[Translation] Elasticsearch 6.3.0 released

On June 13, Elasticsearch 6.3.0 was released based on Lucene 7.3.0. This is the latest stable release and is already available for use in the cloud through Elasticsearch on Elastic Cloud .

The latest stable release in the 6.x branch:

• Download Elasticsearch 6.3.0
• Release Notes
• Elasticsearch 6.3 major changes
  

You can read about all the changes in the release notes listed above, but there are a few changes that are worth highlighting:

SQL

Have you ever had something like this:

• You say “ I know how to do this in a SQL query — how can I do the same in Elasticsearch? ”(Comment. Trans - google three days how to make a group by ...)
• Tried to build a full-text search using tokenization , stemming , synonyms , sorting by relevance based on a SQL engine like a relational database?
• Tried to scale a traditional database with billions of rows?
• Tried to connect a third-party tool (for example, a BI system) to Elasticsearch?
  

We hope that the solution of these tasks will bring you closer to joining the ranks of users of the new release of Elasticsearch SQL. Our goal is to provide developers, data-scientists, and other specialists somehow familiar with SQL, but still not familiar, or not able to use the Elasticsearch query language - the ability to use speed, scalability, and all the power of full-text search, to Master and love Elasticsearch.

If you are just starting to use all the power of the functionality provided by Elasticsearch, here are a few things you can try in the new version:

• SELECT ... ORDER BY SCORE () DESC allows you to sort the search results by relevance
  
• Get all the full-text magic from tokenization to output using a MATCH statement, such as SELECT ... WHERE MATCH (fieldname, 'query text')
  
• Connect your favorite JDBC-compatible tool to Elasticsearch using the JDBC driver
  
• Learn how to use the full power of Elasticsearch DSL to translate your SQL query using the SQL Query Translation API.

We are just starting to implement SQL, so we mark these functions as experimental, continuing to collect your feedback on any errors and suggestions for new functions. In the future, we hope to release the ODBC driver, as well as simplify and create our existing JDBC driver, including other functions and predicates, so that we can better interact with other third-party tools, such as BI tools. Please let us know what you would like to see next, as well as any problems you encountered in the work of Elasticsearch 6.3.x!

Please note that this feature is available in the default Elasticsearch distribution (non-OSS). The REST API, including the translate api functionality and the CLI tool are completely free.

Indicators

Elastic Stack is increasingly being used as a data warehouse and visualization mechanism for IoT, performance monitoring and other data. And while we still believe that most of the data tends to be relevant over a long period of time, the relative relevance of the data may decrease over time. With release 6.3, we can now create a task in Elasticsearch, which periodically collects summary statistics about newly added data and makes them searchable.

The indicators are not something new in the world of metrics storage, but we have done some automatic things that we consider to be rather elegant:

• When you send a request to Elasticsearch to save averages, it automatically saves basic statistics, such as amount and quantity, so that you can recalculate the average value during the query to help you avoid the Simpson paradox .
• The fact that we store some basic statistical summary data allows you to query this data and live data together in a single query . Oh, and this query uses the same standard DSL that you have been using for years without needing to learn anything new!

Please tell us about your own examples of using these new experimental features!

Please note that this feature is available in the Elasticsearch distribution by default (not for OSS) and is absolutely free.

Java 10 support

In the previous version of Elasticsearch, we announced support for Java 9 . Java 9 is a short-term version, and it already reached EOL in March 2018. To continue supporting short-term Java releases, we announce support for Java 10 in Elasticsearch 6.3. Java 10 is also a short-term version, EOL is scheduled for September 2018.

As mentioned earlier, we strongly recommend that most users stick to Java 8, unless they are satisfied with the fast Java short version cycle (and EOL dates). Use the support matrix to verify compatibility with your version of the JVM.

Security updates

This update also fixes two security issues.

Data Leakage Vulnerability in Elasticsearch (ESA-2018-10)

In Elasticsearch 6.0.0-beta1 - 6.2.4, an information leakage vulnerability was discovered in the _snapshot API. When the access_key and security_key parameters are set using the _snapshot API, they can be openly accessible to users who have access to the _snapshot API requests. Although the _snapshot API 6.X documentation recommends that you specify the access_key and security_key parameters in the keystore, they can still be defined outside the storage using the API.

Vulnerable versions: Elasticsearch from version 6.0.0-beta1 to 6.2.4

Data leakage vulnerability in Elasticsearch (ESA-2018-11)

The possibility of leakage of valuable information was discovered in the Elasticsearch repository-azure plugin (previously elasticsearch-cloud-azure). When the repository-azure plugin is configured to write at the TRACE level, Azure login credentials may inadvertently log.

Vulnerable versions: All versions of Elasticsearch (except 6.3.0)

Conclusion

Download Elasticsearch 6.3.0 , try it out and tell us what you think on Twitter ( @elastic ) or on our forum. You can report any problems on the problems page on GitHub .

Original article