release-notes-8.11.asciidoc

Release notes

This section summarizes the changes in each release.

• {fleet} and {agent} 8.11.4

• {fleet} and {agent} 8.11.3

• {fleet} and {agent} 8.11.2

• {fleet} and {agent} 8.11.1

• {fleet} and {agent} 8.11.0

Also see:

• {kibana-ref}/release-notes.html[{kib} release notes]

• {beats-ref}/release-notes.html[{beats} release notes]

{fleet} and {agent} 8.11.4

Review important information about {fleet-server} and {agent} for the 8.11.4 release.

Security updates

{agent}

• Updated Go version to 1.20.12. #3885

Known issues

Current stack version is not in the list of {agent} versions in {kib} {fleet} UI

Details

On the {fleet} UI in {kib}:

• When adding a new {agent}, the user interface shows a previous version instead of the current version.

• When you attempt an upgrade, the modal window shows an earlier version as the latest version.

Impact

You can use the following steps as a workaround:

When upgrading {agent} currently on versions 8.10.4 or earlier (simpler)

1. Open the {fleet} UI. Under the Agents tab select Upgrade agent from the actions menu. The version field in the Upgrade agent UI allows you to enter any version.

2. Enter 8.11.0 or whichever version you want to upgrade the {agents} to. Do not choose a version later than the version of {kib} or {fleet-server} that you’re running.

When upgrading {agent} currently on any version (more complex, requires API)

1. Open {kib} and navigate to Management → Dev Tools.

2. Choose one of the API requests below and submit it through the console. Each of the requests uses version 8.11.0 as an example, but this can be changed to any available version.

   • To upgrade a single {agent} to any version, run:

     POST kbn:/api/fleet/agents/<Elastic Agent ID>/upgrade
     {"version":"8.11.0"}

   • To upgrade a set of {agents} based on a known set of agent IDs, run:

     POST kbn:/api/fleet/agents/bulk_upgrade
     {
       "version":"8.11.0",
       "agents":["<Elastic Agent ID>","<Another Elastic Agent ID>"],
       "start_time":"2023-11-10T09:41:39.850Z"
     }

   • To upgrade a set of {agents} running a specific policy, and below a specific version (for example, 8.11.0), run:

     POST kbn:/api/fleet/agents/bulk_upgrade
     {
       "agents": "fleet-agents.policy_id:<Elastic Fleet Policy ID> and fleet-agents.agent.version<<VERSION>",
       "version": "8.11.0"
     }

     POST kbn:/api/fleet/agents/bulk_upgrade
     {
       "agents": "fleet-agents.policy_id:uuid1-uuid2-uuid3-uuid4 and fleet-agents.agent.version<8.11.0",
       "version": "8.11.0"
     }

Tip	To find the ID for any {agent}, open the Agents tab in {fleet} and select View agent from the Actions menu. The agent ID and other details are shown.

To learn more about these requests, refer to the {fleet} API documentation.

{fleet} and {agent} 8.11.3

Review important information about {fleet-server} and {agent} for the 8.11.3 release.

Known issues

Current stack version is not in the list of {agent} versions in {kib} {fleet} UI

Details

On the {fleet} UI in {kib}:

• When adding a new {agent}, the user interface shows a previous version instead of the current version.

• When you attempt an upgrade, the modal window shows an earlier version as the latest version.

Impact

You can use the following steps as a workaround:

When upgrading {agent} currently on versions 8.10.4 or earlier (simpler)

1. Open the {fleet} UI. Under the Agents tab select Upgrade agent from the actions menu. The version field in the Upgrade agent UI allows you to enter any version.

2. Enter 8.11.0 or whichever version you want to upgrade the {agents} to. Do not choose a version later than the version of {kib} or {fleet-server} that you’re running.

When upgrading {agent} currently on any version (more complex, requires API)

1. Open {kib} and navigate to Management → Dev Tools.

2. Choose one of the API requests below and submit it through the console. Each of the requests uses version 8.11.0 as an example, but this can be changed to any available version.

   • To upgrade a single {agent} to any version, run:

     POST kbn:/api/fleet/agents/<Elastic Agent ID>/upgrade
     {"version":"8.11.0"}

   • To upgrade a set of {agents} based on a known set of agent IDs, run:

     POST kbn:/api/fleet/agents/bulk_upgrade
     {
       "version":"8.11.0",
       "agents":["<Elastic Agent ID>","<Another Elastic Agent ID>"],
       "start_time":"2023-11-10T09:41:39.850Z"
     }

   • To upgrade a set of {agents} running a specific policy, and below a specific version (for example, 8.11.0), run:

     POST kbn:/api/fleet/agents/bulk_upgrade
     {
       "agents": "fleet-agents.policy_id:<Elastic Fleet Policy ID> and fleet-agents.agent.version<<VERSION>",
       "version": "8.11.0"
     }

     POST kbn:/api/fleet/agents/bulk_upgrade
     {
       "agents": "fleet-agents.policy_id:uuid1-uuid2-uuid3-uuid4 and fleet-agents.agent.version<8.11.0",
       "version": "8.11.0"
     }

Tip	To find the ID for any {agent}, open the Agents tab in {fleet} and select View agent from the Actions menu. The agent ID and other details are shown.

To learn more about these requests, refer to the {fleet} API documentation.

Security updates

{agent}

The 8.11.3 patch release contains a fix for a potential security vulnerability. Please see our security advisory for more details.

Bug fixes

{fleet}

• Fix a 500 error in the {fleet} API when a request for the product versions endpoint throws ECONNREFUSED. (#172850)

• Fix {agent} policy timeout to accept only integers. (#172222)

{fleet} and {agent} 8.11.2

Review important information about {fleet-server} and {agent} for the 8.11.2 release.

Important

The memory leak known issue that affects Windows users running {agent} is resolved in this release. If you’re currently on {agent} version 8.11.0 or 8.11.1, we strongly recommend upgrading to 8.11.2 or a later release to avoid the issue. If you’re on an earlier version, avoid upgrading to version 8.11.0 or 8.11.1 and update directly to version 8.11.2 or later.

Known issues

Triggering {agent} upgrades from {kib} {fleet} UI in an air-gapped environment will fail

Details

When attempting to upgrade an {agent}, {kib} tries to access https://www.elastic.co/api/product_versions. In an air-gapped environment, this call will be blocked and the upgrade flow will therefore be blocked too.

Upgrade {kib} to version 8.11.3 to solve the issue.

Current stack version is not in the list of {agent} versions in {kib} {fleet} UI

Details

On the {fleet} UI in {kib}:

• When adding a new {agent}, the user interface shows a previous version instead of the current version.

• When you attempt an upgrade, the modal window shows an earlier version as the latest version.

Impact

You can use the following steps as a workaround:

When upgrading {agent} currently on versions 8.10.4 or earlier (simpler)

1. Open the {fleet} UI. Under the Agents tab select Upgrade agent from the actions menu. The version field in the Upgrade agent UI allows you to enter any version.

2. Enter 8.11.0 or whichever version you want to upgrade the {agents} to. Do not choose a version later than the version of {kib} or {fleet-server} that you’re running.

When upgrading {agent} currently on any version (more complex, requires API)

1. Open {kib} and navigate to Management → Dev Tools.

2. Choose one of the API requests below and submit it through the console. Each of the requests uses version 8.11.0 as an example, but this can be changed to any available version.

   • To upgrade a single {agent} to any version, run:

     POST kbn:/api/fleet/agents/<Elastic Agent ID>/upgrade
     {"version":"8.11.0"}

   • To upgrade a set of {agents} based on a known set of agent IDs, run:

     POST kbn:/api/fleet/agents/bulk_upgrade
     {
       "version":"8.11.0",
       "agents":["<Elastic Agent ID>","<Another Elastic Agent ID>"],
       "start_time":"2023-11-10T09:41:39.850Z"
     }

   • To upgrade a set of {agents} running a specific policy, and below a specific version (for example, 8.11.0), run:

     POST kbn:/api/fleet/agents/bulk_upgrade
     {
       "agents": "fleet-agents.policy_id:<Elastic Fleet Policy ID> and fleet-agents.agent.version<<VERSION>",
       "version": "8.11.0"
     }

     POST kbn:/api/fleet/agents/bulk_upgrade
     {
       "agents": "fleet-agents.policy_id:uuid1-uuid2-uuid3-uuid4 and fleet-agents.agent.version<8.11.0",
       "version": "8.11.0"
     }

Tip	To find the ID for any {agent}, open the Agents tab in {fleet} and select View agent from the Actions menu. The agent ID and other details are shown.

To learn more about these requests, refer to the {fleet} API documentation.

Enhancements

{fleet}

• Improve UX for policy secrets. #171405

{agent}

• Add configuration parameters for the Kubernetes leader_election provider. #3625

• Update NodeJS version bundled with Heartbeat to v18.18.2. #3655

• Update Go version to 1.20.11. #3748

Bug fixes

{fleet}

• Support integration secrets in a local package registry with variables secret: true and required: false. #172078

• Fix agent metrics retrieval on the agent list page, previously displaying N/A for metrics for users with more than 10 agents. #172016

• Only add time_series_metric if TSDB is enabled. #171712

• Fix inability to upgrade agents from version 8.10.4 to version 8.11. #170974

{agent}

• Fix logging calls that have missing arguments. #3679

• Fix {fleet}-managed {agent} ignoring the agent.download.proxy_url setting after a policy is updated. #3803 #3560

• Properly convert component error fields to YAML in agent diagnostics. #3835 #2940

{fleet} and {agent} 8.11.1

Review important information about {fleet-server} and {agent} for the 8.11.1 release.

Important

Due to a memory leak issue, Windows users running {agent} are recommended to avoid upgrading to this release and waiting for the upcoming 8.11.2 release in which the issue is resolved. If you’ve already upgraded to version 8.11.0 or 8.11.1, we recommend upgrading to 8.11.2 as soon as it becomes available. See the known issue for more detail.

Known issues

• The known issue that could prevent the {agent} or Integrations Server component from booting up within an ECE deployment has been resolved in this release.

Memory leak running {agent} in Windows environments with the System Integration

Details

A memory leak has been identified in {beats} on Windows. All {beats} running Elastic Stack version 8.11.0 or 8.11.1 are affected. The leak also affects the {agent} System integration which is implemented with {beats}. The leak will eventually exhaust all memory on the host system, typically after several days.

Impact

This issue has been fixed in version 8.11.2. For a Windows environment, we strongly recommend upgrading directly to 8.11.2 or any later release.

If you’re already running {agent} version 8.11.0 or 8.11.1 on Windows and do not want to upgrade, we recommend that you:

1. Disable the process and process_summary metrics in your System integration.

2. Disable logs and metrics collection.

3. Restart {agent}.

Note that disabling these datasets will prevent the collection of process-related metrics.

Another workaround is to downgrade {agent} to a version below 8.11.0. Note that this could result in missing or reindexed logs or metrics as the "state" will not be persisted after {agent} is uninstalled and reinstalled.

For {beats} we currently do not have a workaround apart from upgrading to 8.12.2 or a later release.

Current stack version is not in the list of {agent} versions in {kib} {fleet} UI

Details

On the {fleet} UI in {kib}:

• When adding a new {agent}, the user interface shows a previous version instead of the current version.

• When attempting to upgrade, the modal window to pick the version shows an earlier version as the latest version.

Impact

You can use the following steps as a workaround:

When upgrading {agent} currently on versions 8.10.4 or lower (simpler)

1. Open the {fleet} UI. Under the Agents tab select Upgrade agent from the actions menu. The version field in the Upgrade agent UI allows you to enter any version.

2. Enter 8.11.0 or whichever version you want to upgrade the [agents] to. Do not choose a version above the version of {kib} or {fleet-server} that you’re running.

When upgrading {agent} currently on any version (more complex, requires API)

1. Open {kib} and navigate to Management → Dev Tools.

2. Choose one of the API requests below and submit it through the console. Each of the requests uses version 8.11.0 as an example, but this can be changed to any available version.

   • To upgrade a single {agent} to any version, run:

     POST kbn:/api/fleet/agents/<Elastic Agent ID>/upgrade
     {"version":"8.11.0"}

   • To upgrade a set of {agents} based on a known set of agent IDs, run:

     POST kbn:/api/fleet/agents/bulk_upgrade
     {
       "version":"8.11.0",
       "agents":["<Elastic Agent ID>","<Another Elastic Agent ID>"],
       "start_time":"2023-11-10T09:41:39.850Z"
     }

   • To upgrade a set of {agents} running a specific policy, and below a specific version (for example, 8.11.0), run:

     POST kbn:/api/fleet/agents/bulk_upgrade
     {
       "agents": "fleet-agents.policy_id:<Elastic Fleet Policy ID> and fleet-agents.agent.version<<VERSION>",
       "version": "8.11.0"
     }

     POST kbn:/api/fleet/agents/bulk_upgrade
     {
       "agents": "fleet-agents.policy_id:uuid1-uuid2-uuid3-uuid4 and fleet-agents.agent.version<8.11.0",
       "version": "8.11.0"
     }

Tip	To find the ID for any {agent}, open the Agents tab in {fleet} and select View agent from the Actions menu. The agent ID and other details are shown.

To learn more about these requests, refer to the {fleet} API documentation.

New features

The 8.11.1 release Added the following new and notable features.

{agent}

• Add the dimensions component.id and component.binary to {agent} and {beats} monitoring output, to support unique entries for the Time Series Database (TSDB) feature. #3626 #7977

Bug fixes

{fleet}

• Append space ID to security solution tag. (#170789).

• Modify bulk unenroll to include inactive agents. (#170249).

{fleet} and {agent} 8.11.0

Review important information about {fleet-server} and {agent} for the 8.11.0 release.

Important

Due to a memory leak issue, Windows users running {agent} are recommended to avoid upgrading to this release and waiting for the upcoming 8.11.2 release in which the issue is resolved. If you’ve already upgraded to 8.11.0 or 8.11.1, we recommend upgrading to 8.11.2 as soon as it becomes available. See the known issue for more detail.

Security updates

{agent}

• Updated Go version to 1.20.10. #3601

Breaking changes

Breaking changes can prevent your application from optimal operation and performance. Before you upgrade, review the breaking changes, then mitigate the impact to your application.

Compression is enabled by default for {agent} {es} outputs

Details
The default compression level for {es} outputs is changing from 0 to 1.

Impact
On typical workloads this is expected to decrease network data volume by 70-80%, while increasing CPU use by 20-25% and ingestion time by 10%. The previous behavior can be restored by adding the setting compression_level: 0 to the agent output configuration.

elastic-agent-autodiscover library has been updated to version 0.6.4, disabling metadata For kubernetes.deployment and kubernetes.cronjob fields.

Details
The elastic-agent-autodiscover Kubernetes library by default comes with add_resource_metadata.deployment=false and add_resource_metadata.cronjob=false.

Impact
Pods that will be created from deployments or cronjobs will not have the extra metadata field for kubernetes.deployment or kubernetes.cronjob, respectively. This change was made to avoid the memory impact of keeping the feature enabled in big Kubernetes clusters. For more information, refer to #3593.

Known issues

Memory leak running {agent} in Windows environments with the System Integration

Details

A memory leak has been identified in {beats} on Windows. All {beats} running Elastic Stack version 8.11.0 or 8.11.1 are affected. The leak also affects the {agent} System integration which is implemented with {beats}. The leak will eventually exhaust all memory on the host system, typically after several days.

Impact

This issue has been fixed in version 8.11.2. For a Windows environment, we strongly recommend upgrading directly to 8.11.2 or any higher release.

If you’re already running {agent} version 8.11.0 or 8.11.1 on Windows and do not want to upgrade, we recommend that you:

1. Disable the process and process_summary metrics in your System integration.

2. Disable logs and metrics collection.

3. Restart {agent}.

Note that disabling these datasets will prevent the collection of process-related metrics.

Another workaround is to downgrade {agent} to a version below 8.11.0. Note that this could result in missing or reindexed logs or metrics as the "state" will not be persisted after {agent} is uninstalled and reinstalled.

For {beats} we currently do not have a workaround apart from upgrading to 8.12.2 or a later release.

Current stack version is not in the list of {agent} versions in {kib} {fleet} UI

Details

On the {fleet} UI in {kib}:

• When adding a new {agent}, the user interface shows a previous version instead of the current version.

• When attempting to upgrade, the modal window to pick the version shows an earlier version as the latest version.

Impact

You can use the following steps as a workaround:

When upgrading {agent} currently on versions 8.10.4 or lower (simpler)

1. Open the {fleet} UI. Under the Agents tab select Upgrade agent from the actions menu. The version field in the Upgrade agent UI allows you to enter any version.

2. Enter 8.11.0 or whichever version you want to upgrade the [agents] to. Do not choose a version above the version of {kib} or {fleet-server} that you’re running.

When upgrading {agent} currently on any version (more complex, requires API)

1. Open {kib} and navigate to Management → Dev Tools.

2. Choose one of the API requests below and submit it through the console. Each of the requests uses version 8.11.0 as an example, but this can be changed to any available version.

   • To upgrade a single {agent} to any version, run:

     POST kbn:/api/fleet/agents/<Elastic Agent ID>/upgrade
     {"version":"8.11.0"}

   • To upgrade a set of {agents} based on a known set of agent IDs, run:

     POST kbn:/api/fleet/agents/bulk_upgrade
     {
       "version":"8.11.0",
       "agents":["<Elastic Agent ID>","<Another Elastic Agent ID>"],
       "start_time":"2023-11-10T09:41:39.850Z"
     }

   • To upgrade a set of {agents} running a specific policy, and below a specific version (for example, 8.11.0), run:

     POST kbn:/api/fleet/agents/bulk_upgrade
     {
       "agents": "fleet-agents.policy_id:<Elastic Fleet Policy ID> and fleet-agents.agent.version<<VERSION>",
       "version": "8.11.0"
     }

     POST kbn:/api/fleet/agents/bulk_upgrade
     {
       "agents": "fleet-agents.policy_id:uuid1-uuid2-uuid3-uuid4 and fleet-agents.agent.version<8.11.0",
       "version": "8.11.0"
     }

Tip	To find the ID for any {agent}, open the Agents tab in {fleet} and select View agent from the Actions menu. The agent ID and other details are shown.

To learn more about these requests, refer to the {fleet} API documentation.

Integrations Server / APM unable to boot in specific ECE environments

Details
A permissions change in the {agent} Docker container can prevent the {agent} or Integrations Server component from booting up within an ECE deployment. The change affects ECE installations that are deployed with a Linux UID other than 1000.

Impact
ECE users with deployments that include APM or Integrations Server are recommended to wait for the next patch release, which is planned to include a fix for this problem.

New features

The 8.11.0 release Added the following new and notable features.

{fleet}

• Set env variable ELASTIC_NETINFO:false in {kib} (#166156).

• Added restart upgrade action (#166154).

• Adds ability to set a proxy for agent binary source (#164168).

• Adds ability to set a proxy for agent download source (#164078).

{agent}

• Add support for processors in hints-based Kubernetes autodiscover. #3107 #2959

• Print out {agent} installation steps to show progress. #3338

• Add colors to {agent} messages printed by the elastic-agent logs command based on their level. #3345

Enhancements

{fleet}

• Adds sidebar navigation showing headings extracted from the readme (#167216).

{fleet-server}

• Expand APM traces to track coordinator and monitor transactions. Add additonal spans across all API endpoints to better track what the server does. Add spans to bulker interactions that link with the queue flush transaction that the bulk action is executed through. #2929

• Add endpoint to serve PGP keys that clients can use when validating upgrades in cases where the embedded PGP key in a client is compromised and the client can’t reach the internet. #2977 #2887

• Add ActionLimit and a Gzip writer pool to handle checkin responses, to help prevent OOM errors when updates are issued to many clients. #2994

• Send errors in API calls and bulker flushes to APM. fleet-server-pull}3053[#3053]

{agent}

• Improve {agent} uninstall on Windows by adding delay between retries when file removal is blocked by busy files. #3431 #3221

• Support the NETINFO variable in Elastic Kubernetes manifests. Setting a new environmental variable ELASTIC_NETINFO=false globally disables the netinfo.enabled parameter of the add_host_metadata processor. This disables the indexing of host.ip and host.mac fields. #3354

• The {agent} uninstall process now finds and kills any running upgrade Watcher process. Uninstalls initiated within 10 minutes of a previous upgrade now work as expected. #3384 #3371

• Fix the Kubernetes deploy/kubernetes/creator_k8.sh script to correcly exclude configmaps. #3396

• Allow fetching the GPG key used for upgrade package signature verification from {fleet-server}. This enables upgrades using rotated GPG keys in air gapped environments where {fleet-server} is the only reachable URI. #3543 #3264

• Enable tamper protection feature flag by default for {agent} version 8.11.0. #3478

• Increase {agent} monitoring metrics interval from 10s to 60s to reduce the default ingestion load and long term storage requirements. #3578

Bug fixes

{fleet}

• Vastly improve performance of Fleet final pipeline’s date formatting logic for event.ingested (#167318).

{fleet-server}

• Fix errors produced by the {fleet-server} bulker to be ECS compliant. #3034 #3033

{agent}

• Enable resilient handling of air gapped PGP checks. {agent} should not fail when remote PGP is specified (or official Elastic fallback PGP is used) and remote is not available. #3427 #3426 #3368

• Prevent a standalone {agent} from being upgraded if an upgrade is already in progress. #3473 #2706

• Fix a bug that affected reporting progress of the {agent} artifact download during an upgrade. #3548

• Upgrade elastic-agent-libs to v0.6.0 to fix the {agent} Windows service becoming unresponsive. Fixes Windows service timeouts during WMI queries and during service shutdown. #3632 #3061

• Increase wait period between service restarts on failure to 15s on Windows. #3657

• Prevent multiple attempts by {agent} to stop an already stopped service. #3482