Breaking update v2.16.0

[spanozzo]

Updating to version 2.16.0 breaks our deployment.

We currently run Elasticsearch and Kibana version 8.17.0, and seems like the new Kibana default security context is not compatible with xpack.security.audit.enabled: true.

This is what we see from Kibana logs:

[2024-12-27T13:38:55.453+00:00][WARN ][environment] Detected an uncaughtException: Error: EROFS: read-only file system, open '/usr/share/kibana/logs/audit.log' [Error: EROFS: read-only file system, open '/usr/share/kibana/logs/audit.log'] { errno: -30, code: 'EROFS', syscall: 'open', path: '/usr/share/kibana/logs/audit.log' }

After setting the xpack.security.audit.enabled: false the problem is gone and the update is possible, but that's definitely not what we want.

I haven't tested, but maybe set xpack.security.audit.appender.type: console would solve the problem, even if I don't know what could be the consequences.

Do you have any other idea on how to manage it?