release-notes-8.16.asciidoc

Release notes

This section summarizes the changes in each release.

• {fleet} and {agent} 8.16.5

• {fleet} and {agent} 8.16.4

• {fleet} and {agent} 8.16.3

• {fleet} and {agent} 8.16.2

• {fleet} and {agent} 8.16.1

• {fleet} and {agent} 8.16.0

Also see:

• {kibana-ref}/release-notes.html[{kib} release notes]

• {beats-ref}/release-notes.html[{beats} release notes]

{fleet} and {agent} 8.16.5

There are no bug fixes for {fleet} or {agent} in this release.

{fleet} and {agent} 8.16.4

Security updates

{agent}

• Upgrade NodeJS to LTS v18.20.6. #6641

Bug fixes

{agent}

• Emit vars even if provider data is empty from the start. #6598

• Redact secrets within complex nested paths. #6710

• Improve the CLI output message when elastic-agent uninstall runs after the agent has previously been unenrolled. #6735

{fleet} and {agent} 8.16.3

Review important information about the {fleet} and {agent} 8.16.3 release.

Bug fixes

{fleet}

• Fixed an issue that prevented {agent} tags from being displayed when the agent list is filtered. (#205163)

{fleet} and {agent} 8.16.2

Review important information about the {fleet} and {agent} 8.16.2 release.

Known Issues

An {agent} with the Defend integration may report an Orphaned status and will not be able to be issued an upgrade action through {fleet}.

Details
A known issue in the {agent} may prevent it from being targetted with an upgrade action for a future release. This may occur if the Defend integration is used and the agent is stopped on a running instance for too long. An agent may be stopped as part of an upgrade process.

Impact
A bug fix is present in the 8.16.3 and 8.17.1 releases of {fleet} that will prevent this from occuring.

If you have agents that are affected, the workaround is as follows:

# Get a Token to issue an update_by_query request:
curl -XPOST --user elastic:${SUPERUSER_PASS} -H 'x-elastic-product-origin:fleet' -H'content-type:application/json' "https://${ELASTICSEARCH_HOST}/_security/service/elastic/fleet-server/credential/token/fix-unenrolled"

# Issue an update_by_query request that targets effected agents:
curl -XPOST -H 'Authorization: Bearer ${TOKEN}' -H 'x-elastic-product-origin:fleet' -H 'content-type:application/json' "https://${ELASTICSEARCH_HOST}/.fleet-agents/_update_by_query" -d '{"query": {"bool": {"must": [{ "exists": { "field": "unenrolled_at" } }],"must_not": [{ "term": { "active": "false" } }]}},"script": {"source": "ctx._source.unenrolled_at = null;","lang": "painless"}}'

Enhancements

In this release we’ve introduced an image based on the hardened Wolfi image to provide additional security to our self-managed customers, and improve our supply chain security posture. Wolfi-based images require Docker version 20.10.10 or higher.

{agent}

• Perform check for an external package manager only at startup. #6178 #5835 #5991

• Remove some unnecessary copies when generating component configuration. #6184 #5835 #5991

• Use xxHash instead of sha256 for hashing AST nodes when generating component configuration. #6192 #5835 #5991

• Cache conditional sections when applying variables to component configuration. #6229 #5835 #5991

{fleet} and {agent} 8.16.1

Review important information about the {fleet} and {agent} 8.16.1 release.

Known Issues

An {agent} with the Defend integration may report an Orphaned status and will not be able to be issued an upgrade action through {fleet}.

Details
A known issue in the {agent} may prevent it from being targetted with an upgrade action for a future release. This may occur if the Defend integration is used and the agent is stopped on a running instance for too long. An agent may be stopped as part of an upgrade process.

Impact
A bug fix is present in the 8.16.3 and 8.17.1 releases of the {fleet} that will prevent this from occuring.

If you have agents that are affected, the workaround is as follows:

# Get a Token to issue an update_by_query request:
curl -XPOST --user elastic:${SUPERUSER_PASS} -H 'x-elastic-product-origin:fleet' -H'content-type:application/json' "https://${ELASTICSEARCH_HOST}/_security/service/elastic/fleet-server/credential/token/fix-unenrolled"

# Issue an update_by_query request that targets effected agents:
curl -XPOST -H 'Authorization: Bearer ${TOKEN}' -H 'x-elastic-product-origin:fleet' -H 'content-type:application/json' "https://${ELASTICSEARCH_HOST}/.fleet-agents/_update_by_query" -d '{"query": {"bool": {"must": [{ "exists": { "field": "unenrolled_at" } }],"must_not": [{ "term": { "active": "false" } }]}},"script": {"source": "ctx._source.unenrolled_at = null;","lang": "painless"}}'

Bug fixes

{agent}

• During an {agent} upgrade, resolve paths to a proper value assuming that the upgrading agent is installed. #5879 #5872

• Trim spaces in the user input accepted by the cli.confirm function. This allows users to enter spaces around the yes/no inputs in CLI confirmation prompts. #5909

• Skip calling the notifyFleetAuditUninstall function to notify {fleet} on Windows during {agent} uninstall, to significantly reduce likelihood of an exception being thrown. #6065 #5952

{fleet} and {agent} 8.16.0

Review important information about the {fleet} and {agent} 8.16.0 release.

Security updates

{fleet-server}

• Update {fleet-server} Go version to 1.23.1. #3924

Breaking changes

Breaking changes can prevent your application from optimal operation and performance. Before you upgrade, review the breaking changes, then mitigate the impact to your application.

{agent}

• When using the System integration, uppercase characters in the host.hostname are being converted to lowercase in {agent} output. This can possibly result in duplicated host entries appearing in {kib}. #3993

Known issues

{fleet} UI listing shows "No agent found"

Details

In the {fleet} UI in {kib}, the listing {agents} might show "No agent found" with a toast message "Error fetching agents" or "Agent policy …​ not found".

This error can happen if the {agents} being searched and listed in the UI are using an {agent} policy which doesn’t exist.

Impact

As a workaround for the issue, you can upgrade your {stack} to verion 8.16.1. The issue has been resolved by {kib} #199325.

{agent} throws exception when uninstalling on Windows

Details

{fleet}-managed {agent} sometimes throws an exception when uninstalling on Microsoft Windows systems.

For example:

C:\>"C:\Program Files\Elastic\Agent\elastic-agent.exe" uninstall
Elastic Agent will be uninstalled from your system at C:\Program Files\Elastic\Agent. Do you want to continue? [Y/n]:y
[====] Attempting to notify Fleet of uninstall  [37s] unexpected fault address 0x18000473ef1
fatal error: fault
[signal 0xc0000005 code=0x1 addr=0x18000473ef1 pc=0x9f3004]

goroutine 1 gp=0xc00007c000 m=5 mp=0xc000116008 [running]:
runtime.throw({0x207a4ba?, 0xa2d986?})
        runtime/panic.go:1023 +0x65 fp=0xc000067588 sp=0xc000067558 pc=0xcf8c5
runtime.sigpanic()
        runtime/signal_windows.go:414 +0xd0 fp=0xc0000675d0 sp=0xc000067588 pc=0xe6a10
(...)
        github.com/elastic/elastic-agent/internal/pkg/agent/errors/generators.go:23
github.com/elastic/elastic-agent/internal/pkg/fleetapi.(*AuditUnenrollCmd).Execute(0xc00073f998, {0x4, 0x23cf148}, 0x0)
        github.com/elastic/elastic-agent/internal/pkg/fleetapi/audit_unenroll_cmd.go:74 +0x324 fp=0xc000067738 sp=0xc0000675d0 pc=0x9f3004
runtime: g 1: unexpected return pc for github.com/elastic/elastic-agent/internal/pkg/fleetapi.(*AuditUnenrollCmd).Execute called from 0xc0006817a0
stack: frame={sp:0xc0000675d0, fp:0xc000067738} stack=[0xc000064000,0xc000068000)
0x000000c0000674d0:  0x000000c000067508  0x00000000000d14af <runtime.gwrite+0x00000000000000ef>
0x000000c0000674e0:  0x00000000023c9c90  0x0000000000000001
0x000000c0000674f0:  0x0000000000000001  0x000000c00006756b
(...)

For other examples, refer to {agent} issue #5952.

This problem occurs when {agent} notifies {fleet} to audit the uninstall process.

Impact

As a workaround, we recommend trying again to uninstall the agent.

An {agent} with the Defend integration may report an Orphaned status and will not be able to be issued an upgrade action through {fleet}.

Details
A known issue in the {agent} may prevent it from being targetted with an upgrade action for a future release. This may occur if the Defend integration is used and the agent is stopped on a running instance for too long. An agent may be stopped as part of an upgrade process.

Impact
A bug fix is present in the 8.16.3 and 8.17.1 releases of {fleet} that will prevent this from occuring.

If you have agents that are affected, the workaround is as follows:

# Get a Token to issue an update_by_query request:
curl -XPOST --user elastic:${SUPERUSER_PASS} -H 'x-elastic-product-origin:fleet' -H'content-type:application/json' "https://${ELASTICSEARCH_HOST}/_security/service/elastic/fleet-server/credential/token/fix-unenrolled"

# Issue an update_by_query request that targets effected agents:
curl -XPOST -H 'Authorization: Bearer ${TOKEN}' -H 'x-elastic-product-origin:fleet' -H 'content-type:application/json' "https://${ELASTICSEARCH_HOST}/.fleet-agents/_update_by_query" -d '{"query": {"bool": {"must": [{ "exists": { "field": "unenrolled_at" } }],"must_not": [{ "term": { "active": "false" } }]}},"script": {"source": "ctx._source.unenrolled_at = null;","lang": "painless"}}'

Integration output fails when using default output

Details
Beginning in version 8.16.0 you can specify an output per integration policy. However, setting the integration output to the default creates an invalid output name.

Impact
As a workaround, you can create a clone of the default output and then set it as the output for an integration policy. Refer to issue #206131 for details and status.

New features

The 8.16.0 release Added the following new and notable features.

{fleet}

• Add support for content-only packages in integrations UI. #195831

• Add advanced agent monitoring options for HTTP endpoint and diagnostics. #193361

• Add support for periodic unenrollment of inactive agents. Once an {agent} transitions to an inactive state and after a configurable timeout has expired, the agent will be unenrolled. #189861

• Add support for dynamic topics to the Kafka output. This allows the Kafka output to write to a topic which is dynamically set in an event field. #192720

• Add support for GeoIP processor databases in Ingest Pipelines. #190830

• Add support for reusable/shareable integration policies. This feature allows you to create integrations policies that can be shared with multiple {agent} policies, thereby reducing the number of integrations policies that you need to actively manage. #187153

• Add support for integration-level outputs. This feature enables you to send integration data to a specific output, overwriting the output defined in the {agent} Policy. #189125

{fleet-server}

• Add /api/fleet/agents/:id/audit/unenroll API that an {agent} or Endpoint process may use to report that an agent was uninstalled or unenrolled to {fleet}. #3818 #484

• Add a secret_paths attribute to the policy data sent to agents. This attribute is a list of keys that {fleet-server} has replaced with a reference to a secret value. #3908 #3657

{agent}

• Uninstalling a {fleet}-managed {agent} instance will now do a best-effort attempt to notify {fleet-server} of the agent removal so the agent status appears correctly in the {fleet} UI (related to #3818 above). #5302 #484

• Introduce a Helm Chart for deploying {agent} in Kubernetes. #5331 #3847

• Remove support for the experimental shippers feature. #5308 #4547

• Add the GCP Asset Inventory input to Cloudbeat. #5422

• Add support for passphrase protected mTLS client certificate key during install/enroll. #5494 #5489

• Elastic Defend now accepts a passphrase protected client certificate key for mTLS. #5542 #5490

• Add a Kustomize template to enable hints-based autodiscovery by default when deploying standalone {agent} in a Kubernetes cluster. This also removes root privileges from the init container. #5643

Enhancements

{fleet}

• Update maximum supported package version. #196551

• Add additional columns to {agent} Logs UI. #192262

• Show +build versions for {agent} upgrades. #192171

• Add format parameter to agent_policies APIs. #191811

• Add toggles for agent.monitoring.http.enabled and agent.monitoring.http.buffer.enabled to agent policy advanced settings. #190984

• Support integration policies without agent policy references (aka orphaned integration policies). #190649

• Allow traces to be added to the monitoring_enabled array in Agent policies. #189908

• Add setup technology selector to the Add Integration page. #189612

{fleet-server}

• Alter the checkin API to remove attributes set by the audit or unenroll API (follow-up to #3818 above). #3827 #484

• Enable warnings for configuration options that have been deprecated throughout the 8.x lifecycle. #3901

{agent}

• Re-enable support for Elastic Defend on Windows Server 2012 and 2012 R2. #5429

• Include the correct Elastic License 2.0 file in build artifacts and packages. #5464

• Add the pprofextension to the {agent} OTel collector. #5556

• Update the base container image from Ubuntu 20.04 to Ubuntu 24.04. #5644 #5501

• Redact values from the elastic-agent inspect command output for any keys in the secret_paths array. #5621

• Redact secret paths in files written in {agent} diagnostics bundles. #5745

• Update the versions of OpenTelemetry Collector components from v0.111.0/v1.17.0 to v0.112.0/v1.18.0. #5838

Bug fixes

{fleet}

• Revert "Fix client-side validation for agent policy timeout fields". #194338

• Add proxy arguments to install snippets. #193922

• Rollover if dimension mappings changed in dynamic templates. #192098

{fleet-server}

• Fix the error handling when {fleet-server} attempts to authenticate with {es}. #3935 #3929

• Fix an issue that caused {fleet-server} to report a 500 error on {agent} check-in because the agent has upgrade details but the referenced action ID is not found. #3991

{agent}

• Fix {agent} crashing when self unenrolling due to too many authentication failures against {fleet-server}. #5438 #5434

• Change the deprecated maintainer label in Dockerfile to use the org.opencontainers.image.authors label instead. #5527