Elasticsearch version 7.17.22

edit

Elasticsearch version 7.17.22edit

Also see Breaking changes in 7.17.

Breaking changesedit

Stricter Document Level Security (DLS)edit

Document Level Security (DLS) applies stricter checks for the validate query API and for terms aggregations when min_doc_count is set to 0.

Details
When Document Level Security (DLS) is applied to terms aggregations and min_doc_count is set to 0, stricter security rules apply. When Document Level Security (DLS) is applied to the validate query API with the rewrite parameter, stricter security rules apply.

Impact
If needed, test workflows with DLS enabled to ensure that the stricter security rules do not impact your application.

Remediation
Set min_doc_count to a value greater than 0 in terms aggregations or use an account not constrained by DLS for the validate query API calls.

Set xpack.security.dls.force_terms_aggs_to_exclude_deleted_docs.enabled to false in the Elasticsearch configuration to revert to the previous behavior.

Set xpack.security.dls.error_when_validate_query_with_rewrite.enabled to false in the Elasticsearch configuration to revert to the previous behavior.

Bug fixesedit

Infra/CLI
  • Workaround G1 bug for JDK 22 and 22.0.1 #108571
Mapping
  • Disable index.mapper.dynamic index setting validation #109160
Security
  • Block specific config files from being read after startup #107481

Upgradesedit

Packaging
  • Update bundled JDK to Java 22 (again) #108654
Snapshot/Restore
  • Align all usages of protobuf to be 3.21.9 #92123