X-Pack Breaking changes in 6.0

This section summarizes the changes that you need to be aware of when migrating your application to X-Pack 6.0.

Security
  • A new bootstrap check enforces that default passwords are disabled for the built-in users when running in production mode. You must set xpack.security.authc.accept_default_password to false in your elasticsearch.yml. For more information, see Security settings and Setting Up User Authentication.
  • A new configuration setting is available to disable support for the default password ("changeme"). For more information, see Disable Default Password Functionality.
  • A new bootstrap check enforces that TLS/SSL is required for inter-node communication when running in production mode. See Encrypting Communications.

    Before you start Elasticsearch, you must perform the steps described in Setting up TLS/SSL on a cluster. Otherwise, errors occur at startup.

  • A new bootstrap check enforces that HTTPS is used by the built-in token service when running in production mode. To disable the token service, set xpack.security.authc.token.enabled to false in your elasticsearch.yml. See Token Service Settings.
  • Suggesters can no longer be used if document level security is enabled. The search request now fails with an error if suggesters are specified and document level security is active.
  • Query and aggregation profiling can no longer be used if document level security is enabled. The search request now fails with an error if profiling are enabled and document level security is active.
Watcher
  • The built-in HTTP client used in webhooks, the http input and the http email attachment has been replaced. This results in the need to always escape all parts of an URL.
  • The new built-in HTTP client also enforces a maximum request size, which defaults to 10mb.
  • The watch _status field has been renamed to status, as underscores in field names will not be allowed.
  • The use of the system_key file for encrypting sensitive values was deprecated in 5.6 and removed in 6.0. To continue using watches with encrypted data, use the elasticsearch-keystore tool to store the key in the secure settings keystore. See Encrypting sensitive data in Watcher.
Security
  • The fields returned as part of the mappings section by get index, get mappings, get field mappings and field capabilities API are now only the ones that the user is authorized to access in case field level security is enabled.

See also: