opendistro-for-elasticsearch/security v1.9.0.2

Release v1.9.0.2

on GitHub

Install

• To install plugin navigate to the Elasticsearch home directory and run
  sudo bin/elasticsearch-plugin install https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-security/opendistro_security-1.9.0.2.zip
  

Enhancements

• Remove cluster monitor check from audit transport check (#653)
  
• Enable or disable check for all audit REST and transport categories (#645)
  
• Add ability for plugins to inject roles (#560)
  

Bug fixes

• Remove exception details from responses (#667)
  
• Adding onelogin loadXML util helper to prevent XXE attacks (#659)
  
• Add non-null to store even non-default values in serialization (#652)
  
• Refactor opendistro_security_action_trace logger (#609)
  
• Fail on invalid rest and transport categories (#638)
  
• Correct a typo in the Readme file. (#607)
  
• Fix AccessControlException during HTTPSamlAuthenticator initialization. (#626)
  
• Remove unnecessary check of remote address for null (#616)
  
• Prevent hidden roles from being added via rolesmapping and internalusers API (#614)
  

Maintenance

• Close AuditLog while closing OpenDistroSecurityPlugin and unregister shutdown hook when closing AuditLogImpl. (#663)
  
• Fix unit tests failures in HTTPSamlAuthenticatorTest (#664)
  
• Add copyright headers for audit classes (#644)
  
• Clean up rest and transport header filtering (#637)
  
• Upgrade jackson-databind to 2.11.2 (#618)