Search Guard for Elasticsearch 6.5.1 released

Search Guard (®) is an Elasticsearch plugin that offers encryption, authentication, and authorization.

Coded with love in Berlin, Denmark, Sweden, and the US.

Search Guard is a trademark of floragunn GmbH, registered in the U.S. and in other countries.

Elasticsearch, Kibana, Logstash, and Beats are trademarks of Elasticsearch BV, registered in the U.S. and in other countries.

On Tuesday, November 27, 2018 at 4:06:52 AM UTC-5, Jochen Kressin wrote:

Hi all,

we’re happy to announce that Search Guard 6.5.1-23.2, compatible with Elasticsearch 6.5.1 and Kibana 6.5.1 has just been released!

Latest Search Guard versions.

Due to changes in Elasticsearch and Kibana please make sure you read and follow the upgrade instructions carefully:

Upgrade instructions

If you are using Kibana, make sure to update the permissions for the Kibana server and Kibana user roles.

This release of Search Guard and the Kibana plugin is not yet compatible with the new Kibana Spaces feature. We are working on the compatibility and will release a compatible version of the Kibana plugin very soon.

As always, thanks for your support and input!

Jochen and the Search Guard team

Search Guard (®) is an Elasticsearch plugin that offers encryption, authentication, and authorization.

Coded with love in Berlin, Denmark, Sweden, and the US.

Search Guard is a trademark of floragunn GmbH, registered in the U.S. and in other countries.

Elasticsearch, Kibana, Logstash, and Beats are trademarks of Elasticsearch BV, registered in the U.S. and in other countries.

On Wednesday, November 28, 2018 at 10:01:58 PM UTC+1, dchan@galileo.io wrote:

Hi Jochen,

I am upgrading from 6.4.1-23.2-SNAPSHOT to 6.5.1-23.2.

I am seeing the following error when trying to boot Elasticsearch.

[2018-11-28T20:35:50,499][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [xEMpebJ] fatal error in thread [Thread-5], exiting

java.lang.NoSuchMethodError: io.netty.internal.tcnative.SSL.setKeyMaterialServerSide(JJJ)V

at io.netty.handler.ssl.OpenSslKeyMaterialManager.setKeyMaterialServerSide(OpenSslKeyMaterialManager.java:81) ~[?:?]

at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.handshake(ReferenceCountedOpenSslEngine.java:1598) ~[?:?]

at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:958) ~[?:?]

at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1169) ~[?:?]

at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1212) ~[?:?]

at io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:216) ~[?:?]

at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1297) ~[?:?]

at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1199) ~[?:?]

at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1243) ~[?:?]

at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502) ~[?:?]

at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441) ~[?:?]

at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278) ~[?:?]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) ~[?:?]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) ~[?:?]

at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) ~[?:?]

at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434) ~[?:?]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) ~[?:?]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) ~[?:?]

at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965) ~[?:?]

at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) ~[?:?]

at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644) ~[?:?]

at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:544) ~[?:?]

at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:498) ~[?:?]

at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458) ~[?:?]

at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:897) ~[?:?]

at java.lang.Thread.run(Thread.java:834) [?:?]

Do you know what could be causing the error on boot?

I updated sg_roles.yml, according to https://docs.search-guard.com/latest/upgrading-560, for Kibana. But, the error looks related to SSL. Is there a setting that I need to update?

Thanks,

Dan

On Tuesday, November 27, 2018 at 4:06:52 AM UTC-5, Jochen Kressin wrote:

Hi all,

we’re happy to announce that Search Guard 6.5.1-23.2, compatible with Elasticsearch 6.5.1 and Kibana 6.5.1 has just been released!

Latest Search Guard versions.

Due to changes in Elasticsearch and Kibana please make sure you read and follow the upgrade instructions carefully:

Upgrade instructions

If you are using Kibana, make sure to update the permissions for the Kibana server and Kibana user roles.

This release of Search Guard and the Kibana plugin is not yet compatible with the new Kibana Spaces feature. We are working on the compatibility and will release a compatible version of the Kibana plugin very soon.

As always, thanks for your support and input!

Jochen and the Search Guard team

Search Guard (®) is an Elasticsearch plugin that offers encryption, authentication, and authorization.

Coded with love in Berlin, Denmark, Sweden, and the US.

Search Guard is a trademark of floragunn GmbH, registered in the U.S. and in other countries.

Elasticsearch, Kibana, Logstash, and Beats are trademarks of Elasticsearch BV, registered in the U.S. and in other countries.

On Thursday, November 29, 2018 at 5:48:05 AM UTC-5, Jochen Kressin wrote:

Good point, apparently the docs regarding OpenSSL are not up to date. Yes, you need to use a newer tcnative version with 6.5.x since ES has updated the netty library. Can you check what version of tcnative you are using? You need to upgrade to 2.0.15:

https://bintray.com/floragunncom/netty-tcnative/natives/2.0.15.Final#files

On Wednesday, November 28, 2018 at 10:01:58 PM UTC+1, dc...@galileo.io wrote:

Hi Jochen,

I am upgrading from 6.4.1-23.2-SNAPSHOT to 6.5.1-23.2.

I am seeing the following error when trying to boot Elasticsearch.

[2018-11-28T20:35:50,499][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [xEMpebJ] fatal error in thread [Thread-5], exiting

java.lang.NoSuchMethodError: io.netty.internal.tcnative.SSL.setKeyMaterialServerSide(JJJ)V

at io.netty.handler.ssl.OpenSslKeyMaterialManager.setKeyMaterialServerSide(OpenSslKeyMaterialManager.java:81) ~[?:?]

at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.handshake(ReferenceCountedOpenSslEngine.java:1598) ~[?:?]

at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:958) ~[?:?]

at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1169) ~[?:?]

at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1212) ~[?:?]

at io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:216) ~[?:?]

at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1297) ~[?:?]

at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1199) ~[?:?]

at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1243) ~[?:?]

at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502) ~[?:?]

at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441) ~[?:?]

at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278) ~[?:?]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) ~[?:?]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) ~[?:?]

at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) ~[?:?]

at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434) ~[?:?]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) ~[?:?]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) ~[?:?]

at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965) ~[?:?]

at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) ~[?:?]

at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644) ~[?:?]

at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:544) ~[?:?]

at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:498) ~[?:?]

at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458) ~[?:?]

at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:897) ~[?:?]

at java.lang.Thread.run(Thread.java:834) [?:?]

Do you know what could be causing the error on boot?

I updated sg_roles.yml, according to https://docs.search-guard.com/latest/upgrading-560, for Kibana. But, the error looks related to SSL. Is there a setting that I need to update?

Thanks,

Dan

On Tuesday, November 27, 2018 at 4:06:52 AM UTC-5, Jochen Kressin wrote:

Hi all,

we’re happy to announce that Search Guard 6.5.1-23.2, compatible with Elasticsearch 6.5.1 and Kibana 6.5.1 has just been released!

Latest Search Guard versions.

Due to changes in Elasticsearch and Kibana please make sure you read and follow the upgrade instructions carefully:

Upgrade instructions

If you are using Kibana, make sure to update the permissions for the Kibana server and Kibana user roles.

This release of Search Guard and the Kibana plugin is not yet compatible with the new Kibana Spaces feature. We are working on the compatibility and will release a compatible version of the Kibana plugin very soon.

As always, thanks for your support and input!

Jochen and the Search Guard team

Search Guard (®) is an Elasticsearch plugin that offers encryption, authentication, and authorization.

Coded with love in Berlin, Denmark, Sweden, and the US.

Search Guard is a trademark of floragunn GmbH, registered in the U.S. and in other countries.

Elasticsearch, Kibana, Logstash, and Beats are trademarks of Elasticsearch BV, registered in the U.S. and in other countries.

On Thursday, November 29, 2018 at 8:26:46 PM UTC+1, dchan@galileo.io wrote:

Hi Jochen,

I was attempting to run 6.5.x with netty-tcnative-openssl-1.0.2-dynamic-2.0.7.Final-fedora-linux-x86_64.jar. Upgrading tcnative to netty-tcnative-openssl-1.1.0j-dynamic-2.0.15.Final-fedora-linux-x86_64.jar fixed the problem.

Thanks!

Dan

On Thursday, November 29, 2018 at 5:48:05 AM UTC-5, Jochen Kressin wrote:

Good point, apparently the docs regarding OpenSSL are not up to date. Yes, you need to use a newer tcnative version with 6.5.x since ES has updated the netty library. Can you check what version of tcnative you are using? You need to upgrade to 2.0.15:

https://bintray.com/floragunncom/netty-tcnative/natives/2.0.15.Final#files

On Wednesday, November 28, 2018 at 10:01:58 PM UTC+1, dc...@galileo.io wrote:

Hi Jochen,

I am upgrading from 6.4.1-23.2-SNAPSHOT to 6.5.1-23.2.

I am seeing the following error when trying to boot Elasticsearch.

[2018-11-28T20:35:50,499][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [xEMpebJ] fatal error in thread [Thread-5], exiting

java.lang.NoSuchMethodError: io.netty.internal.tcnative.SSL.setKeyMaterialServerSide(JJJ)V

at io.netty.handler.ssl.OpenSslKeyMaterialManager.setKeyMaterialServerSide(OpenSslKeyMaterialManager.java:81) ~[?:?]

at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.handshake(ReferenceCountedOpenSslEngine.java:1598) ~[?:?]

at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:958) ~[?:?]

at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1169) ~[?:?]

at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1212) ~[?:?]

at io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:216) ~[?:?]

at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1297) ~[?:?]

at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1199) ~[?:?]

at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1243) ~[?:?]

at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502) ~[?:?]

at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441) ~[?:?]

at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278) ~[?:?]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) ~[?:?]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) ~[?:?]

at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) ~[?:?]

at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434) ~[?:?]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) ~[?:?]

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) ~[?:?]

at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965) ~[?:?]

at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) ~[?:?]

at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644) ~[?:?]

at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:544) ~[?:?]

at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:498) ~[?:?]

at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458) ~[?:?]

at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:897) ~[?:?]

at java.lang.Thread.run(Thread.java:834) [?:?]

Do you know what could be causing the error on boot?

I updated sg_roles.yml, according to https://docs.search-guard.com/latest/upgrading-560, for Kibana. But, the error looks related to SSL. Is there a setting that I need to update?

Thanks,

Dan

On Tuesday, November 27, 2018 at 4:06:52 AM UTC-5, Jochen Kressin wrote:

Hi all,

we’re happy to announce that Search Guard 6.5.1-23.2, compatible with Elasticsearch 6.5.1 and Kibana 6.5.1 has just been released!

Latest Search Guard versions.

Due to changes in Elasticsearch and Kibana please make sure you read and follow the upgrade instructions carefully:

Upgrade instructions

If you are using Kibana, make sure to update the permissions for the Kibana server and Kibana user roles.

This release of Search Guard and the Kibana plugin is not yet compatible with the new Kibana Spaces feature. We are working on the compatibility and will release a compatible version of the Kibana plugin very soon.

As always, thanks for your support and input!

Jochen and the Search Guard team

Search Guard (®) is an Elasticsearch plugin that offers encryption, authentication, and authorization.

Coded with love in Berlin, Denmark, Sweden, and the US.

Search Guard is a trademark of floragunn GmbH, registered in the U.S. and in other countries.

Elasticsearch, Kibana, Logstash, and Beats are trademarks of Elasticsearch BV, registered in the U.S. and in other countries.

Am 23.01.2019 um 14:18 schrieb Sergey Ivanov <delta45666@gmail.com>:

Hi Jochen,

We are updating Elasticsearch from 5.6.6 to 6.5 version and previously we used only searchguard-ssl 5.6.6-23 plugin because common searchguard plugin conflicts with our rest wrapper plugin (but it does not matter).
Now we have to upgrade searchguard-ssl to 6.5.1-25.5 but I can't find .zip with plugin. Could you please explain, is it possible to install only searchguard-ssl plugin after 6.5.x version?

On Tuesday, 27 November 2018 13:06:52 UTC+4, Jochen Kressin wrote:
Hi all,

we're happy to announce that Search Guard 6.5.1-23.2, compatible with Elasticsearch 6.5.1 and Kibana 6.5.1 has just been released!

Latest Search Guard versions.

Due to changes in Elasticsearch and Kibana please make sure you read and follow the upgrade instructions carefully:

Upgrade instructions

If you are using Kibana, make sure to update the permissions for the Kibana server and Kibana user roles.

This release of Search Guard and the Kibana plugin is not yet compatible with the new Kibana Spaces feature. We are working on the compatibility and will release a compatible version of the Kibana plugin very soon.

As always, thanks for your support and input!

Jochen and the Search Guard team

-----------------------------------------------------------------------------------------------------------------------------------
Search Guard (®) is an Elasticsearch plugin that offers encryption, authentication, and authorization.
Coded with love in Berlin, Denmark, Sweden, and the US.
Search Guard is a trademark of floragunn GmbH, registered in the U.S. and in other countries.
Elasticsearch, Kibana, Logstash, and Beats are trademarks of Elasticsearch BV, registered in the U.S. and in other countries.

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/a17619a2-e24b-40f7-a15f-34eb559cb4c3%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.