IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Beats breaking changes Elasticsearch Hadoop breaking changes »
Elastic Docs Installation and Upgrade Guide [7.12] Breaking changes

Elasticsearch breaking changes

edit

Elasticsearch breaking changes

edit

This list summarizes the most important breaking changes in Elasticsearch 7.12.1. For the complete list, go to Elasticsearch breaking changes.

Engine changes

edit
Force-merges on frozen and searchable snapshot indices will fail if merging is required.

Details
In earlier versions a force-merge on a frozen index or a searchable snapshot index would incorrectly yield a successful response without performing the requested merge. This bug is fixed in version 7.12: from this version onwards a force-merge on these immutable indices will fail if the requested merge is not a no-op.

Search changes

edit
The search APIs fields parameter returns fields inside nested fields grouped together.

Details
In earlier versions, fields retrieved via fields in the search API were returned as a flat list. From 7.12 on, fields inside an object that is mapped using the nested field type are grouped together to maintain the independence of each object inside the original nested array.

SSL/TLS changes

edit
TLSv1.1 and TLSv1.0 are disabled in the bundled JDK

Details
As of Elasticsearch 7.12.1, when using the bundled JDK, TLSv1.1 and TLSv1.0 are disabled by default. This may affect SSL connections to the Rest API for some older clients. It also has the potential to affect outgoing connections such as Watcher webhooks, LDAP authentication or access to snapshot repositories.

Most Elasticsearch deployments will not be affected by this change, as these older TLS versions have known vulnerabilities and are no longer heavily used.

For instructions on how to enable these older TLS versions in your Elasticsearch cluster, see Enabling additional SSL/TLS versions on your JDK.

Security changes

edit
The xpack.security.transport.ssl.enabled setting will be required to configure xpack.security.transport.ssl settings.

Details
Configuring any SSL settings for xpack.security.transport.ssl without also configuring xpack.security.transport.ssl.enabled generates warnings in the deprecation log. In 8.0, this configuration will result in errors.

Impact
To avoid deprecation warnings, either:

  • Explicitly set xpack.security.transport.ssl.enabled as false
  • Discontinue use of other xpack.security.transport.ssl settings

If you want to enable SSL, follow the instructions to encrypt internode communications with TLS. As part of this configuration, explicitly set xpack.security.transport.ssl.enabled as true.

For example:

xpack.security.transport.ssl.enabled: true 
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

or false.
The xpack.security.http.ssl.enabled setting will be required to configure xpack.security.http.ssl settings.

Details
Configuring any SSL settings for xpack.security.http.ssl without also configuring xpack.security.http.ssl.enabled generates warnings in the deprecation log. In 8.0, this configuration will result in errors.

Impact
To avoid deprecation warnings, either:

  • Explicitly set xpack.security.http.ssl.enabled as false
  • Discontinue use of other xpack.security.http.ssl settings

If you want to enable SSL, follow the instructions to encrypt HTTP client communications for Elasticsearch. As part of this configuration, explicitly set xpack.security.http.ssl.enabled as true.

For example:

xpack.security.http.ssl.enabled: true 
xpack.security.http.ssl.certificate: elasticsearch.crt
xpack.security.http.ssl.key: elasticsearch.key
xpack.security.http.ssl.certificate_authorities: [ "corporate-ca.crt" ]

or false.
A xpack.security.transport.ssl certificate and key will be required to enable SSL for the transport interface.

Details
Enabling SSL for the transport interface without also configuring a certificate and key through use of the xpack.security.transport.ssl.keystore.path setting or the xpack.security.transport.ssl.certificate and xpack.security.transport.ssl.key settings generates warnings in the deprecation log. In 8.0, this configuration will result in errors.

Impact
If xpack.security.transport.ssl.enabled is set to true, provide a certificate and key using the xpack.security.transport.ssl.keystore.path setting or the xpack.security.transport.ssl.certificate and xpack.security.transport.ssl.key settings. If a certificate and key is not provided, Elasticsearch will generate warnings in the deprecation log.

A xpack.security.http.ssl certificate and key will be required to enable SSL for the HTTP layer.

Details
Enabling SSL for the HTTP layer without also configuring a certificate and key through use of the xpack.security.http.ssl.keystore.path setting or the xpack.security.http.ssl.certificate and xpack.security.http.ssl.key settings generates warnings in the deprecation log. In 8.0, this configuration will result in errors.

Impact
If xpack.security.http.ssl.enabled is set to true, provide a certificate and key using the xpack.security.http.ssl.keystore.path setting or the xpack.security.http.ssl.certificate and xpack.security.http.ssl.key settings. If a certificate and key is not provided, Elasticsearch will generate warnings in the deprecation log.

Settings deprecations

edit
Setting xpack.searchable.snapshot.shared_cache.size on non-frozen nodes is deprecated.

Details
Setting xpack.searchable.snapshot.shared_cache.size to a positive value on a node without the data_frozen role is now deprecated.

The xpack.searchable.snapshot.shared_cache.size node setting reserves space for a shared cache used by partially mounted searchable snapshot indices. Elasticsearch only allocates partially mounted indices to nodes with the data_frozen role.

Impact
To avoid deprecation warnings, discontinue use of the setting on non-frozen nodes.

« Beats breaking changes Elasticsearch Hadoop breaking changes »