[jira] [Updated] (SENSSOFT-325) ELK stack <6.5 has known security issues

Tue, 15 Jan 2019 17:58:50 -0800 


     [ 
https://issues.apache.org/jira/browse/SENSSOFT-325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Joshua Poore updated SENSSOFT-325:
----------------------------------
    Description: 
Kibana and Elasticsearch both have known security issues related to code 
injection and user impersonation. 

[https://www.elastic.co/community/security]

Resolution is to upgrade from 6.2.2–>6.5.4. According to documentation, there 
are no breaking changes across the same major version. However, X-Pack plugin 
must be removed.

Will complete upgrade to E-L-K and test on new branch.

ElasticSearch 6.5.4 Docs:

[https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html] 

[https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-6.5.html]

[https://www.elastic.co/guide/en/kibana/current/docker.html]

[https://www.elastic.co/guide/en/kibana/current/breaking-changes.html]

[https://www.elastic.co/guide/en/logstash/current/docker.html]

[https://www.elastic.co/guide/en/logstash/current/breaking-changes.html]

[https://www.elastic.co/guide/en/logstash/current/upgrading-logstash-pqs.html]

[https://www.elastic.co/guide/en/logstash/current/config-examples.html]

 

 

 

 

 

  was:
Kibana and Elasticsearch both have known security issues related to code 
injection and user impersonation. 

[https://www.elastic.co/community/security]

Resolution is to upgrade from 6.2.2–>6.5.4. According to documentation, there 
are no breaking changes across the same major version. However, X-Pack plugin 
must be removed.

Will complete upgrade to E-L-K and test on new branch.

ElasticSearch 6.5:

[https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html] 

[https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-6.5.html]

 


> ELK stack <6.5 has known security issues 
> -----------------------------------------
>
>                 Key: SENSSOFT-325
>                 URL: https://issues.apache.org/jira/browse/SENSSOFT-325
>             Project: SensSoft
>          Issue Type: Bug
>          Components: builds
>    Affects Versions: SensSoft 1.0
>            Reporter: Joshua Poore
>            Assignee: Joshua Poore
>            Priority: Major
>             Fix For: SensSoft 1.0
>
>
> Kibana and Elasticsearch both have known security issues related to code 
> injection and user impersonation. 
> [https://www.elastic.co/community/security]
> Resolution is to upgrade from 6.2.2–>6.5.4. According to documentation, there 
> are no breaking changes across the same major version. However, X-Pack plugin 
> must be removed.
> Will complete upgrade to E-L-K and test on new branch.
> ElasticSearch 6.5.4 Docs:
> [https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html] 
> [https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-6.5.html]
> [https://www.elastic.co/guide/en/kibana/current/docker.html]
> [https://www.elastic.co/guide/en/kibana/current/breaking-changes.html]
> [https://www.elastic.co/guide/en/logstash/current/docker.html]
> [https://www.elastic.co/guide/en/logstash/current/breaking-changes.html]
> [https://www.elastic.co/guide/en/logstash/current/upgrading-logstash-pqs.html]
> [https://www.elastic.co/guide/en/logstash/current/config-examples.html]
>  
>  
>  
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to