28 mars 2017 Sorties

Elasticsearch 5.3.0 released

Par Clinton Gormley

IMPORTANT: See Multi data path bug in Elasticsearch 5.3.0

Today we are pleased to announce the release of Elasticsearch 5.3.0, based on Lucene 6.4.1. It is already available for deployment on Elastic Cloud, our Elasticsearch-as-a-service platform. 

Latest stable release in 5.x:

This is a bumper release with some very cool new features, and a Security bug fix:

X-Pack: Field Level Security

When merging multiple rules with Field Level Security rules for the same index, X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules. This vulnerability has been assigned the identifier ESA-2017-03 and only affects X-Pack 5.2.x.

Cross-Cluster Search

The Tribe Node has been our answer to the question “How do I search across multiple clusters?”, but it has problems which have proven hard to resolve. Cross-cluster search solves many of these problems:

  • Any node can act as a cross-cluster search client.
  • Remote cluster configuration is dynamic and can be updated without restarting.
  • Connections to other clusters are lightweight and limited to 3 connections per cluster, while the Tribe Node connected to every node in every cluster.
  • There is no merging of cluster states from remote clusters, which removes a lot of overhead.
  • Each cluster has its own namespace so you can search in indices with the same name in different clusters.

Unified Highlighter

Highlighting of search result snippets has been available since the early days, via the plain, fvh, and postings highlighters, but each highlighters works in a different ways and each has its own quirks and (not a few) bugs!

The new unified highlighter can use term vectors (like the fvh highlighter), or positions from postings list (like the postings highlighter) or can reanalyze text on demand (like the plain highlighter). It fixes numerous bugs present in the previous highlighters, and handles complicated analysis chains correctly.

It uses sentence-based highlighting by default, but will soon support length-based highlighting like the fvh. It is likely that we will remove the other highlighters as soon as the unified highlighter is feature complete and battle tested, so please start using it now.

Field Collapsing

The top_hits aggregation has provided support for result grouping or field collapsing for some time, but it is quite complex to use, the request is on the heavy side and, like other terms aggregations, it doesn’t support pagination. The new field collapsing feature is easy to use (just specify the field to collapse on), ultra-fast, and supports pagination! It can be used to return a single result in each category, or to return the best matching results in each category using inner_hits.

Other Highlights

A few other highlights worthy of special mention are:

  • A new adjacency aggregation counts the number of times pairs of filters match the same documents.
  • An index with custom routing can now store a single routed value in more than one shard.
  • Elasticsearch now has a keystore to support secure settings, instead of having to litter config file with passwords in plain text. This is just the start of secure settings support and sensitive settings still need to be migrated to using the keystore.

Conclusion

Please download Elasticsearch 5.3.0, try it out, and let us know what you think on Twitter (@elastic) or in our forum. You can report any problems on the GitHub issues page.