Breaking changes in 7.6
editBreaking changes in 7.6
editThis section discusses the changes that you need to be aware of when migrating your application to Elasticsearch 7.6.
See also Release highlights and Release notes.
Security changes
editElasticsearch API key privileges
editIf you use an API key to create another API key (sometimes called a derived key), its behavior is impacted by the fix for CVE-2020-7009.
When you make a request to create API keys, you can specify an expiration and privileges for the API key. Previously, when you created a derived key, it had no privileges. This behavior disregarded any privileges that you specified in the create API key API.
As of 7.6.2, this behavior changes. To create a derived key, you must explicitly specify a role descriptor with no privileges:
... "role_descriptors": { "no-privilege": { } } ...
Security deprecations
editThe xpack.security.transport.ssl.enabled
setting will be required to configure xpack.security.transport.ssl
settings.
Details
Configuring any SSL settings for
xpack.security.transport.ssl
without also configuring
xpack.security.transport.ssl.enabled
generates warnings in the deprecation
log. In 8.0, this configuration will result in errors.
Impact
To avoid deprecation warnings, either:
-
Explicitly set
xpack.security.transport.ssl.enabled
asfalse
-
Discontinue use of other
xpack.security.transport.ssl
settings
If you want to enable SSL, follow the instructions to
encrypt communications between nodes. As part of this configuration, explicitly set
xpack.security.transport.ssl.enabled
as true
.
For example:
The xpack.security.http.ssl.enabled
setting will be required to configure xpack.security.http.ssl
settings.
Details
Configuring any SSL settings for xpack.security.http.ssl
without also
configuring xpack.security.http.ssl.enabled
generates warnings in the
deprecation log. In 8.0, this configuration will result in errors.
Impact
To avoid deprecation warnings, either:
-
Explicitly set
xpack.security.http.ssl.enabled
asfalse
-
Discontinue use of other
xpack.security.http.ssl
settings
If you want to enable SSL, follow the instructions to
encrypt HTTP client communications for Elasticsearch. As part
of this configuration, explicitly set xpack.security.http.ssl.enabled
as true
.
For example:
A xpack.security.transport.ssl
certificate and key will be required to enable SSL for the transport interface.
Details
Enabling SSL for the transport interface without also configuring a certificate
and key through use of the xpack.security.transport.ssl.keystore.path
setting or the xpack.security.transport.ssl.certificate
and
xpack.security.transport.ssl.key
settings generates warnings in the
deprecation log. In 8.0, this configuration will result in errors.
Impact
If xpack.security.transport.ssl.enabled
is set to true
, provide a
certificate and key using the xpack.security.transport.ssl.keystore.path
setting or the xpack.security.transport.ssl.certificate
and
xpack.security.transport.ssl.key
settings. If a certificate and key is not
provided, Elasticsearch will generate warnings in the deprecation log.
A xpack.security.http.ssl
certificate and key will be required to enable SSL for the HTTP layer.
Details
Enabling SSL for the HTTP layer without also configuring a certificate and key
through use of the xpack.security.http.ssl.keystore.path
setting or
the xpack.security.http.ssl.certificate
and xpack.security.http.ssl.key
settings generates warnings in the deprecation log. In 8.0, this configuration
will result in errors.
Impact
If xpack.security.http.ssl.enabled
is set to true
, provide a
certificate and key using the xpack.security.http.ssl.keystore.path
setting or the xpack.security.http.ssl.certificate
and
xpack.security.http.ssl.key
settings. If a certificate and key is not
provided, Elasticsearch will generate warnings in the deprecation log.
Search changes
editAggregating and sorting on _id
is deprecated
editIt’s possible to aggregate and sort on the built-in _id
field by loading an
expensive data structure called fielddata. This was deprecated in 7.6 and will
be disallowed by default in 8.0. As an alternative, the _id
field’s contents
can be duplicated into another field with docvalues enabled (note that this
does not apply to auto-generated IDs).
Deprecation of sparse vector fields
editThe sparse_vector
field type has been deprecated and will be removed in 8.0.
We have not seen much interest in this experimental field type, and don’t see
a clear use case as it’s currently designed. If you have feedback or
suggestions around sparse vector functionality, please let us know through
GitHub or the discuss forums.
Update to vector function signatures
editThe vector functions of the form function(query, doc['field'])
are
deprecated, and the form function(query, 'field')
should be used instead.
For example, cosineSimilarity(query, doc['field'])
is replaced by
cosineSimilarity(query, 'field')
.
Disallow use of the nGram
and edgeNGram
tokenizer names
editThe nGram
and edgeNGram
tokenizer names haven been deprecated with 7.6.
Mappings for indices created after 7.6 will continue to work but emit a
deprecation warning. The tokenizer name should be changed to the fully
equivalent ngram
or edge_ngram
names for new indices and in index
templates.