A solid, open source Elasticsearch security solution.


🛑 important:  in version 6.3.x  (or greater) you need to disable X-Pack's Security Module from both elasticsearch.yml and kibana.yml.


What's new in
  • 🧐Enhancement Support for ES/Kibana 6.4.3
  • 🧐Enhancement Better JWT support for different algorithms (HMAC,RSA,EC)
  • 🚧WIP: Laid out the foundation for LDAP HA support

What's new in 1.16.28
  • 🧐Enhancement Support for ES/Kibana 6.4.2
  • 🐞Fix (Enterprise) Multi tenancy: sometimes changing tenancy would not change kibana index
  • 🐞Security Fix (Enterprise/PRO) Avoid echoing Base64 encoded credentials in login form error message
  • 🧐Enhancement (Enterprise/PRO) Remove latest search/visualization/dashboard history on logout
  • 🧐Enhancement (Enterprise/PRO) Clear transient authentication cookies on login error to avoid authentication deadlocks
  • 🐞Fix: External JWT verification may throw ArrayOutOfBoundException
  • 🚧WIP: Laid out the foundation for internode SSL transport (port 9300)

What's new in 1.16.27
  • 🚀New Feature [JWT] external validator: it's now possible to avoid storing the private key in settings
  • 🧐Enhancement Support for ES/Kibana 6.4.1
  • 🧐Enhancement Rewritten big part of ES plugin documentation
  • 🧐Enhancement SAML Single log out flow
  • 🐞Fix (Enterprise/PRO) cookiePass works again, but only for Kibana 5.x. Newer Kibana needs sticky sessions in LB.
  • 🧐Enhancement (Enterprise/PRO) much faster logout

What's new in 1.16.26
  • 🐞 Fix (PRO/Enterprise) bugs during plugin packaging and installation process

What's new in 1.16.25
  • 🚀New Feature Users rule: easily restrict external authentication to a list of users
  • 🧐Enhancement Support for ES 5.6.11
  • 🐞Hot Fix (Enterprise/PRO) Error 404 when logging in with older versions of Kibana

What's new in 1.16.24
  • 🚀New Feature (Enterprise) SAML Authentication
  • 🚀New Feature Support for Elasticsearch and Kibana 6.4.0
  • 🚀New Feature Headers rule now split in headers_or and headers_and
  • 🧐Enhancement Headers rule now allows wildcards
  • 🚀New Feature (Enterprise) Multi-tenancy now works also with JSON groups provider
  • 🐞 Fix Multi-tenancy (Enterprise) incoherent initial kibana_index and current group

What's new in 1.16.23
  • 🧐Enhancement Support for Elastic Stack 6.3.1 and 5.6.10
  • 🚀New Feature (Enterprise) Custom CSS injection for Kibana
  • 🚀New Feature (Enterprise) Custom Javascript injection for Kibana
  • 🚀New Feature (PRO/Enterprise) access paths without need to login (i.e. /api/status)
  • 🐞Fix (PRO/Enterprise) Navigating to X-Pack APM caused hidden Kibana apps to reappear

What's new in 1.16.22
  • 🚀New Feature:  map LDAP groups to local groups (a.k.a. role mapping)
  • 🐞 Fix (Elasticsearch) wildcard aliases resolution not working in "indices" rule.
  • 🧐Enhancement: it is now possible now to use JDK 9 and 10
  • 🐞 Fix (PRO/Enterprise) wait forever for login request (i.e.  slow LDAP servers)
  • 🐞 Fix (PRO/Enterprise) add spinner and block UI if login request is being sent
  • 🐞 Fix (PRO/Enterprise) if user is logged out because of LDAP cache expiring + slow authentication, redirect to login.
  • 🐞 Fix (PRO/Enterprise) let RO users delete/edit search filters

What's new in 1.16.21
  • 🚀New Feature: Introducing support for Elasticsearch and Kibana v6.3.0
  • 🐞 Fix (Enterprise) multi tenancy - switching tenancy does not always switch kibana index


What's new in 1.16.20

ReadonlyREST PRO/Enterprise for Kibana

  • 🧐 Enhancement: when login, forward "elasticsearch.requestHeadersWhitelist" headers. (useful for "headers" rule  and "proxy_auth" to work well.)

ReadonlyREST for Elasticsearch

  • 🚀New Feature: DLS (with dynamic variables suppoort) Thanks DataSweet!
  • 🚀 New feature: Field level security
  • 🚀 New rules: Snapshot, Repositories, Headers
  • 🧐 Enhancement: custom audit serializers: the request content is available
  • 🐞 Fix readonlyrest.yml path discovery
  • 🐞 Fix: LDAP available groups discovery (tenancy switcher) corner cases
  • 🐞 Fix: auth_key_sha1, auth_key_sha256 hashes in settings should be case insensitive
  • 🐞 Fix: LDAP authentication didn't work with local group

Get it NOW


Questions, comments, & concerns?[email protected]

Create A product first!

Create a product first please!