Elastic Cloud Enterprise 3.7.0edit

We have identified a bug in ECE 3.7.0 where Single Sign-On between the admin console and deployment Kibana instances was broken. If you are considering upgrading to ECE 3.7, you can upgrade to 3.7.1 directly. If you have already upgraded to ECE 3.7.0, you can upgrade to ECE 3.7.1 to resolve this issue. For details, refer to Admin Console SSO breaks in ECE 3.7.0.

The following changes are included in this release.


New supported operating systems. You can now install Elastic Cloud Enterprise on Ubuntu 22.04 LTS (Jammy Jellyfish), RHEL 9, Rocky Linux 8 and 9, and SLES 15.

Removed support for older operating system and container runtime versions. Check the supported versions at https://www.elastic.co/support/matrix#elastic-cloud-enterprise.

  • CentOS is no longer supported.
  • RHEL 7 is no longer supported.
  • RHEL 8 with Docker is no longer supported.
  • RHEL 8 with Podman version 4.2 is no longer supported. RHEL 8 is now only supported with Podman 4.6.*.
  • Ubuntu 18.04 is no longer supported.
  • Ubuntu 20.04, SLES 12, and SLES 15 with Docker < 24.0 are no longer supported. They are now only supported with Docker 24.0.

API key-based trust for remote cluster connections (beta). You can now use API keys as a trust method to establish remote cluster connections to and from your Elastic Cloud Enterprise 8.13 deployments. By using API keys, you can define more granular, index-level permissions to have greater control over the data that can be accessed remotely by another cluster. Find more details in Enable cross-cluster search and cross-cluster replication.

Traffic filtering support for remote cluster connections. A new remote_cluster traffic filter type with two optional fields is now available when setting up traffic filter rules. This new traffic filter type must be used if you want to enable traffic filtering for a newly configured remote cluster connection.

New remote cluster trust configurations also support Private Link traffic filters.

Enable autoscaling for machine learning only. When creating or editing a deployment, you now have the option to enable autoscaling for machine learning instances only.

Test deployment change plans with dry runs. Dry Run plans allow you to simulate deployment changes without actually making the changes. By looking at the result of a dry run plan, you can determine what the plan would do to the deployment if executed normally.

Dry Run plans behave as normal plans that are aborted before applying any change. Run a normal plan to apply the changes, or run a “no-op” plan to make sure that the deployment keeps showing a healthy status.

Rolling plans execution order. Elastic Cloud Enterprise will now execute rolling plans on data tiers from the frozen tier to the hot tier, and then finish with master nodes at the end.


Enhanced fault detection and retry logic for allocator failures. Reduced the number of 5xx errors in clusters due to allocator failures, particularly for requests that cannot be retried.

Set reason for allocator maintenance mode. Added an optional reason parameter to the allocator maintenance-mode/_start and maintenance-mode/_stop APIs. This parameter lets you specify why an allocator was put into maintenance mode. The reason will appear as a comment on the allocator.

Specify keystore secrets and values in the Deployment API. Added support for managing Elasticsearch keystore entries during deployment creation and upgrade.

Upgrade Beats to 7.17.20. Upgraded the bundled Beats version to 7.17.20.

Allow instance_configuration_id field to be updated in deployment templates. It’s now possible to update the instance_configuration_id field of a deployment template, even if the template is in use by other deployments. This way, new deployments created with this template will use the new instance configuration IDs.

Prevent security cluster API from automatically decreasing zone_count when it’s 2. The security deployment API no longer allows updating the security cluster’s zone count to 2. If the security cluster has been scaled to 2 zones via other means, the security deployment PUT API endpoint will respond with a 400 Bad Request error. When upgrading Elastic Cloud Enterprise with the security cluster scaled to exactly 2 zones, the upgrader will now fail.

Include instance configurations in deployment info. The GET /api/v1/deployments/<id>?show_instance_configurations=true request now returns the list of instance_configurations used by the deployment in the response.

Default autoscaling minimum and maximum values for deployment templates. If the autoscaling_min field is not defined when creating or updating a template with support for autoscaling, it is set to the default value of 0.

If the autoscaling_max field is not defined when creating or updating a template with support for autoscaling, it is set to a default value of:

  • 2 * IC_MAX_SIZE for the hot, warm, and frozen tiers.
  • IC_MAX_SIZE for the cold and ML tiers.

Where IC_MAX_SIZE refers to the maximum size allowed by the instance configuration.

Make default_size and resource instance configuration fields optional. The discrete_sizes.resource field is now optional when creating or updating instance configurations. If not defined, it defaults to memory.

skip_data_migration:false is now the default when moving instances. The "Gracefully move data" option is now enabled by default when moving instances from the admin console, in the Move settings window.

Go upgrade to 1.20.11. Upgraded Go in proxy and route-sync to 1.20.11.

HAPROXY upgrade to 2.8.3. Upgraded HAPROXY to 2.8.3.

Constructor no longer clears read-only flags in 7.4 and later. For versions 7.4 and later, Elastic Cloud Enterprise will stop clearing the flood stage read-only flag after completing a plan change as these versions now handle this operation automatically. This will speed up completing plans in clusters with many indices.

Add support for returning all instance configuration versions in a region. The GET /platform/configuration/instances endpoint contains a new query parameter: include_versions. By default, include_versions is set to false. When include_versions is enabled, the endpoint now returns all existing instance configuration versions, including the latest and all previous versions of each instance configuration. When the parameter is disabled, the endpoint only returns the latest version of each instance configuration.

Remove access to source deployment snapshots for a cloned deployment. On cloned deployments, it is now possible to remove the access to the snapshot repository of the source deployment.

Bug fixesedit

Cluster updates now trigger allocator re-indexing and consume less memory. This fixes delayed updates for the instance’s health and plans reported by the allocators search endpoints.

Fixed an issue where deployments were not searchable by the resource ID of their Elasticsearch, Kibana, and other deployment components.

Azure Private Link Connection IDs that couldn’t be parsed correctly now return a 400 error with an invalid input message.

Fixed an issue with truncated Azure Private Link connection names that could cause valid connection requests to be erroneously rejected.

Machine learning nodes are now correctly gracefully shut down during node migration operations.

Fixed an issue that could cause plan changes to fail and return the following error message when using a custom SSO role mapping: The role mapping elastic-cloud-sso-kibana-do-not-change could not be configured.