Add security update to 7.17.14 release notes (#168461)

elastic · Oct 10, 2023 · 7916502 · 7916502
1 parent 27f8c75
commit 7916502
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/docs/CHANGELOG.asciidoc b/docs/CHANGELOG.asciidoc
@@ -89,13 +89,19 @@ Review important information about the {kib} 7.17.x releases.
 
 Review the following information about the {kib} 7.17.14 release.
 
-coming::[7.17.14]
-
 [float]
 [[security-update-7.17.14]]
 === Security update
 
-This version of {kib} contains security fixes. 
+* **Kibana heap buffer overflow vulnerability**
++
+On Sept 11, 2023, Google Chrome announced CVE-2023-4863, described as “Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page”. Kibana includes a bundled version of headless Chromium that is only used for Kibana’s reporting capabilities and which is affected by this vulnerability. An exploit for Kibana has not been identified, however as a resolution, the bundled version of Chromium is updated in this release.
++
+The issue is resolved in 7.17.14.
++
+For more information, see our related
+https://discuss.elastic.co/t/kibana-8-10-3-7-17-14-security-update/344735[security
+announcement].
 
 [[release-notes-7.17.13]]
 == {kib} 7.17.13