Breaking changes in 7.6
editBreaking changes in 7.6
editThis section discusses the changes that you need to be aware of when migrating your application to Elasticsearch 7.6.
See also Release highlights and Release notes.
Security changes
editElasticsearch API key privileges
editIf you use an API key to create another API key (sometimes called a derived key), its behavior is impacted by the fix for CVE-2020-7009.
When you make a request to create API keys, you can specify an expiration and privileges for the API key. Previously, when you created a derived key, it had no privileges. This behavior disregarded any privileges that you specified in the create API key API.
As of 7.6.2, this behavior changes. To create a derived key, you must explicitly specify a role descriptor with no privileges:
...
"role_descriptors": {
"no-privilege": {
}
}
...
Security deprecations
editThe xpack.security.transport.ssl.enabled setting will be required to configure xpack.security.transport.ssl settings.
Details
Configuring any SSL settings for
xpack.security.transport.ssl without also configuring
xpack.security.transport.ssl.enabled generates warnings in the deprecation
log. In 8.0, this configuration will result in errors.
Impact
To avoid deprecation warnings, either:
-
Explicitly set
xpack.security.transport.ssl.enabledasfalse -
Discontinue use of other
xpack.security.transport.sslsettings
If you want to enable SSL, follow the instructions to
encrypt communications between nodes. As part of this configuration, explicitly set
xpack.security.transport.ssl.enabled as true.
For example:
The xpack.security.http.ssl.enabled setting will be required to configure xpack.security.http.ssl settings.
Details
Configuring any SSL settings for xpack.security.http.ssl without also
configuring xpack.security.http.ssl.enabled generates warnings in the
deprecation log. In 8.0, this configuration will result in errors.
Impact
To avoid deprecation warnings, either:
-
Explicitly set
xpack.security.http.ssl.enabledasfalse -
Discontinue use of other
xpack.security.http.sslsettings
If you want to enable SSL, follow the instructions to
encrypt HTTP client communications for Elasticsearch. As part
of this configuration, explicitly set xpack.security.http.ssl.enabled
as true.
For example:
A xpack.security.transport.ssl certificate and key will be required to enable SSL for the transport interface.
Details
Enabling SSL for the transport interface without also configuring a certificate
and key through use of the xpack.security.transport.ssl.keystore.path
setting or the xpack.security.transport.ssl.certificate and
xpack.security.transport.ssl.key settings generates warnings in the
deprecation log. In 8.0, this configuration will result in errors.
Impact
If xpack.security.transport.ssl.enabled is set to true, provide a
certificate and key using the xpack.security.transport.ssl.keystore.path
setting or the xpack.security.transport.ssl.certificate and
xpack.security.transport.ssl.key settings. If a certificate and key is not
provided, Elasticsearch will generate warnings in the deprecation log.
A xpack.security.http.ssl certificate and key will be required to enable SSL for the HTTP layer.
Details
Enabling SSL for the HTTP layer without also configuring a certificate and key
through use of the xpack.security.http.ssl.keystore.path setting or
the xpack.security.http.ssl.certificate and xpack.security.http.ssl.key
settings generates warnings in the deprecation log. In 8.0, this configuration
will result in errors.
Impact
If xpack.security.http.ssl.enabled is set to true, provide a
certificate and key using the xpack.security.http.ssl.keystore.path
setting or the xpack.security.http.ssl.certificate and
xpack.security.http.ssl.key settings. If a certificate and key is not
provided, Elasticsearch will generate warnings in the deprecation log.
Search changes
editAggregating and sorting on _id is deprecated
editIt’s possible to aggregate and sort on the built-in _id field by loading an
expensive data structure called fielddata. This was deprecated in 7.6 and will
be disallowed by default in 8.0. As an alternative, the _id field’s contents
can be duplicated into another field with docvalues enabled (note that this
does not apply to auto-generated IDs).
Deprecation of sparse vector fields
editThe sparse_vector field type has been deprecated and will be removed in 8.0.
We have not seen much interest in this experimental field type, and don’t see
a clear use case as it’s currently designed. If you have feedback or
suggestions around sparse vector functionality, please let us know through
GitHub or the discuss forums.
Update to vector function signatures
editThe vector functions of the form function(query, doc['field']) are
deprecated, and the form function(query, 'field') should be used instead.
For example, cosineSimilarity(query, doc['field']) is replaced by
cosineSimilarity(query, 'field').
Disallow use of the nGram and edgeNGram tokenizer names
editThe nGram and edgeNGram tokenizer names haven been deprecated with 7.6.
Mappings for indices created after 7.6 will continue to work but emit a
deprecation warning. The tokenizer name should be changed to the fully
equivalent ngram or edge_ngram names for new indices and in index
templates.