Also see Breaking changes in 7.13.
- A memory disclosure vulnerability was identified in Elasticsearch’s error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information, such as Elasticsearch documents or authentication details. All versions of Elasticsearch prior to 7.13.4 are affected by this flaw. There is no known workaround for this issue. You must upgrade to Elasticsearch version 7.13.4 to obtain the fix. CVE-2021-22145