Kibana versions 5.0.1 and 4.6.3 fix an open redirect vulnerability in the short URL feature that would allow an attacker to create a redirect from the Kibana domain to a different website. We’ve assigned this vulnerability the identifier ESA-2016-08. Thank you to the GE Digital Security Team for finding and reporting the issue.
Users are encouraged to upgrade to Kibana 5.0.1 or 4.6.3 as soon as possible.
As always, grab the latest release from our downloads page.
For more information about this release, check out the blog post or release notes.