From d379f87eae98c36fad10d81f9014a39789d90abe Mon Sep 17 00:00:00 2001 From: Florent Le Borgne Date: Wed, 12 Feb 2025 13:01:02 +0100 Subject: [PATCH 1/7] unedited kibana release notes for 9.0 --- .../release-notes-kibana.asciidoc | 411 ++++++++++++++++++ 1 file changed, 411 insertions(+) diff --git a/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc index 8d3ce2198..801852ad9 100644 --- a/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc +++ b/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc @@ -6,3 +6,414 @@ coming::[9.0.0-beta1] +For information about the {kib} 9.0.0 release, review the following information. + +[float] +[[breaking-changes-9.0.0]] +== Breaking changes + +Breaking changes can prevent your application from optimal operation and performance. +Before you upgrade to 9.0.0, review the breaking changes, then mitigate the impact to your application. + +[discrete] +[[breaking-207906]] +* Remove deprecated bulk endpoints from v9.0.0. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}207906[#207906]). +==== + +[discrete] +[[breaking-203927]] +* Disable search sessions by default. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}203927[#203927]). +==== + +[discrete] +[[breaking-202863]] +* Rework saved query privileges. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}202863[#202863]). +==== + +[discrete] +[[breaking-202679]] +* Remove discover:searchFieldsFromSource setting. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}202679[#202679]). +==== + +[discrete] +[[breaking-202278]] +* Switch to 19Hz sampling frequency. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}202278[#202278]). +==== + +[discrete] +[[breaking-202250]] +* Disable scripted field creation in the Data Views management page. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}202250[#202250]). +==== + +[discrete] +[[breaking-201254]] +* Remove the legacy table. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}201254[#201254]). +==== + +[discrete] +[[breaking-200834]] +* Use Kibana feature privileges only to control access to reporting. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}200834[#200834]). +==== + +[discrete] +[[breaking-200633]] +* Refactor timeline HTTP API. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}200633[#200633]). +==== + +[discrete] +[[breaking-200163]] +* Adding kibana upgrade deprecation warning apm_user removed. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}200163[#200163]). +==== + +[discrete] +[[breaking-199598]] +* Remove deprecated APIs. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}199598[#199598]). +==== + +[discrete] +[[breaking-199226]] +* Remove deprecated topics property for kafka output in favor of topic. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}199226[#199226]). +==== + +[discrete] +[[breaking-199033]] +* Remove "download CSV" export type functionality. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}199033[#199033]). +==== + +[discrete] +[[breaking-198799]] +* Remove deprecated settings API endpoints. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}198799[#198799]). +==== + +[discrete] +[[breaking-198435]] +* Remove 7.x deprecated kibana.yml settings. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}198435[#198435]). +==== + +[discrete] +[[breaking-198434]] +* Remove deprecated epm APIs. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}198434[#198434]). +==== + +[discrete] +[[breaking-198313]] +* Remove deprecated APIs for agents endpoints. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}198313[#198313]). +==== + +[discrete] +[[breaking-197422]] +* Disable deprecated rules bulk CRUD API endpoints in Serverless and 9.0. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}197422[#197422]). +==== + +[discrete] +[[breaking-196887]] +* Limit pagination size when retrieving full policy or withAgentCount. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}196887[#196887]). +==== + +[discrete] +[[breaking-193792]] +* Globally enforce internal API restriction. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}193792[#193792]). +==== + +[float] +[[deprecations-9.0.0]] +== Deprecations + +The following functionality is deprecated in 9.0.0, and will be removed in 10.0.0. +Deprecated functionality does not have an immediate impact on your application, but we strongly recommend +you make the necessary updates after you upgrade to 9.0.0. + +[discrete] +[[deprecation-208208]] +* Removed deprecated get case status API. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}208208[#208208]). +==== + +[discrete] +[[deprecation-208086]] +* Removed deprecated get user actions API. +[%collapsible] +==== +*Details* + +or more information, refer to ({kibana-pull}208086[#208086]). +==== + +[discrete] +[[deprecation-207926]] +* Removed deprecated get all comments API. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}207926[#207926]). +==== + +[discrete] +[[deprecation-207325]] +* Rename plugin to automatic import. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}207325[#207325]). +==== + +[discrete] +[[deprecation-203996]] +* Disable log stream and settings pages. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}203996[#203996]). +==== + +[discrete] +[[deprecation-203856]] +* Removed `TLSv1.1` from default set of supported protocols. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}203856[#203856]). +==== + +[discrete] +[[deprecation-203685]] +* Remove Logs Explorer. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}203685[#203685]). +==== + +[discrete] +[[deprecation-203148]] +* Deleted deprecated alerts routes. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}203148[#203148]). +==== + +[discrete] +[[deprecation-201810]] +* Remove all legacy risk engine code and features. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}201810[#201810]). +==== + +[discrete] +[[deprecation-201313]] +* Remove ephemeral tasks from task manager plugin. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}201313[#201313]). +==== + +[discrete] +[[deprecation-199598]] +* Remove deprecated API's. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}199598[#199598]). +==== + +[discrete] +[[deprecation-197802]] +* Remove `visualization:colorMapping` advanced setting. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}197802[#197802]). +==== + +[discrete] +[[deprecation-197684]] +* Remove no longer used feature flags for GA features. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}197684[#197684]). +==== + +[discrete] +[[deprecation-197421]] +* Remove ephemeral tasks from action and alerting plugins. +[%collapsible] +==== +*Details* + +For more information, refer to ({kibana-pull}197421[#197421]). +==== + +[float] +[[features-9.0.0]] +== Features +{kib} 9.0.0 adds the following new and notable features. + +Data ingestion and Fleet:: +* Delete unenrolled agents task ({kibana-pull}195544[#195544]). +Elastic Security solution:: +For the Elastic Security 9.0.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. +Kibana security:: +* Update CEL flow to UX design ({kibana-pull}206491[#206491]). + +For more information about the features introduced in 9.0.0, refer to <>. + +[[enhancements-and-bug-fixes-v9.0.0]] +== Enhancements and bug fixes + +For detailed information about the 9.0.0 release, review the enhancements and bug fixes. + +[float] +[[enhancement-v9.0.0]] +=== Enhancements +Dashboards & Visualizations:: +* [Vega] Update default basemaps to adapt to the Borealis theme refresh ({kibana-pull}208114[#208114]). +//// +!!TODO!! The above PR had a lengthy release note description: +Elastic Maps Service basemaps shown in the Custom Visualization component (Vega) and in the Maps application and components alighn with the new dark and light theme. +//// +Data ingestion and Fleet:: +* Show reason for agent/endpoint uninstall ({kibana-pull}205815[#205815]). +//// +!!TODO!! The above PR had a lengthy release note description: +Improves filtering & visibility of `Uninstalled` and `Orphaned` Agents in Fleet, by differentiating them from `Offline` agents. Status filters have been added for both `Uninstalled` and `Orphaned` agents. Agent `status` runtime field has been updated to return accordingly when an agent is `uninstalled` or `orphaned`. Additionally, improved UI by hiding agent labels with `0` agent matches. +//// +* Update max supported package version ({kibana-pull}196675[#196675]). +* Remove old bundled.yaml from oas, fixed tags ({kibana-pull}194788[#194788]). +Elastic Security solution:: +For the Elastic Security 9.0.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. +Kibana security:: +* Use setup and troubleshooting templates in readme ({kibana-pull}206477[#206477]). +* Update Kibana Security components to use new EUI Borealis theme ({kibana-pull}201795[#201795]). +* Updated `js-yaml` to `4.1.0` ({kibana-pull}190678[#190678]). +Machine Learning:: +* Removing use of ignore_throttled ({kibana-pull}199107[#199107]). +Management:: +* Change bytes field title to Bytes and Bits ({kibana-pull}204346[#204346]). +Platform:: +* Adds warning header to deprecated endpoints ({kibana-pull}205926[#205926]). +* Set HTTP2 as default if SSL is enabled and add deprecation log if SSL is not enabled or protocol is set to HTTP1 ({kibana-pull}204384[#204384]). +Other:: +* Switch to 19Hz sampling frequency ({kibana-pull}202278[#202278]). +* Adds keyword builder pipeline ({kibana-pull}201616[#201616]). + +[float] +[[fixes-v9.0.0]] +=== Bug fixes +Dashboards & Visualizations:: +* [Partition] Fix behind text coloring for `syncColors` in *Lens* ({kibana-pull}209632[#209632]). +//// +!!TODO!! The above PR had a lengthy release note description: +This fixes and issues where behind text colors were not correctly assigned, such as in `Pie`, `Treemap` and `Mosaic` charts. +//// +* Fixes issue with `Amsterdam` theme where charts render with the incorrect background color ({kibana-pull}209595[#209595]). +* Persist `runPastTimeout` setting ({kibana-pull}208611[#208611]). +* Force return 0 on empty buckets on count if null flag is disabled ({kibana-pull}207308[#207308]). +* Fixes eslint error ({kibana-pull}204972[#204972]). +* Avoid rerendering loop due to search context reload ({kibana-pull}203150[#203150]). +* Assign test files to presentation team ({kibana-pull}200209[#200209]). +Data ingestion and Fleet:: +* Updates removed params of the Fleet -> Logstash output configurations ({kibana-pull}210115[#210115]). +* Fixes required validation for multi text input field ({kibana-pull}205768[#205768]). +* Introduce airgapped config for bundled packages ({kibana-pull}202435[#202435]). +* Added `eventIngestedEnabled` flag ({kibana-pull}199733[#199733]). +Elastic Observability solution:: +* Fixes chat on the Alerts page ({kibana-pull}197126[#197126]). +Elastic Search solution:: +* Removing errors ({kibana-pull}202437[#202437]). +Elastic Security solution:: +For the Elastic Security 9.0.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. +Platform:: +* Added versioning to inventory_view_saved_object ({kibana-pull}207007[#207007]). +Other:: +* Update java.ts - removing serverless link ({kibana-pull}204571[#204571]). +* Disable O11y features in Security Serverless project ({kibana-pull}203990[#203990]). +* Trim down PR template ({kibana-pull}198617[#198617]). +* Small UI fixes for new Space creation/settings page ({kibana-pull}197303[#197303]). +* Fixes code scanning alert no. 456: Incomplete string escaping or encoding ({kibana-pull}193909[#193909]). +* Fixes code scanning alert : Incomplete string escaping or encoding ({kibana-pull}193365[#193365]). \ No newline at end of file From d41fe1412741e5e175af549e89bd1dd5c5bb00a1 Mon Sep 17 00:00:00 2001 From: Florent Le Borgne Date: Wed, 12 Feb 2025 15:15:29 +0100 Subject: [PATCH 2/7] edit content except breaking changes & deprecations --- .../release-notes-kibana.asciidoc | 81 ++++++------------- 1 file changed, 25 insertions(+), 56 deletions(-) diff --git a/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc index 801852ad9..971736fec 100644 --- a/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc +++ b/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc @@ -335,85 +335,54 @@ For more information, refer to ({kibana-pull}197421[#197421]). {kib} 9.0.0 adds the following new and notable features. Data ingestion and Fleet:: -* Delete unenrolled agents task ({kibana-pull}195544[#195544]). +* New setting allowing automatic deletion of unenrolled agents in Fleet settings ({kibana-pull}195544[#195544]). Elastic Security solution:: -For the Elastic Security 9.0.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. +For the Elastic Security 9.0.0 release information, refer to <>. Kibana security:: -* Update CEL flow to UX design ({kibana-pull}206491[#206491]). +* New interface for Automatic Import CEL generation flow ({kibana-pull}206491[#206491]). -For more information about the features introduced in 9.0.0, refer to <>. +//For more information about the features introduced in 9.0.0, refer to <>. [[enhancements-and-bug-fixes-v9.0.0]] == Enhancements and bug fixes -For detailed information about the 9.0.0 release, review the enhancements and bug fixes. +//For detailed information about the 9.0.0 release, review the enhancements and bug fixes. [float] [[enhancement-v9.0.0]] === Enhancements -Dashboards & Visualizations:: -* [Vega] Update default basemaps to adapt to the Borealis theme refresh ({kibana-pull}208114[#208114]). -//// -!!TODO!! The above PR had a lengthy release note description: -Elastic Maps Service basemaps shown in the Custom Visualization component (Vega) and in the Maps application and components alighn with the new dark and light theme. -//// +//Dashboards & Visualizations:: Data ingestion and Fleet:: -* Show reason for agent/endpoint uninstall ({kibana-pull}205815[#205815]). -//// -!!TODO!! The above PR had a lengthy release note description: -Improves filtering & visibility of `Uninstalled` and `Orphaned` Agents in Fleet, by differentiating them from `Offline` agents. Status filters have been added for both `Uninstalled` and `Orphaned` agents. Agent `status` runtime field has been updated to return accordingly when an agent is `uninstalled` or `orphaned`. Additionally, improved UI by hiding agent labels with `0` agent matches. -//// -* Update max supported package version ({kibana-pull}196675[#196675]). -* Remove old bundled.yaml from oas, fixed tags ({kibana-pull}194788[#194788]). +* Improves filtering and visibility of `Uninstalled` and `Orphaned` agents in Fleet, by differentiating them from `Offline` agents. +* Introduces air-gapped configuration for bundled packages ({kibana-pull}202435[#202435]). +* Updates removed parameters of the Fleet -> Logstash output configurations ({kibana-pull}210115[#210115]). +* Updates max supported package version ({kibana-pull}196675[#196675]). +//* Remove old bundled.yaml from oas, fixed tags ({kibana-pull}194788[#194788]). Elastic Security solution:: -For the Elastic Security 9.0.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. +For the Elastic Security 9.0.0 release information, refer to <>. Kibana security:: -* Use setup and troubleshooting templates in readme ({kibana-pull}206477[#206477]). -* Update Kibana Security components to use new EUI Borealis theme ({kibana-pull}201795[#201795]). -* Updated `js-yaml` to `4.1.0` ({kibana-pull}190678[#190678]). +* Updates `js-yaml` to `4.1.0` ({kibana-pull}190678[#190678]). Machine Learning:: -* Removing use of ignore_throttled ({kibana-pull}199107[#199107]). -Management:: -* Change bytes field title to Bytes and Bits ({kibana-pull}204346[#204346]). +* Removes use of `ignore_throttled` ({kibana-pull}199107[#199107]). Platform:: -* Adds warning header to deprecated endpoints ({kibana-pull}205926[#205926]). -* Set HTTP2 as default if SSL is enabled and add deprecation log if SSL is not enabled or protocol is set to HTTP1 ({kibana-pull}204384[#204384]). -Other:: -* Switch to 19Hz sampling frequency ({kibana-pull}202278[#202278]). -* Adds keyword builder pipeline ({kibana-pull}201616[#201616]). +* Adds warning header to deprecated API endpoints ({kibana-pull}205926[#205926]). +* Sets HTTP2 as default if SSL is enabled and adds deprecation log if SSL is not enabled or protocol is set to HTTP1 ({kibana-pull}204384[#204384]). [float] [[fixes-v9.0.0]] === Bug fixes Dashboards & Visualizations:: -* [Partition] Fix behind text coloring for `syncColors` in *Lens* ({kibana-pull}209632[#209632]). -//// -!!TODO!! The above PR had a lengthy release note description: -This fixes and issues where behind text colors were not correctly assigned, such as in `Pie`, `Treemap` and `Mosaic` charts. -//// -* Fixes issue with `Amsterdam` theme where charts render with the incorrect background color ({kibana-pull}209595[#209595]). -* Persist `runPastTimeout` setting ({kibana-pull}208611[#208611]). -* Force return 0 on empty buckets on count if null flag is disabled ({kibana-pull}207308[#207308]). -* Fixes eslint error ({kibana-pull}204972[#204972]). -* Avoid rerendering loop due to search context reload ({kibana-pull}203150[#203150]). -* Assign test files to presentation team ({kibana-pull}200209[#200209]). +* Fixes an issue in Lens where colors behind text were not correctly assigned, such as in `Pie`, `Treemap` and `Mosaic` charts. +//* Fixes an issue with `Amsterdam` theme where charts render with the incorrect background color ({kibana-pull}209595[#209595]). +* Fixes an issue where changing the *Ignore timeout results* control setting wasn't taken into account ({kibana-pull}208611[#208611]). +* Force returns 0 on empty buckets on count if `null` flag is disabled ({kibana-pull}207308[#207308]). +* Fixes infinite loading time for some charts due to search context reload ({kibana-pull}203150[#203150]). Data ingestion and Fleet:: -* Updates removed params of the Fleet -> Logstash output configurations ({kibana-pull}210115[#210115]). -* Fixes required validation for multi text input field ({kibana-pull}205768[#205768]). -* Introduce airgapped config for bundled packages ({kibana-pull}202435[#202435]). -* Added `eventIngestedEnabled` flag ({kibana-pull}199733[#199733]). +* Fixes a validation error happening on multi-text input fields ({kibana-pull}205768[#205768]). Elastic Observability solution:: * Fixes chat on the Alerts page ({kibana-pull}197126[#197126]). -Elastic Search solution:: -* Removing errors ({kibana-pull}202437[#202437]). +* Fixes an error that could prevent the Observability Infrastructure Inventory view from loading after an upgrade due to missing versioning on inventory_view_saved_object ({kibana-pull}207007[#207007]). Elastic Security solution:: -For the Elastic Security 9.0.0 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_]. +For the Elastic Security 9.0.0 release information, refer to <>. Platform:: -* Added versioning to inventory_view_saved_object ({kibana-pull}207007[#207007]). -Other:: -* Update java.ts - removing serverless link ({kibana-pull}204571[#204571]). -* Disable O11y features in Security Serverless project ({kibana-pull}203990[#203990]). -* Trim down PR template ({kibana-pull}198617[#198617]). -* Small UI fixes for new Space creation/settings page ({kibana-pull}197303[#197303]). -* Fixes code scanning alert no. 456: Incomplete string escaping or encoding ({kibana-pull}193909[#193909]). -* Fixes code scanning alert : Incomplete string escaping or encoding ({kibana-pull}193365[#193365]). \ No newline at end of file +* Fixes several interface inconsistencies on the Space creation and settings pages ({kibana-pull}197303[#197303]). \ No newline at end of file From 6484b70cb00d73df0b2fe860333cbd5d47b24fcd Mon Sep 17 00:00:00 2001 From: Florent Le Borgne Date: Wed, 12 Feb 2025 18:59:55 +0100 Subject: [PATCH 3/7] cleanup for review --- .../release-notes-kibana.asciidoc | 350 ++++++++++++------ 1 file changed, 240 insertions(+), 110 deletions(-) diff --git a/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc index 971736fec..fb74d89ea 100644 --- a/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc +++ b/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc @@ -8,6 +8,14 @@ coming::[9.0.0-beta1] For information about the {kib} 9.0.0 release, review the following information. +[float] +[[highlights-9.0.0]] +== Highlights + +[[highlight-borealis]] +*New UI theme*. {Kib} 9.0 introduces a more modern and refined look and feel. This new theme brings improvements at multiple levels of the interface that will make navigating Kibana and visualizing dashboards easier than ever before. + + [float] [[breaking-changes-9.0.0]] == Breaking changes @@ -15,311 +23,433 @@ For information about the {kib} 9.0.0 release, review the following information. Breaking changes can prevent your application from optimal operation and performance. Before you upgrade to 9.0.0, review the breaking changes, then mitigate the impact to your application. + +//Already added to upgrade notes [discrete] [[breaking-207906]] -* Remove deprecated bulk endpoints from v9.0.0. -[%collapsible] -==== -*Details* + -For more information, refer to ({kibana-pull}207906[#207906]). +.Removed legacy security rules bulk endpoints +[%collapsible] +==== +*Details* + +-- +* `POST /api/detection_engine/rules/_bulk_create` has been replaced by `POST /api/detection_engine/rules/_import` +* `PUT /api/detection_engine/rules/_bulk_update` has been replaced by `POST /api/detection_engine/rules/_bulk_action` +* `PATCH /api/detection_engine/rules/_bulk_update has been replaced by `POST /api/detection_engine/rules/_bulk_action` +* `DELETE /api/detection_engine/rules/_bulk_delete` has been replaced by `POST /api/detection_engine/rules/_bulk_action` +* `POST api/detection_engine/rules/_bulk_delete` has been replaced by `POST /api/detection_engine/rules/_bulk_action` +-- +These changes were introduced in {kibana-pull}197422[#197422]. +*Impact* + +Deprecated endpoints will fail with a 404 status code starting from version 9.0.0 +*Action* + +-- +Update your implementations to use the new endpoints: +* **For bulk creation of rules:** + - Use `POST /api/detection_engine/rules/_import` (link:{api-kibana}/operation/operation-importrules[API documentation]) to create multiple rules along with their associated entities (for example, exceptions and action connectors). + - Alternatively, create rules individually using `POST /api/detection_engine/rules` (link:{api-kibana}/operation/operation-createrule[API documentation]). +* **For bulk updates of rules:** + - Use `POST /api/detection_engine/rules/_bulk_action` (link:{api-kibana}/operation/operation-performrulesbulkaction[API documentation]) to update fields in multiple rules simultaneously. + - Alternatively, update rules individually using `PUT /api/detection_engine/rules` (link:{api-kibana}/operation/operation-updaterule[API documentation]). +* **For bulk deletion of rules:** + - Use `POST /api/detection_engine/rules/_bulk_action` (link:{api-kibana}/operation/operation-performrulesbulkaction[API documentation]) to delete multiple rules by IDs or query. + - Alternatively, delete rules individually using `DELETE /api/detection_engine/rules` (link:{api-kibana}/operation/operation-deleterule[API documentation]). +-- ==== - + +//Needs to be added to upgrade notes and detailed [discrete] [[breaking-203927]] -* Disable search sessions by default. +.Disable search sessions by default. [%collapsible] ==== *Details* + -For more information, refer to ({kibana-pull}203927[#203927]). +Search sessions are now disabled by default. For more information, refer to ({kibana-pull}203927[#203927]). ==== - + +//Already added to upgrade notes [discrete] [[breaking-202863]] -* Rework saved query privileges. +.Saved query privileges have been reworked [%collapsible] ==== *Details* + -For more information, refer to ({kibana-pull}202863[#202863]). +Saved query privileges have been reworked to rely solely on a single global `savedQueryManagement` privilege, and eliminate app-specific overrides (e.g. implicit access with `all` privilege for Discover, Dashboard, Maps, and Visualize apps). This change simplifies the security model and ensures consistency in the saved query management UI across Kibana, but results in different handling of saved query privileges for new user roles, and minor breaking changes to the existing management UX. +For more information, refer to {kibana-pull}202863[#202863]. +*Impact* + +The `savedQueryManagement` feature privilege now globally controls access to saved query management for all new user roles. Regardless of privileges for Discover, Dashboard, Maps, or Visualize, new user roles follow this behaviour: +. If `savedQueryManagement` is `none`, the user cannot see or access the saved query management UI or APIs. +. If `savedQueryManagement` is `read`, the user can load queries from the UI and access read APIs, but cannot save queries from the UI or make changes to queries through APIs. +. If `savedQueryManagement` is `all`, the user can both load and save queries from the UI and through APIs. +*Action* + +Existing user roles that were previously implicitly granted access to saved queries through the dashboard, discover, visualize, or maps feature privileges will retain that access to prevent breaking changes. While no action is required for existing roles, it’s still advisable to audit relevant roles and re-save them to migrate to the latest privileges model. For new roles, ensure that the savedQueryManagement privilege is set as needed. ==== - + +//Needs to be added to upgrade notes and detailed [discrete] [[breaking-202679]] -* Remove discover:searchFieldsFromSource setting. +.Removed `discover:searchFieldsFromSource` setting. [%collapsible] ==== *Details* + For more information, refer to ({kibana-pull}202679[#202679]). ==== - + +//Needs to be added to upgrade notes and detailed [discrete] [[breaking-202278]] -* Switch to 19Hz sampling frequency. +.Profiling now defaults to 19Hz sampling frequency. [%collapsible] ==== *Details* + For more information, refer to ({kibana-pull}202278[#202278]). ==== - + + +//Already added to upgrade notes [discrete] [[breaking-202250]] -* Disable scripted field creation in the Data Views management page. +.Scripted field creation has been disabled in the Data Views management page [%collapsible] ==== *Details* + -For more information, refer to ({kibana-pull}202250[#202250]). +The ability to create new scripted fields has been removed from the *Data Views* management page in 9.0. Existing scripted fields can still be edited or deleted, and the creation UI can be accessed by navigating directly to `/app/management/kibana/dataViews/dataView/{dataViewId}/create-field`, but we recommend migrating to runtime fields or ES|QL queries instead to prepare for removal. +For more information, refer to {kibana-pull}202250[#202250]. +*Impact* + +It will no longer be possible to create new scripted fields directly from the *Data Views* management page. +*Action* + +Migrate to runtime fields or ES|QL instead of creating new scripted fields. Existing scripted fields can still be edited or deleted. ==== - + +//Needs to be added to upgrade notes and detailed [discrete] [[breaking-201254]] -* Remove the legacy table. +.Removed the legacy table in Discover. [%collapsible] ==== *Details* + -For more information, refer to ({kibana-pull}201254[#201254]). +It's no longer possible to use the legacy documents table in Discover. To that effect, the `doc_table:legacy` and `truncate:maxHeight` deprecated advanced settings have been removed. For more information, refer to ({kibana-pull}201254[#201254]). ==== - + +//Needs to be added to upgrade notes and detailed [discrete] [[breaking-200834]] -* Use Kibana feature privileges only to control access to reporting. +.Now using Kibana feature privileges only to control access to reporting features. [%collapsible] ==== *Details* + -For more information, refer to ({kibana-pull}200834[#200834]). +The default system of granting users the privilege to generate reports has changed. Rather than assigning users the `reporting_user` role, administrators should create a custom role that grants report-creation privileges using Kibana application privileges. For more information, refer to ({kibana-pull}200834[#200834]). ==== - + +//Needs to be added to upgrade notes and detailed [discrete] [[breaking-200633]] -* Refactor timeline HTTP API. -[%collapsible] -==== -*Details* + -For more information, refer to ({kibana-pull}200633[#200633]). -==== - -[discrete] -[[breaking-200163]] -* Adding kibana upgrade deprecation warning apm_user removed. +.Refactored timeline HTTP API. [%collapsible] ==== *Details* + -For more information, refer to ({kibana-pull}200163[#200163]). +The timeline API endpoints were updated to conform to HTTP best practices. This includes returning better formatted response statuses and messages as well as top-level JSON object instead of nested bodies. For more information, refer to ({kibana-pull}200633[#200633]). ==== - + +//Needs to be added to upgrade notes and detailed [discrete] [[breaking-199598]] -* Remove deprecated APIs. +.Removed deprecated APIs for the Security solution. [%collapsible] ==== *Details* + +The removed APIs are: + +- `/api/endpoint/isolate` +- `/api/endpoint/unisolate` +- `/api/endpoint/policy/summaries` +- `/api/endpoint/suggestions/{suggestion_type}` +- `/api/endpoint/action_log/{agent_id}` + For more information, refer to ({kibana-pull}199598[#199598]). ==== - + +//Needs to be added to upgrade notes and detailed [discrete] [[breaking-199226]] -* Remove deprecated topics property for kafka output in favor of topic. +.Removed deprecated `topics` property for kafka output in favor of the `topic` property. [%collapsible] ==== *Details* + -For more information, refer to ({kibana-pull}199226[#199226]). +Removed deprecated property `topics` from output APIs in response and requests (`(GET|POST|PUT) /api/fleet/outputs`) in favor of the `topic` property. For more information, refer to ({kibana-pull}199226[#199226]). ==== +//Needs to be added to upgrade notes and detailed [discrete] [[breaking-199033]] -* Remove "download CSV" export type functionality. +.Removed the "Download CSV" export type functionality. [%collapsible] ==== *Details* + -For more information, refer to ({kibana-pull}199033[#199033]). +The functionality that allowed to download a CSV export from a dashboard's saved search panel without creating a report has been removed. To export CSV data from a dashboard panel, you may use the action menu of a saved search panel in a dashboard to generate a CSV report, and download the report from a toast popup when the report has finished generating. For more information, refer to ({kibana-pull}199033[#199033]). ==== + +//Needs to be added to upgrade notes and detailed [discrete] [[breaking-198799]] -* Remove deprecated settings API endpoints. +.Removed deprecated settings API endpoints in Fleet. [%collapsible] ==== *Details* + + +* `GET/DELETE/POST enrollment-api-keys`: removed in favor of `GET/DELETE/POST enrollment_api_keys` +* Removed `list` property from `GET enrollment_api_keys` response in favor of `items` +* `GET/POST /settings`: `fleet_server_hosts` was removed from the response and body + For more information, refer to ({kibana-pull}198799[#198799]). ==== +//Needs to be added to upgrade notes and detailed [discrete] [[breaking-198435]] -* Remove 7.x deprecated kibana.yml settings. +.Removed 7.x deprecated kibana.yml settings. [%collapsible] ==== *Details* + +The following deprecated configuration settings were removed: + +- `xpack.actions.customHostSettings.ssl.rejectUnauthorized` +- `xpack.actions.whitelistedHosts` +- `xpack.actions.rejectUnauthorized` +- `xpack.actions.proxyRejectUnauthorizedCertificates` +- `xpack.alerts.healthCheck` +- `xpack.alerts.invalidateApiKeysTask.interval` +- `xpack.alerts.invalidateApiKeysTask.removalDelay` +- `xpack.alerting.defaultRuleTaskTimeout` + For more information, refer to ({kibana-pull}198435[#198435]). ==== +//Needs to be added to upgrade notes and detailed [discrete] [[breaking-198434]] -* Remove deprecated epm APIs. +.Removed deprecated `epm` Fleet APIs. [%collapsible] ==== *Details* + + +* Removed `GET/POST/DELETE /epm/packages/:pkgkey` APIs in favor of `GET/POST/DELETE /epm/packages/:pkgName/:pkgVersion` +* Removed `experimental` query parameter in `GET /epm/packages` and `GET /epm/categories` +* Removed `response` in response in `* /epm/packages*` and `GET /epm/categories` +* Removed `savedObject` in `/epm/packages` response in favor of `installationInfo` + For more information, refer to ({kibana-pull}198434[#198434]). ==== +//Needs to be added to upgrade notes and detailed [discrete] [[breaking-198313]] -* Remove deprecated APIs for agents endpoints. +.Removed deprecated Fleet APIs for agents endpoints. [%collapsible] ==== *Details* + + +Removed API endpoints: + +* `POST /service-tokens` in favor of `POST /service_tokens` +* `GET /agent-status` in favor `GET /agent_status` +* `PUT /agents/:agentid/reassign` in favor of `POST /agents/:agentid/reassign` + +Removed deprecated parameters or responses: + +* Removed `total` from `GET /agent_status` response +* Removed `list` from `GET /agents` response + For more information, refer to ({kibana-pull}198313[#198313]). ==== - + +//Needs to be added to upgrade notes and detailed [discrete] [[breaking-197422]] -* Disable deprecated rules bulk CRUD API endpoints in Serverless and 9.0. +.Disabled deprecated rules `bulk` CRUD API endpoints. [%collapsible] ==== *Details* + + +The following deprecated `bulk` API endpoints for creating, updating and deleting detection rules were disabled: + +| Method | Endpoint | +| ------ | ------------------------------------------------------- | +| POST | /api/detection_engine/rules/\_bulk_create | +| PUT | /api/detection_engine/rules/\_bulk_update | +| PATCH | /api/detection_engine/rules/\_bulk_update | +| DELETE | /api/detection_engine/rules/\_bulk_delete | +| POST | /api/detection_engine/rules/\_bulk_delete | + For more information, refer to ({kibana-pull}197422[#197422]). ==== +//Needs to be added to upgrade notes and detailed [discrete] [[breaking-196887]] -* Limit pagination size when retrieving full policy or withAgentCount. +.Limit pagination size to 100 when retrieving full policy or `withAgentCount` in Fleet. [%collapsible] ==== *Details* + +In addition to the new pagination limit size of 100, retrieving agent policies without agent count is now the new default behavior, and a new query parameter `withAgentCount` was added to retrieve the agent count. + For more information, refer to ({kibana-pull}196887[#196887]). ==== +//Needs to be added to upgrade notes and detailed [discrete] [[breaking-193792]] -* Globally enforce internal API restriction. +.Usage restrictions on Kibana's internal APIs. [%collapsible] ==== *Details* + +Starting with this release, requests to internal Kibana APIs are globally restricted by default. This change is designed to provide more flexibility in making breaking changes to internal APIs while protecting external consumers from unexpected disruptions. + +Key Changes: + +* Internal API Access: External consumers no longer have access to Kibana’s internal APIs, which are now strictly reserved for internal development and subject to frequent changes. This helps ensure that external integrations only interact with stable, public APIs. +* Error Handling: When a request is made to an internal API without the proper internal identifier (header or query parameter), Kibana will respond with a 400 Bad Request error, indicating that the route exists but is not allowed under the current Kibana configuration. + For more information, refer to ({kibana-pull}193792[#193792]). ==== - -[float] -[[deprecations-9.0.0]] -== Deprecations - -The following functionality is deprecated in 9.0.0, and will be removed in 10.0.0. -Deprecated functionality does not have an immediate impact on your application, but we strongly recommend -you make the necessary updates after you upgrade to 9.0.0. +//Needs to be added to upgrade notes and detailed [discrete] [[deprecation-208208]] -* Removed deprecated get case status API. -[%collapsible] -==== -*Details* + -For more information, refer to ({kibana-pull}208208[#208208]). -==== - -[discrete] -[[deprecation-208086]] -* Removed deprecated get user actions API. +.Removed deprecated Cases APIs. [%collapsible] ==== *Details* + -or more information, refer to ({kibana-pull}208086[#208086]). -==== - -[discrete] -[[deprecation-207926]] -* Removed deprecated get all comments API. -[%collapsible] -==== -*Details* + -For more information, refer to ({kibana-pull}207926[#207926]). +The following Cases APIs were removed: + +- Get case status +- Get user actions +- Get all comments + +For more information, refer to ({kibana-pull}208208[#208208]), ({kibana-pull}208086[#208086]), and ({kibana-pull}207926[#207926]). ==== - + +//Needs to be added to upgrade notes and detailed [discrete] [[deprecation-207325]] -* Rename plugin to automatic import. +.Renamed `integration-assistant` plugin to `automatic-import`. [%collapsible] ==== *Details* + For more information, refer to ({kibana-pull}207325[#207325]). ==== - + +//Needs to be added to upgrade notes and detailed [discrete] [[deprecation-203996]] -* Disable log stream and settings pages. +.Disabled log stream and settings pages. [%collapsible] ==== *Details* + +Logs Stream and the logs settings page in Observability are removed. Use the Discover application, which now offers a contextual experience for logs, to explore your logs. The logs stream panel in dashboards is removed, use Discover sessions instead. + For more information, refer to ({kibana-pull}203996[#203996]). ==== - + +//Needs to be added to upgrade notes and detailed [discrete] [[deprecation-203856]] -* Removed `TLSv1.1` from default set of supported protocols. +.Removed `TLSv1.1` from the default set of supported protocols. [%collapsible] ==== *Details* + For more information, refer to ({kibana-pull}203856[#203856]). ==== - + + +//Needs to be added to upgrade notes and detailed [discrete] [[deprecation-203685]] -* Remove Logs Explorer. +.Removed Logs Explorer. [%collapsible] ==== *Details* + -For more information, refer to ({kibana-pull}203685[#203685]). +Logs Explorer has been removed. Instead, you can use Discover, that was improved to provide an optimal logs exploration experience. For more information, refer to ({kibana-pull}203685[#203685]). ==== - + +//Needs to be added to upgrade notes and detailed [discrete] [[deprecation-203148]] -* Deleted deprecated alerts routes. +.Deleted deprecated alerts routes. [%collapsible] ==== *Details* + -For more information, refer to ({kibana-pull}203148[#203148]). +The deprecated legacy alerts routes `api/alerts/alert` were removed. For more information, refer to ({kibana-pull}203148[#203148]). ==== - + +//Needs to be added to upgrade notes and detailed [discrete] [[deprecation-201810]] -* Remove all legacy risk engine code and features. +.Removed legacy risk engine features. [%collapsible] ==== *Details* + For more information, refer to ({kibana-pull}201810[#201810]). ==== - -[discrete] -[[deprecation-201313]] -* Remove ephemeral tasks from task manager plugin. -[%collapsible] -==== -*Details* + -For more information, refer to ({kibana-pull}201313[#201313]). -==== - + +//Needs to be added to upgrade notes and detailed [discrete] [[deprecation-199598]] -* Remove deprecated API's. +.Removed EDR Workflows deprecated APIs. [%collapsible] ==== *Details* + + +APIs removed: + +- `/api/endpoint/isolate` +- `/api/endpoint/unisolate` +- `/api/endpoint/policy/summaries` +- `/api/endpoint/suggestions/{suggestion_type}` +- `/api/endpoint/action_log/{agent_id}` + For more information, refer to ({kibana-pull}199598[#199598]). ==== +[float] +[[deprecations-9.0.0]] +== Deprecations + +The following functionality is deprecated in 9.0.0, and will be removed in 10.0.0. +Deprecated functionality does not have an immediate impact on your application, but we strongly recommend +you make the necessary updates after you upgrade to 9.0.0. + + [discrete] -[[deprecation-197802]] -* Remove `visualization:colorMapping` advanced setting. +[[deprecation-201313]] +.Removed ephemeral tasks from task manager, action, and alerting plugins. [%collapsible] ==== *Details* + -For more information, refer to ({kibana-pull}197802[#197802]). + +Deprecates the following configuration settings: + +* `xpack.task_manager.ephemeral_tasks.enabled` +* `xpack.task_manager.ephemeral_tasks.request_capacity` +* `xpack.alerting.maxEphemeralActionsPerAlert` + +No action is required on the user's end. These settings will no longer have any effect as ephemeral tasks are now removed. + +For more information, refer to ({kibana-pull}201313[#201313]). ==== + [discrete] -[[deprecation-197684]] -* Remove no longer used feature flags for GA features. +[[deprecation-197802]] +.Removed `visualization:colorMapping` advanced setting. [%collapsible] ==== *Details* + -For more information, refer to ({kibana-pull}197684[#197684]). +The `visualization:colorMapping` advanced setting for TSVB and Visualize charts has been removed. You can switch to Lens charts, which offer a more advanced, per-chart color mapping feature with enhanced configuration options. For more details, refer to link:https://github.com/elastic/kibana/pull/162389[#162389]. ==== + + [discrete] [[deprecation-197421]] * Remove ephemeral tasks from action and alerting plugins. From 4bd497f2a3ddb13f5153663d31e1e58c07fe0c73 Mon Sep 17 00:00:00 2001 From: Florent Le Borgne Date: Wed, 12 Feb 2025 19:07:00 +0100 Subject: [PATCH 4/7] minor fixes --- .../release-notes/release-notes-kibana.asciidoc | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc index fb74d89ea..113331bed 100644 --- a/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc +++ b/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc @@ -59,7 +59,7 @@ Update your implementations to use the new endpoints: //Needs to be added to upgrade notes and detailed [discrete] [[breaking-203927]] -.Disable search sessions by default. +.Disabled search sessions by default. [%collapsible] ==== *Details* + @@ -449,16 +449,6 @@ The `visualization:colorMapping` advanced setting for TSVB and Visualize charts ==== - -[discrete] -[[deprecation-197421]] -* Remove ephemeral tasks from action and alerting plugins. -[%collapsible] -==== -*Details* + -For more information, refer to ({kibana-pull}197421[#197421]). -==== - [float] [[features-9.0.0]] == Features From 67393453807473bdbe6056d42a36695a0221da67 Mon Sep 17 00:00:00 2001 From: florent-leborgne Date: Mon, 17 Feb 2025 10:29:09 +0100 Subject: [PATCH 5/7] Update docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc Co-authored-by: David Kilfoyle <41695641+kilfoyle@users.noreply.github.com> --- .../install-upgrade/release-notes/release-notes-kibana.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc index 113331bed..8f0faf3eb 100644 --- a/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc +++ b/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc @@ -473,7 +473,7 @@ Kibana security:: === Enhancements //Dashboards & Visualizations:: Data ingestion and Fleet:: -* Improves filtering and visibility of `Uninstalled` and `Orphaned` agents in Fleet, by differentiating them from `Offline` agents. +* Improves filtering and visibility of `Uninstalled` and `Orphaned` agents in Fleet, by differentiating them from `Offline` agents ({kibana-pull}205815[#205815]). * Introduces air-gapped configuration for bundled packages ({kibana-pull}202435[#202435]). * Updates removed parameters of the Fleet -> Logstash output configurations ({kibana-pull}210115[#210115]). * Updates max supported package version ({kibana-pull}196675[#196675]). From 849d62b9da6d8371c7bd722d5126d77a0015c3ad Mon Sep 17 00:00:00 2001 From: Florent Le Borgne Date: Mon, 17 Feb 2025 10:43:29 +0100 Subject: [PATCH 6/7] formatting --- .../release-notes-kibana.asciidoc | 22 +++++++++++++------ 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc index 113331bed..4654f974c 100644 --- a/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc +++ b/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc @@ -31,19 +31,22 @@ Before you upgrade to 9.0.0, review the breaking changes, then mitigate the impa [%collapsible] ==== *Details* + --- + * `POST /api/detection_engine/rules/_bulk_create` has been replaced by `POST /api/detection_engine/rules/_import` * `PUT /api/detection_engine/rules/_bulk_update` has been replaced by `POST /api/detection_engine/rules/_bulk_action` * `PATCH /api/detection_engine/rules/_bulk_update has been replaced by `POST /api/detection_engine/rules/_bulk_action` * `DELETE /api/detection_engine/rules/_bulk_delete` has been replaced by `POST /api/detection_engine/rules/_bulk_action` * `POST api/detection_engine/rules/_bulk_delete` has been replaced by `POST /api/detection_engine/rules/_bulk_action` --- + These changes were introduced in {kibana-pull}197422[#197422]. + *Impact* + Deprecated endpoints will fail with a 404 status code starting from version 9.0.0 + *Action* + --- + Update your implementations to use the new endpoints: + * **For bulk creation of rules:** - Use `POST /api/detection_engine/rules/_import` (link:{api-kibana}/operation/operation-importrules[API documentation]) to create multiple rules along with their associated entities (for example, exceptions and action connectors). - Alternatively, create rules individually using `POST /api/detection_engine/rules` (link:{api-kibana}/operation/operation-createrule[API documentation]). @@ -53,7 +56,7 @@ Update your implementations to use the new endpoints: * **For bulk deletion of rules:** - Use `POST /api/detection_engine/rules/_bulk_action` (link:{api-kibana}/operation/operation-performrulesbulkaction[API documentation]) to delete multiple rules by IDs or query. - Alternatively, delete rules individually using `DELETE /api/detection_engine/rules` (link:{api-kibana}/operation/operation-deleterule[API documentation]). --- + ==== //Needs to be added to upgrade notes and detailed @@ -75,11 +78,14 @@ Search sessions are now disabled by default. For more information, refer to ({ki *Details* + Saved query privileges have been reworked to rely solely on a single global `savedQueryManagement` privilege, and eliminate app-specific overrides (e.g. implicit access with `all` privilege for Discover, Dashboard, Maps, and Visualize apps). This change simplifies the security model and ensures consistency in the saved query management UI across Kibana, but results in different handling of saved query privileges for new user roles, and minor breaking changes to the existing management UX. For more information, refer to {kibana-pull}202863[#202863]. + *Impact* + The `savedQueryManagement` feature privilege now globally controls access to saved query management for all new user roles. Regardless of privileges for Discover, Dashboard, Maps, or Visualize, new user roles follow this behaviour: -. If `savedQueryManagement` is `none`, the user cannot see or access the saved query management UI or APIs. -. If `savedQueryManagement` is `read`, the user can load queries from the UI and access read APIs, but cannot save queries from the UI or make changes to queries through APIs. -. If `savedQueryManagement` is `all`, the user can both load and save queries from the UI and through APIs. + +* If `savedQueryManagement` is `none`, the user cannot see or access the saved query management UI or APIs. +* If `savedQueryManagement` is `read`, the user can load queries from the UI and access read APIs, but cannot save queries from the UI or make changes to queries through APIs. +* If `savedQueryManagement` is `all`, the user can both load and save queries from the UI and through APIs. + *Action* + Existing user roles that were previously implicitly granted access to saved queries through the dashboard, discover, visualize, or maps feature privileges will retain that access to prevent breaking changes. While no action is required for existing roles, it’s still advisable to audit relevant roles and re-save them to migrate to the latest privileges model. For new roles, ensure that the savedQueryManagement privilege is set as needed. ==== @@ -114,8 +120,10 @@ For more information, refer to ({kibana-pull}202278[#202278]). *Details* + The ability to create new scripted fields has been removed from the *Data Views* management page in 9.0. Existing scripted fields can still be edited or deleted, and the creation UI can be accessed by navigating directly to `/app/management/kibana/dataViews/dataView/{dataViewId}/create-field`, but we recommend migrating to runtime fields or ES|QL queries instead to prepare for removal. For more information, refer to {kibana-pull}202250[#202250]. + *Impact* + It will no longer be possible to create new scripted fields directly from the *Data Views* management page. + *Action* + Migrate to runtime fields or ES|QL instead of creating new scripted fields. Existing scripted fields can still be edited or deleted. ==== From 3071f1c79ceb717e2935a0a2e1eb8ebd1c403108 Mon Sep 17 00:00:00 2001 From: Florent Le Borgne Date: Mon, 17 Feb 2025 12:06:53 +0100 Subject: [PATCH 7/7] organize breaking changes section --- .../release-notes-kibana.asciidoc | 323 +++++++----------- 1 file changed, 114 insertions(+), 209 deletions(-) diff --git a/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc index 2a5670efb..e02816d5b 100644 --- a/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc +++ b/docs/en/install-upgrade/release-notes/release-notes-kibana.asciidoc @@ -23,41 +23,73 @@ For information about the {kib} 9.0.0 release, review the following information. Breaking changes can prevent your application from optimal operation and performance. Before you upgrade to 9.0.0, review the breaking changes, then mitigate the impact to your application. - -//Already added to upgrade notes +//Needs to be added to upgrade notes and detailed [discrete] -[[breaking-207906]] -.Removed legacy security rules bulk endpoints +[[breaking-193792]] +.Usage restrictions on Kibana's internal APIs. [%collapsible] ==== *Details* + +Starting with this release, requests to internal Kibana APIs are globally restricted by default. This change is designed to provide more flexibility in making breaking changes to internal APIs while protecting external consumers from unexpected disruptions. + +Key Changes: -* `POST /api/detection_engine/rules/_bulk_create` has been replaced by `POST /api/detection_engine/rules/_import` -* `PUT /api/detection_engine/rules/_bulk_update` has been replaced by `POST /api/detection_engine/rules/_bulk_action` -* `PATCH /api/detection_engine/rules/_bulk_update has been replaced by `POST /api/detection_engine/rules/_bulk_action` -* `DELETE /api/detection_engine/rules/_bulk_delete` has been replaced by `POST /api/detection_engine/rules/_bulk_action` -* `POST api/detection_engine/rules/_bulk_delete` has been replaced by `POST /api/detection_engine/rules/_bulk_action` +* Internal API Access: External consumers no longer have access to Kibana’s internal APIs, which are now strictly reserved for internal development and subject to frequent changes. This helps ensure that external integrations only interact with stable, public APIs. +* Error Handling: When a request is made to an internal API without the proper internal identifier (header or query parameter), Kibana will respond with a 400 Bad Request error, indicating that the route exists but is not allowed under the current Kibana configuration. -These changes were introduced in {kibana-pull}197422[#197422]. +For more information, refer to ({kibana-pull}193792[#193792]). +==== -*Impact* + -Deprecated endpoints will fail with a 404 status code starting from version 9.0.0 +**Alerts and cases** -*Action* + +//Needs to be added to upgrade notes and detailed +[discrete] +[[breaking-198435]] +.Removed 7.x deprecated kibana.yml settings. +[%collapsible] +==== +*Details* + +The following deprecated configuration settings were removed: + +- `xpack.actions.customHostSettings.ssl.rejectUnauthorized` +- `xpack.actions.whitelistedHosts` +- `xpack.actions.rejectUnauthorized` +- `xpack.actions.proxyRejectUnauthorizedCertificates` +- `xpack.alerts.healthCheck` +- `xpack.alerts.invalidateApiKeysTask.interval` +- `xpack.alerts.invalidateApiKeysTask.removalDelay` +- `xpack.alerting.defaultRuleTaskTimeout` + +For more information, refer to ({kibana-pull}198435[#198435]). +==== + +//Needs to be added to upgrade notes and detailed +[discrete] +[[deprecation-208208]] +.Removed deprecated Cases APIs. +[%collapsible] +==== +*Details* + +The following Cases APIs were removed: -Update your implementations to use the new endpoints: +- Get case status +- Get user actions +- Get all comments -* **For bulk creation of rules:** - - Use `POST /api/detection_engine/rules/_import` (link:{api-kibana}/operation/operation-importrules[API documentation]) to create multiple rules along with their associated entities (for example, exceptions and action connectors). - - Alternatively, create rules individually using `POST /api/detection_engine/rules` (link:{api-kibana}/operation/operation-createrule[API documentation]). -* **For bulk updates of rules:** - - Use `POST /api/detection_engine/rules/_bulk_action` (link:{api-kibana}/operation/operation-performrulesbulkaction[API documentation]) to update fields in multiple rules simultaneously. - - Alternatively, update rules individually using `PUT /api/detection_engine/rules` (link:{api-kibana}/operation/operation-updaterule[API documentation]). -* **For bulk deletion of rules:** - - Use `POST /api/detection_engine/rules/_bulk_action` (link:{api-kibana}/operation/operation-performrulesbulkaction[API documentation]) to delete multiple rules by IDs or query. - - Alternatively, delete rules individually using `DELETE /api/detection_engine/rules` (link:{api-kibana}/operation/operation-deleterule[API documentation]). +For more information, refer to ({kibana-pull}208208[#208208]), ({kibana-pull}208086[#208086]), and ({kibana-pull}207926[#207926]). +==== +//Needs to be added to upgrade notes and detailed +[discrete] +[[deprecation-203148]] +.Deleted deprecated alerts routes. +[%collapsible] ==== +*Details* + +The deprecated legacy alerts routes `api/alerts/alert` were removed. For more information, refer to ({kibana-pull}203148[#203148]). +==== + +**Discover and dashboards** //Needs to be added to upgrade notes and detailed [discrete] @@ -72,7 +104,7 @@ Search sessions are now disabled by default. For more information, refer to ({ki //Already added to upgrade notes [discrete] [[breaking-202863]] -.Saved query privileges have been reworked +.Saved query privileges have been reworked. [%collapsible] ==== *Details* + @@ -100,21 +132,20 @@ Existing user roles that were previously implicitly granted access to saved quer For more information, refer to ({kibana-pull}202679[#202679]). ==== -//Needs to be added to upgrade notes and detailed +//Needs to be added to upgrade notes and detailed [discrete] -[[breaking-202278]] -.Profiling now defaults to 19Hz sampling frequency. +[[breaking-201254]] +.Removed the legacy table in Discover. [%collapsible] ==== *Details* + -For more information, refer to ({kibana-pull}202278[#202278]). +It's no longer possible to use the legacy documents table in Discover. To that effect, the `doc_table:legacy` and `truncate:maxHeight` deprecated advanced settings have been removed. For more information, refer to ({kibana-pull}201254[#201254]). ==== - //Already added to upgrade notes [discrete] [[breaking-202250]] -.Scripted field creation has been disabled in the Data Views management page +.Scripted field creation has been disabled in the Data Views management page. [%collapsible] ==== *Details* + @@ -128,74 +159,47 @@ It will no longer be possible to create new scripted fields directly from the *D Migrate to runtime fields or ES|QL instead of creating new scripted fields. Existing scripted fields can still be edited or deleted. ==== -//Needs to be added to upgrade notes and detailed + + +**Elastic Observability solution** + +//Needs to be added to upgrade notes and detailed [discrete] -[[breaking-201254]] -.Removed the legacy table in Discover. +[[breaking-202278]] +.Profiling now defaults to 19Hz sampling frequency. [%collapsible] ==== *Details* + -It's no longer possible to use the legacy documents table in Discover. To that effect, the `doc_table:legacy` and `truncate:maxHeight` deprecated advanced settings have been removed. For more information, refer to ({kibana-pull}201254[#201254]). +For more information, refer to ({kibana-pull}202278[#202278]). ==== -//Needs to be added to upgrade notes and detailed +//Needs to be added to upgrade notes and detailed [discrete] -[[breaking-200834]] -.Now using Kibana feature privileges only to control access to reporting features. +[[deprecation-203996]] +.Disabled log stream and settings pages. [%collapsible] ==== *Details* + -The default system of granting users the privilege to generate reports has changed. Rather than assigning users the `reporting_user` role, administrators should create a custom role that grants report-creation privileges using Kibana application privileges. For more information, refer to ({kibana-pull}200834[#200834]). +Logs Stream and the logs settings page in Observability are removed. Use the Discover application, which now offers a contextual experience for logs, to explore your logs. The logs stream panel in dashboards is removed, use Discover sessions instead. + +For more information, refer to ({kibana-pull}203996[#203996]). ==== -//Needs to be added to upgrade notes and detailed +//Needs to be added to upgrade notes and detailed [discrete] -[[breaking-200633]] -.Refactored timeline HTTP API. +[[deprecation-203685]] +.Removed Logs Explorer. [%collapsible] ==== *Details* + -The timeline API endpoints were updated to conform to HTTP best practices. This includes returning better formatted response statuses and messages as well as top-level JSON object instead of nested bodies. For more information, refer to ({kibana-pull}200633[#200633]). -==== - -//Needs to be added to upgrade notes and detailed -[discrete] -[[breaking-199598]] -.Removed deprecated APIs for the Security solution. -[%collapsible] +Logs Explorer has been removed. Instead, you can use Discover, that was improved to provide an optimal logs exploration experience. For more information, refer to ({kibana-pull}203685[#203685]). ==== -*Details* + -The removed APIs are: -- `/api/endpoint/isolate` -- `/api/endpoint/unisolate` -- `/api/endpoint/policy/summaries` -- `/api/endpoint/suggestions/{suggestion_type}` -- `/api/endpoint/action_log/{agent_id}` +**Elastic Security solution** -For more information, refer to ({kibana-pull}199598[#199598]). -==== +For the Elastic Security 9.0.0 release information, refer to <>. -//Needs to be added to upgrade notes and detailed -[discrete] -[[breaking-199226]] -.Removed deprecated `topics` property for kafka output in favor of the `topic` property. -[%collapsible] -==== -*Details* + -Removed deprecated property `topics` from output APIs in response and requests (`(GET|POST|PUT) /api/fleet/outputs`) in favor of the `topic` property. For more information, refer to ({kibana-pull}199226[#199226]). -==== - -//Needs to be added to upgrade notes and detailed -[discrete] -[[breaking-199033]] -.Removed the "Download CSV" export type functionality. -[%collapsible] -==== -*Details* + -The functionality that allowed to download a CSV export from a dashboard's saved search panel without creating a report has been removed. To export CSV data from a dashboard panel, you may use the action menu of a saved search panel in a dashboard to generate a CSV report, and download the report from a toast popup when the report has finished generating. For more information, refer to ({kibana-pull}199033[#199033]). -==== - +**Data ingestion and Fleet** //Needs to be added to upgrade notes and detailed [discrete] @@ -211,44 +215,7 @@ The functionality that allowed to download a CSV export from a dashboard's saved For more information, refer to ({kibana-pull}198799[#198799]). ==== - -//Needs to be added to upgrade notes and detailed -[discrete] -[[breaking-198435]] -.Removed 7.x deprecated kibana.yml settings. -[%collapsible] -==== -*Details* + -The following deprecated configuration settings were removed: - -- `xpack.actions.customHostSettings.ssl.rejectUnauthorized` -- `xpack.actions.whitelistedHosts` -- `xpack.actions.rejectUnauthorized` -- `xpack.actions.proxyRejectUnauthorizedCertificates` -- `xpack.alerts.healthCheck` -- `xpack.alerts.invalidateApiKeysTask.interval` -- `xpack.alerts.invalidateApiKeysTask.removalDelay` -- `xpack.alerting.defaultRuleTaskTimeout` - -For more information, refer to ({kibana-pull}198435[#198435]). -==== - -//Needs to be added to upgrade notes and detailed -[discrete] -[[breaking-198434]] -.Removed deprecated `epm` Fleet APIs. -[%collapsible] -==== -*Details* + - -* Removed `GET/POST/DELETE /epm/packages/:pkgkey` APIs in favor of `GET/POST/DELETE /epm/packages/:pkgName/:pkgVersion` -* Removed `experimental` query parameter in `GET /epm/packages` and `GET /epm/categories` -* Removed `response` in response in `* /epm/packages*` and `GET /epm/categories` -* Removed `savedObject` in `/epm/packages` response in favor of `installationInfo` -For more information, refer to ({kibana-pull}198434[#198434]). -==== - //Needs to be added to upgrade notes and detailed [discrete] [[breaking-198313]] @@ -273,92 +240,68 @@ For more information, refer to ({kibana-pull}198313[#198313]). //Needs to be added to upgrade notes and detailed [discrete] -[[breaking-197422]] -.Disabled deprecated rules `bulk` CRUD API endpoints. +[[breaking-198434]] +.Removed deprecated `epm` Fleet APIs. [%collapsible] ==== *Details* + -The following deprecated `bulk` API endpoints for creating, updating and deleting detection rules were disabled: - -| Method | Endpoint | -| ------ | ------------------------------------------------------- | -| POST | /api/detection_engine/rules/\_bulk_create | -| PUT | /api/detection_engine/rules/\_bulk_update | -| PATCH | /api/detection_engine/rules/\_bulk_update | -| DELETE | /api/detection_engine/rules/\_bulk_delete | -| POST | /api/detection_engine/rules/\_bulk_delete | +* Removed `GET/POST/DELETE /epm/packages/:pkgkey` APIs in favor of `GET/POST/DELETE /epm/packages/:pkgName/:pkgVersion` +* Removed `experimental` query parameter in `GET /epm/packages` and `GET /epm/categories` +* Removed `response` in response in `* /epm/packages*` and `GET /epm/categories` +* Removed `savedObject` in `/epm/packages` response in favor of `installationInfo` -For more information, refer to ({kibana-pull}197422[#197422]). -==== - -//Needs to be added to upgrade notes and detailed -[discrete] -[[breaking-196887]] -.Limit pagination size to 100 when retrieving full policy or `withAgentCount` in Fleet. -[%collapsible] +For more information, refer to ({kibana-pull}198434[#198434]). ==== -*Details* + -In addition to the new pagination limit size of 100, retrieving agent policies without agent count is now the new default behavior, and a new query parameter `withAgentCount` was added to retrieve the agent count. -For more information, refer to ({kibana-pull}196887[#196887]). -==== - //Needs to be added to upgrade notes and detailed [discrete] -[[breaking-193792]] -.Usage restrictions on Kibana's internal APIs. +[[breaking-199226]] +.Removed deprecated `topics` property for kafka output in favor of the `topic` property. [%collapsible] ==== *Details* + -Starting with this release, requests to internal Kibana APIs are globally restricted by default. This change is designed to provide more flexibility in making breaking changes to internal APIs while protecting external consumers from unexpected disruptions. - -Key Changes: - -* Internal API Access: External consumers no longer have access to Kibana’s internal APIs, which are now strictly reserved for internal development and subject to frequent changes. This helps ensure that external integrations only interact with stable, public APIs. -* Error Handling: When a request is made to an internal API without the proper internal identifier (header or query parameter), Kibana will respond with a 400 Bad Request error, indicating that the route exists but is not allowed under the current Kibana configuration. - -For more information, refer to ({kibana-pull}193792[#193792]). +Removed deprecated property `topics` from output APIs in response and requests (`(GET|POST|PUT) /api/fleet/outputs`) in favor of the `topic` property. For more information, refer to ({kibana-pull}199226[#199226]). ==== //Needs to be added to upgrade notes and detailed [discrete] -[[deprecation-208208]] -.Removed deprecated Cases APIs. +[[breaking-196887]] +.Limit pagination size to 100 when retrieving full policy or `withAgentCount` in Fleet. [%collapsible] ==== *Details* + -The following Cases APIs were removed: - -- Get case status -- Get user actions -- Get all comments +In addition to the new pagination limit size of 100, retrieving agent policies without agent count is now the new default behavior, and a new query parameter `withAgentCount` was added to retrieve the agent count. -For more information, refer to ({kibana-pull}208208[#208208]), ({kibana-pull}208086[#208086]), and ({kibana-pull}207926[#207926]). +For more information, refer to ({kibana-pull}196887[#196887]). ==== -//Needs to be added to upgrade notes and detailed +**Reporting** + +//Needs to be added to upgrade notes and detailed [discrete] -[[deprecation-207325]] -.Renamed `integration-assistant` plugin to `automatic-import`. +[[breaking-200834]] +.Now using Kibana feature privileges only to control access to reporting features. [%collapsible] ==== *Details* + -For more information, refer to ({kibana-pull}207325[#207325]). +The default system of granting users the privilege to generate reports has changed. Rather than assigning users the `reporting_user` role, administrators should create a custom role that grants report-creation privileges using Kibana application privileges. For more information, refer to ({kibana-pull}200834[#200834]). ==== -//Needs to be added to upgrade notes and detailed + +//Needs to be added to upgrade notes and detailed [discrete] -[[deprecation-203996]] -.Disabled log stream and settings pages. +[[breaking-199033]] +.Removed the "Download CSV" export type functionality. [%collapsible] ==== *Details* + -Logs Stream and the logs settings page in Observability are removed. Use the Discover application, which now offers a contextual experience for logs, to explore your logs. The logs stream panel in dashboards is removed, use Discover sessions instead. - -For more information, refer to ({kibana-pull}203996[#203996]). +The functionality that allowed to download a CSV export from a dashboard's saved search panel without creating a report has been removed. To export CSV data from a dashboard panel, you may use the action menu of a saved search panel in a dashboard to generate a CSV report, and download the report from a toast popup when the report has finished generating. For more information, refer to ({kibana-pull}199033[#199033]). ==== + +**Kibana security** + //Needs to be added to upgrade notes and detailed [discrete] [[deprecation-203856]] @@ -369,55 +312,17 @@ For more information, refer to ({kibana-pull}203996[#203996]). For more information, refer to ({kibana-pull}203856[#203856]). ==== - -//Needs to be added to upgrade notes and detailed -[discrete] -[[deprecation-203685]] -.Removed Logs Explorer. -[%collapsible] -==== -*Details* + -Logs Explorer has been removed. Instead, you can use Discover, that was improved to provide an optimal logs exploration experience. For more information, refer to ({kibana-pull}203685[#203685]). -==== - -//Needs to be added to upgrade notes and detailed -[discrete] -[[deprecation-203148]] -.Deleted deprecated alerts routes. -[%collapsible] -==== -*Details* + -The deprecated legacy alerts routes `api/alerts/alert` were removed. For more information, refer to ({kibana-pull}203148[#203148]). -==== - -//Needs to be added to upgrade notes and detailed +//Needs to be added to upgrade notes and detailed [discrete] -[[deprecation-201810]] -.Removed legacy risk engine features. +[[deprecation-207325]] +.Renamed `integration-assistant` plugin to `automatic-import`. [%collapsible] ==== *Details* + -For more information, refer to ({kibana-pull}201810[#201810]). -==== - -//Needs to be added to upgrade notes and detailed -[discrete] -[[deprecation-199598]] -.Removed EDR Workflows deprecated APIs. -[%collapsible] +For more information, refer to ({kibana-pull}207325[#207325]). ==== -*Details* + - -APIs removed: -- `/api/endpoint/isolate` -- `/api/endpoint/unisolate` -- `/api/endpoint/policy/summaries` -- `/api/endpoint/suggestions/{suggestion_type}` -- `/api/endpoint/action_log/{agent_id}` -For more information, refer to ({kibana-pull}199598[#199598]). -==== [float] [[deprecations-9.0.0]]