WARNING: Version 6.1 of Elasticsearch has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
A new bootstrap check enforces that default passwords are disabled for the
built-in users when running in
You must set
elasticsearch.yml. For more information, see Security settings and Setting Up User Authentication.
- A new configuration setting is available to disable support for the default password ("changeme"). For more information, see Disable Default Password Functionality.
- A new bootstrap check enforces that default passwords are disabled for the built-in users when running in production mode. You must set
- The built-in HTTP client used in webhooks, the http input and the http email attachment has been replaced. This results in the need to always escape all parts of an URL.
- The new built-in HTTP client also enforces a maximum request size, which defaults to 10mb.
- The HTTP client respects timeouts now and does not get stuck leading to stuck watches