Changelog for Search Guard 7.x-36.0.0

Release Date: 23.07.2019

Security Fixes

n/a

Features

  • Introduce search_guard_roles for internal users (PR #706)
    • This makes it possible to assign Search Guard roles directly to internal users without the need for using the role mapping
    • Internal users database
  • Added searchguard.filter_sgindex_from_all_requests option in elasticsearch.yml to filter out the searchguard index from all-index requests
    • When set to true Search Guard will under the hood filter out the searchguard index from requests targeting all indices like * or _all
    • Default is false to make this change to a breaking change (will be true by default in future releases)
  • Added ChaCha20 support for TLS 1.2 (Commit 2e99232)
    • This requires Oracle JDK >= 12 or OpenSSL 1.1.1
  • Make it possible to disable built-in roles (PR #708)
    • Search Guard 7 introduced new static built-in resources like roles and action groups. For backwards-compatibility with Search Guard 6, the static resources can be disabled in elasticsearch.yml by setting:
    • searchguard.unsupported.load_static_resources: false

Fixes