Changelog for Search Guard 7.x-43.0.0
Release Date: 06.07.2020
New Features
Search Guard Core
- Search Guard now provides functionality which allows reloading the used TLS certificates without restarting ES. This API is not enabled by default, but it can be enabled with a configuration setting. See TLS Hot Reload for details.
Improvements
sgadmin
- The
sgadmin
andhash
tools now write error messages to stderr instead of stdout.- Contributed by Fabien Wernli
Bug Fixes
Search Guard Core
- Fixed a bug which caused Search Guard to log many error messages during the first startup after installation.
- Added support for
indices:data/read/async_search/*
actions. This allows especially Kibana to use the async search API. The SG Kibana Plugin 42.0.0 contained a workaround which disabled the usage of the async search API. This however caused the number of hits of a search to be missing in some cases. As Search Guard now supports async search, this workaround is removed again. The number of hits is thus restored as well.
Authentication / Authorisation
- Fixed permission problem where LDAP authentication could fail with
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.com.sun.jndi.ldap.ext")
.
Other
Authentication / Authorisation
- The permissions required for using SQL in ES are now cluster permissions, i.e., these permissions need to be configured in the
cluster_permission
section of the Search Guard configuaration. The permissions have been also added to the static action groupSGS_CLUSTER_COMPOSITE_OPS_RO
. If you are already using SQL for ES with Search Guard, you might need to add the action groupSGS_CLUSTER_COMPOSITE_OPS_RO
to the corresponding roles of your Search Guard configuration.