Last active
February 1, 2025 06:24
-
-
Save ton77v/f9165544cfbf98c8bd1988cbfa7aea95 to your computer and use it in GitHub Desktop.
1.53.0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'release_summary': 'The ReadOnlyRest 1.53.0 release addresses two critical ' | |
| 'security vulnerabilities: CVE-2023-4586, which could ' | |
| 'allow MITM attacks due to missing hostname validation ' | |
| 'in the Hot Rod client, and CVE-2023-5072, a ' | |
| 'high-severity DoS vulnerability in JSON-Java. ' | |
| 'Additionally, this release introduces support for the ' | |
| 'latest Kibana and Elasticsearch versions (8.11.x and ' | |
| '7.17.16) and includes several bug fixes, such as ' | |
| 'resolving login issues in Kibana when deployed using ' | |
| 'ECK and improving stability during license service ' | |
| 'initialization.'} | |
| { 'changelog_entries': [ { 'description': 'This release addresses two ' | |
| 'critical security ' | |
| 'vulnerabilities: ' | |
| 'CVE-2023-4586, which involves ' | |
| 'a failure to enable hostname ' | |
| 'validation in the Hot Rod ' | |
| 'client when using TLS, ' | |
| 'potentially allowing MITM ' | |
| 'attacks, and CVE-2023-5072, a ' | |
| 'Denial of Service (DoS) ' | |
| 'vulnerability in JSON-Java ' | |
| 'caused by a bug in the parser ' | |
| 'leading to indefinite memory ' | |
| 'usage. Both vulnerabilities ' | |
| 'have been flagged as high ' | |
| 'severity.', | |
| 'title': '🚨Security Fix (ES) ' | |
| '[CVE-2023-4586](https://nvd.nist.gov/vuln/detail/CVE-2023-4586), ' | |
| '[CVE-2023-5072](https://nvd.nist.gov/vuln/detail/CVE-2023-5072)'}, | |
| { 'description': 'This update adds support for ' | |
| 'Kibana versions 8.11.3, ' | |
| '8.11.2, 8.11.1, 8.11.0, and ' | |
| '7.17.16, ensuring ' | |
| 'compatibility with the latest ' | |
| 'Kibana releases.', | |
| 'title': '🚀New (KBN) 8.11.3, 8.11.2, 8.11.1, ' | |
| '8.11.0, 7.17.16 support'}, | |
| { 'description': 'This update adds support for ' | |
| 'Elasticsearch versions ' | |
| '8.11.3, 8.11.2, 8.11.1, ' | |
| '8.11.0, and 7.17.16, ensuring ' | |
| 'compatibility with the latest ' | |
| 'Elasticsearch releases.', | |
| 'title': '🚀New (ES) 8.11.3, 8.11.2, 8.11.1, ' | |
| '8.11.0, 7.17.16 support'}, | |
| { 'description': 'A new endpoint has been added ' | |
| 'to the ReadonlyREST API to ' | |
| 'activate licenses, ' | |
| 'simplifying the license ' | |
| 'management process for Kibana ' | |
| 'users.', | |
| 'title': '🧐Enhancement (KBN) Provide Activate ' | |
| 'license endpoint to the ' | |
| 'ReadonlyREST API'}, | |
| { 'description': 'This enhancement simplifies ' | |
| 'the configuration by ' | |
| 'eliminating the need to ' | |
| 'explicitly allow ' | |
| 'Kibana-related indices when ' | |
| 'both the `kibana` rule and ' | |
| 'the `indices` rule are ' | |
| 'defined in the same block.', | |
| 'title': '🧐Enhancement (ES) [when the ' | |
| '`kibana` rule and the `indices` ' | |
| 'rule are defined in the same ' | |
| 'block](https://github.com/beshu-tech/readonlyrest-docs/blob/master/elasticsearch.md#index), ' | |
| 'there is no need to explicitly ' | |
| 'allow kibana-related indices'}, | |
| { 'description': 'This fix resolves an issue ' | |
| 'where report generation would ' | |
| 'fail when the `kibana.index` ' | |
| 'setting was specified in the ' | |
| 'kibana.yml configuration ' | |
| 'file.', | |
| 'title': '🐞Fix (KBN) problem with reports ' | |
| 'generation when `kibana.index` in ' | |
| 'kibana.yml is used'}, | |
| { 'description': 'This fix addresses a crash ' | |
| 'loop that occurred during the ' | |
| 'initialization of the license ' | |
| 'service, improving the ' | |
| 'stability of Kibana.', | |
| 'title': '🐞Fix (KBN) crash loop during ' | |
| 'license service initialization'}, | |
| { 'description': 'This fix resolves login ' | |
| 'issues in Kibana versions ' | |
| '7.17.13 and above, and 8.10.4 ' | |
| 'and above, when deployed ' | |
| 'using Elastic Cloud on ' | |
| 'Kubernetes (ECK).', | |
| 'title': '🐞Fix (KBN) problem with logging in ' | |
| 'in KBN 7.17.13 (and above) and ' | |
| '8.10.4 (and above) when deployed ' | |
| 'using ECK'}, | |
| { 'description': 'This fix addresses a problem ' | |
| 'with multi-tenancy when using ' | |
| 'Elastic Cloud on Kubernetes ' | |
| '(ECK), ensuring proper ' | |
| 'functionality in multi-tenant ' | |
| 'environments.', | |
| 'title': '🐞Fix (KBN) [problem with ' | |
| 'multi-tenancy and ' | |
| 'ECK](https://forum.readonlyrest.com/t/multi-tanancy-issue/2427)'}, | |
| { 'description': 'This fix resolves an issue ' | |
| 'where users would receive a ' | |
| 'forbidden response when ' | |
| 'attempting to log in to ' | |
| 'Kibana due to a problem with ' | |
| 'the `/_create/config` ' | |
| 'endpoint.', | |
| 'title': '🐞Fix (KBN) problem with forbidden ' | |
| '`/_create/config` response on Login ' | |
| 'to the Kibana'}, | |
| { 'description': 'This fix addresses an issue ' | |
| 'where a non-default ' | |
| 'Elasticsearch path (e.g., on ' | |
| 'Kubernetes) would cause an ' | |
| 'IllegalArgumentException ' | |
| 'during initialization, ' | |
| 'ensuring proper functionality ' | |
| 'in such environments.', | |
| 'title': '🐞Fix (ES) [patching fix, when a ' | |
| 'non-default ES path is used (e.g. ' | |
| 'on ' | |
| 'K8s)](https://forum.readonlyrest.com/t/getting-java-lang-illegalargumentexception-when-initializing-ror-in-es-8-10-4/2441)'}], |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment