IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Elasticsearch breaking changes
editElasticsearch breaking changes
editThis list summarizes the most important breaking changes in Elasticsearch 7.6.2. For the complete list, go to Elasticsearch breaking changes.
Security changes
editElasticsearch API key privileges
editIf you use an API key to create another API key (sometimes called a derived key), its behavior is impacted by the fix for CVE-2020-7009.
When you make a request to create API keys, you can specify an expiration and privileges for the API key. Previously, when you created a derived key, it had no privileges. This behavior disregarded any privileges that you specified in the create API key API.
As of 7.6.2, this behavior changes. To create a derived key, you must explicitly specify a role descriptor with no privileges:
... "role_descriptors": { "no-privilege": { } } ...