Can we upgrade only Kibana version from 8.6.2 to 8.11.1

amitjadhav0384 · February 13, 2024, 10:34am

Currently we have installed and using version 8.6.2 for Elasticsearch, Logstash and Kibana. But due to below mentioned vulnerabilities we want to upgrade Kibana to version 8.11.1
• Arbitrary Code Injection CVE-2023-31414
• Information Exposure Through Log Files CVE-2023-46671
• Insertion of Sensitive Information into Log File CVE-2023-46675
• Cross-site Scripting (XSS) CVE-2020-7015

So, can we only upgrade Kibana to version 8.11.1 and continue using version 8.6.2 for Elasticsearch and Logstash ?

leandrojmp · February 13, 2024, 12:33pm

No, you cannot, Kibana needs to be on the same version as Elasticsearch.

Logstash can be in a different version, but Kibana cannot.

amitjadhav0384 · February 14, 2024, 10:30am

Thank you Leandro for confirming.
Before we upgrade Kibana, do we need to take back of Logstash Pipelines, Index Management, Index Life Cycle Policies Roles, Spaces etc which are under Stack Management ?
If yes, can you please let us know as to how we can take backup and restore it after upgrade.
Note : We would be downloading compressed tarball for upgradation.

system · March 13, 2024, 10:31am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.