Elasticsearch version 7.10.2

Elasticsearch version 7.10.2

Also see Breaking changes in 7.10.

Security updates

  • An information disclosure flaw was found in the Elasticsearch async search API. Users who execute an async search will store the HTTP headers. A user with the ability to read the .tasks index could obtain sensitive request headers of other users in the cluster. All versions of Elasticsearch between 7.7.0 and 7.10.1 are affected by this flaw. You must upgrade to Elasticsearch version 7.10.2 to obtain the fix. CVE-2021-22132

Known issues

  • Snapshot and restore: If an index is deleted while the cluster is concurrently taking more than one snapshot then there is a risk that one of the snapshots may never complete and also that some shard data may be lost from the repository, causing future restore operations to fail. To mitigate this problem, set snapshot.max_concurrent_operations: 1 to prevent concurrent snapshot operations:

    1. PUT _cluster/settings
    2. {
    3.   "persistent" : {
    4.     "snapshot.max_concurrent_operations" : 1
    5.   }
    6. }

    This issue is fixed in Elasticsearch versions 7.13.1 and later. It is not possible to repair a repository once it is affected by this issue, so you must restore the repository from a backup, or clear the repository by executing DELETE _snapshot/<repository name>/*, or move to a fresh repository. For more details, see #73456.

  • Parsing a request when the last element in an array is filtered out (for instance using _source_includes) fails. This is due to a bug in Jackson parser. Fixed in Elasticsearch 8.6.1 (#91456)

  • The deprecated index.mapper.dynamic setting can break your cluster. It can only be set using the Update index settings API. Symptoms include nodes failing to start or shards failing to allocate. Do not use this setting in versions prior to 7.17.22. The bug is fixed in 7.17.22. (issue: #109160)

Bug fixes

EQL

  • Fix early trimming of in-flight data #66493

Engine

  • Fix the earliest last modified age of translog issue. #64753
  • Fix the version and term field initialization error of NoOpResult #66269 (issue: #66267)

Features/Data streams

  • Allow more legit cases in Metadata.Builder.validateDataStreams #65791

Features/Features

  • Make FilterAllocationDecider totally ignore tier-based allocation settings #67019 (issue: #66679)

Features/Ingest

  • Fix whitespace as a separator in CSV processor #67045 (issue: #67013)

Highlighting

  • Fix bug where fvh fragments could be loaded from wrong doc #65641 (issues: #60179, #65533)

Features/ILM+SLM

  • Create AllocationDeciders in the main method of the ILM step #65037 (issue: #64529)

Infra/REST API

  • Fix cat tasks api params in spec and handler #66272 (issue: #59493)
  • Mark Cat Tasks API as experimental in rest-api-spec #66536 (issues: #51628, #65823)
  • Mark Task APIs as experimental in rest-api-spec #65823 (issue: #51628)

Infra/Scripting

  • Fix static inner class resolution in Painless #67027 (issue: #66823)

Infra/Settings

  • Correctly determine defaults of settings which depend on other settings #65989 (issue: #47890)
  • Do not interpret SecurityException in KeystoreAwareCommand #65366

QL

  • Handle IP type fields extraction with ignore_malformed property #66622 (issue: #66675)

Machine Learning

  • Change to only calculate model size on initial load to prevent slow cache promotions #66451

Network

  • Ensure notify when proxy connections disconnect #65697 (issue: #65443)
  • Fix AbstractClient#execute Listener Leak #65415 (issue: #65405)

SQL

  • Abort sorting in case of local agg sort queue overflow #65687 (issue: #65685)
  • Verify filter’s condition type #66268 (issue: #66254)

Search

  • Fix regressions around nested hits and disabled _source #66572 (issues: #60494, #66524)
  • Make sure shared source always represents the top-level root document #66725 (issues: #60494, #66577)

Security

  • Store and use only internal security headers #66365

Snapshot/Restore