Elasticsearch breaking changes
editElasticsearch breaking changes
editThis list summarizes the most important breaking changes in Elasticsearch 7.12.1. For the complete list, go to Elasticsearch breaking changes.
Engine changes
editForce-merges on frozen and searchable snapshot indices will fail if merging is required.
Details
In earlier versions a force-merge on a frozen index or a searchable snapshot
index would incorrectly yield a successful response without performing the
requested merge. This bug is fixed in version 7.12: from this version onwards a
force-merge on these immutable indices will fail if the requested merge is not
a no-op.
Search changes
editThe search APIs fields
parameter returns fields inside nested
fields grouped together.
Details
In earlier versions, fields retrieved via fields
in the search API were
returned as a flat list. From 7.12 on, fields inside an object that is mapped
using the nested
field type are grouped together to maintain the independence of
each object inside the original nested array.
SSL/TLS changes
editTLSv1.1 and TLSv1.0 are disabled in the bundled JDK
Details
As of Elasticsearch 7.12.1, when using the bundled JDK,
TLSv1.1 and TLSv1.0 are disabled by default.
This may affect SSL connections to the Rest API for some older clients.
It also has the potential to affect outgoing connections such as Watcher webhooks,
LDAP authentication or access to snapshot repositories.
Most Elasticsearch deployments will not be affected by this change, as these older TLS versions have known vulnerabilities and are no longer heavily used.
For instructions on how to enable these older TLS versions in your Elasticsearch cluster, see Enabling additional SSL/TLS versions on your JDK.
Security changes
editThe xpack.security.transport.ssl.enabled
setting will be required to configure xpack.security.transport.ssl
settings.
Details
Configuring any SSL settings for
xpack.security.transport.ssl
without also configuring
xpack.security.transport.ssl.enabled
generates warnings in the deprecation
log. In 8.0, this configuration will result in errors.
Impact
To avoid deprecation warnings, either:
-
Explicitly set
xpack.security.transport.ssl.enabled
asfalse
-
Discontinue use of other
xpack.security.transport.ssl
settings
If you want to enable SSL, follow the instructions to
encrypt internode communications with TLS. As part of this configuration, explicitly set
xpack.security.transport.ssl.enabled
as true
.
For example:
The xpack.security.http.ssl.enabled
setting will be required to configure xpack.security.http.ssl
settings.
Details
Configuring any SSL settings for xpack.security.http.ssl
without also
configuring xpack.security.http.ssl.enabled
generates warnings in the
deprecation log. In 8.0, this configuration will result in errors.
Impact
To avoid deprecation warnings, either:
-
Explicitly set
xpack.security.http.ssl.enabled
asfalse
-
Discontinue use of other
xpack.security.http.ssl
settings
If you want to enable SSL, follow the instructions to
encrypt HTTP client communications for Elasticsearch. As part
of this configuration, explicitly set xpack.security.http.ssl.enabled
as true
.
For example:
A xpack.security.transport.ssl
certificate and key will be required to enable SSL for the transport interface.
Details
Enabling SSL for the transport interface without also configuring a certificate
and key through use of the xpack.security.transport.ssl.keystore.path
setting or the xpack.security.transport.ssl.certificate
and
xpack.security.transport.ssl.key
settings generates warnings in the
deprecation log. In 8.0, this configuration will result in errors.
Impact
If xpack.security.transport.ssl.enabled
is set to true
, provide a
certificate and key using the xpack.security.transport.ssl.keystore.path
setting or the xpack.security.transport.ssl.certificate
and
xpack.security.transport.ssl.key
settings. If a certificate and key is not
provided, Elasticsearch will generate warnings in the deprecation log.
A xpack.security.http.ssl
certificate and key will be required to enable SSL for the HTTP layer.
Details
Enabling SSL for the HTTP layer without also configuring a certificate and key
through use of the xpack.security.http.ssl.keystore.path
setting or
the xpack.security.http.ssl.certificate
and xpack.security.http.ssl.key
settings generates warnings in the deprecation log. In 8.0, this configuration
will result in errors.
Impact
If xpack.security.http.ssl.enabled
is set to true
, provide a
certificate and key using the xpack.security.http.ssl.keystore.path
setting or the xpack.security.http.ssl.certificate
and
xpack.security.http.ssl.key
settings. If a certificate and key is not
provided, Elasticsearch will generate warnings in the deprecation log.