Elastic Cloud Enterprise 3.6.0edit

The following changes are included in this release.


Private link support for better traffic management. Added a new API endpoint where organizations claim their private link (AWS PrivateLink, Azure Private Link, or GCP Private Service Connect). The owner of the private link uses the private link in traffic filtering, which reduces the risk of data exfiltration.

xpack.security.transport.ssl.trust_restrictions.x509_fields on allow list. Adds xpack.security.transport.ssl.trust_restrictions.x509_fields to allowed user settings for supported stack versions.

Restore component IDs to the UI. The IDs for Kibana, APM, Fleet and Enterprise Search are accessible in the UI again.

Add ingest_pipeline metricset to Elasticsearch monitoring. Enables shipping ingest pipeline metrics for Elasticsearch when Logs & Metrics is enabled. Requires Elastic Stack v8.7.0 and above.

Support Elasticsearch plugins built against the stable plugin API. Support for Elasticsearch plugins built against the stable plugin API that is introduced in Elasticsearch 8.7.0. If the stable plugin API is used, a plugin should contain stable-plugin-descriptor.properties. If a plugin contains both plugin-descriptor.properties and stable-plugin-descriptor.properties, the behavior is undefined.

Latest agent versions url addition 8.8. Includes xpack.apm.latestAgentVersionsUrl APM configuration setting for 8.8 as part of last agent versions feature.

Support for role based access control roles with SSO. In Elastic Cloud Enterprise a Deployments viewer and Deployments manager can SSO into a deployment from the Elastic Cloud Enterprise UI.


Elastic Cloud Enterprise now comes with 7.17.10. Elastic Cloud Enterprise now comes with 7.17.10 out of the box.

Improved local trust management. Allows users to download the certificate for all of their local trust relationships.

Machine learning vCPU improvements. Displaying the minimum vCPU values for your machine learning instance.

Discard invalid external trusts which have been deleted. Whenever a deployment had an external trust that referenced a platform level trust which had been deleted from the platform page, the deployment page would show just the ID number and this had to be deleted before making any other edits to the settings. These are now filtered out so they are automatically cleaned up on the next edit.

A non-high-availability health indicator added. A new health indicator for non-high-availability Elasticsearch clusters has been added when the Elasticsearch hot, warm, and/or cold tiers have 1 availability zone only.

Kibana display native memory. Native memory pressures for Kibana instances are now displayed.

Snapshot restore improvements. Added an option to disable extended maintenance on a snapshot restore from another deployment.

New JWT realm settings for supporting access tokens. Enhanced the JWT realm to support specific access tokens.

Upgrade Beats to 7.17.9 and close file handle in IndexTemplatesProvider. Upgrades bundled Beats to 7.17.9.

trace.id added to proxy request logs. trace.id is now included in the header in Proxy request logs for easier debugging.

Show release notes links in the upgrade modal. Links to release notes are now provided in the Upgrade Modal for the selected version.

Table view added for deployment instances. Added a table view for viewing an individual deployment’s instances. Find it on the right side of the filter bar.

Log manipulated X-Opaque-Id header for Kibana requests. Add Kibana execution context derived from X-Opaque-Id header to Proxy request logs.

Bug fixesedit

Enable plugins on existing deployments. Previously there was an issue where users could not enable plugins on existing deployments.

Include query_paramers field in Adminconsole logs. Adds query parameters to the Cloud API logs redacting key fields.

Improve instance health checker. In case deployment stack resource instances (Elasticsearch/Kibana/APM instances) are removed (when a deployment is terminated or deleted) and a user checks deployment health, then a wrong indicator is shown saying instances are unhealthy. It should show that the instances are missing. The stack names are used in the indicator summary as Enterprise_search, Integration_server. The stack names are now correctly Enterprise Search, Integration Server.

Expose nameid_format as a configurable attribute for ECE SAML. nameid_format is a configurable attribute when creating or modifying a SAML configuration on ECE.

Convert int_server to APM when vacating those nodes from the deployment page. Fixes a bug whereby Integrations Server instances were not able to be moved from one allocator to another, if the action was taken from the Deployment page.

The helper function now takes into account the current plan. Fixes bug where removing a topology element in the Edit page would lead to a warning about elements already existing in the deployment. This was a false positive.

Rename JVM keystore configs in Elasticsearch cluster data. The trust.jvm_trust_store and trust.jvm_store_pass Elasticsearch cluster data settings were renamed to jvm_trust_store.name and jvm_trust_store.password, respectively.

Restore forecast window field. The forecast window should again be selectable for a deployment’s Hot data and Content tier.

Refactor pagination sorting. Fixes a bug where sorting on the Deployments List page was only working for the items on a single page. If you had more than 30 deployments, the sorting on the table view would only sort the items on that page. Now sorting works for all deployments.

Prevent deleting the data-stream if it exists while creating the data-stream. Previously a function to create a data stream was introduced. Inside this function, if the data stream existed already it was deleted. Deleting the data stream also deleted the underlying indices which meant all existing monitoring data was lost.

Rename endpoint for calling Elasticsearch Health API. These changes rename the endpoint that the Deployment Health API uses to invoke the Elasticsearch Health API from _health to _health_report for deployments >= 8.7.

Restore re-apply button for changed sources. Fixes an issue where the "re-apply" button was not showing for user-initiated plan changes.

Revert instance configuration defaults. Fixes a bug whereby in ECE users weren’t able to create an instance configuration with the default values.

Deployments List health filters to allow selecting multiple values. Users are now able to select multiple health filters on the Deployments List page.

Deployment template creation on logs/metrics page automatically sending monitoring data. Fixes a bug that didn’t allow users to deselect sending monitoring data of either logs or metrics.

Missing user plugin. Fixes a bug where Elasticsearch instances would silently ignore a user plugin that failed to download at boot time. Behavior is now corrected to keep retrying until success.


Remove all v0 coordinator routes. CRUD operations with the coordinators using the api/v0/coordinators endpoint are now replaced with the equivalent v1 endpoint api/v1/platform/infrastructure/coordinators.

Migrate EULA accept endpoint to v1. Deprecated v0/users/eula/_accept endpoint is now available as v1/platform/license/eula/_accept.

Deprecate settings to change Elasticsearch/Kibana used by stateless components. Deprecating deployment configuration settings that allow overriding the Elasticsearch and Kibana endpoints.

These settings allow you to change the Elasticsearch used by Kibana. If you remove these settings, you can no longer override the provisioned Elasticsearch that remains in use in the same deployment.

This affects the following fields in the create-deployment and update-deployment APIs:

Removed transactionGroupBucketSize in 8.7. Removes xpack.apm.ui.transactionGroupBucketSize APM configuration setting for 8.7 in the Kibana User Settings editor.