WARNING: Version 6.2 of Elasticsearch has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
This section summarizes the changes that you need to be aware of when migrating your application to X-Pack 6.0.
- Security
-
-
A new bootstrap check enforces that default passwords are disabled for the
built-in users when running in
production mode.
You must set
xpack.security.authc.accept_default_password
tofalse
in yourelasticsearch.yml
. For more information, see Security settings and Setting Up User Authentication. - A new configuration setting is available to disable support for the default password ("changeme"). For more information, see Disable Default Password Functionality.
-
A new bootstrap check enforces that TLS/SSL is required for inter-node communication when running in production mode. See Encrypting Communications.
Before you start Elasticsearch, you must perform the steps described in Setting up TLS/SSL on a cluster. Otherwise, errors occur at startup.
-
A new bootstrap check enforces that HTTPS is used by the built-in token
service when running in
production mode.
To disable the token service, set
xpack.security.authc.token.enabled
tofalse
in yourelasticsearch.yml
. See Token Service Settings. - Suggesters can no longer be used if document level security is enabled. The search request now fails with an error if suggesters are specified and document level security is active.
- Query and aggregation profiling can no longer be used if document level security is enabled. The search request now fails with an error if profiling are enabled and document level security is active.
-
A new bootstrap check enforces that default passwords are disabled for the
built-in users when running in
production mode.
You must set
- Watcher
-
- The built-in HTTP client used in webhooks, the http input and the http email attachment has been replaced. This results in the need to always escape all parts of an URL.
- The new built-in HTTP client also enforces a maximum request size, which defaults to 10mb.
-
The watch
_status
field has been renamed tostatus
, as underscores in field names will not be allowed. -
The use of the
system_key
file for encrypting sensitive values was deprecated in 5.6 and removed in 6.0. To continue using watches with encrypted data, use theelasticsearch-keystore
tool to store the key in the secure settings keystore. See Encrypting sensitive data in Watcher.
- Security
-
- The fields returned as part of the mappings section by get index, get mappings, get field mappings and field capabilities API are now only the ones that the user is authorized to access in case field level security is enabled.
See also: