Hi all, we would like to announce that Logstash 5.0.1 has been released with an important security patch. Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials. We advise our users using Logstash and x-pack to update to this release.
ESA-2016-08 has been filed for this vulnerability. Details of the vulnerability can be found here: https://www.elastic.co/community/security