Migrating to 7.12
editMigrating to 7.12
editThis section discusses the changes that you need to be aware of when migrating your application to Elasticsearch 7.12.
See also What’s new in 7.12 and Release notes.
Breaking changes
editThe following changes in Elasticsearch 7.12 might affect your applications and prevent them from operating normally. Before upgrading to 7.12, review these changes and take the described steps to mitigate the impact.
Breaking changes introduced in minor versions are normally limited to security and bug fixes. Significant changes in behavior are deprecated in a minor release and the old behavior is supported until the next major release. To find out if you are using any deprecated functionality, enable deprecation logging.
Engine changes
editForce-merges on frozen and searchable snapshot indices will fail if merging is required.
Details
In earlier versions a force-merge on a frozen index or a searchable snapshot
index would incorrectly yield a successful response without performing the
requested merge. This bug is fixed in version 7.12: from this version onwards a
force-merge on these immutable indices will fail if the requested merge is not
a no-op.
Search changes
editThe search APIs fields parameter returns fields inside nested fields grouped together.
Details
In earlier versions, fields retrieved via fields in the search API were
returned as a flat list. From 7.12 on, fields inside an object that is mapped
using the nested field type are grouped together to maintain the independence of
each object inside the original nested array.
SSL/TLS changes
editTLSv1.1 and TLSv1.0 are disabled in the bundled JDK
Details
As of Elasticsearch 7.12.1, when using the bundled JDK,
TLSv1.1 and TLSv1.0 are disabled by default.
This may affect SSL connections to the Rest API for some older clients.
It also has the potential to affect outgoing connections such as Watcher webhooks,
LDAP authentication or access to snapshot repositories.
Most Elasticsearch deployments will not be affected by this change, as these older TLS versions have known vulnerabilities and are no longer heavily used.
For instructions on how to enable these older TLS versions in your Elasticsearch cluster, see Enabling additional SSL/TLS versions on your JDK.
Deprecations
editThe following functionality has been deprecated in Elasticsearch 7.12 and will be removed in 8.0 While this won’t have an immediate impact on your applications, we strongly encourage you take the described steps to update your code after upgrading to 7.12.
Significant changes in behavior are deprecated in a minor release and the old behavior is supported until the next major release. To find out if you are using any deprecated functionality, enable deprecation logging.
Security changes
editThe xpack.security.transport.ssl.enabled setting will be required to configure xpack.security.transport.ssl settings.
Details
Configuring any SSL settings for
xpack.security.transport.ssl without also configuring
xpack.security.transport.ssl.enabled generates warnings in the deprecation
log. In 8.0, this configuration will result in errors.
Impact
To avoid deprecation warnings, either:
-
Explicitly set
xpack.security.transport.ssl.enabledasfalse -
Discontinue use of other
xpack.security.transport.sslsettings
If you want to enable SSL, follow the instructions to
encrypt internode communications with TLS. As part of this configuration, explicitly set
xpack.security.transport.ssl.enabled as true.
For example:
The xpack.security.http.ssl.enabled setting will be required to configure xpack.security.http.ssl settings.
Details
Configuring any SSL settings for xpack.security.http.ssl without also
configuring xpack.security.http.ssl.enabled generates warnings in the
deprecation log. In 8.0, this configuration will result in errors.
Impact
To avoid deprecation warnings, either:
-
Explicitly set
xpack.security.http.ssl.enabledasfalse -
Discontinue use of other
xpack.security.http.sslsettings
If you want to enable SSL, follow the instructions to
encrypt HTTP client communications for Elasticsearch. As part
of this configuration, explicitly set xpack.security.http.ssl.enabled
as true.
For example:
A xpack.security.transport.ssl certificate and key will be required to enable SSL for the transport interface.
Details
Enabling SSL for the transport interface without also configuring a certificate
and key through use of the xpack.security.transport.ssl.keystore.path
setting or the xpack.security.transport.ssl.certificate and
xpack.security.transport.ssl.key settings generates warnings in the
deprecation log. In 8.0, this configuration will result in errors.
Impact
If xpack.security.transport.ssl.enabled is set to true, provide a
certificate and key using the xpack.security.transport.ssl.keystore.path
setting or the xpack.security.transport.ssl.certificate and
xpack.security.transport.ssl.key settings. If a certificate and key is not
provided, Elasticsearch will generate warnings in the deprecation log.
A xpack.security.http.ssl certificate and key will be required to enable SSL for the HTTP layer.
Details
Enabling SSL for the HTTP layer without also configuring a certificate and key
through use of the xpack.security.http.ssl.keystore.path setting or
the xpack.security.http.ssl.certificate and xpack.security.http.ssl.key
settings generates warnings in the deprecation log. In 8.0, this configuration
will result in errors.
Impact
If xpack.security.http.ssl.enabled is set to true, provide a
certificate and key using the xpack.security.http.ssl.keystore.path
setting or the xpack.security.http.ssl.certificate and
xpack.security.http.ssl.key settings. If a certificate and key is not
provided, Elasticsearch will generate warnings in the deprecation log.