Elasticsearch version 7.13.3

Elasticsearch version 7.13.3

Also see Breaking changes in 7.13.

Security updates

  • An uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node. All versions of Elasticsearch prior to 7.13.3 are affected by this flaw. You must upgrade to Elasticsearch version 7.13.3 to obtain the fix. CVE-2021-22144

Known issues

  • Frozen tier: (Windows only) The frozen data tier relies on multiple caching mechanisms to speed up access to searchable snapshot files. One of these caches uses sparse files to avoid creating large files on disk when it is not strictly required. A bug prevented files from being created with the right options to enable sparse support on Windows, leading Elasticsearch to create potentially large files that can end up consuming all the disk space.

    This issue is fixed in Elasticsearch versions 7.15.2 and later. There is no known workaround for earlier versions. Filesystems that enable sparse files by default are not affected. For more details, see #79371.

  • Snapshot and restore: If a running snapshot is cancelled while a previously-started snapshot is still ongoing and a later snapshot is enqueued then there is a risk that some shard data may be lost from the repository. This will cause future restore operations to fail. To mitigate this problem, set snapshot.max_concurrent_operations: 1 to prevent concurrent snapshot operations:

    1. PUT _cluster/settings
    2. {
    3. "persistent" : {
    4. "snapshot.max_concurrent_operations" : 1
    5. }
    6. }

    This issue is fixed in Elasticsearch versions 7.14.1 and later. It is not possible to repair a repository once it is affected by this issue, so you must restore the repository from a backup, or clear the repository by executing DELETE _snapshot/<repository name>/*, or move to a fresh repository. For more details, see #75598.

  • Parsing a request when the last element in an array is filtered out (for instance using _source_includes) fails. This is due to a bug in Jackson parser. Fixed in Elasticsearch 8.6.1 (#91456)

  • The deprecated index.mapper.dynamic setting can break your cluster. It can only be set using the Update index settings API. Symptoms include nodes failing to start or shards failing to allocate. Do not use this setting in versions prior to 7.17.22. The bug is fixed in 7.17.22. (issue: #109160)

Bug fixes

Autoscaling

  • Autoscale frozen tier into existence #73435 (issue: #72771)
  • Avoid scaling empty tier unnecessarily #74086

CompositeAggs

EQL

  • Remove “fields” section from sequence in-progress searches #74824 (issue: #74582)
  • Remove “yet” from unsupported pipe error message #74850 (issue: #70844)

Features/Ingest

  • Improve circular reference detection in grok processor #74581

Network

  • Increment request before serializing it in OutboundHandler #74256 (issue: #74253)

Recovery

  • Recycle buffers used for file-based recovery #74117 (issue: #65921)

SQL

Search

  • Disable query cache for FunctionScoreQuery and ScriptScoreQuery #74060 (issue: #73925)
  • Fix CombinedFieldQuery (Lucene 9999) #74678
  • Fix error in FieldCapabilitiesResponse serialization #74504
  • Use min version when storing async search response #74642

Snapshot/Restore

  • Correctly log exceptions that are thrown during cache prewarming #74419
  • Fix snapshots recording incorrect max segment counts #74291 (issue: #74249)
  • Shared cache’s recovery range should be aligned with page size #74439 (issue: #74372)

Transform