Release notes

Fixed a join cache issue with Elastic Stack Security’s templated queries when they include placeholders such as {{ _user: user.name }}.

Fixed an issue in the siren_dataspaces query that could prevent users from seeing documents in Siren Investigate when hitting the join cache.

Fixed a rare issue where a cluster was unable to initialize a Federate job due to a closed RootBufferManager on a node.

Fixed an issue that caused serialization errors when processing percentiles aggregation query results.

Fixed an issue in the job cancel transport action that could block the management thread pool, leading to a deadlock condition. The cancel action now extends the Elasticsearch task cancel API to avoid this.

Fixed an issue that caused the preference parameter to be ignored when executing a search request.

Improved job throttling at the cluster level by letting the user choose the coordinator node that executes a request, instead of being picked randomly based on the preference parameter.

Fixed a planner thread deadlock that could happen with failing data transfers between nodes.

Reduced the heap and CPU usage when computing a broadcast or index join on a node with more than one shard.

Reduced the data upload latency by improving thread management in the data upload service.

Fixed a potential leak of user information across thread contexts. If a user runs a query concurrently with another more privileged user on the same coordinator node, the search could be executed with higher privileges. This could result in an attacker gaining additional permissions against a restricted index. All versions of Federate before 7.11.2-23.0, 7.10.2-22.2, 7.9.3-21.6, 7.6.2-20.2 and 6.8.14-10.3.9 are affected by this flaw. You must upgrade to Federate version 7.11.2-23.0, 7.10.2-22.2, 7.9.3-21.6, 7.6.2-20.2 or 6.8.14-10.3.9 to obtain the fix. [CVE-2021-28938](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28938).

Fixed an issue that caused the filter in the index alias not to be taken into account.

Fixed an issue that caused the Data Streams indices not to be taken into account in search requests.

Fixed the data output identifier of a table search scan, which impacted negatively on the join resolution and join cache hits.

Removed the creation of recurring tasks in the Federate wrapper for the index service.

Fixed the maximum concurrent uploads in the segment partitioner collector manager.

Removed the cluster state listener when closing the buffer allocator and data staging services.

Upgraded to Elasticsearch 7.10.2.