Elasticsearch and Kibana new version #633
Replies: 16 comments 1 reply
-
|
the containers.txt file in your LME folder can be adjusted to any version you want. Just keep in mind that these versions havent been tested: https://github.com/cisagov/LME/blob/main/config/containers.txt |
Beta Was this translation helpful? Give feedback.
-
|
other changes you may have to make if doing a full install: stack version here: https://github.com/cisagov/LME/blob/main/config/example.env set fleet here: https://github.com/cisagov/LME/blob/main/ansible/set_fleet.yml Post install set fleet section: anything that says kbn-version https://github.com/cisagov/LME/blob/main/ansible/post_install_local.yml Because the API may change if you're doing this from an install it may cause issues. We don't have any steps to do this from an already running install yet. Is there functionality from 8.17 you're trying to get? |
Beta Was this translation helpful? Give feedback.
-
|
If I modify the containers.txt file with the new version, LME will update to that version?
Thank you,
From: Andrew Arz ***@***.***>
Sent: Monday, March 31, 2025 8:19 AM
To: cisagov/LME ***@***.***>
Cc: Chenh Hong ***@***.***>; Author ***@***.***>
Subject: Re: [cisagov/LME] Elasticsearch and Kibana new version (Discussion #633)
Glantz External Email Warning: Thoroughly review all content of this email before responding, clicking on any links, or opening any attachments. If anything looks strange please delete the email and contact Glantz IT
the containers.txt file in your LME folder can be adjusted to any version you want. Just keep in mind that these versions havent been tested:
https://github.com/cisagov/LME/blob/main/config/containers.txt
—
Reply to this email directly, view it on GitHub<#633 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BPUNJIBYKGSY2ARPB33LF6D2XEXDBAVCNFSM6AAAAAB2CULHDSVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTENRXGU4DINY>.
You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>
Chenh Hong
Network/Security Manager
Glantz
2501 Constant Comment Place
Louisville, KY 40299
Tel: 502.568.4429
[https://s3.amazonaws.com/glantz/glantz/content/website/PlaskoliteEsig.jpg]<https://www.nglantz.com/search?searchString=MC72406PL&trk=CMP-104708>
Shop at Glantz<https://www.nglantz.com>
[https://s3.amazonaws.com/glantz/glantz/content/website/facebook-colorful-logo.png]<https://www.facebook.com/GlantzSignSupplies/> [https://s3.amazonaws.com/glantz/glantz/content/website/instagram-colorful-logo.png] <https://www.instagram.com/glantzsignsupplies/> [https://s3.amazonaws.com/glantz/glantz/content/website/linkedin-colorful-logo.png] <https://www.linkedin.com/company/1303642?trk=tyah&trkInfo=tarId%3A1410786353426%2Ctas%3An%20gl%2Cidx%3A2-2-7> [https://s3.amazonaws.com/glantz/glantz/content/website/youtube-colorful-logo.png] ***@***.***>
Disclaimer posted by 766HGC3dXXQ167
|
Beta Was this translation helpful? Give feedback.
-
|
I don’t want to start over. Just want to update to the new version.
There are some features, performance and stability in 8.17.4 that I would like to try.
Thank you,
From: Andrew Arz ***@***.***>
Sent: Monday, March 31, 2025 8:24 AM
To: cisagov/LME ***@***.***>
Cc: Chenh Hong ***@***.***>; Author ***@***.***>
Subject: Re: [cisagov/LME] Elasticsearch and Kibana new version (Discussion #633)
Glantz External Email Warning: Thoroughly review all content of this email before responding, clicking on any links, or opening any attachments. If anything looks strange please delete the email and contact Glantz IT
other changes you may have to make if doing a full install:
stack version here: https://github.com/cisagov/LME/blob/main/config/example.env
set fleet here: https://github.com/cisagov/LME/blob/main/ansible/set_fleet.yml
Post install set fleet section:
anything that says kbn-version
https://github.com/cisagov/LME/blob/main/ansible/post_install_local.yml
Because the API may change if you're doing this from an install it may cause issues.
We don't have any steps to do this from an already running install yet.
Is there functionality from 8.17 you're trying to get?
—
Reply to this email directly, view it on GitHub<#633 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BPUNJIG54E7VSWTAI2CJRS32XEXVXAVCNFSM6AAAAAB2CULHDSVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTENRXGU4DOOA>.
You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>
Chenh Hong
Network/Security Manager
Glantz
2501 Constant Comment Place
Louisville, KY 40299
Tel: 502.568.4429
[https://s3.amazonaws.com/glantz/glantz/content/website/PlaskoliteEsig.jpg]<https://www.nglantz.com/search?searchString=MC72406PL&trk=CMP-104708>
Shop at Glantz<https://www.nglantz.com>
[https://s3.amazonaws.com/glantz/glantz/content/website/facebook-colorful-logo.png]<https://www.facebook.com/GlantzSignSupplies/> [https://s3.amazonaws.com/glantz/glantz/content/website/instagram-colorful-logo.png] <https://www.instagram.com/glantzsignsupplies/> [https://s3.amazonaws.com/glantz/glantz/content/website/linkedin-colorful-logo.png] <https://www.linkedin.com/company/1303642?trk=tyah&trkInfo=tarId%3A1410786353426%2Ctas%3An%20gl%2Cidx%3A2-2-7> [https://s3.amazonaws.com/glantz/glantz/content/website/youtube-colorful-logo.png] ***@***.***>
Disclaimer posted by 766HGC3dXXQ167
|
Beta Was this translation helpful? Give feedback.
-
|
yeah, thats not a clean answer that i can just say "change this number to this number" its multiple changes throughout code. |
Beta Was this translation helpful? Give feedback.
-
|
I've spun up an LME instance this week, and done a Nessus scan. We are getting 'High' vulnerabilities for Kibana. "The version of Kibana installed on the remote host is prior to 8.17.3. It is, therefore, affected by a vulnerability as referenced in the ESA_2025_06 advisory" Solution Are there plans to be able to get this upgraded for LME instances that are already running? |
Beta Was this translation helpful? Give feedback.
-
|
This is a false positive. This issue does not affect self managed kibana instances: https://thehackernews.com/2025/03/elastic-releases-urgent-fix-for.html You can also mitigate just incase by adding this to kibana.yml: "xpack.integration_assistant.enabled: false" An upgrade will inevitably come -- but you don't have a critical exploit currently on the system. |
Beta Was this translation helpful? Give feedback.
-
|
I am running a test on a higher version tomorrow morning.
If it is successful, it may be in the next release.
I can let you know what I did to upgrade it if so.
Thanks,
Clint Baxley
…On Thu, Apr 3, 2025 at 12:37 PM hearnyj ***@***.***> wrote:
We are getting 'High' Nessus vulnerabilities for Kibana.
"The version of Kibana installed on the remote host is prior to 8.17.3. It
is, therefore, affected by a vulnerability as referenced in the ESA_2025_06
advisory"
Solution
Upgrade to Kibana version 8.17.3 or later."
Are there plans to be able to get this upgraded for LME instances that are
already running?
—
Reply to this email directly, view it on GitHub
<#633 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAQY33WYN5B6JJNGOFUBKKD2XVPTZAVCNFSM6AAAAAB2CULHDSVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTENZRGYZTEMA>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
Amazing! Thank you for the swift response and for LME. I am looking forward to doing a deep dive with this over the next few weeks. |
Beta Was this translation helpful? Give feedback.
-
|
Please let us know. Thank you
From: Clint Baxley ***@***.***>
Sent: Thursday, April 3, 2025 12:53 PM
To: cisagov/LME ***@***.***>
Cc: Chenh Hong ***@***.***>; Author ***@***.***>
Subject: Re: [cisagov/LME] Elasticsearch and Kibana new version (Discussion #633)
Glantz External Email Warning: Thoroughly review all content of this email before responding, clicking on any links, or opening any attachments. If anything looks strange please delete the email and contact Glantz IT
I am running a test on a higher version tomorrow morning.
If it is successful, it may be in the next release.
I can let you know what I did to upgrade it if so.
Thanks,
Clint Baxley
On Thu, Apr 3, 2025 at 12:37 PM hearnyj ***@***.***<mailto:***@***.***>> wrote:
We are getting 'High' Nessus vulnerabilities for Kibana.
"The version of Kibana installed on the remote host is prior to 8.17.3. It
is, therefore, affected by a vulnerability as referenced in the ESA_2025_06
advisory"
Solution
Upgrade to Kibana version 8.17.3 or later."
Are there plans to be able to get this upgraded for LME instances that are
already running?
—
Reply to this email directly, view it on GitHub
<#633 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAQY33WYN5B6JJNGOFUBKKD2XVPTZAVCNFSM6AAAAAB2CULHDSVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTENZRGYZTEMA>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***<mailto:***@***.***>>
—
Reply to this email directly, view it on GitHub<#633 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BPUNJIC4ZPE5UM3S7SJ7VF32XVRNPAVCNFSM6AAAAAB2CULHDSVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTENZRGY2TOMQ>.
You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>
Chenh Hong
Network/Security Manager
Glantz
2501 Constant Comment Place
Louisville, KY 40299
Tel: 502.568.4429
[https://s3.amazonaws.com/glantz/glantz/content/website/033125eSig.png]<https://www.nglantz.com/search?searchString=Sign+Hero&facets=fg_brand%7Cfg_brand_Keystone&from=1&trk=CMP-135990>
Shop at Glantz<https://www.nglantz.com>
[https://s3.amazonaws.com/glantz/glantz/content/website/facebook-colorful-logo.png]<https://www.facebook.com/GlantzSignSupplies/> [https://s3.amazonaws.com/glantz/glantz/content/website/instagram-colorful-logo.png] <https://www.instagram.com/glantzsignsupplies/> [https://s3.amazonaws.com/glantz/glantz/content/website/linkedin-colorful-logo.png] <https://www.linkedin.com/company/1303642?trk=tyah&trkInfo=tarId%3A1410786353426%2Ctas%3An%20gl%2Cidx%3A2-2-7> [https://s3.amazonaws.com/glantz/glantz/content/website/youtube-colorful-logo.png] ***@***.***>
Disclaimer posted by 766HGC3dXXQ167
|
Beta Was this translation helpful? Give feedback.
-
|
This is a false positive. This issue does not affect self managed kibana instances: https://thehackernews.com/2025/03/elastic-releases-urgent-fix-for.html You can also mitigate just incase by adding this to kibana.yml: "xpack.integration_assistant.enabled: false" |
Beta Was this translation helpful? Give feedback.
-
|
still want to know how to upgrade to the latest version. |
Beta Was this translation helpful? Give feedback.
![https://s3.amazonaws.com/glantz/glantz/content/website/PlaskoliteEsig.jpg]<https://www.nglantz.com/search?searchString=MC72406PL&trk=CMP-104708](https://s3.amazonaws.com/glantz/glantz/content/website/PlaskoliteEsig.jpg]<https://www.nglantz.com/search?searchString=MC72406PL&trk=CMP-104708){kind=link}
![https://s3.amazonaws.com/glantz/glantz/content/website/facebook-colorful-logo.png]<https://www.facebook.com/GlantzSignSupplies/](https://s3.amazonaws.com/glantz/glantz/content/website/facebook-colorful-logo.png]<https://www.facebook.com/GlantzSignSupplies/){kind=link}
![https://s3.amazonaws.com/glantz/glantz/content/website/033125eSig.png]<https://www.nglantz.com/search?searchString=Sign+Hero&facets=fg_brand%7Cfg_brand_Keystone&from=1&trk=CMP-135990](https://s3.amazonaws.com/glantz/glantz/content/website/033125eSig.png]<https://www.nglantz.com/search?searchString=Sign+Hero&facets=fg_brand%7Cfg_brand_Keystone&from=1&trk=CMP-135990){kind=link}
-
|
I also get a similar error when running the export indices script from 1.x to 2.x. It errors "Unsupported Elasticsearch version: This script supports Elasticsearch 8.x." So I'm assuming I need to update Elasticsearch so I can run the upgrade From this guide https://github.com/cisagov/LME/tree/ff0466c469564606a48f2d908de7da1d822410a9/scripts/upgrade |
Beta Was this translation helpful? Give feedback.
-
|
Yes. SoyG you have to export the old dashboards, run the new installer,
then import the old dashboards.
…On Wed, Apr 9, 2025 at 1:41 PM SoyG ***@***.***> wrote:
I also get a similar error when running the upgrade script from 1.x to
2.x. It errors "Unsupported Elasticsearch version: This script supports
Elasticsearch 8.x." So I'm assuming I need to update Elasticsearch so I can
run the upgrade
From this guide
https://github.com/cisagov/LME/tree/ff0466c469564606a48f2d908de7da1d822410a9/scripts/upgrade
—
Reply to this email directly, view it on GitHub
<#633 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAQY33XRZC4FKP5HQ37KACT2YVLWLAVCNFSM6AAAAAB2CULHDSVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTENZYGE3TOMI>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
I have finally got it to upgrade to 8.17.7 and it works perfectly. If you guys want the process, Let me know. I will send what I have to upgrade from 8.15.3 to 8.17.7. |
Beta Was this translation helpful? Give feedback.
-
|
We are releasing a version with 8.18.0 probably later today.
You will be able to backup, upgrade, and rollback. Should hopefully upgrade
your version without incident too.
Watch for the 2.1 release.
…On Fri, Jun 13, 2025 at 11:37 AM cisspUser01 ***@***.***> wrote:
I have finally got it to upgrade to 8.17.7 and it works perfectly. If you
guys want the process, Let me know. I will send what I have to upgrade from
8.15.3 to 8.17.7.
—
Reply to this email directly, view it on GitHub
<#633 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAQY33SVIINPMD6HB37CIND3DLV4LAVCNFSM6AAAAAB2CULHDSVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTGNBWGI2TCOI>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
That’s awesome. thank you.
From: Clint Baxley ***@***.***>
Sent: Friday, June 13, 2025 12:49 PM
To: cisagov/LME ***@***.***>
Cc: Chenh Hong ***@***.***>; Author ***@***.***>
Subject: Re: [cisagov/LME] Elasticsearch and Kibana new version (Discussion #633)
Glantz External Email Warning: Thoroughly review all content of this email before responding, clicking on any links, or opening any attachments. If anything looks strange please delete the email and contact Glantz IT
We are releasing a version with 8.18.0 probably later today.
You will be able to backup, upgrade, and rollback. Should hopefully upgrade
your version without incident too.
Watch for the 2.1 release.
On Fri, Jun 13, 2025 at 11:37 AM cisspUser01 ***@***.***<mailto:***@***.***>> wrote:
I have finally got it to upgrade to 8.17.7 and it works perfectly. If you
guys want the process, Let me know. I will send what I have to upgrade from
8.15.3 to 8.17.7.
—
Reply to this email directly, view it on GitHub
<#633 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAQY33SVIINPMD6HB37CIND3DLV4LAVCNFSM6AAAAAB2CULHDSVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTGNBWGI2TCOI>
.
You are receiving this because you commented.Message ID:
***@***.***<mailto:***@***.***>>
—
Reply to this email directly, view it on GitHub<#633 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BPUNJIFVUKQ35DMQCRHRCM33DL6HBAVCNFSM6AAAAAB2CULHDSVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTGNBWGMZTINA>.
You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>
Chenh Hong
Network/Cybersecurity Manager
Glantz
2501 Constant Comment Place
Louisville, KY 40299
Tel: 502.568.4429
[https://s3.amazonaws.com/glantz/glantz/content/website/060925eSig-Wieland.png]<https://www.nglantz.com/search?searchString=Wieland&facets=fg_brand%7Cfg_brand_Wieland&facets=fg_type%7Cfg_type_Aluminum-Blank&facets=fg_type%7Cfg_type_Aluminum-Blank-with-Holes&facets=fg_type%7Cfg_type_Aluminum-Sheet&from=1&trk=CMP-200491>
Shop at Glantz<https://www.nglantz.com>
[https://s3.amazonaws.com/glantz/glantz/content/website/facebook-colorful-logo.png]<https://www.facebook.com/GlantzSignSupplies/> [https://s3.amazonaws.com/glantz/glantz/content/website/instagram-colorful-logo.png] <https://www.instagram.com/glantzsignsupplies/> [https://s3.amazonaws.com/glantz/glantz/content/website/linkedin-colorful-logo.png] <https://www.linkedin.com/company/1303642?trk=tyah&trkInfo=tarId%3A1410786353426%2Ctas%3An%20gl%2Cidx%3A2-2-7> [https://s3.amazonaws.com/glantz/glantz/content/website/youtube-colorful-logo.png] ***@***.***>
Disclaimer posted by 766HGC3dXXQ167
|
![https://s3.amazonaws.com/glantz/glantz/content/website/060925eSig-Wieland.png]<https://www.nglantz.com/search?searchString=Wieland&facets=fg_brand%7Cfg_brand_Wieland&facets=fg_type%7Cfg_type_Aluminum-Blank&facets=fg_type%7Cfg_type_Aluminum-Blank-with-Holes&facets=fg_type%7Cfg_type_Aluminum-Sheet&from=1&trk=CMP-200491](https://s3.amazonaws.com/glantz/glantz/content/website/060925eSig-Wieland.png]<https://www.nglantz.com/search?searchString=Wieland&facets=fg_brand%7Cfg_brand_Wieland&facets=fg_type%7Cfg_type_Aluminum-Blank&facets=fg_type%7Cfg_type_Aluminum-Blank-with-Holes&facets=fg_type%7Cfg_type_Aluminum-Sheet&from=1&trk=CMP-200491){kind=link}
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
How can we update ES and Kibana to the latest version 8.17 in LME?
thank you,
Beta Was this translation helpful? Give feedback.
All reactions