Our vulnerability scanning tool, the absence of the following HTTP headers X-Frame-Options, X-XSS-Protection, X-Content-Type-Options has been reported. I want to know how we can rectify this? Is it fixed in the upgraded versions?
Version we use currently are as below:
Elasticsearch(ELK): 1.2.1
Logstash(ELK): 1.4.1
Kibana(ELK): 3.1.0
You should really, really, really upgrade. Those are all unsupported versions and have been for years - https://www.elastic.co/subscriptions/matrix
Yes @warkolm we are planning to upgrade but till the upgrade is complete we need to take an exception for the vulnerability and for that we need a confirmation if this issue still exists in the latest upgrade or not
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.