Tech Topics

Elasticsearch 1.3.2 and 1.2.4 Released

Today, we are happy to announce bugfix releases Elasticsearch 1.3.2 and  Elasticsearch 1.2.4. You can download them and read the full list of changes here:

These two releases fix a rare bug in the compression of data transferred between nodes (#7210).  We recommend that everyone upgrades.

Communication between Elasticsearch nodes is compressed using LZF to reduce the amount of data transferred across the network. A small number of byte sequences can produce a hash collision which, when combined with a bug in the compression library that we use, results in data corruption.

We noticed this bug thanks to a recent checksum change in 1.3.0, which is part of the work we are doing to make Elasticsearch as resilient as possible. While we have always added checksums to files that we write, we did not check that files transferred across the network had the same checksum as the original. This added check resulted in an exception for one of our users when trying to recover a replica shard from the primary: one segment was being corrupted during transfer, which altered the checksum.

We managed to create a test case, find the bug, and submit a pull request to the author of the compression library, who reacted very promptly and released a new version with the bugfix.

The sequence of events needed to trigger this bug occurs rarely. It may be responsible for the occasional case of corruption that we have seen reported, but which has remained unexplained.  We advise users to upgrade, but in the meantime you can avoid this bug completely by disabling compression with the following request:

curl -XPUT "http://localhost:9200/_cluster/settings" -d'
{
  "persistent": {
    "indices.recovery.compress": false
  }
}'

Please download Elasticsearch 1.3.2, try it out, and let us know what you think on Twitter (@elasticsearch). You can report any problems on the GitHub issues page.