Security Updates Coming to Kibana on Compose for Elasticsearch

5 min read

Upgrading all Compose for Elasticsearch deployments with Kibana

In keeping up with the latest Kibana and Elasticsearch security updates to protect all our IBM Cloud Compose for Elasticsearch users, we're issuing a 7-day notice, effective today, that we'll be upgrading all Compose for Elasticsearch deployments with Kibana on versions below 5.6.15 and 6.6.1.

The latest security update for Kibana addresses two particular security issues that affect Kibana users on versions below 5.6.15 and 6.6.1. These security issues are related to a cross-site scripting (XSS) vulnerability and a flaw in the Timelion visualizer (see CVE-2019-7608 and CVE-2019-7609) where attackers could send a request to execute remote code.

Important dates

Due to the security update, we're giving all Compose for Elasticsearch customers with Kibana 7-days notice that we'll be updating your deployments to the latest minor version of your major version that's security compliant. These updates will begin starting from May 17th, 2019. You may notice a short service interruption with your Kibana service during the update process during that time since we're updating the Compose for Elasticsearch deployment and Kibana.

If you'd like to opt out of the update, you can contact the IBM Cloud support team. They will make sure to not update your deployment but will remove Kibana from that deployment.

For any other questions, please reach out to the IBM Cloud support team. We will be happy to assist you with any questions.

Be the first to hear about news, product updates, and innovation from IBM Cloud