index template & in-index session manager issues"]}, {"version": "1.19.2", "changes": ["\ud83d\ude80New (KBN) 7.6.0 support", "\ud83e\uddd0Enhancement (KBN) less verbose info logging", "\ud83e\uddd0Enhancement (KBN) start up time semantic check for settings", "\ud83d\udc1eFix (KBN Free) missing logout button", "\ud83d\udc1eFix (KBN) error message creating internal proxy", "\ud83d\udc1eFix (KBN 6.x) add field to filter button invisible in RO mode"]}, {"version": "1.19.1", "changes": ["\ud83c\udf81Product (KBN) Launched ReadonlyREST Free for Kibana!", "\ud83d\ude80New (ES) 7.6.0 support, Kibana support coming soon", "\ud83d\ude80New (KBN) Audit log dashboard", "\ud83d\ude80New (KBN) Template index can now be declared per tenant instead of globally", "\ud83d\ude80New (ES) custom trust store file and password options in ROR settings", "\ud83e\uddd0Enhancement (ES) When \"prompt_for_basic_auth\" is enabled, ROR is going to return 401 instead of 404 when the index is not found or a user is not allowed to see the index", "\ud83e\uddd0Enhancement (ES) literal ipv6 with zone Id is acceptable network address", "\ud83e\uddd0Enhancement (ES) LDAP client cache improvements", "\ud83d\udc1eFix (ES) /_all/_settings API issue", "\ud83d\udc1eFix (ES) Index stats API & Index shard stores API issue", "\ud83d\udc1eFix (ES) readonlyrest.force_load_from_file setting decoding issue", "\ud83d\udc1eFix (KBN) allowing user to be logged in in two tabs at the same time", "\ud83d\udc1eFix (KBN) logging with JWT parameter issue", "\ud83d\udc1eFix (KBN) parsing of sessions fetched from ES index", "\ud83d\udc1eFix (KBN) logout issue"]}, {"version": "1.19.0", "changes": ["\ud83d\ude80New (KBN) Configurable option to delete docs from tenant index when not present in template", "\ud83e\uddd0Enhancement (ES) Less verbose logging of blocks history", "\ud83e\uddd0Enhancement (ES) Enriched logs and audit with attempted username", "\ud83e\uddd0Enhancement (ES) Better settings validation - only one authentication rule can be used in given block", "\ud83e\uddd0Enhancement (ES/KBN) Plugin versions printing in logs on launch", "\ud83e\uddd0Enhancement (ES) When user doesn't have access to given index, ROR pretends that the index doesn't exist and return 404 instead of 403", "\ud83d\udc1eFix (ES) Searching for nonexistent/forbidden index with wildcard mirrors default ES behaviour instead of returning 403", "\ud83d\udc1eFix (KBN) Switching groups bug"]}, {"version": "1.18.10", "changes": ["\ud83d\ude80New (ES/KBN) Support v6.8.6, v7.5.0, v7.5.1", "\ud83d\ude80New (KBN) Group names can now be mapped to aliases", "\ud83d\ude80New (ES) New, more robust and simple method of creating custom audit log serializers", "\ud83d\ude80New (ES) Example projects with custom audit log serializers", "\ud83d\udc1eFix (KBN) Prevent index migration after kibana startup", "\ud83e\uddd0Enhancement (KBN) If default space doesn't exist in kibana index then copy from default one", "\ud83e\uddd0Enhancement (KBN) Crypto improvements - store init vector with encrypted data as base64 encoded json.", "\ud83e\uddd0Enhancement (ES) Better settings validation - prevent duplicated keys in readonlyrest.yml"]}, {"version": "1.18.9", "changes": ["\ud83d\ude80New (ES/KBN) Support v7.4.1, v7.4.2", "\ud83d\ude80New (KBN) Kibana sessions stored in ES index", "\ud83d\udc1eFix (ES) issue with in-index settings auto-reloading", "\ud83d\udc1eFix (ES) _cat/indices empty response when matched block doesn't contain 'indices' rule"]}, {"version": "1.18.8", "changes": ["\ud83d\ude80New (ES/KBN) Support v7.4.0", "\ud83d\ude80New (ES) Elasticsearch SQL Support", "\ud83d\ude80New (ES) Internode ssl support for es5x, es60x, es61x and es62x", "\ud83d\ude80New (ES) new runtime variable @{acl:current_group}", "\ud83d\ude80New (ES) namespace for user variable and support for both versions: @{user} and @{acl:user}", "\ud83d\ude80New (ES) support for multiple values in uri_re rule", "\ud83e\uddd0Enhancement (ES) more reliable in-index settings loading of ES with ROR startup", "\ud83e\uddd0Enhancement (ES) less verbose logs in JWT rules", "\ud83e\uddd0Enhancement (ES) Better response from ROR API when plugin is disabled", "\ud83e\uddd0Enhancement (ES) Splitting verification ssl property to client_authentication and certificate_verification", "\ud83d\udc1eFix (ES) issue with backward compatibility of proxy_auth settings", "\ud83d\udc1eFix (ES) /_render/template request NPE", "\ud83d\udc1eFix (ES) _cat/indices API bug fixes", "\ud83d\udc1eFix (ES) _cat/templates API return empty list instead of FORBIDDEN when no indices are found", "\ud83d\udc1eFix (ES) updated regex for kibana access rule to support 7.3 ES", "\ud83d\udc1eFix (ES) proper resolving of non-string ENV variables in readonlyrest.yml", "\ud83d\udc1eFix (ES) lang-mustache search template handling"]}, {"version": "1.18.7", "changes": ["\ud83d\ude80New (ES) Field level security (FLS) supports nested JSON fields", "\ud83d\udc1eSecurity Fix (ES) Authorization headers appeared in clear in logs", "\ud83e\uddd0Enhancement (KBN) Don't logout users when they are not allowed to search a index-pattern", "\ud83e\uddd0Enhancement (ES) Headers obfuscation is now case insensitive"]}, {"version": "1.18.6", "changes": ["\ud83d\ude80New (ES/KBN) Support v7.3.1, v7.3.2", "\ud83d\ude80New (ES) Configurable header names whose value should be obfuscated in logs", "\ud83d\ude80New (KBN) Dynamic variables from user identity available in custom_logout_link", "\ud83e\uddd0Enhancement (ES) Richer logs for JWT errors", "\ud83e\uddd0Enhancement (ENT) nextUrl works also with SAML now", "\ud83e\uddd0Enhancement (ENT) SAML assertion object available in ACL dynamic variables", "\ud83e\uddd0Enhancement (KBN) Validate LDAP server(s) before accepting new YAML settings", "\ud83e\uddd0Enhancement (KBN) Ensure a read-only UX for 'ro' users in older Kibana", "\ud83d\udc1eFix (ES) Fix memory leak from dependency (snakeYAML)"]}, {"version": "1.18.5", "changes": ["\ud83d\udc1eSecurity Fix (ES) indices rule can now properly handle also the templates API", "\ud83e\uddd0Enhancement (ES) Array dynamic variables are serialized as CSV wrapped in double quotes", "\ud83e\uddd0Enhancement (ES) Cleaner debug logs (no stacktraces on forbidden requests)", "\ud83e\uddd0Enhancement (ES) LDAP debug logs fire also when cache is hit", "\ud83d\ude80New (ES/KBN) Support v7.2.1, v7.3.0", "\ud83d\udc1eFix (PRO) PRO plugin crashing for some Kibana versions", "\ud83d\udc1eFix (ENT) SAML library wrote a too large cookie sometimes", "\ud83d\udc1eFix (ENT) SAML logout not working", "\ud83d\udc1eFix (ENT) JWT fix exception \"cannot set requestHeadersWhitelist\"", "\ud83d\udc1eFix (PRO/ENT) Hide more UI elements for RO users", "\ud83d\udc1eFix (PRO/ENT) Sometimes not all the available groups appear in tenancy selector", "\ud83d\udc1eFix (PRO/ENT) Feature \"nextUrl\" broke", "\ud83d\udc1eFix (PRO/ENT) prevent user kick-out when APM is not configured and you are not an admin", "\ud83d\ude80New (PRO/ENT) Kibana request path/method now sent to ES (good for policing dev-tools)"]}, {"version": "1.18.4", "changes": ["\ud83d\ude80New (ES) User impersonation API", "\ud83d\ude80New (ES) Support latest 6.x and 5.x versions", "\ud83d\udc1eSecurity Fix (ES) filter/fields rules leak", "\ud83d\udc1eFix (KBN/ENT) allow more action for kibana_access, prevent sudden logout", "\ud83d\udc1eFix (KBN/ENT) temporarily roll back \"support for unlimited tenancies\""]}, {"version": "1.18.3", "changes": ["\ud83d\ude80New Support added for ES/Kibana 6.8.1", "\ud83e\uddd0Enhancement (ES) Crash ES on invalid settings instead of stalling forever", "\ud83e\uddd0Enhancement (ES) Better logging on JWT, JSON-paths, LDAP, YAML errors", "\ud83e\uddd0Enhancement (ES) Block level settings validation to user with precious hints", "\ud83e\uddd0Enhancement (ES) If force_load_from_file: true, don't poll index settings", "\ud83e\uddd0Enhancement (ES) Order now counts declaring LDAP Failover HA servers", "\ud83d\udc1eFix (ES) \"EsIndexJsonContentProvider\" had a null pointer exception", "\ud83d\udc1eFix (ES) \"es.set.netty.runtime.available.processors\" exception", "\ud83e\uddd0Enhancement (KBN) Collapsible logout button", "\ud83e\uddd0Enhancement (KBN) ROR App now uses a HA http client", "\ud83e\uddd0Enhancement (KBN) Automatic logout for inactivity", "\ud83e\uddd0Enhancement (KBN) Support unlimited amount of tenancies", "\ud83d\udc1eFix (KBN/ENT) concurrent multitenancy bug", "\ud83d\udc1eFix (KBN) Avoid sporadic errors on Save/Load buttons"]}, {"version": "1.18.2", "changes": ["\ud83d\ude80New Support for Elasticsearch & Kibana 7.2.0", "\ud83d\udc1eFix (ES) restore indices (\"IDX\") in audit logging", "\ud83e\uddd0Enhancement (ES) New algorithm of setting evaluation order", "\ud83d\ude80New (ES) JWT claims as dynamic variables. I.e. \"@{jwt:claim.json.path}\"", "\ud83d\ude80New (ES) \"explode\" dynamic variables. I.e. indices: [\"@explode{x-indices}\"]", "\ud83d\udc1eFix (PRO/Enterprise) preserve comments and formatting in YAML editor", "\ud83d\udc1eFix (PRO/Enterprise) Print error message when session is expired", "\ud83d\udc1eRegression (PRO/Enterprise) Redirect to original link after login", "\ud83d\udc1eRegression (PRO/Enterprise) Broken CSV reporting", "\ud83e\uddd0Enhancement (PRO/Enterprise) Prevent navigating away from YAML editor w/ unsaved changes", "\ud83d\udc1eFix (Enterprise) Exception when SAML connectors were all disabled", "\ud83d\udc1eFix (Enterprise) Concurrent tenants could mix up each other kibana index", "\ud83d\udc1eFix (Enterprise) Cannot inject custom JS if no custom CSS was also declared", "\ud83d\udc1eFix (Enterprise) Injected JS had no effect on ROR logout button", "\ud83d\udc1eFix (Enterprise) On narrow screens, the YAML editor showed buttons twice"]}, {"version": "1.18.1", "changes": ["\ud83d\udc1eFix (Elasticsearch) Reindex requests failed for a regression in indices extraction", "\ud83d\udc1eFix (Elasticsearch) Groups rule erratically failed", "\ud83d\udc1eFix (Elasticsearch) JWT claims can now contain special characters", "\ud83e\uddd0Enhancement (Elasticsearch) Better ACL History logging", "\ud83e\uddd0Enhancement (Elasticsearch) QueryLogSerializer and old custom log serializers work again", "\ud83d\udc1eFix (PRO/Enterprise) ReadonlyREST icon in Kibana was white on white", "\ud83d\udc1eFix (Enterprise) SAML connectors could not be disabled", "\ud83d\udc1eFix (Enterprise) SAML connector \"buttonName\" didn't work"]}, {"version": "1.18.0", "changes": ["\ud83d\ude80New Support for Elasticsearch & Kibana 7.0.1", "\ud83e\uddd0Enhancement (Elasticsearch) empty array values in settings are invalid", "\ud83d\udc1eSecurity Fix (Elasticsearch) arbitrary x-cluster search referencing local cluster", "\ud83d\udc1eFix (Elasticsearch) ArrayOutOfBoundException on snapshot operations", "\ud83e\uddd0Enhancement (PRO/Enterprise) History cleaning can now be disabled (\"clearSessionOnEvents\")"]}, {"version": "1.17.7", "changes": ["\ud83d\ude80New Support for Elasticsearch 7.0.0 (Kibana is coming soon)", "\ud83e\uddd0Enhancement (Elasticsearch) rewritten LDAP connector", "\ud83e\uddd0Enhancement (Elasticsearch) new core written in Scala is now GA", "\ud83d\udc1eFix (Enterprise) devtools requests now honor the currently selected tenancy", "\ud83d\udc1eSecurity Fix (Enterprise/PRO) Fix \"connectorsService\" error in installation"]}, {"version": "1.17.5", "changes": ["\ud83d\ude80New Support for Kibana/Elasticsearch 6.7.1", "\ud83e\uddd0Enhancement (Enterprise >= Kibana 6.6.0) Multiple SAML identity provider", "\ud83d\udc1eSecurity Fix (Enterprise/PRO) Don't pass auth headers back to the browser", "\ud83d\udc1eFix (Enterprise/PRO) Missing null check caused error in reporting (CSV)", "\ud83d\udc1eFix (Enterprise) Don't reject requests if SAML groups are not configured", "\ud83d\udc1eFix filter/fields rules not working in msearch (in 6.7.x)", "\ud83e\uddd0Enhancement Print whole LDAP search query in debug log"]}, {"version": "1.17.4", "changes": ["\ud83d\ude80New Support for Kibana/Elasticsearch 6.7.0", "\ud83e\uddd0Enhancement (PRO/Enterprise) JWT query param is the preferred credentials provider", "\ud83e\uddd0Enhancement (PRO/Enterprise) admin users can use indices management", "\ud83e\uddd0Enhancement (PRO/Enterprise) ro users can dismiss telemetry form", "\ud83d\udc1eFix Audit logging in 5.1.x now works again", "\ud83d\udc1eFix unpredictable behaviour of \"filter\" and \"fields\" when using external auth", "\ud83d\udc1eFix LDAP ConcurrentModificationException", "\ud83d\udc1eFix Audit logging in 5.1.x now works again", "\ud83d\udc1eFix (PRO/Enterprise) JWT deep-link works again"]}, {"version": "1.17.3", "changes": ["\ud83d\udc1eFix (Enterprise) Tenancy selector showing if user belonged to one group", "\ud83d\udc1eFix (PRO/Enterprise) RW buttons not hiding for RO users in React Kibana apps", "\ud83d\udc1eFix (Enterprise) Tenancy templating now works much more reliably", "\ud83d\udc1eFix (Enterprise) Missing tenancy selector icon after switching tenancy", "\ud83d\udc1eFix (PRO/Enterprise) barring static files requests caused sudden logout", "\ud83d\udc1eFix Numerous fixes to better support Kibana 6.6.x", "\ud83d\udc1eFix Critical fixes in new Scala core", "\ud83d\udc1eFix Exception in reindex requests caused tenancy templating to fail", "\ud83e\uddd0Enhancement Bypass cross-cluster search logic if single cluster"]}, {"version": "1.17.1", "changes": ["\ud83d\udc1eFix (PRO/Enterprise) SAML now works well in 6.6.x", "\ud83d\udc1eFix (PRO/Enterprise) \"undefined\" authentication error before login", "\ud83d\udc1eFix (Enterprise) Default space creation failures for new tenants", "\ud83d\udc1eFix (Enterprise) Icons/titles CSS misalignment in sidebar (Firefox)", "\ud83e\uddd0Enhancement(Enterprise) UX: Larger tenancy selector", "\ud83d\udc1eSecurity Fix (Enterprise) Privilege escalation when changing tenancies under monitoring", "\ud83d\udc1eFix (Elasticsearch) compatibility fixes to support new Kibana features", "\ud83e\uddd0Enhancements (Elasticsearch) New core and LDAP connector written in Scala is finished, now under QA."]}, {"version": "1.17.0", "changes": ["\ud83d\ude80New Feature Support for Kibana/Elasticsearch 6.6.0, 6.6.1", "\ud83d\ude80New Feature Internode SSL (ES 6.3.x onwards)", "\ud83e\uddd0Enhancement(PRO/Enterprise) UI appearence", "\ud83e\uddd0Enhancement Made HTTP Connection configurable (PR #410)", "\ud83d\udc1eFix slow boot due to SecureRandom waiting for sufficient entropy", "\ud83d\udc1eFix Enable kibana_access:ro to create short urls in es6.3+ (PR #408)"]}, {"version": "1.16.34", "changes": ["\ud83e\uddd0Enhancement X-Forwarded-For header in printed es logs (\"XFF\")", "\ud83e\uddd0Enhancement kibana_index: \".kibana_@{user}\" when user is \"John Doe\" becomes .kibana_john_doe", "\ud83d\udc1eFix (Enteprise) parse SAML groups from assertion as array of strings", "\ud83d\udc1eFix (Enteprise) SAMLRequest in location header was URLEncoded twice, broke on some IdP", "\ud83d\udc1eFix (PRO/Enteprise) \"cookiePass\" works again, no more need for sticky cookies in load balancers!", "\ud83d\udc1eFix (PRO/Enteprise) fix redirect loop with JWT deep linking when JWT token expires", "\ud83e\uddd0Enhancement (PRO/Enteprise) fix audit demo page CSS", "\ud83e\uddd0Enhancement (Enteprise) SAML more configuration parameters available", "\ud83d\ude80New Feature (PRO/Enteprise) set ROR to debug mode (readonlyrest_kbn.logLevel: \"debug\")"]}, {"version": "1.16.33", "changes": ["\ud83d\udc1eFix(PRO/Enteprise) compatibility problems with older Kibana versions", "\ud83d\udc1eFix(PRO/Enteprise) compatibility problems with OSS Kibana version"]}, {"version": "1.16.32", "changes": ["\ud83d\ude80New Feature \"kibanaIndexTemplate\": default dashboards and spaces for new tenants", "\ud83e\uddd0Enhancement Support for ES/Kibana 6.5.4", "\ud83e\uddd0Enhancement Upgraded LDAP library", "\ud83e\uddd0Enhancement (Enterprise) Now tenants save their CSV exports in their own reporting index", "\ud83d\udc1eFix(PRO/Enteprise) Support passwords that start and/or end with spaces", "\ud83d\udc1eFix (PRO/Enterprise) Now reporting works again"]}, {"version": "1.16.31", "changes": ["\ud83e\uddd0Enhancement Support for ES/Kibana 6.5.2, 6.5.3", "\ud83d\udea7WIP: Laid out the foundation for LDAP HA support"]}, {"version": "1.16.29", "changes": ["\ud83e\uddd0Enhancement Support for ES/Kibana 6.4.3", "\ud83d\ude80New Feature (PRO/Enterprise) configurable server side session duration", "\ud83d\ude80New Feature [LDAP] High Availability: Round Robin or Failover"]}, {"version": "1.16.28", "changes": ["\ud83e\uddd0Enhancement Support for ES/Kibana 6.4.2", "\ud83d\udc1eFix (Enterprise) Multi tenancy: sometimes changing tenancy would not change kibana index", "\ud83d\udc1eSecurity Fix (Enterprise/PRO) Avoid echoing Base64 encoded credentials in login form error message", "\ud83e\uddd0Enhancement (Enterprise/PRO) Remove latest search/visualization/dashboard history on logout", "\ud83e\uddd0Enhancement (Enterprise/PRO) Clear transient authentication cookies on login error to avoid authentication deadlocks", "\ud83d\udc1eFix: External JWT verification may throw ArrayOutOfBoundException", "\ud83d\udea7WIP: Laid out the foundation for internode SSL transport (port 9300)"]}, {"version": "1.16.27", "changes": ["\ud83d\ude80New Feature [JWT] external validator: it's now possible to avoid storing the private key in settings", "\ud83e\uddd0Enhancement Support for ES/Kibana 6.4.1", "\ud83e\uddd0Enhancement Rewritten big part of ES plugin documentation", "\ud83e\uddd0Enhancement SAML Single log out flow", "\ud83d\udc1eFix (Enterprise/PRO) cookiePass works again, but only for Kibana 5.x. Newer Kibana needs sticky sessions in LB.", "\ud83e\uddd0Enhancement (Enterprise/PRO) much faster logout"]}, {"version": "1.16.26", "changes": ["\ud83d\udc1e Fix (PRO/Enterprise) bugs during plugin packaging and installation process"]}, {"version": "1.16.25", "changes": ["\ud83d\ude80New Feature Users rule: easily restrict external authentication to a list of users", "\ud83e\uddd0Enhancement Support for ES 5.6.11", "\ud83d\udc1eHot Fix (Enterprise/PRO) Error 404 when logging in with older versions of Kibana"]}, {"version": "1.16.24", "changes": ["\ud83d\ude80New Feature (Enterprise) SAML Authentication", "\ud83d\ude80New Feature Support for Elasticsearch and Kibana 6.4.0", "\ud83d\ude80New Feature Headers rule now split in headers_or and headers_and", "\ud83e\uddd0Enhancement Headers rule now allows wildcards", "\ud83d\ude80New Feature (Enterprise) Multi-tenancy now works also with JSON groups provider", "\ud83d\udc1e Fix Multi-tenancy (Enterprise) incoherent initial kibana_index and current group"]}, {"version": "1.16.23", "changes": ["\ud83e\uddd0Enhancement Support for Elastic Stack 6.3.1 and 5.6.10", "\ud83d\ude80New Feature (Enterprise) Custom CSS injection for Kibana", "\ud83d\ude80New Feature (Enterprise) Custom Javascript injection for Kibana", "\ud83d\ude80New Feature (PRO/Enterprise) access paths without need to login (i.e. /api/status)", "\ud83d\udc1eFix (PRO/Enterprise) Navigating to X-Pack APM caused hidden Kibana apps to reappear"]}, {"version": "1.16.22", "changes": ["\ud83d\ude80New Feature:  map LDAP groups to local groups (a.k.a. role mapping)", "\ud83d\udc1e Fix (Elasticsearch) wildcard aliases resolution not working in \"indices\" rule.", "\ud83e\uddd0Enhancement: it is now possible now to use JDK 9 and 10", "\ud83d\udc1e Fix (PRO/Enterprise) wait forever for login request (i.e.  slow LDAP servers)", "\ud83d\udc1e Fix (PRO/Enterprise) add spinner and block UI if login request is being sent", "\ud83d\udc1e Fix (PRO/Enterprise) if user is logged out because of LDAP cache expiring + slow authentication, redirect to login.", "\ud83d\udc1e Fix (PRO/Enterprise) let RO users delete/edit search filters"]}, {"version": "1.16.21", "changes": ["\ud83d\ude80New Feature: Introducing support for Elasticsearch and Kibana v6.3.0", "\ud83d\udc1e Fix (Enterprise) multi tenancy - switching tenancy does not always switch kibana index"]}, {"version": "1.16.20", "changes": ["\ud83e\uddd0 Enhancement: when login, forward \"elasticsearch.requestHeadersWhitelist\" headers. (useful for \"headers\" rule  and \"proxy_auth\" to work well.)"]}]