We are releasing today a cumulative bug fix release for all supported previous versions of Search Guard.
The release fixes a number of security issues related to advanced regular expressions in role definitions, OIDC, auth tokens, user and IP address blocking.
Please check the release notes for details on the issues.
The bug fix release also fixes a number of non-security-related bugs related to Signals, performance, support of certain Elasticsearch actions, etc. See also the the release notes for more details on this.
Generally, we only recommend to install the bug fix release if you are affected by one of the listed issues.
As always, we appreciate your feedback, questions, and feature requests here on the forum.
Many greetings from the Search Guard team
Search Guard (®) is an Elasticsearch plugin that offers encryption, authentication, and authorization.
Coded with love in Berlin, Denmark, Sweden, Italy, Ukraine and the US.
Search Guard is a trademark of floragunn GmbH, registered in the U.S. and in other countries.
Elasticsearch, Kibana, Logstash, and Beats are trademarks of Elasticsearch BV, registered in the U.S. and in other countries.