Elastic 8.19.4 and /api/streams/_status

fbacchella · October 6, 2025, 9:51am

If you think it is a bug report or you have a technical issue, please answer the following questions.

Elasticsearch version: 8.19.4

Kibana version (if relevant): 8.19.4

Browser version (if relevant): N/A

Describe the issue:

After upgrading to 8.19.4, Kibana is unusable, even for admin user. The URL http://localhost:5601/api/streams/_status returns

{
  "statusCode": 401,
  "error": "Unauthorized",
  "message": "Unauthorized: authentication_exception",
  "attributes": {
    "data": null
  }
}

The same URL on 8.18.4 returns:

{
  "enabled": false
}
~

Kibana fails on that and generate a logout. I didn’t change neither SG configuration or version, it was already at version 3.1.2. I tried to reapply the SG configuration.

In Kibana logs, I can see:

[2025-10-06T11:40:02.754+02:00] [WARN ] [http.server.kbn-internal-api-restricted] [{"service":{"node":{"roles":["background_tasks","ui"]}}}] Access to uri [/api/streams/_status] with method [get] is deprecated
[2025-10-06T11:40:02.866+02:00] [ERROR] [plugins.security.authentication] [{"service":{"node":{"roles":["background_tasks","ui"]}}}] License is not available or does not support security features, re-authentication is not possible (available: true, enabled: false, unavailable reason: undefined).

pablo · October 6, 2025, 11:20am

@fbacchella What do you mean by that? Does this refer to api/streams/_status only, or do you have a general Kibana access issue?

What was your SG version in 8.18.4?

Could you share your kibana.yml file?

pablo · October 6, 2025, 12:05pm

@fbacchella I’ve just tested with 8.19.4-3.1.2 and I’ve got the below response.

curl --insecure -u admin:admin -XGET https://localhost:5601/api/streams/_status

{"enabled":false}

The deprecation message was also visible in 8.18.4.

fbacchella · October 6, 2025, 12:26pm

I think kibana generate a logout error because of this error, it fails just after it.

fbacchella · October 6, 2025, 12:28pm

I only update ES + Kibana, SG was already in version 3.1.2

here it is.

elasticsearch:
    username: "kibana_system"
    hosts:
        - "https://XXXX:9200"
    ssl:
      certificateAuthorities: /data/kibana/1/conf/allca.crt
    requestTimeout: 180000
    requestHeadersWhitelist: 
        - "authorization"
        - "x-forwarded-for"
        - "x-forwarded-host"
        - "x-forwarded-server"
        - "x-forwarded-by"
        - "x-proxy-user"
        - "x-proxy-roles"
        - "x-remote-user"
        - "CAS_memberOf"
        - "CAS_sAMAccountName"
        - "sgtenant"
server:
    host: "127.0.0.1"
    port: 5601 
    publicBaseUrl: "https://XXXX:5601"
    ssl:
        enabled: false
csp:
    strict: true
searchguard:
    cookie:
        secure: true
    auth:
        type: "proxy"
        debug: false
    accountinfo:
        enabled: true
logging:
    appenders:
        file:
            type: rolling-file
            fileName: /data/kibana/1/logs/kibana.log
            layout:
                type: pattern
                pattern: "[%date] [%level] [%logger] [%meta] %message"
            policy:
                type: time-interval
                interval: 24h
                modulate: true
        systemd:
            type: console
            layout:
                type: json
    root:
        appenders: [file,systemd]
map:
    includeElasticMapsService: true
newsfeed.enabled: false
monitoring.ui.ccs.enabled: false
path:
    data: /data/kibana/1/var
pid:
    file: /run/kibana1/kibana.pid
xpack:
    screenshotting:
        browser.chromium.disableSandbox: false
telemetry:
    optIn: false
    enabled: false

fbacchella · October 6, 2025, 12:45pm

I upgraded my development cluster, in production, I don’t get the message about the license missing.

When I decode the license base64, I’m getting the following result

{"uid":"XXX","type":"FULL","issued_date":"2024-11-26","expiry_date":"2025-12-12","issued_to":"XXX","issuer":"floragunn GmbH","start_date":"2024-12-12","major_version":7,"cluster_name":"*","allowed_node_count_per_cluster":32768,"features":[],"license_version":1}

fbacchella · October 7, 2025, 10:13am

AS I’m using Apache in front of Kibana, I was able to hide the suspected /api/streams/_status behind a 404, it didn’t change any thing, but I’m still getting

[2025-10-07T12:09:11.112+02:00] [ERROR] [plugins.security.authentication] [{"service":{"node":{"roles":["background_tasks","ui"]}}}] License is not available or does not support security features, re-authentication is not possible (available: true, enabled: false, unavailable reason: undefined).

I don’t understand what is generating it

pablo · October 20, 2025, 10:02am

This issue is currently being investigated.

Topic		Replies	Views
Problems with Kibana 5 and SG 5.0.1-8 Search Guard	4	463	December 25, 2016
Kibana does not access Search Guard	8	447	December 4, 2017
KIbana api/status without auth? Search Guard	9	1205	July 6, 2017
Kibanaserver user unauthorized after upgrade to v6.4.2-23 Search Guard	5	4410	October 29, 2018
Problem with kibana 5.1.1 Search Guard	2	1007	December 22, 2016

Elastic 8.19.4 and /api/streams/_status

Related topics