Elasticsearch version 7.13.4

edit

Elasticsearch version 7.13.4

edit

Also see Breaking changes in 7.13.

Security updates

edit
  • A memory disclosure vulnerability was identified in Elasticsearch’s error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information, such as Elasticsearch documents or authentication details. All versions of Elasticsearch prior to 7.13.4 are affected by this flaw. There is no known workaround for this issue. You must upgrade to Elasticsearch version 7.13.4 to obtain the fix. CVE-2021-22145

Known issues

edit
  • Frozen tier: (Windows only) The frozen data tier relies on multiple caching mechanisms to speed up access to searchable snapshot files. One of these caches uses sparse files to avoid creating large files on disk when it is not strictly required. A bug prevented files from being created with the right options to enable sparse support on Windows, leading Elasticsearch to create potentially large files that can end up consuming all the disk space.

    This issue is fixed in Elasticsearch versions 7.15.2 and later. There is no known workaround for earlier versions. Filesystems that enable sparse files by default are not affected. For more details, see #79371.

  • Snapshot and restore: If a running snapshot is cancelled while a previously-started snapshot is still ongoing and a later snapshot is enqueued then there is a risk that some shard data may be lost from the repository. This will cause future restore operations to fail. To mitigate this problem, set snapshot.max_concurrent_operations: 1 to prevent concurrent snapshot operations:

    PUT _cluster/settings
    {
      "persistent" : {
        "snapshot.max_concurrent_operations" : 1
      }
    }

    This issue is fixed in Elasticsearch versions 7.14.1 and later. It is not possible to repair a repository once it is affected by this issue, so you must restore the repository from a backup, or clear the repository by executing DELETE _snapshot/<repository name>/*, or move to a fresh repository. For more details, see #75598.

Bug fixes

edit
Mapping
  • Call fixRedundantIncludes on dynamic mapping updates #74903 (issue: #74899)
Snapshot/Restore
  • Fix Concurrent Snapshot Repository Remove Issues #74880 (issue: #74858)