*Details:* `csp.strict` is now enabled by default, so Kibana will fail to load for older, legacy browsers that do not enforce basic Content Security Policy protections - notably Internet Explorer 11.
*Impact:* To allow Kibana to function for these legacy browsers, set `csp.strict: false`. Since this is about enforcing a security protocol, we *strongly discourage* disabling `csp.strict` unless it is critical that you support Internet Explorer 11.
*Details:* Previously Kibana was choosing the appropriate Elasticsearch SAML realm automatically using the `Assertion Consumer Service`
URL that it derived from the actual server address and `xpack.security.public` setting. Starting in 8.0.0, the deprecated `xpack.security.public` setting in the `kibana.yml` file has been removed and the Elasticsearch SAML realm name that Kibana will use should be specified explicitly.
*Impact:* Rely on `/api/security/saml/callback` endpoint when using SAML instead. This change should be reflected in Elasticsearch and Identity Provider SAML settings.
[float]
==== `/api/security/v1/oidc` endpoint is no longer supported
*Details:* The deprecated `/api/security/v1/oidc` endpoint is no longer supported.
*Impact:* Rely on `/api/security/oidc/callback` endpoint when using OpenID Connect instead. This change should be reflected in Elasticsearch and OpenID Connect Provider settings.
[float]
==== `/api/security/v1/oidc` endpoint is no longer supported for Third Party initiated login
*Details:* The deprecated `/api/security/v1/oidc` endpoint is no longer supported for Third Party initiated login.
*Impact:* Rely on `/api/security/oidc/initiate_login` endpoint when using Third Party initiated OpenID Connect login instead. This change should be reflected in Elasticsearch and OpenID Connect Provider settings.
[float]
==== `/api/security/v1/oidc/implicit` endpoint is no longer supported
*Details:* The deprecated `/api/security/v1/oidc/implicit` endpoint is no longer supported.
*Impact:* Rely on `/api/security/oidc/implicit` endpoint when using OpenID Connect Implicit Flow instead. This change should be reflected in OpenID Connect Provider settings.
=== Configurations starting with `xpack.telemetry` are no longer valid
*Details:*
The `xpack.` prefix has been removed for all telemetry configurations.
*Impact:*
For any configurations beginning with `xpack.telemetry`, remove the `xpack` prefix. Use {kibana-ref}/telemetry-settings-kbn.html#telemetry-general-settings[`telemetry.enabled`] instead.