9.4.2$$$Features and enhancements$$$Filebeat$$$$$$Match http.ServeMux redirect status code for path cleaning in http_endpoint mux. #50686$$$Libbeat$$$$$$Update ebpfevents to v0.9.0. #50609$$$Metricbeat$$$$$$Add failure_store metric to the stats metricset in the Beat module. #49452$$$Add elasticsearch/security_stats metricset to the Elasticsearch module. #50674$$$Migrate azure/app_insights metricset off the deprecated track-1 Azure SDK and go-autorest; and use azcore directly. #50392$$$Fixes$$$All$$$$$$Initialize disk queue frame IDs from persisted state. #50534$$$Fix race in pipeline client between Publish and Close that could skip waiting for events to be acknowledged. #50625 #49390$$$Auditbeat$$$$$$Release the bolt file lock when the last datastore bucket is closed. #50386 #50381$$$Filebeat$$$$$$Fix token refresh for jwk_pem/jwk_file in the cel; httpjson; and okta inputs. #50433 #50426$$$Accept string values for secret_state to support Fleet secret resolution. #50508$$$Respect max_bytes/message_max_bytes when reading the first chunk of CRI partial lines. #50552$$$When Filestream is migrating the registry key from inputs that did not have an ID; match files by path and file identity instead of only path. #50599$$$Fixes UDP input crashes on Windows when oversized datagrams are received. #50770 #50718$$$Make CrowdStrike streaming input cancel refresh goroutines on session reconnect. #50803$$$Heartbeat$$$$$$Upgrade npm to v11 in non-wolfi Heartbeat Docker images. #50598$$$Metricbeat$$$$$$Fix panic in Azure module when all configured resources match no Azure resources. #50498$$$Elasticsearch module cluster state requests no longer append local=true. #50723 #50722

9.4.1$$$Features and enhancements$$$Libbeat$$$$$$Cache add_locale processor and refresh only when zone or offset changes. #50343 #50322$$$Fixes$$$All$$$$$$Update go-ntlmssp to v0.1.1. #50497$$$Fix a deadlock between shutdown and metrics collection in the OpenTelemetry telemetry bridge. #50528$$$Fix OTel Beat processor to honor when conditions. #50555 #50549$$$Filebeat$$$$$$Fix a race condition during multiline parser shutdown. #49980$$$Fix Okta entity analytics OAuth2 config unpacking for jwk_json and jwk_pem fields. #50406$$$Fix Active Directory entity analytics to emit device attributes under activedirectory.device. #50472 #50471$$$Fix handling of OAuth2.0 timeouts in CrowdStrike streaming input. #50492 #49988$$$Libbeat$$$$$$Fix OTel map conversion for []time.Duration fields to avoid dropping duration slices. #50486 #50474$$$Winlogbeat$$$$$$Fix Long.decode failures in the Painless script for the Windows security ingest pipeline. #49869$$$Disable Winlogbeat record ID gap detection when using xml_query so filtered queries do not loop on non-contiguous record IDs. #50443

9.4.1$$$Features and enhancements$$$Libbeat$$$$$$Cache add_locale processor and refresh only when zone or offset changes. #50343 #50322$$$Fixes$$$All$$$$$$Update go-ntlmssp to v0.1.1. #50497$$$Fix a deadlock between shutdown and metrics collection in the OpenTelemetry telemetry bridge. #50528$$$Fix OTel Beat processor to honor when conditions. #50555 #50549$$$Filebeat$$$$$$Fix a race condition during multiline parser shutdown. #49980$$$Fix Okta entity analytics OAuth2 config unpacking for jwk_json and jwk_pem fields. #50406$$$Fix Active Directory entity analytics to emit device attributes under activedirectory.device. #50472 #50471$$$Fix handling of OAuth2.0 timeouts in CrowdStrike streaming input. #50492 #49988$$$Libbeat$$$$$$Fix OTel map conversion for []time.Duration fields to avoid dropping duration slices. #50486 #50474$$$Winlogbeat$$$$$$Fix Long.decode failures in the Painless script for the Windows security ingest pipeline. #49869$$$Disable Winlogbeat record ID gap detection when using xml_query so filtered queries do not loop on non-contiguous record IDs. #50443

9.3.4$$$Features and enhancements$$$All$$$$$$Update OTel Collector components to v0.149.0/v1.55.0. #50057$$$Metricbeat$$$$$$Bump azure-sdk-for-go armmonitor from v0.8.0 to v0.11.0. #49866$$$Fixes$$$Agentbeat$$$$$$Update transient dependency github.com/go-jose/go-jose/v4 to v4.1.4. #49975$$$Filebeat$$$$$$Fix http_endpoint input shared server lifecycle causing joiner deadlock and creator killing unrelated inputs. #49415$$$$$$Decouple the shared HTTP server lifetime from any single input. Previously; the server context was derived from the creator input; so cancelling a joiner blocked forever (deadlock) and cancelling the creator shut down all inputs on the same port. The server now lives until the last input deregisters.$$$$$$Fix container input not respecting max bytes when parsing CRI partial lines. #49743 #49259$$$$$$Fix CSV decoder producing malformed JSON when field values contain double quotes in azure-blob-storage input. #50097$$$$$$The azure-blob-storage inputs decode path only matched the decoder.Decoder interface; which builds JSON via string concatenation without escaping field values. CSV values containing double quotes (e.g. RFC 2045 MIME type parameters) produce malformed JSON; causing downstream ingest pipeline failures. Add a decoder.ValueDecoder switch case which uses json.Marshal for correct escaping; matching the pattern already used by the GCS input.$$$$$$Fix conflicting CEL periodic OTel metric field names. #50135 #49180$$$$$$Rename the CEL periodic run counter from input.cel.periodic.run to input.cel.periodic.run.count so the run namespace stays consistent alongside input.cel.periodic.run.duration in Elasticsearch mappings. Also correct related metric documentation and instrument creation error messages.$$$$$$Update mito to v1.24.2; fixing runtime error location reporting. #50222

9.3.4$$$Features and enhancements$$$All$$$$$$Update OTel Collector components to v0.149.0/v1.55.0. #50057$$$Metricbeat$$$$$$Bump azure-sdk-for-go armmonitor from v0.8.0 to v0.11.0. #49866$$$Fixes$$$Agentbeat$$$$$$Update transient dependency github.com/go-jose/go-jose/v4 to v4.1.4. #49975$$$Filebeat$$$$$$Fix http_endpoint input shared server lifecycle causing joiner deadlock and creator killing unrelated inputs. #49415$$$$$$Decouple the shared HTTP server lifetime from any single input. Previously; the server context was derived from the creator input; so cancelling a joiner blocked forever (deadlock) and cancelling the creator shut down all inputs on the same port. The server now lives until the last input deregisters.$$$$$$Fix container input not respecting max bytes when parsing CRI partial lines. #49743 #49259$$$$$$Fix CSV decoder producing malformed JSON when field values contain double quotes in azure-blob-storage input. #50097$$$$$$The azure-blob-storage inputs decode path only matched the decoder.Decoder interface; which builds JSON via string concatenation without escaping field values. CSV values containing double quotes (e.g. RFC 2045 MIME type parameters) produce malformed JSON; causing downstream ingest pipeline failures. Add a decoder.ValueDecoder switch case which uses json.Marshal for correct escaping; matching the pattern already used by the GCS input.$$$$$$Fix conflicting CEL periodic OTel metric field names. #50135 #49180$$$$$$Rename the CEL periodic run counter from input.cel.periodic.run to input.cel.periodic.run.count so the run namespace stays consistent alongside input.cel.periodic.run.duration in Elasticsearch mappings. Also correct related metric documentation and instrument creation error messages.$$$$$$Update mito to v1.24.2; fixing runtime error location reporting. #50222

9.3.3$$$Features and enhancements$$$All$$$Update OTel Collector components to v0.148.0. #49578$$$Filebeat$$$Add retry back-off logic to streaming input CrowdStrike follower. #48542 #46072$$$Add secret_state config to CEL input for encrypted storage of secrets accessible as state.secret. #49207$$$Add a secret_state configuration field to the CEL input. When configured in a Fleet integration package with secret: true; the values are stored encrypted by Fleet. At runtime; the contents are placed at state.secret and unconditionally redacted in debug logs. The key secret in the plain-text state configuration is reserved and rejected by validation to prevent accidental unencrypted storage of values intended to be secret.$$$Allow string and number arrays in httpjson chained configurations. #49391 #16662$$$Add support for URL and URL query parsing and formatting in the Streaming input CEL environment. #49653 #17875$$$Metricbeat$$$Add client secret authentication support to Azure App Insights module. #48880$$$Fixes$$$Elastic Agent$$$Fix an issue that could delay reporting shutdown of Agent components. #49414 #49388$$$Reduce AutoOps logging from info to debug for polling. #49507 #49506$$$Filebeat$$$Fix Filestream take_over causing file re-ingestion when used with autodiscover. #49632 #49579$$$Fix compatibility of the Journald input with journald/systemd versions < 242. #49445 #48152$$$Add rate-limit backoff to CrowdStrike streaming input oauth2 transport. #49453$$$$$$Wrap the oauth2 HTTP transport used by the CrowdStrike falcon streaming input with a rate-limit-aware transport that intercepts 429 responses; reads the Retry-After header; and backs off before retrying. This prevents the oauth2 token refresh from generating a burst of unauthorized requests that triggers CrowdStrikes 15-per-minute rate limit. The discover endpoint also returns a retry-after hint to the session-level retry loop as a minimum wait floor.$$$$$$Skip request tracer path validation when tracing is disabled to prevent input startup failures. #49655$$$$$$The startup path validation in cel; httpjson; http_endpoint; and entity analytics inputs checked whether the tracer config struct was non-nil rather than whether tracing was enabled. Integration package templates always include a tracer block (with enabled defaulting to false); so the struct is never nil. Under the agentless/otel runtime the relative tracer path resolves outside the permitted directory; causing all affected inputs to fail immediately even though tracing was disabled. The config-level Validate methods already used the correct enabled() guard; the startup paths now do the same.$$$$$$Fix Filebeat crash loop when running under Elastic Agent and taking too long to initialise. #49796 #49512$$$$$$Libbeat$$$Fix a bug where escaped characters in syslog structured data caused an EOF error. #49392 #43944$$$Metricbeat$$$$$$Fix unnecessary Windows filesystem metricset errors from non-existent volumes. #49553$$$Fix an issue where filesystem metric collection on Windows could report errors for volumes that are no longer present. Update to gosigar v0.14.4.$$$$$$Winlogbeat$$$Skip record ID gap detection for forwarded Windows events.

9.3.3$$$Features and enhancements$$$All$$$Update OTel Collector components to v0.148.0. #49578$$$Filebeat$$$Add retry back-off logic to streaming input CrowdStrike follower. #48542 #46072$$$Add secret_state config to CEL input for encrypted storage of secrets accessible as state.secret. #49207$$$Add a secret_state configuration field to the CEL input. When configured in a Fleet integration package with secret: true; the values are stored encrypted by Fleet. At runtime; the contents are placed at state.secret and unconditionally redacted in debug logs. The key secret in the plain-text state configuration is reserved and rejected by validation to prevent accidental unencrypted storage of values intended to be secret.$$$Allow string and number arrays in httpjson chained configurations. #49391 #16662$$$Add support for URL and URL query parsing and formatting in the Streaming input CEL environment. #49653 #17875$$$Metricbeat$$$Add client secret authentication support to Azure App Insights module. #48880$$$Fixes$$$Elastic Agent$$$Fix an issue that could delay reporting shutdown of Agent components. #49414 #49388$$$Reduce AutoOps logging from info to debug for polling. #49507 #49506$$$Filebeat$$$Fix Filestream take_over causing file re-ingestion when used with autodiscover. #49632 #49579$$$Fix compatibility of the Journald input with journald/systemd versions < 242. #49445 #48152$$$Add rate-limit backoff to CrowdStrike streaming input oauth2 transport. #49453$$$$$$Wrap the oauth2 HTTP transport used by the CrowdStrike falcon streaming input with a rate-limit-aware transport that intercepts 429 responses; reads the Retry-After header; and backs off before retrying. This prevents the oauth2 token refresh from generating a burst of unauthorized requests that triggers CrowdStrikes 15-per-minute rate limit. The discover endpoint also returns a retry-after hint to the session-level retry loop as a minimum wait floor.$$$$$$Skip request tracer path validation when tracing is disabled to prevent input startup failures. #49655$$$$$$The startup path validation in cel; httpjson; http_endpoint; and entity analytics inputs checked whether the tracer config struct was non-nil rather than whether tracing was enabled. Integration package templates always include a tracer block (with enabled defaulting to false); so the struct is never nil. Under the agentless/otel runtime the relative tracer path resolves outside the permitted directory; causing all affected inputs to fail immediately even though tracing was disabled. The config-level Validate methods already used the correct enabled() guard; the startup paths now do the same.$$$$$$Fix Filebeat crash loop when running under Elastic Agent and taking too long to initialise. #49796 #49512$$$$$$Libbeat$$$Fix a bug where escaped characters in syslog structured data caused an EOF error. #49392 #43944$$$Metricbeat$$$$$$Fix unnecessary Windows filesystem metricset errors from non-existent volumes. #49553$$$Fix an issue where filesystem metric collection on Windows could report errors for volumes that are no longer present. Update to gosigar v0.14.4.$$$$$$Winlogbeat$$$Skip record ID gap detection for forwarded Windows events.

9.3.2$$$Features and enhancements$$$Elastic Agent$$$$$$Fix a bug that could report stopped inputs as still running. #49285 #47769$$$Filebeat$$$$$$Add optional token_url support for JWT Bearer Flow in Salesforce input. #43933 #43963$$$$$$The Salesforce input now supports a separate token_url configuration for JWT Bearer Flow authentication. This allows users with custom Salesforce domains or restrictions on default endpoints (login.salesforce.com/test.salesforce.com) to specify a different token endpoint URL while keeping the audience URL separate. If token_url is not provided; the existing behavior of using the audience URL as the token endpoint is maintained.$$$$$$Empty files are excluded from processing in filestream as early as possible. #49196 #48891$$$$$$Metricbeat$$$$$$Add zswap compressed swap cache metrics to system memory metricset. #49098 #47605$$$$$$Add Elasticsearch index mode and codec settings in Metricbeat index stats module. #49237$$$$$$Add cgroupv2 CPU metrics to system.process dataset. #49098 #47708$$$$$$Add swap field to system.process.memory metric set in Metricbeat. #48334

9.3.2$$$Features and enhancements$$$Elastic Agent$$$$$$Fix a bug that could report stopped inputs as still running. #49285 #47769$$$Filebeat$$$$$$Add optional token_url support for JWT Bearer Flow in Salesforce input. #43933 #43963$$$$$$The Salesforce input now supports a separate token_url configuration for JWT Bearer Flow authentication. This allows users with custom Salesforce domains or restrictions on default endpoints (login.salesforce.com/test.salesforce.com) to specify a different token endpoint URL while keeping the audience URL separate. If token_url is not provided; the existing behavior of using the audience URL as the token endpoint is maintained.$$$$$$Empty files are excluded from processing in filestream as early as possible. #49196 #48891$$$$$$Metricbeat$$$$$$Add zswap compressed swap cache metrics to system memory metricset. #49098 #47605$$$$$$Add Elasticsearch index mode and codec settings in Metricbeat index stats module. #49237$$$$$$Add cgroupv2 CPU metrics to system.process dataset. #49098 #47708$$$$$$Add swap field to system.process.memory metric set in Metricbeat. #48334

9.1.4$$$Features and enhancements$$$Authorization:$$$$$$[Sentinel One] Add manage; create_index; read; index; write; delete; permission for third party agent indices kibana_system #133793 (issue: #133703)$$$FIPS:$$$$$$Bump bc-fips to 1.0.2.6 #133198$$$Infra/Plugins:$$$$$$Add Reason field to elastic-agent upgrade details metadata #134711$$$Network:$$$$$$Upgrade Netty to 4.1.126.Final #134182$$$Security:$$$$$$Bump bcpkix version #132853$$$Fixes$$$Aggregations:$$$$$$Aggs: Fix CB on reduction phase #133398$$$Authorization:$$$$$$Remove DocumentSubsetBitsetCache locking #133681 (issue: #132842)$$$ES|QL:$$$$$$Reserve memory for Lucenes TopN #134235$$$Track memory in evaluators #133392$$$Indices APIs:$$$$$$Fix unnecessary determinization in index pattern conflict checks #134231 (issue: #133652)$$$Infra/Core:$$$$$$Remove java.xml from system modules #133671$$$Infra/Scripting:$$$$$$Update DefBootstrap to handle Error from ClassValue #133604$$$Infra/Settings:$$$$$$Use latest setting value when initializing setting watch #134091 (issue: #133701)$$$Ingest Node:$$$$$$Avoid stale enrich results after policy execution #133752$$$Fix allow_duplicates edge case bug in append processor #134319$$$Fix enrich caches outdated value after policy run #133680$$$Machine Learning:$$$$$$Ensuring only a single request executor object is created #133424$$$Fix double-counting of inference memory in the assignment rebalancer #133919$$$Mapping:$$$$$$Allow trailing empty string field names in paths of flattened field #133611 (issue: #130139)$$$Fixed a bug where text fields in LogsDB indices did not use their keyword multi fields for block loading #134253$$$Network:$$$$$$Remove Transfer-Encoding from HTTP request with no content #133775$$$Relevance:$$$$$$Disallow creating semantic_text fields in indices created prior to 8.11.0 #133080$$$Search:$$$$$$KQL: Support boolean operators in field queries #133737 (issue: #132366)$$$Prevent field caps from failing due to can match failure #134134 (issue: #116106)$$$Use inner query for equals/hashCode() in SourceConfirmedTextQuery #134451 (issue: #134432)$$$Snapshot/Restore:$$$$$$Delay S3 repo warning if default region absent #133848

9.1.4$$$Features and enhancements$$$Authorization:$$$$$$[Sentinel One] Add manage; create_index; read; index; write; delete; permission for third party agent indices kibana_system #133793 (issue: #133703)$$$FIPS:$$$$$$Bump bc-fips to 1.0.2.6 #133198$$$Infra/Plugins:$$$$$$Add Reason field to elastic-agent upgrade details metadata #134711$$$Network:$$$$$$Upgrade Netty to 4.1.126.Final #134182$$$Security:$$$$$$Bump bcpkix version #132853$$$Fixes$$$Aggregations:$$$$$$Aggs: Fix CB on reduction phase #133398$$$Authorization:$$$$$$Remove DocumentSubsetBitsetCache locking #133681 (issue: #132842)$$$ES|QL:$$$$$$Reserve memory for Lucenes TopN #134235$$$Track memory in evaluators #133392$$$Indices APIs:$$$$$$Fix unnecessary determinization in index pattern conflict checks #134231 (issue: #133652)$$$Infra/Core:$$$$$$Remove java.xml from system modules #133671$$$Infra/Scripting:$$$$$$Update DefBootstrap to handle Error from ClassValue #133604$$$Infra/Settings:$$$$$$Use latest setting value when initializing setting watch #134091 (issue: #133701)$$$Ingest Node:$$$$$$Avoid stale enrich results after policy execution #133752$$$Fix allow_duplicates edge case bug in append processor #134319$$$Fix enrich caches outdated value after policy run #133680$$$Machine Learning:$$$$$$Ensuring only a single request executor object is created #133424$$$Fix double-counting of inference memory in the assignment rebalancer #133919$$$Mapping:$$$$$$Allow trailing empty string field names in paths of flattened field #133611 (issue: #130139)$$$Fixed a bug where text fields in LogsDB indices did not use their keyword multi fields for block loading #134253$$$Network:$$$$$$Remove Transfer-Encoding from HTTP request with no content #133775$$$Relevance:$$$$$$Disallow creating semantic_text fields in indices created prior to 8.11.0 #133080$$$Search:$$$$$$KQL: Support boolean operators in field queries #133737 (issue: #132366)$$$Prevent field caps from failing due to can match failure #134134 (issue: #116106)$$$Use inner query for equals/hashCode() in SourceConfirmedTextQuery #134451 (issue: #134432)$$$Snapshot/Restore:$$$$$$Delay S3 repo warning if default region absent #133848

9.1.3$$$Features and enhancements$$$Infra/REST API:$$$$$$Limit the depth of a filter #133113$$$Ingest Node:$$$$$$Upgrading to tika 3.2.2 #133410$$$Packaging:$$$$$$Update bundled JDK to Java 24.0.2+12 #133119$$$Fixes$$$Data streams:$$$$$$Force rollover on write to true when data stream indices list is empty #133347 (issue: #133176)$$$EQL:$$$$$$Better error message for sequences with only one clause plus UNTIL #132638$$$Fix sequences with conditions involving keys and non-keys #133134$$$ES|QL:$$$$$$Fix update expiration for async query #133021 (issue: #130619)$$$Ingest Node:$$$$$$Change GeoIpCache and EnrichCache to LongAdder #132922$$$License:$$$$$$Limit frequency of feature last-used time updates #133004$$$Machine Learning:$$$$$$Disable child span for streaming tasks #132945$$$Improve EIS auth call logs and fix revocation bug #132546$$$Preserve lost thread context in node inference action. A lost context causes a memory leak if APM tracing is enabled #132973$$$Update EIS sparse and dense embedding max batch size to 16 #132646$$$[EIS] Rename the elser 2 default model and the default inference endpoint #130336$$$Search:$$$$$$Dont fail search if bottom doc cant be formatted #133188 (issue: #125321)

9.1.3$$$Features and enhancements$$$Infra/REST API:$$$$$$Limit the depth of a filter #133113$$$Ingest Node:$$$$$$Upgrading to tika 3.2.2 #133410$$$Packaging:$$$$$$Update bundled JDK to Java 24.0.2+12 #133119$$$Fixes$$$Data streams:$$$$$$Force rollover on write to true when data stream indices list is empty #133347 (issue: #133176)$$$EQL:$$$$$$Better error message for sequences with only one clause plus UNTIL #132638$$$Fix sequences with conditions involving keys and non-keys #133134$$$ES|QL:$$$$$$Fix update expiration for async query #133021 (issue: #130619)$$$Ingest Node:$$$$$$Change GeoIpCache and EnrichCache to LongAdder #132922$$$License:$$$$$$Limit frequency of feature last-used time updates #133004$$$Machine Learning:$$$$$$Disable child span for streaming tasks #132945$$$Improve EIS auth call logs and fix revocation bug #132546$$$Preserve lost thread context in node inference action. A lost context causes a memory leak if APM tracing is enabled #132973$$$Update EIS sparse and dense embedding max batch size to 16 #132646$$$[EIS] Rename the elser 2 default model and the default inference endpoint #130336$$$Search:$$$$$$Dont fail search if bottom doc cant be formatted #133188 (issue: #125321)

9.1.2$$$Features and enhancements$$$Authorization:$$$$$$Adds manage; create_index; read; index; write; and delete privileges for the kibana_system role on third-party agent indices used by ExtraHop (logs-extrahop.investigation-*) and Qualys GAV (logs-qualys_gav.asset-*). This ensures ILM policies can delete these indices without permission errors. #132387 (issue: #131825)$$$Fixes$$$Aggregations:$$$$$$Validates parent aggregation type in `bucket_script`$$$Codec:$$$$$$Uses local segment `fieldInfos` for TSDB merge stats$$$ES|QL:$$$$$$Fixes for `COPY_SIGN` function in ESQL$$$Mapping:$$$$$$Calculates text string length correctly for code points outside BMP$$$Search:$$$$$$Always stops the timer when profiling the fetch phase

9.1.2$$$Features and enhancements$$$Authorization:$$$$$$Adds manage; create_index; read; index; write; and delete privileges for the kibana_system role on third-party agent indices used by ExtraHop (logs-extrahop.investigation-*) and Qualys GAV (logs-qualys_gav.asset-*). This ensures ILM policies can delete these indices without permission errors. #132387 (issue: #131825)$$$Fixes$$$Aggregations:$$$$$$Validates parent aggregation type in `bucket_script`$$$Codec:$$$$$$Uses local segment `fieldInfos` for TSDB merge stats$$$ES|QL:$$$$$$Fixes for `COPY_SIGN` function in ESQL$$$Mapping:$$$$$$Calculates text string length correctly for code points outside BMP$$$Search:$$$$$$Always stops the timer when profiling the fetch phase

9.1.0$$$Highlights$$$Upgrade `repository-s3` to AWS SDK v2$$$Add ability to redirect ingestion failures on data streams to a failure store$$$Mark Token Pruning for Sparse Vector as GA$$$Upgrade to lucene 10.2.2$$$Release FORK in tech preview$$$ES|QL cross-cluster querying is now generally available$$$Features and enhancements$$$Allocation:$$$$$$Accumulate compute() calls and iterations between convergences #126008 (issue: #100850)$$$Add FailedShardEntry info to shard-failed task source string #125520 (issue: #102606)$$$Add cache support in TransportGetAllocationStatsAction #124898 (issue: #110716)$$$Add cancellation support in TransportGetAllocationStatsAction #127371 (issue: #123248)$$$Allow balancing weights to be set per tier #126091$$$Introduce AllocationBalancingRoundSummaryService #120957$$$More efficient sort in tryRelocateShard #128063$$$Analysis:$$$$$$Synonyms API - Add refresh parameter to check synonyms index and reload analyzers #126935 (issue: #121441)$$$Authentication:$$$$$$Add Support for Providing a custom ServiceAccountTokenStore through SecurityExtensions #126612$$$Implement SAML custom attributes support for Identity Provider #128176$$$Permit at+jwt typ header value in jwt access tokens #126687 (issue: #119370)$$$Authorization:$$$$$$Add Microsoft Graph Delegated Authorization Realm Plugin #127910$$$Check TooComplex exception for HasPrivileges body #128870$$$Delegated authorization using Microsoft Graph (SDK) #128396$$$Fix unsupported privileges error message during role and API key crea… #128858 (issue: #128132)$$$Granting kibana_system reserved role access to all privileges to .adhoc.alerts* and .internal.adhoc.alerts* indices #127321$$$[Security Solution] Add read index privileges to kibana_system role for Microsoft Defender integration indexes #126803$$$CCS:$$$$$$Check if index patterns conform to valid format before validation #122497$$$CRUD:$$$$$$Add IndexingPressureMonitor to monitor large indexing operations #126372$$$Enhance memory accounting for document expansion and introduce max document size limit #123543$$$Codec:$$$$$$First step optimizing tsdb doc values codec merging #125403$$$Use default Lucene postings format when index mode is standard. #128509$$$Data streams:$$$$$$Add ability to redirect ingestion failures on data streams to a failure store #126973$$$Add index mode to get data stream API #122486$$$Run TransportGetDataStreamLifecycleAction on local node #125214$$$Run TransportGetDataStreamOptionsAction on local node #125213$$$Run TransportGetDataStreamsAction on local node #122852$$$Update ecs@mappings.json with new GenAI fields #129122$$$[Failure store] Introduce dedicated failure store lifecycle configuration #127314$$$[Failure store] Introduce default retention for failure indices #127573$$$[apm-data] Enable date_detection for all apm data streams #128913$$$Distributed:$$$$$$Account for time taken to write index buffers in IndexingMemoryController #126786$$$$$$For more details refer - https://www.elastic.co/docs/release-notes/elasticsearch#elasticsearch-9.1.0-release-notes

9.1.0$$$Highlights$$$Upgrade `repository-s3` to AWS SDK v2$$$Add ability to redirect ingestion failures on data streams to a failure store$$$Mark Token Pruning for Sparse Vector as GA$$$Upgrade to lucene 10.2.2$$$Release FORK in tech preview$$$ES|QL cross-cluster querying is now generally available$$$Features and enhancements$$$Allocation:$$$$$$Accumulate compute() calls and iterations between convergences #126008 (issue: #100850)$$$Add FailedShardEntry info to shard-failed task source string #125520 (issue: #102606)$$$Add cache support in TransportGetAllocationStatsAction #124898 (issue: #110716)$$$Add cancellation support in TransportGetAllocationStatsAction #127371 (issue: #123248)$$$Allow balancing weights to be set per tier #126091$$$Introduce AllocationBalancingRoundSummaryService #120957$$$More efficient sort in tryRelocateShard #128063$$$Analysis:$$$$$$Synonyms API - Add refresh parameter to check synonyms index and reload analyzers #126935 (issue: #121441)$$$Authentication:$$$$$$Add Support for Providing a custom ServiceAccountTokenStore through SecurityExtensions #126612$$$Implement SAML custom attributes support for Identity Provider #128176$$$Permit at+jwt typ header value in jwt access tokens #126687 (issue: #119370)$$$Authorization:$$$$$$Add Microsoft Graph Delegated Authorization Realm Plugin #127910$$$Check TooComplex exception for HasPrivileges body #128870$$$Delegated authorization using Microsoft Graph (SDK) #128396$$$Fix unsupported privileges error message during role and API key crea… #128858 (issue: #128132)$$$Granting kibana_system reserved role access to all privileges to .adhoc.alerts* and .internal.adhoc.alerts* indices #127321$$$[Security Solution] Add read index privileges to kibana_system role for Microsoft Defender integration indexes #126803$$$CCS:$$$$$$Check if index patterns conform to valid format before validation #122497$$$CRUD:$$$$$$Add IndexingPressureMonitor to monitor large indexing operations #126372$$$Enhance memory accounting for document expansion and introduce max document size limit #123543$$$Codec:$$$$$$First step optimizing tsdb doc values codec merging #125403$$$Use default Lucene postings format when index mode is standard. #128509$$$Data streams:$$$$$$Add ability to redirect ingestion failures on data streams to a failure store #126973$$$Add index mode to get data stream API #122486$$$Run TransportGetDataStreamLifecycleAction on local node #125214$$$Run TransportGetDataStreamOptionsAction on local node #125213$$$Run TransportGetDataStreamsAction on local node #122852$$$Update ecs@mappings.json with new GenAI fields #129122$$$[Failure store] Introduce dedicated failure store lifecycle configuration #127314$$$[Failure store] Introduce default retention for failure indices #127573$$$[apm-data] Enable date_detection for all apm data streams #128913$$$Distributed:$$$$$$Account for time taken to write index buffers in IndexingMemoryController #126786$$$$$$For more details refer - https://www.elastic.co/docs/release-notes/elasticsearch#elasticsearch-9.1.0-release-notes

9.0.4$$$Fixes$$$Aggregations:$$$$$$Aggs: Add cancellation checks to FilterByFilter aggregator #130452$$$Distributed:$$$$$$Drain responses on completion for TransportNodesAction #130303$$$ES|QL:$$$$$$Avoid O(N^2) in VALUES with ordinals grouping #130576$$$Avoid dropping aggregate groupings in local plans #129370 (issues: #129811; #128054)$$$Fix BytesRef2BlockHash #130705$$$Fix wildcard drop after lookup join #130448 (issue: #129561)$$$Infra/Core:$$$$$$Reverse disordered-version warning message #129904$$$Machine Learning:$$$$$$Check for model deployment in inference endpoints before stopping #129325 (issue: #128549)$$$Fix timeout bug in DBQ deletion of unused and orphan ML data #130083$$$Including max_tokens through the Service API for Anthropic #131113$$$Mapping:$$$$$$Make flattened synthetic source concatenate object keys on scalar/object mismatch #129600 (issue: #122936)$$$Relevance:$$$$$$Fix: GET _synonyms returns synonyms with empty rules #131032$$$Search:$$$$$$Check field data type before casting when applying geo distance sort #130924 (issue: #129500)$$$Fix msearch request parsing when index expression is null #130776 (issue: #129631)$$$Fix text similarity reranker does not propagate min score correctly #129223$$$Throw a 400 when sorting for all types of range fields #129725$$$Trim to size lists created in source fetchers #130521$$$Vector Search:$$$$$$Fix knn search error when dimensions are not set #131081 (issue: #129550)

9.0.4$$$Fixes$$$Aggregations:$$$$$$Aggs: Add cancellation checks to FilterByFilter aggregator #130452$$$Distributed:$$$$$$Drain responses on completion for TransportNodesAction #130303$$$ES|QL:$$$$$$Avoid O(N^2) in VALUES with ordinals grouping #130576$$$Avoid dropping aggregate groupings in local plans #129370 (issues: #129811; #128054)$$$Fix BytesRef2BlockHash #130705$$$Fix wildcard drop after lookup join #130448 (issue: #129561)$$$Infra/Core:$$$$$$Reverse disordered-version warning message #129904$$$Machine Learning:$$$$$$Check for model deployment in inference endpoints before stopping #129325 (issue: #128549)$$$Fix timeout bug in DBQ deletion of unused and orphan ML data #130083$$$Including max_tokens through the Service API for Anthropic #131113$$$Mapping:$$$$$$Make flattened synthetic source concatenate object keys on scalar/object mismatch #129600 (issue: #122936)$$$Relevance:$$$$$$Fix: GET _synonyms returns synonyms with empty rules #131032$$$Search:$$$$$$Check field data type before casting when applying geo distance sort #130924 (issue: #129500)$$$Fix msearch request parsing when index expression is null #130776 (issue: #129631)$$$Fix text similarity reranker does not propagate min score correctly #129223$$$Throw a 400 when sorting for all types of range fields #129725$$$Trim to size lists created in source fetchers #130521$$$Vector Search:$$$$$$Fix knn search error when dimensions are not set #131081 (issue: #129550)

Features and enhancements$$$Authorization:$$$$$$Fix unsupported privileges error message during role and API key creation $$$Engine:$$$$$$Threadpool merge executor is aware of available disk space $$$Threadpool merge scheduler $$$Ingest Node:$$$$$$Update traces duration mappings with appropriate unit type$$$Snapshot/Restore:$$$$$$Update shardGenerations for all indices on snapshot finalization$$$Stats:$$$$$$Optimize sparse vector stats collection

Features and enhancements$$$Authorization:$$$$$$Fix unsupported privileges error message during role and API key creation $$$Engine:$$$$$$Threadpool merge executor is aware of available disk space $$$Threadpool merge scheduler $$$Ingest Node:$$$$$$Update traces duration mappings with appropriate unit type$$$Snapshot/Restore:$$$$$$Update shardGenerations for all indices on snapshot finalization$$$Stats:$$$$$$Optimize sparse vector stats collection

9.0.2$$$Features and enhancements$$$Authentication:$$$$$$Http proxy support in JWT realm #127337 (issue: #114956)$$$ES|QL:$$$$$$Limit Replace function memory usage #127924$$$Fixes$$$Aggregations:$$$$$$Fix a bug in significant_terms #127975$$$Audit:$$$$$$Handle streaming request body in audit log #127798$$$Data streams:$$$$$$Fix system data streams incorrectly showing up in the list of template validation problems #128161$$$Downsampling:$$$$$$Downsampling does not consider passthrough fields as dimensions #127752 (issue: #125156)$$$ES|QL:$$$$$$Dont push down filters on the right hand side of an inlinejoin #127383$$$ESQL: Avoid unintended attribute removal #127563 (issue: #127468)$$$ESQL: Fix alias removal in regex extraction with JOIN #127687 (issue: #127467)$$$ESQL: Keep DROP attributes when resolving field names #127009 (issue: #126418)$$$Ensure ordinal builder emit ordinal blocks #127949$$$Fix union types in CCS #128111$$$Infra/Core:$$$$$$Add missing outbound_network entitlement to x-pack-core #126992 (issue: #127003)$$$Check hidden frames in entitlements #127877$$$Infra/Scripting:$$$$$$Avoid nested docs in painless execute api #127991 (issue: #41004)$$$Machine Learning:$$$$$$Append all data to Chat Completion buffer #127658$$$Fix services API Google Vertex AI Rerank location field requirement #127856$$$Relevance:$$$$$$Fix: Add NamedWriteable for RuleQueryRankDoc #128153 (issue: #126071)$$$Security:$$$$$$Remove dangling spaces wherever found #127475$$$Snapshot/Restore:$$$$$$Add missing entitlement to repository-azure #128047 (issue: #128046)$$$TSDB:$$$$$$Skip the validation when retrieving the index mode during reindexing a time series data stream #127824$$$Vector Search:$$$$$$[9.x] Revert Enable madvise by default for all builds #127921

9.0.2$$$Features and enhancements$$$Authentication:$$$$$$Http proxy support in JWT realm #127337 (issue: #114956)$$$ES|QL:$$$$$$Limit Replace function memory usage #127924$$$Fixes$$$Aggregations:$$$$$$Fix a bug in significant_terms #127975$$$Audit:$$$$$$Handle streaming request body in audit log #127798$$$Data streams:$$$$$$Fix system data streams incorrectly showing up in the list of template validation problems #128161$$$Downsampling:$$$$$$Downsampling does not consider passthrough fields as dimensions #127752 (issue: #125156)$$$ES|QL:$$$$$$Dont push down filters on the right hand side of an inlinejoin #127383$$$ESQL: Avoid unintended attribute removal #127563 (issue: #127468)$$$ESQL: Fix alias removal in regex extraction with JOIN #127687 (issue: #127467)$$$ESQL: Keep DROP attributes when resolving field names #127009 (issue: #126418)$$$Ensure ordinal builder emit ordinal blocks #127949$$$Fix union types in CCS #128111$$$Infra/Core:$$$$$$Add missing outbound_network entitlement to x-pack-core #126992 (issue: #127003)$$$Check hidden frames in entitlements #127877$$$Infra/Scripting:$$$$$$Avoid nested docs in painless execute api #127991 (issue: #41004)$$$Machine Learning:$$$$$$Append all data to Chat Completion buffer #127658$$$Fix services API Google Vertex AI Rerank location field requirement #127856$$$Relevance:$$$$$$Fix: Add NamedWriteable for RuleQueryRankDoc #128153 (issue: #126071)$$$Security:$$$$$$Remove dangling spaces wherever found #127475$$$Snapshot/Restore:$$$$$$Add missing entitlement to repository-azure #128047 (issue: #128046)$$$TSDB:$$$$$$Skip the validation when retrieving the index mode during reindexing a time series data stream #127824$$$Vector Search:$$$$$$[9.x] Revert Enable madvise by default for all builds #127921

9.0.1$$$Features and enhancements$$$Infra/Core:$$$$$$Validation checks on paths allowed for files entitlements. Restrict the paths we allow access to; forbidding plugins to specify/request entitlements for reading or writing to specific protected directories. #126852$$$Ingest Node:$$$$$$Updating tika to 2.9.3 #127353$$$Search:$$$$$$Enable sort optimization on float and half_float #126342$$$Security:$$$$$$Add Issuer to failed SAML Signature validation logs when available #126310 (issue: #111022)$$$Fixes$$$Aggregations:$$$$$$Rare terms aggregation false positive fix #126884$$$Allocation:$$$$$$Fix shard size of initializing restored shard #126783 (issue: #105331)$$$CCS:$$$$$$Cancel expired async search task when a remote returns its results #126583$$$Data streams:$$$$$$[otel-data] Bump plugin version to release _metric_names_hash changes #126850$$$ES|QL:$$$$$$Fix count optimization with pushable union types #127225 (issue: #127200)$$$Fix join masking eval #126614$$$Fix sneaky bug in single value query #127146$$$No; line noise isnt a valid ip #127527$$$ILM+SLM:$$$$$$Fix equality bug in WaitForIndexColorStep #126605$$$Infra/CLI:$$$$$$Use terminal reader in keystore add command #126729 (issue: #98115)$$$Infra/Core:$$$$$$Fix: consider case sensitiveness differences in Windows/Unix-like filesystems for files entitlements #126990 (issue: #127047)$$$Rework uniquify to not use iterators #126889 (issue: #126883)$$$Workaround max name limit imposed by Jackson 2.17 #126806$$$Machine Learning:$$$$$$Adding missing onFailure call for Inference API start model request #126930$$$Fix text structure NPE when fields in list have null value #125922$$$Leverage threadpool schedule for inference api to avoid long running thread #126858 (issue: #126853)$$$Ranking:$$$$$$Fix LTR rescorer with model alias #126273$$$LTR score bounding #125694$$$Search:$$$$$$Fix npe when using source confirmed text query against missing field #127414$$$TSDB:$$$$$$Improve resiliency of UpdateTimeSeriesRangeService #126637$$$Task Management:$$$$$$Fix race condition in RestCancellableNodeClient #126686 (issue: #88201)$$$Vector Search:$$$$$$Fix vec_caps to test for OS support too (on x64) #126911 (issue: #126809)$$$Fix bbq quantization algorithm but for differently distributed components #126778

9.0.0$$$Highlights$$$rank_vectors field type is now available for late-interaction ranking$$$ES|QL LOOKUP JOIN is now available in technical preview$$$The semantic_text field type is now GA$$$Features and enhancements$$$Allocation:$$$$$$Add a not-master state for desired balance #116904$$$Only publish desired balance gauges on master #115383$$$Reset relocation/allocation failure counter on node join/shutdown #119968$$$Authentication:$$$$$$Allow SSHA-256 for API key credential hash #120997$$$Authorization:$$$$$$Allow kibana_system user to manage .reindexed-v8-internal.alerts indices #118959$$$Do not fetch reserved roles from native store when Get Role API is called #121971$$$Grant necessary Kibana application privileges to reporting_user role #118058$$$Make reserved built-in roles queryable #117581$$$[Security Solution] Add create_index to kibana_system role for index/DS .logs-endpoint.action.responses-* #115241$$$[Security Solution] allows kibana_system user to manage .reindexed-v8-* Security Solution indices #119054$$$CCS:$$$$$$Resolve/cluster allows querying for cluster info only (no index expression required) #119898$$$CRUD:$$$$$$Metrics for indexing failures due to version conflicts #119067$$$Remove INDEX_REFRESH_BLOCK after index becomes searchable #120807$$$Suppress merge-on-recovery for older indices #113462$$$Cluster Coordination:$$$$$$Include clusterApplyListener in long cluster apply warnings #120087$$$Data streams:$$$$$$Add action to create index from a source index #118890$$$Add index and reindex request settings to speed up reindex #119780$$$Add rest endpoint for create_from_source_index #119250$$$Add sanity check to ReindexDatastreamIndexAction #120231$$$Adding a migration reindex cancel API #118291$$$Adding get migration reindex status #118267$$$Consistent mapping for OTel log and event bodies #120547$$$Filter deprecated settings when making dest index #120163$$$Ignore closed indices for reindex #120244$$$Improve how reindex data stream index action handles api blocks #120084$$$Initial work on ReindexDatastreamIndexAction #116996$$$Make requests_per_second configurable to throttle reindexing #120207$$$Optimized index sorting for OTel logs #119504$$$Reindex data stream indices on different nodes #125171$$$Report Deprecated Indices That Are Flagged To Ignore Migration Reindex As A Warning #120629$$$Retry ILM async action after reindexing data stream #124149$$$Set cause on create index request in create from action #124363$$$Update data stream deprecations warnings to new format and filter searchable snapshots from response #118562$$$Distributed:$$$$$$Make various alias retrieval APIs wait for cluster to unblock #117230$$$Metrics for incremental bulk splits #116765$$$Use Azure blob batch API to delete blobs in batches #114566$$$Downsampling:$$$$$$Improve downsample performance by buffering docids and do bulk processing #124477$$$Improve rolling up metrics #124739

Elasticsearch version 8.17.4$$$Bug fixes$$$edit$$$ES|QL$$$Catch parsing exception #124958 (issue: #119025)$$$Fix early termination in LuceneSourceOperator #123197$$$Indices APIs$$$Avoid hoarding cluster state references during rollover #124107 (issue: #123893)$$$[8.17] Avoid hoarding cluster state references during rollover #124267$$$Infra/Core$$$Prevent rare starvation bug when using scaling EsThreadPoolExecutor with empty core pool size. #124732 (issue: #124667)$$$Machine Learning$$$Migrate model_version to model_id when parsing persistent elser inference endpoints #124769 (issue: #124675)$$$Search$$$Do not let ShardBulkInferenceActionFilter unwrap / rewrap ESExceptions #123890$$$Don’t generate stacktrace in TaskCancelledException #125002$$$Fix concurrency issue in ScriptSortBuilder #123757$$$Revert fail-fast disconnect strategy for _resolve/cluster #124241$$$Upgrades$$$edit$$$Security$$$Bump nimbus-jose-jwt to 10.0.2 #124544

Elasticsearch version 8.17.3$$$$$$Bug fixes$$$edit$$$Aggregations$$$Disable concurrency when top_hits sorts on anything but _score #123610$$$Allocation$$$Deduplicate allocation stats calls #123246$$$Authentication$$$Improve jwt logging on failed auth #122247$$$CRUD$$$Reduce license checks in LicensedWriteLoadForecaster #123346 (issue: #123247)$$$Data streams$$$Add _metric_names_hash field to OTel metric mappings #120952$$$EQL$$$Fix JOIN command validation (not supported) #122011$$$ES|QL$$$Fix ENRICH validation for use of wildcards #121911$$$Fix listener leak in exchange service #122417 (issue: #122271)$$$Speed up VALUES for many buckets #123073$$$Infra/Node Lifecycle$$$Block running ES 8.17 with JDK 24+ #122517$$$Ingest$$$Fix ArrayIndexOutOfBoundsException in ShardBulkInferenceActionFilter #122538$$$Ingest Node$$$Canonicalize processor names and types in IngestStats #122610$$$Deduplicate IngestStats and IngestStats.Stats identity records when deserializing #122496$$$Fix redact processor arraycopy bug #122640$$$Register IngestGeoIpMetadata as a NamedXContent #123079$$$Use ordered maps for PipelineConfiguration xcontent deserialization #123403$$$Logs$$$Fix issues that prevents using search only snapshots for indices that use index sorting. This is includes Logsdb and time series indices. #122199$$$Use min node version to guard injecting settings in logs provider #123005 (issue: #122950)$$$Mapping$$$Fix synthetic source bug that would mishandle nested dense_vector fields #122425$$$fix stale data in synthetic source for string stored field #123105 (issue: #123110)$$$Stats$$$Fixing serialization of ScriptStats cache_evictions_history #123384$$$Upgrades$$$edit$$$Authentication$$$Bump json-smart and oauth2-oidc-sdk #122737

Elasticsearch version 8.17.1$$$Bug Fixes:$$$Aggregations$$$Fix moving function linear weighted avg #118435 (issue: #113751)$$$CCS$$$Resolve/cluster should mark remotes as not connected when a security exception is thrown #119793$$$Data streams$$$Add missing traces ilm policy for OTel traces data streams #119449$$$Downsampling$$$Handle index.mapping.ignore_malformed in downsampling #119134 (issue: #119075)$$$Support flattened field with downsampling #118816 (issue: #116319)$$$ES|QL$$$Allow DATE_PARSE to read the timezones #118603 (issue: #117680)$$$Fix ESQL async get while task is being cancelled #119897$$$Fix RLIKE folding with (unsupported) case insensitive pattern #118454$$$ILM+SLM$$$Add missing timeouts to rest-api-spec ILM APIs #118837$$$Add missing timeouts to rest-api-spec SLM APIs #118958$$$Infra/Node Lifecycle$$$Add missing timeouts to rest-api-spec shutdown APIs #118921$$$Infra/REST API$$$Add missing parameter to xpack.info rest-api-spec #118954$$$Ingest Node$$$Add missing timeouts to rest-api-spec ingest APIs #118844$$$Expose BwC enrich cache setting in plugin #119131$$$Fixing GetDatabaseConfigurationAction response serialization #119233$$$License$$$Remove unsupported timeout from rest-api-spec license API #118919$$$Machine Learning$$$Fix loss of context in the inference API for streaming APIs #118999 (issue: #119000)$$$Fix spike detection for short spikes at the tail of the data #119637$$$Fix timeout ingesting an empty string into a semantic_text field #117840$$$[Inference API] Fix bug checking for e5 or reranker default IDs #119797$$$Search$$$ESQL: connect_transport_exception should be thrown instead of verification_exception when ENRICH-ing if remote is disconnected #119750$$$Fix: do not let _resolve/cluster hang if remote is unresponsive #119516$$$Handle exceptions in query phase can match #117469 (issue: #104994)$$$$$$Enhancements:$$$$$$Authorization$$$Improve handling of nested fields in index reader wrappers #118757$$$Data streams$$$Add mapping for event_name for OTel logs #119495$$$Monitoring$$$Addition of tier_preference; creation_date and version fields in Elasticsearch monitoring template #117851$$$$$$New Features:$$$$$$Logs$$$Make logsdb general available #118559$$$$$$Refer - https://www.elastic.co/guide/en/elasticsearch/reference/8.17/release-notes-8.17.1.html

Refer - https://www.elastic.co/guide/en/elasticsearch/reference/8.17/release-notes-8.17.0.html

Beats version 8.16.1$$$View commits$$$Breaking changes$$$Packetbeat$$$Expire source port mappings. 41581$$$Bugfixes$$$Filebeat$$$Fix AWS region in aws-s3 input S3 polling mode. 41572

Elasticsearch version 8.16.0$$$Breaking changes$$$Analysis$$$Set lenient to true by default when using updateable synonyms #110901$$$Data streams$$$Update data stream lifecycle telemetry to track global retention #112451$$$ES|QL$$$ESQL: Entirely remove META FUNCTIONS #113967$$$Mapping$$$JDK locale database change #113975$$$Search$$$Adding breaking change entry for retrievers #115399$$$Bug fixes$$$edit$$$Aggregations$$$Always check the parent breaker with zero bytes in PreallocatedCircuitBreakerService #115181$$$Force using the last centroid during merging #111644 (issue: #111065)$$$Authentication$$$Check for disabling own user in Put User API #112262 (issue: #90205)$$$Expose cluster-state role mappings in APIs #114951$$$Authorization$$$Fix DLS & FLS sometimes being enforced when it is disabled #111915 (issue: #94709)$$$Fix DLS using runtime fields and synthetic source #112341$$$CRUD$$$Don’t fail retention lease sync actions due to capacity constraints #109414 (issue: #105926)$$$Cluster Coordination$$$Ensure clean thread context in MasterService #114512$$$$$$For more details refer - https://www.elastic.co/guide/en/elasticsearch/reference/8.16/release-notes-8.16.0.html

Elasticsearch version 8.15.3$$$Bug fixes$$$Aggregations$$$Don’t validate internal stats if they are empty #113846 (issue: #113811)$$$Fix needsScore computation in GlobalOrdCardinalityAggregator #113129 (issue: #112975)$$$Authentication$$$Enables cluster state role mapper; to include ECK operator-defined role mappings in role resolution #114337$$$ES|QL$$$ES|QL: Ensure minimum capacity for PlanStreamInput caches #114116$$$ES|QL: Skip CASE function from InferIsNotNull rule checks #113123 (issue: #112704)$$$[ESQL] Fix init value in max float aggregation #113699$$$[ESQL] Support datetime data type in Least and Greatest functions #113961$$$Machine Learning$$$Fix check on E5 model platform compatibility #113437 (issue: #113577)$$$Handle parsing ingest processors where definition is not a object #113697 (issue: #113615)$$$[ML][backport] Warn for model load failures if they have a status code <500 #113410$$$[M] Fix error message formatting #113266$$$Search$$$Fix analyzed wildcard query in simple_query_string when disjunctions is empty #114264 (issue: #114185)$$$Fix collapse interaction with stored fields #112761 (issue: #112646)$$$Enhancements$$$edit$$$Machine Learning$$$Write downloaded model parts async #111684$$$Upgrades$$$edit$$$Snapshot/Restore$$$Upgrade protobufer to 3.25.5 #113869

Elasticsearch version 8.15.1$$$edit$$$Also see Breaking changes in 8.15.1$$$$$$Known issues$$$edit$$$Elasticsearch will not start if custom role mappings are configured using the xpack.security.authc.realms.*.files.role_mapping configuration option. As a workaround; custom role mappings can be configured using the REST API (issue: #112503)$$$Bug fixes$$$edit$$$Aggregations$$$Revert Avoid bucket copies in Aggs #111758 (issue: #111679)$$$Authorization$$$Fix DLS over Runtime Fields #112260 (issue: #111637)$$$ES|QL$$$Avoid losing error message in failure collector #111983 (issue: #111894)$$$Avoid wrapping rejection exception in exchange #112178 (issue: #112106)$$$ESQL: Fix for overzealous validation in case of invalid mapped fields #111475 (issue: #111452)$$$Geo$$$Add maximum nested depth check to WKT parser #111843$$$Always check crsType when folding spatial functions #112090 (issue: #112089)$$$Fix NPE when executing doc value queries over shape geometries with empty segments #112139$$$Indices APIs$$$Fix template alias parsing livelock #112217$$$Infra/Core$$$Fix windows memory locking #111866 (issue: #111847)$$$Ingest Node$$$Fixing incorrect bulk request took time #111863 (issue: #111854)$$$Improve performance of grok pattern cycle detection #111947$$$Logs$$$Merge multiple ignored source entires for the same field #111994 (issue: #111694)$$$Machine Learning

Refer - https://www.elastic.co/guide/en/elasticsearch/reference/8.15/release-notes-8.15.0.html$$$

Elasticsearch version 8.14.3$$$edit$$$Also see Breaking changes in 8.14.$$$$$$Bug fixesedit$$$Cluster Coordination$$$Ensure tasks preserve versions in MasterService #109850$$$ES|QL$$$Introduce compute listener #110400$$$Mapping$$$Automatically adjust ignore_malformed only for the @timestamp #109948$$$TSDB$$$Disallow index.time_series.end_time setting from being set or updated in normal indices #110268 (issue: #110265)

Beats version 8.13.4edit$$$View commits$$$$$$Bugfixesedit$$$Auditbeat$$$$$$Prevent scenario of losing children-related file events in a directory for recursive fsnotify backend of auditbeat file integrity module. 39133$$$Allow extra syscalls by auditbeat required in FIM with kprobes back-end. 39361$$$Fix losing events in FIM for MacOS X by allowing always to walk an added directory to monitor. 39362$$$Metricbeat$$$$$$Fix Azure Monitor support for multiple aggregation types. 39192 39204

Beats version 8.12.2edit$$$View commits$$$$$$Bugfixesedit$$$Filebeat$$$$$$[threatintel] MISP pagination fixes. 37898$$$Fix file handle leak when handling errors in filestream. 37973$$$Packetbeat$$$$$$Fix interface device parsing for packetbeat protocols. 37946

Refer-$$$https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/8.11/new.html

Not provided by vendor;$$$For more details$$$https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/8.10/new.html