honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-03-25 01:19:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

[DOCS] Clarifies API key breaking change (#54522)

Browse Source
This commit is contained in:
Lisa Cawley 2020-04-01 07:34:45 -07:00 committed by lcawl
parent 21abc311fd
commit f5ccf939d9
2 changed files with 37 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
docs/reference/migration/migrate_7_6.asciidoc
View File

@ -13,12 +13,41 @@ See also <<release-highlights>> and <<es-release-notes>>.
//Installation and Upgrade Guide
//tag::notable-breaking-changes[]
[discrete]
[[breaking_76_security_changes]]
=== Security changes
[discrete]
==== {es} API key privileges
If you use an API key to create another API key (sometimes called a
_derived key_), its behavior is impacted by the fix for
https://www.elastic.co/community/security[CVE-2020-7009].
When you make a request to create API keys, you can specify an expiration and
privileges for the API key. Previously, when you created a derived key, it had
no privileges. This behavior disregarded any privileges that you specified in
the {ref}/security-api-create-api-key.html[create API key API].
As of 7.6.2, this behavior changes. To create derived keys with no privileges,
you must explicitly specify an empty role descriptor. For example:
[source,js]
----
...
"role_descriptors": {
"no-privilege": {
}
}
...
----
// NOTCONSOLE
//end::notable-breaking-changes[]
[discrete]
[[breaking_76_search_changes]]
=== Search Changes
=== Search changes
[discrete]
==== Deprecation of sparse vector fields

10
docs/reference/release-notes/7.6.asciidoc
View File

@ -3,6 +3,13 @@
Also see <<breaking-changes-7.6,Breaking changes in 7.6>>.
[[breaking-7.6.2]]
[float]
=== Breaking changes
Authorization::
* Creation of derived API keys (keys created by existing keys) now requires explicit "no privileges" configuration {pull}53647[#53647], https://www.elastic.co/community/security[CVE-2020-7009]
[[bug-7.6.2]]
[float]
=== Bug fixes
@ -13,9 +20,6 @@ Allocation::
Authentication::
* Fix potential bug in concurrent token refresh support {pull}53668[#53668]
Authorization::
* Explicitly require that delegate API keys have no privileges {pull}53647[#53647]
CCR::
* Handle no such remote cluster exception in ccr {pull}53415[#53415] (issue: {issue}53225[#53225])