Elasticsearch version 7.13.3edit

Also see Breaking changes in 7.13.

Security updatesedit

  • An uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node. All versions of Elasticsearch prior to 7.13.3 are affected by this flaw. You must upgrade to Elasticsearch version 7.13.3 to obtain the fix. CVE-2021-22144

Known issuesedit

  • Frozen tier: (Windows only) The frozen data tier relies on multiple caching mechanisms to speed up access to searchable snapshot files. One of these caches uses sparse files to avoid creating large files on disk when it is not strictly required. A bug prevented files from being created with the right options to enable sparse support on Windows, leading Elasticsearch to create potentially large files that can end up consuming all the disk space.

    This issue is fixed in Elasticsearch versions 7.15.2 and later. There is no known workaround for earlier versions. Filesystems that enable sparse files by default are not affected. For more details, see #79371.

  • Snapshot and restore: If a running snapshot is cancelled while a previously-started snapshot is still ongoing and a later snapshot is enqueued then there is a risk that some shard data may be lost from the repository. This will cause future restore operations to fail. To mitigate this problem, set snapshot.max_concurrent_operations: 1 to prevent concurrent snapshot operations:

    PUT _cluster/settings
    {
      "persistent" : {
        "snapshot.max_concurrent_operations" : 1
      }
    }

    This issue is fixed in Elasticsearch versions 7.14.1 and later. It is not possible to repair a repository once it is affected by this issue, so you must restore the repository from a backup, or clear the repository by executing DELETE _snapshot/<repository name>/*, or move to a fresh repository. For more details, see #75598.

Bug fixesedit

Autoscaling
  • Autoscale frozen tier into existence #73435 (issue: #72771)
  • Avoid scaling empty tier unnecessarily #74086
CompositeAggs
  • Fix bug when formatting epoch dates #73955 (issue: #68963)
EQL
  • Remove "fields" section from sequence in-progress searches #74824 (issue: #74582)
  • Remove "yet" from unsupported pipe error message #74850 (issue: #70844)
Features/Ingest
  • Improve circular reference detection in grok processor #74581
Network
  • Increment request before serializing it in OutboundHandler #74256 (issue: #74253)
Recovery
  • Recycle buffers used for file-based recovery #74117 (issue: #65921)
SQL
Search
  • Disable query cache for FunctionScoreQuery and ScriptScoreQuery #74060 (issue: #73925)
  • Fix CombinedFieldQuery (Lucene 9999) #74678
  • Fix error in FieldCapabilitiesResponse serialization #74504
  • Use min version when storing async search response #74642
Snapshot/Restore
  • Correctly log exceptions that are thrown during cache prewarming #74419
  • Fix snapshots recording incorrect max segment counts #74291 (issue: #74249)
  • Shared cache’s recovery range should be aligned with page size #74439 (issue: #74372)
Transform
  • Replace missing transform id with _all wildcard #74130 (issue: #74218)