Fleet and Elastic Agent 8.5.0

edit

Review important information about the Fleet and Elastic Agent 8.5.0 release.

Breaking changes

edit

Breaking changes can prevent your application from optimal operation and performance. Before you upgrade, review the breaking changes, then mitigate the impact to your application.

Fleet Server and Elastic Agent now reject certificates signed with SHA-1

Details
With the upgrade to Go 1.18, Fleet Server now rejects certificates signed with SHA-1. For more information, refer to the Go 1.18 release notes.

Impact
Do not sign certificates with SHA-1. If you are using old certificates signed with SHA-1, update them now.

Known issues

edit
Installation of Elastic Agent on MacOS Ventura may fail if Full Disk Access has not been granted to the installer

Details
This issue occurs on MacOS Ventura when Full Disk Access is not granted to the application that runs the installation command. This could be either a Terminal or any custom package that a user has built to distribute Elastic Agent.

Impact
Elastic Agent will fail to install and produce "Error: failed to fix permissions: chown elastic-agent.app: operation not permitted" message. Ensure that the application used to install Elastic Agent (for example, the Terminal or custom package) has Full Disk Access before running sudo ./elastic-agent install.

New features

edit

The 8.5.0 release adds the following new and notable features.

Fleet
  • Add agent activity flyout #140510
  • Add a new event toggle to capture terminal output in endpoint #139421
  • Make batch actions asynchronous #138870
  • Add ability to tag integration assets #137184
  • Add support for input-only packages #140035
Fleet Server
  • Log redacted config when config updates #1626 #1671
Elastic Agent
  • Add lumberjack input type to the Filebeat spec #959
  • Add support for hints-based autodiscovery in Kubernetes provider #698
  • Improve logging during upgrades #1287

Enhancements

edit
Fleet
  • Add toggle for experimental synthetic _source support in Fleet data streams #140132
  • Enhance the package policy API to create or update a package policy API with a simplified way to define inputs #139420
  • Support new subscription and license fields #137799
Elastic Agent
  • Improve logging of Fleet check-in errors and only report the local state as degraded after two consecutive failed check-ins #1154 #1477

Bug fixes

edit
Fleet
  • Refresh search results when clearing category filter #142853
  • Respect default_field: false when generating index settings #142277
  • Fix repeated debug logs when bundled package directory does not exist #141660
Fleet Server
  • Fix a race condition between the unenroller goroutine and the main goroutine for the coordinator monitor #1738
  • Remove events from agent check-in body #1774
  • Improve authc debug logging #1870
  • Add error detail to catch-all HTTP error response #1854
  • Fix issue where errors were ignored when written to Elasticsearch #1896
  • Update apikey.cache_hit log field name to match convention #1900
  • Custom server limits are no longer ignored when default limits are loaded #1841 #1912
  • Use separate rate limiters for internal and external API listeners to prevent Fleet Server from shutting down under load #1859 #1904
  • Fix fleet.migration.total log key overlap #1951
Elastic Agent
  • Fix a panic caused by a race condition when installing the Elastic Agent #806 #823
  • Use the Elastic Agent configuration directory as the root of the inputs.d folder #663 #840
  • Fix unintended reset of source URI when downloading components #1252
  • Create separate status reporter for local-only events so that degraded Fleet check-ins no longer affect health of successful Fleet check-ins #1157 #1285
  • Add success log message after previous check-in failures #1327
  • Fix docker provider add_fields processors #1420
  • Fix admin permission check on localized windows #1552