ROR 1.65.0 release

coutoPL · coutoPL · commit e697f11dd0f4 · 2025-07-11T14:53:54.000+02:00
diff --git a/changelog.md b/changelog.md
@@ -1,5 +1,23 @@
 # Changelog
 
+### (2025-07-10) What's new in **ROR 1.65.0**
+* **🚨Security Fix** (KBN) [CVE-2025-5889](https://nvd.nist.gov/vuln/detail/CVE-2025-5889)
+* **🚨Security Fix** (ES) [CVE-2024-29857](https://nvd.nist.gov/vuln/detail/cve-2024-29857) (when FIPS SSL is used)
+* **🚀New** (KBN)  Added support for configuring [JSON log format](https://www.elastic.co/docs/troubleshoot/kibana/using-kibana-server-logs) in `kibana.yml`.
+* **🚀New** (ES) [Added support for a new output type: `data_stream` in audit logging](https://docs.readonlyrest.com/elasticsearch/audit#configuration).
+* **🚀New** (ES) Included Elasticsearch node name and cluster name in the audit reports.
+* **🧐Enhancement** (KBN) Logged detailed messages when the CSRF token has expired.
+* **🧐Enhancement** (KBN) [Added `id_token` as a valid option for `userInfoSource`](https://docs.readonlyrest.com/kibana#user-info-source-methods).
+* **🧐Enhancement** (ES) Improved handling of JVM properties related to ROR settings.
+* **🐞Fix** (KBN) Fixed OIDC logout redirection issue by switching `redirect_uri` to `id_token_hint` and using `post_logout_redirect_uri`.
+* **🐞Fix** (KBN) The ReadonlyREST Kibana plugin now accepts custom appender names defined in `kibana.yml`.
+* **🐞Fix** (KBN) When "Remember Group After Logout" is enabled, groups without access are correctly ignored during login.
+* **🐞Fix** (KBN) Fixed issue where the Kibana index template was not applied for Kibana versions ≥ 8.8.0.
+* **🐞Fix** (KBN) Resolved a bug with `readonlyrest_kbn.resetKibanaIndexToTemplate: true` for Kibana 7.x.
+* **🐞Fix** (KBN) Fixed an issue where a custom session index name was not respected after Kibana restart.
+* **🐞Fix** (ES) Fixed an issue preventing snapshots from being restored when no indices were specified.
+* **🐞Fix** (ES) File ownership and permissions are now preserved during `ror-tools` patch and unpatch operations.
+
 ### (2025-05-17) What's new in **ROR 1.64.2**
 * **🚀New** (KBN) 9.0.3, 9.0.2, 8.18.3, 8.18.2, 8.17.8, 8.17.7, 7.17.29 support 
 * **🚀New** (ES) 9.0.3, 9.0.2, 8.18.3, 8.18.2, 8.17.8, 8.17.7, 7.17.29 support 
diff --git a/eck.md b/eck.md
@@ -40,7 +40,7 @@ spec:
                 runAsGroup: 0
               env:
                 # we have to explicitly agree to patch the ES binaries (the patching step will be done only once)
-                - name: I_UNDERSTAND_IMPLICATION_OF_ES_PATCHING
+                - name: I_UNDERSTAND_AND_ACCEPT_ES_PATCHING
                   value: "yes"
                 # these two passwords are used by "elastic-internal" and "elastic-internal-probe" users - these users are used by ECK
                 - name: INTERNAL_USR_PASS
diff --git a/elasticsearch.md b/elasticsearch.md
@@ -44,7 +44,7 @@ The following diagram models an instance of Elasticsearch with the ReadonlyREST
 The simplest method to run Elasticsearch with the ReadonlyREST plugin is to use one of our docker images which you can find on [Docker Hub](https://hub.docker.com/r/beshultd/elasticsearch-readonlyrest):
 
 ```bash
-docker run -u root -p 9200:9200 -e "I_UNDERSTAND_IMPLICATION_OF_ES_PATCHING=yes" -e "KIBANA_USER_PASS=kibana" -e "ADMIN_USER_PASS=admin" -e "discovery.type=single-node" beshultd/elasticsearch-readonlyrest:8.14.3-ror-latest
+docker run -u root -p 9200:9200 -e "I_UNDERSTAND_AND_ACCEPT_ES_PATCHING=yes" -e "KIBANA_USER_PASS=kibana" -e "ADMIN_USER_PASS=admin" -e "discovery.type=single-node" beshultd/elasticsearch-readonlyrest:8.14.3-ror-latest
 ```
 
 OR with [Docker Compose](https://docs.docker.com/compose/):
@@ -59,7 +59,7 @@ services:
     ports:
       - "9200:9200"
     environment:
-      - I_UNDERSTAND_IMPLICATION_OF_ES_PATCHING=yes
+      - I_UNDERSTAND_AND_ACCEPT_ES_PATCHING=yes
       - KIBANA_USER_PASS=kibana
       - ADMIN_USER_PASS=admin
       - discovery.type=single-node
@@ -80,7 +80,7 @@ You can create locally customized `readonlyrest.yml` file and mount it as a [doc
 Assuming that your ROR settings file is located in `/tmp/my-readonlyrest.yml` you can use it like that:
 
 ```bash
-docker run -u root -p 9200:9200 -e "discovery.type=single-node" -e "I_UNDERSTAND_IMPLICATION_OF_ES_PATCHING=yes" -v /tmp/my-readonlyrest.yml:/etc/share/elasticsearch/config/readonlyrest.yml beshultd/elasticsearch-readonlyrest:8.14.3-ror-latest
+docker run -u root -p 9200:9200 -e "discovery.type=single-node" -e "I_UNDERSTAND_AND_ACCEPT_ES_PATCHING=yes" -v /tmp/my-readonlyrest.yml:/etc/share/elasticsearch/config/readonlyrest.yml beshultd/elasticsearch-readonlyrest:8.14.3-ror-latest
 ```
 
 OR
@@ -95,7 +95,7 @@ services:
     ports:
       - "9200:9200"
     environment:
-      - I_UNDERSTAND_IMPLICATION_OF_ES_PATCHING=yes
+      - I_UNDERSTAND_AND_ACCEPT_ES_PATCHING=yes
       - KIBANA_USER_PASS=kibana
       - ADMIN_USER_PASS=admin
       - discovery.type=single-node
diff --git a/kibana.md b/kibana.md
@@ -79,7 +79,7 @@ services:
     ports:
       - "9200:9200"
     environment:
-      - I_UNDERSTAND_IMPLICATION_OF_ES_PATCHING=yes
+      - I_UNDERSTAND_AND_ACCEPT_ES_PATCHING=yes
       - KIBANA_USER_PASS=kibana
       - ADMIN_USER_PASS=admin
       - discovery.type=single-node
