Groovy scripting was removed in 6.0. The remaining languages (expressions and painless) are sandboxed and safe.
Is it possible to disable some script langages in Elasticsearch configuration?
Since the builtin languages in elasticsearch are safe, we removed this ability. Any external languages added by plugins can simply be removed as plugins.
is it safe to expose a Kibana instance to anonymous Internet users
While you may be able to protect data with elasticsearch security and anonymous access, opening up a system to the internet always leaves it open to various DOS type attacks. It is generally better to proxy any external access, so you can restrict the access to specific patterns of requests.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.