Cross environment search and replication, and moreedit

Introducing cross-environment CCS & CCR

Cross-cluster search (CCS) and cross-cluster replication (CCR) are now available across Elastic Cloud organizations, regions, and providers, and between Elasticsearch Service and your self-managed environments. As a technical preview, CCS and CCR are also supported between clusters in Elasticsearch Service and Elastic Cloud Enterprise, with ECE support currently available by API only (UI support is planned for an upcoming ECE version). To learn more, check our CCS and CCR documentation.


Support trust between all environments. Trust can now be established between Elasticsearch Service and Elastic Cloud Enterprise, and between those and self-managed environments.

Certificate authority metadata. A new feature enables you to download a deployment’s CA certificate, so that you can connect your self-managed and Elastic Cloud Enterprise deployments to Elasticsearch Service. You can access this from your deployment’s Security page.


Allow csp.disableUnsafeEval config in kibana.yml. For version 8.3 and higher of Kibana, it’s now possible to set the experimental csp.disableUnsafeEval config option. Set this to true to remove the unsafe-eval source expression from the script-src Content Security Policy (CSP) directive. The default value is false, which is identical to the original Kibana behavior.

By enabling csp.disableUnsafeEval, Kibana will use a custom version of the Handlebars template library which doesn’t support inline partials. Handlebars is used in various locations in the Kibana frontend where custom templates can be supplied by the user when for instance setting up a visualisation. If you experience any issues rendering Handlebars templates after turning on csp.disableUnsafeEval, or if you rely on inline partials, please revert this setting to false and open an issue in the Kibana GitHub repository.

Virtualize the code block to improve performance. API Console output is now virtualized. Only visible parts will be loaded at a given time in order to improve performance.

Fix version mismatch UI. In case of a failed upgrade, you will now be directed to complete that upgrade before doing anything else with the deployment, as other actions would likely fail.

Set "https_port-elasticsearch": "443" for production environments. Set default HTTPS port, 443, to be the default port for Elasticsearch endpoints displayed in the Elasticsearch Service Cloud UI/API. Port 9243 will continue to route as expected.

Disabled Enterprise Search resources should return a valid API plan. Ensures that a valid plan is always returned for Enterprise Search resources. Previously, disabled Enterprise Search resources would not include a valid plan.

Bug fixesedit

Restrict the autoscaling maximum size in the deployment templates for trial accounts. Getting deployment templates as a trial user will now restrict the autoscaling_max size to the trial limits.

Fix wrong layout on pricing page. Fixes the width of the summary section on the pricing page.


Remove legacy cipher suite from AWS eu-west-1. The AWS eu-west-1 region cipher suites have been updated to intermediate ciphers and Windows 11 client compatible cipher suites.


Remove semicolon & X-Pack API calls. Updated the OpenID Connect instructions to replace some deprecated X-Pack API calls and remove an extra character in the Okta configuration documentation.