When will the fix for CVE-2023-38552/39331/39332/44487 upgrading nodejs >= 18.18.2 be available in the Kibana 8.10.x version?
The PR above merged after the release of Kibana 8.10.4, which is the latest
8.10.x release. As a result of this timing, the next version of Kibana that includes Node
18.18.2 will be Kibana
8.11.0. I can't promise a specicic date for the release of
8.11.0, but it's expected to be available soon.
Great, thank you for your response!
Hello, can you tell me Kibana version 8.10.4 already with Node 18.18.2? otherwise my scanner complains that there is still an old version.
Kibana 8.11.1 is out, and I believe this should have the new version of node.js.
Yes, I already installed it.
Is it really possible to update this component separately? or too many dependencies?
You should always look to keep Elasticsearch and Kibana on the same version. Other components are as far as I know generally less sensitive.
I mean node.js as a component in the kibana package.
Yes, that's right, the major and minor versions must match.
Thanks all for the conversation above!
- Elastic Security 8.11.1, which includes node
18.18.2, is available
- The previous
8.10.xversion of Kibana,
8.10.4, was NOT tested with node
18.18.2. In general, avoid paring Kibana with untested versions of node
- Always upgrade all components of the Elastic stack together, via Elastic Cloud or the instructions for on-prem