We have deployed Elasticsearch and Kibana on an internal network. The elasticsearch cluster has security and ML disabled
xpack.security.enabled: false
xpack.security.transport.ssl.enabled: false
xpack.security.http.ssl.enabled: false
xpack.ml.enabled: false
Kibana is deployed using RPM downloaded from official site.
The setup was working correctly in 9.3.1. Now we have upgraded Elasticsearch to 9.4.1 which went correctly. After that we upgraded the Kibana RPM to 9.4.1and restarted the kibana service. The service started correctly.
Opening the Kibana page on browser redirected to /app/discover like always and then it showed - 500-Internal Server Error. Check logs. Looking at the logs, we found an entry
[ERROR][plugins.security.user-profile] Failed to activate user profile: {"error":"no handler found for uri [/_security/profile/_activate] and method [POST]"}.
[ERROR][http] 500 Server Error
As Elasticsearch has security disabled, the _security/ endpoints are not available for Kibana to call. However, prior Kibana versions did not call this endpoint.
I also found a 2 week old Github bug which describes same scenario for docker but has not received guidance from developer community for fix/workarounds.
To use Kibana, only option is to downgrade it to 9.3.1 (That works with Elasticsearch-9.4.1) but the downgrade itself is quite involved as new alias have already been created for kibana indexes.