- Installation and Upgrade Guide: other versions:
- Overview
- Installing the Elastic Stack
- Upgrading the Elastic Stack
- Highlights
- Breaking changes
IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Elasticsearch breaking changes
edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.
Elasticsearch breaking changes
editThis list summarizes the most important breaking changes in Elasticsearch 7.6.2. For the complete list, go to Elasticsearch breaking changes.
Security changes
editElasticsearch API key privileges
editIf you use an API key to create another API key (sometimes called a derived key), its behavior is impacted by the fix for CVE-2020-7009.
When you make a request to create API keys, you can specify an expiration and privileges for the API key. Previously, when you created a derived key, it had no privileges. This behavior disregarded any privileges that you specified in the create API key API.
As of 7.6.2, this behavior changes. To create a derived key, you must explicitly specify a role descriptor with no privileges:
... "role_descriptors": { "no-privilege": { } } ...
On this page
Was this helpful?
Thank you for your feedback.