From a7685a6861c0d9688d685c98826dea00f1d85a57 Mon Sep 17 00:00:00 2001
From: Joe Reuter <johannes.reuter@elastic.co>
Date: Mon, 27 Jan 2020 14:18:48 +0100
Subject: [PATCH 1/4] Fix double fetch errors (#54701) (#55982)

---
 .../kibana/public/discover/controllers/discover.js         | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/legacy/core_plugins/kibana/public/discover/controllers/discover.js b/src/legacy/core_plugins/kibana/public/discover/controllers/discover.js
index f189858eb877c..b7490edf554a0 100644
--- a/src/legacy/core_plugins/kibana/public/discover/controllers/discover.js
+++ b/src/legacy/core_plugins/kibana/public/discover/controllers/discover.js
@@ -837,9 +837,14 @@ function discoverController(
   };
 
   $scope.updateQueryAndFetch = function({ query, dateRange }) {
+    const oldDateRange = timefilter.getTime();
     timefilter.setTime(dateRange);
     $state.query = query;
-    $scope.fetch();
+    // storing the updated timerange in the state will trigger a fetch
+    // call automatically, so only trigger fetch in case this is a refresh call (no changes in parameters).
+    if (_.isEqual(oldDateRange, dateRange)) {
+      $scope.fetch();
+    }
   };
 
   function onResults(resp) {

From 84311624bcc21cccd7eea060cfc28d8f41a04980 Mon Sep 17 00:00:00 2001
From: Joe Reuter <johannes.reuter@elastic.co>
Date: Mon, 27 Jan 2020 14:19:01 +0100
Subject: [PATCH 2/4] Improve kql error message handling and avoid fetcihng
 twice (#54239) (#55981)

---
 .../kibana/public/discover/controllers/discover.js            | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/legacy/core_plugins/kibana/public/discover/controllers/discover.js b/src/legacy/core_plugins/kibana/public/discover/controllers/discover.js
index b7490edf554a0..b64b5ff6ad415 100644
--- a/src/legacy/core_plugins/kibana/public/discover/controllers/discover.js
+++ b/src/legacy/core_plugins/kibana/public/discover/controllers/discover.js
@@ -688,7 +688,9 @@ function discoverController(
       $scope.$watch('state.query', (newQuery, oldQuery) => {
         if (!_.isEqual(newQuery, oldQuery)) {
           const query = migrateLegacyQuery(newQuery);
-          $scope.updateQueryAndFetch({ query });
+          if (!_.isEqual(query, newQuery)) {
+            $scope.updateQueryAndFetch({ query });
+          }
         }
       });
 

From 3eb4f968ae449b97574362fbbf8b0ae972d8282e Mon Sep 17 00:00:00 2001
From: Brandon Morelli <brandon.morelli@elastic.co>
Date: Tue, 28 Jan 2020 13:18:55 -0800
Subject: [PATCH 3/4] [docs] Remove unused callout (#56032) (#56100)

---
 docs/api/saved-objects/import.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/api/saved-objects/import.asciidoc b/docs/api/saved-objects/import.asciidoc
index 0331f23284352..63e733863cc85 100644
--- a/docs/api/saved-objects/import.asciidoc
+++ b/docs/api/saved-objects/import.asciidoc
@@ -49,7 +49,7 @@ Import an index pattern and dashboard:
 
 [source,js]
 --------------------------------------------------
-$ curl -X POST "localhost:5601/api/saved_objects/_import" -H "kbn-xsrf: true" --form file=@file.ndjson <1>
+$ curl -X POST "localhost:5601/api/saved_objects/_import" -H "kbn-xsrf: true" --form file=@file.ndjson
 --------------------------------------------------
 
 The `file.ndjson` file contains the following:

From 00af791f7eb848439c5f26e181b894db20a78e5d Mon Sep 17 00:00:00 2001
From: Kaarina Tungseth <kaarina.tungseth@elastic.co>
Date: Wed, 29 Jan 2020 15:17:25 -0600
Subject: [PATCH 4/4] Added LDAP to Kibana autthentication provider page
 (#56045) (#56343)

---
 .../security/authentication/index.asciidoc    | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/docs/user/security/authentication/index.asciidoc b/docs/user/security/authentication/index.asciidoc
index 5ce6576a296d1..5671833c6eec3 100644
--- a/docs/user/security/authentication/index.asciidoc
+++ b/docs/user/security/authentication/index.asciidoc
@@ -1,6 +1,6 @@
 [role="xpack"]
 [[kibana-authentication]]
-=== Authentication in Kibana
+=== Authentication in {kib}
 ++++
 <titleabbrev>Authentication</titleabbrev>
 ++++
@@ -16,9 +16,9 @@
 [[basic-authentication]]
 ==== Basic authentication
 
-Basic authentication requires a username and password to successfully log in to {kib}. It is enabled by default and based on the Native security realm provided by {es}. The basic authentication provider uses a Kibana provided login form, and supports authentication using the `Authorization` request header's `Basic` scheme.
+To successfully log in to {kib}, basic authentication requires a username and password. Basic authentication is enabled by default, and is based on the Native security realm or LDAP security realm that is provided by {es}. The basic authentication provider uses a {kib} provided login form, and supports authentication using the `Authorization` request header `Basic` scheme.
 
-The session cookies that are issued by the basic authentication provider are stateless. Therefore, logging out of Kibana when using the basic authentication provider clears the session cookies from the browser but does not invalidate the session cookie for reuse.
+The session cookies that are issued by the basic authentication provider are stateless. Therefore, logging out of {kib} when using the basic authentication provider clears the session cookies from the browser, but does not invalidate the session cookie for reuse.
 
 For more information about basic authentication and built-in users, see
 {ref}/setting-up-authentication.html[User authentication].
@@ -26,13 +26,13 @@ For more information about basic authentication and built-in users, see
 [[token-authentication]]
 ==== Token authentication
 
-Token authentication allows users to login using the same Kibana provided login form as basic authentication. The token authentication provider is built on {es}'s token APIs. The bearer tokens returned by {es}'s {ref}/security-api-get-token.html[get token API] can be used directly with Kibana using the `Authorization` request header with the `Bearer` scheme.
+Token authentication allows users to login using the same {kib} provided login form as basic authentication, and is based on the Native security realm or LDAP security realm that is provided by {es}. The token authentication provider is built on {es} token APIs. The bearer tokens returned by {es}'s {ref}/security-api-get-token.html[get token API] can be used directly with {kib} using the `Authorization` request header with the `Bearer` scheme.
 
-The session cookies that are issued by the token authentication provider are stateful, and logging out of Kibana invalidates the session cookies for reuse.
+The session cookies that are issued by the token authentication provider are stateful, and logging out of {kib} invalidates the session cookies for reuse.
 
-Prior to configuring Kibana, ensure token support is enabled in Elasticsearch. See the {ref}/security-api-get-token.html[Elasticsearch token API] documentation for more information.
+Prior to configuring {kib}, ensure token support is enabled in {es}. See the {ref}/security-api-get-token.html[{es} token API] documentation for more information.
 
-To enable the token authentication provider in Kibana, set the following value in your `kibana.yml`:
+To enable the token authentication provider in {kib}, set the following value in your `kibana.yml`:
 
 [source,yaml]
 --------------------------------------------------------------------------------
@@ -125,7 +125,7 @@ Basic authentication is supported _only_ if `basic` authentication provider is e
 
 At the beginning of the SAML handshake, {kib} stores the initial URL in the session cookie, so it can redirect the user back to that URL after successful SAML authentication.
 If the URL is long, the session cookie might exceed the maximum size supported by the browser--typically 4KB for all cookies per domain. When this happens, the session cookie is truncated,
-or dropped completely, and you might experience sporadic failures during SAML authentication. 
+or dropped completely, and you might experience sporadic failures during SAML authentication.
 
 To remedy this issue, you can decrease the maximum
 size of the URL that {kib} is allowed to store during the SAML handshake. The default value is 2KB.
@@ -182,15 +182,15 @@ Users will be able to access the login page and use Basic authentication by navi
 [float]
 ==== Single sign-on provider details
 
-The following sections apply both to <<saml>> and <<oidc>> 
+The following sections apply both to <<saml>> and <<oidc>>
 
 [float]
 ===== Access and refresh tokens
 
 Once the user logs in to {kib} Single Sign-On, either using SAML or OpenID Connect, {es} issues access and refresh tokens
 that {kib} encrypts and stores them in its own session cookie. This way, the user isn't redirected to the Identity Provider
-for every request that requires authentication. It also means that the {kib} session depends on the `xpack.security.sessionTimeout` 
-setting and the user is automatically logged out if the session expires. An access token that is stored in the session cookie 
+for every request that requires authentication. It also means that the {kib} session depends on the `xpack.security.sessionTimeout`
+setting and the user is automatically logged out if the session expires. An access token that is stored in the session cookie
 can expire, in  which case {kib} will automatically renew it with a one-time-use refresh token and store it in the same cookie.
 
 {kib} can only determine if an access token has expired if it receives a request that requires authentication. If both access