What’s New in Elasticsearch 7.9.0? Key Security Fixes and Feature Updates

Elasticsearch 7.9.0 has been released with the following updates:

Security Update

A field‑level security vulnerability could leak fields during scroll searches when a lower‑privileged user runs the same query after a higher‑privileged user, affecting all versions prior to 7.9.0 and 6.8.12. Upgrade to 7.9.0 or 6.8.12 to fix (CVE‑2020‑7019).

Known Issues

Upgrading from earlier versions to 7.9.0 may cause incorrect mappings on the machine‑learning annotation index and the machine‑learning configuration index.

Major Changes

Script Cache

Script cache size and rate limits are now context‑dependent.

Field capabilities API

Constant_keyword fields are now described by their family type keyword instead of constant_keyword.

Snapshot restore throttling

Snapshot restore now correctly respects the recovery throttling setting indices.recovery.max_bytes_per_sec.

Thread pool write queue size

The default size of the WRITE thread‑pool queue ( thread_pool.write.size ) has been increased from 200 to 10,000.

Dangling indices

Auto‑import of dangling indices is now disabled by default and will be removed in Elasticsearch 8.0.

For more details, see the release notes at https://www.elastic.co/guide/en/elasticsearch/reference/7.9/release-notes-7.9.0.html.