This section summarizes the changes that you need to be aware of when migrating your application to X-Pack 6.0.
A new bootstrap check enforces that default passwords are disabled for the
built-in users when running in
You must set
elasticsearch.yml. For more information, see Security Settings and Setting Up User Authentication.
- A new configuration setting is available to disable support for the default password ("changeme"). For more information, see Disable Default Password Functionality.
Before you start Elasticsearch, you must perform the steps described in Setting up TLS/SSL on a cluster. Otherwise, errors occur at startup.
A new bootstrap check enforces that HTTPS is used by the built-in token
service when running in
To disable the token service, set
elasticsearch.yml. See Token Service Settings.
- Suggesters can no longer be used if document level security is enabled. The search request now fails with an error if suggesters are specified and document level security is active.
- Query and aggregation profiling can no longer be used if document level security is enabled. The search request now fails with an error if profiling are enabled and document level security is active.
- A new bootstrap check enforces that default passwords are disabled for the built-in users when running in production mode. You must set
- The built-in HTTP client used in webhooks, the http input and the http email attachment has been replaced. This results in the need to always escape all parts of an URL.
- The new built-in HTTP client also enforces a maximum request size, which defaults to 10mb.
_statusfield has been renamed to
status, as underscores in field names will not be allowed.
The use of the
system_keyfile for encrypting sensitive values was deprecated in 5.6 and removed in 6.0. To continue using watches with encrypted data, use the
elasticsearch-keystoretool to store the key in the secure settings keystore. See Encrypting sensitive data in Watcher.
- The fields returned as part of the mappings section by get index, get mappings, get field mappings and field capabilities API are now only the ones that the user is authorized to access in case field level security is enabled.