Elasticsearch version 7.17.22

edit

Elasticsearch version 7.17.22

edit

Also see Breaking changes in 7.17.

Breaking changes

edit

Stricter Document Level Security (DLS)

edit
Document Level Security (DLS) applies stricter checks for the validate query API and for terms aggregations when min_doc_count is set to 0.

Details
When Document Level Security (DLS) is applied to terms aggregations and min_doc_count is set to 0, stricter security rules apply. When Document Level Security (DLS) is applied to the validate query API with the rewrite parameter, stricter security rules apply.

Impact
If needed, test workflows with DLS enabled to ensure that the stricter security rules do not impact your application.

Remediation
Set min_doc_count to a value greater than 0 in terms aggregations or use an account not constrained by DLS for the validate query API calls.

Set xpack.security.dls.force_terms_aggs_to_exclude_deleted_docs.enabled to false in the Elasticsearch configuration to revert to the previous behavior.

Set xpack.security.dls.error_when_validate_query_with_rewrite.enabled to false in the Elasticsearch configuration to revert to the previous behavior.

Bug fixes

edit
Infra/CLI
  • Workaround G1 bug for JDK 22 and 22.0.1 #108571
Infra/Plugins
  • Guard bootstrap plugins loading from detecting plugins cache #109116 (issue: #97702)
Mapping
  • Disable index.mapper.dynamic index setting validation #109160
Security
  • Block specific config files from being read after startup #107481

Enhancements

edit
Infra/Settings
  • Add remove index setting command #109276

Upgrades

edit
Packaging
  • Update bundled JDK to Java 22 (again) #108654
Snapshot/Restore
  • Align all usages of protobuf to be 3.21.9 #92123