From owner-freebsd-elastic@freebsd.org Tue Jul 28 15:43:36 2020 Return-Path: Delivered-To: freebsd-elastic@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6A32D36D677 for ; Tue, 28 Jul 2020 15:43:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4BGLYh2HJyz4YF8 for ; Tue, 28 Jul 2020 15:43:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 4E54D36D94A; Tue, 28 Jul 2020 15:43:36 +0000 (UTC) Delivered-To: elastic@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4E19836D6C5 for ; Tue, 28 Jul 2020 15:43:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BGLYh1LgXz4YJM for ; Tue, 28 Jul 2020 15:43:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EC1F4115F2 for ; Tue, 28 Jul 2020 15:43:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 06SFhZdU098622 for ; Tue, 28 Jul 2020 15:43:35 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 06SFhZv7098621 for elastic@FreeBSD.org; Tue, 28 Jul 2020 15:43:35 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" From: bugzilla-noreply@freebsd.org To: elastic@FreeBSD.org Subject: maintainer-feedback requested: [Bug 248330] textproc/kibana6: Update to 6.8.11 Date: Tue, 28 Jul 2020 15:43:35 +0000 X-Bugzilla-Type: request X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: elastic@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? Message-ID: In-Reply-To: References: X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-elastic@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Support of ElasticSearch-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jul 2020 15:43:36 -0000 Bugzilla Automation has asked freebsd-elastic (Nobod= y) for maintainer-feedback: Bug 248330: textproc/kibana6: Update to 6.8.11 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D248330 --- Description --- Hi, please find the patch attached. Changelog: * Security updates - In Kibana 6.8.11 and earlier, there is a denial of service (DoS) flaw in Timelion. Attackers can construct a URL that when viewed by a Kibana user, = the Kibana process consumes large amounts of CPU and becomes unresponsive, CVE-2020-7016. You must upgrade to 6.8.11. If you are unable to upgrade, set timelion.enabled to false in your kibana.yml file to disable Timelion. - In all Kibana versions, region map visualizations contain a stored XSS flaw. Attackers that can edit or create region map visualizations can obtain sensitive information or perform destructive actions on behalf of Kibana us= ers who view the region map visualization, CVE-2020-7017. You must upgrade to 6.8.11. If you are unable to upgrade, set xpack.maps.enabled, region_map.enabled, and tile_map.enabled to false in kibana.yml to disable map visualizations. * Enhancements - Platform - Makes SameSite cookie=E2=80=99s attribute configurable * Security - Supports deep links inside of RelayState for SAML IdP initiated login If users want to deep link into Kibana after a successful SAML Identity Provider initiated login, they can set xpack.security.authc.providers.saml..useRelayStateDeepLink f= or a specific SAML authentication provider and provide a deep link in the RelayS= tate parameter. * Bug fixes - Maps - Loads configuration from EMS-metadata in region-maps * Security - Redirects to Logged Out UI on SAML Logout Response #69676 - Previously Kibana redirected users to a default location as the last st= ep of a SAML User/SP Initiated Single Logout (SP SLO), which forced users to l= og in again when the Login Selector UI was not available. Now, Kibana redirects users to either the Login Selector UI or the Logged Out UI at the end of SP SLO. Poudriere log: https://freebsd-stable.builder.wilbury.net/data/12_STABLE_GENERIC_amd64-def= ault /2020-07-28_17h03m49s/logs/kibana6-6.8.11.log