Breaking Changes in 5.3

Security
  • Unauthorized bulk request is rejected on individual bulk item basis instead of being rejected as an entire operation. In case of insufficient privileges, individual bulk item responses return security exception with 403 error code instead of top level bulk response returning security exception with 403 error code. The top level bulk response always returns with 200 status code.
  • create, index and delete index privileges can execute bulk action.
  • Usage of Netty 3 for transport (transport.type=security3) or HTTP (http.type=security3) is deprecated and will be removed in X-Pack 6.0.0. Instead, rely on the default implementations which are based on Netty 4.