elastic
diff --git a/‎client/test/build.gradle‎
Lines changed: 3 additions & 3 deletions b/‎client/test/build.gradle‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎docs/changelog/120944.yaml‎
Lines changed: 6 additions & 0 deletions b/‎docs/changelog/120944.yaml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎docs/changelog/121196.yaml‎
Lines changed: 5 additions & 0 deletions b/‎docs/changelog/121196.yaml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎docs/changelog/121667.yaml‎
Lines changed: 11 additions & 0 deletions b/‎docs/changelog/121667.yaml‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎docs/changelog/121911.yaml‎
Lines changed: 5 additions & 0 deletions b/‎docs/changelog/121911.yaml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎gradle/build.versions.toml‎
Lines changed: 1 addition & 1 deletion b/‎gradle/build.versions.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎gradle/verification-metadata.xml‎
Lines changed: 9 additions & 9 deletions b/‎gradle/verification-metadata.xml‎
Lines changed: 9 additions & 9 deletions
diff --git a/‎libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/AbstractEntitlementsIT.java‎
Lines changed: 11 additions & 5 deletions b/‎libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/AbstractEntitlementsIT.java‎
Lines changed: 11 additions & 5 deletions
diff --git a/‎libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/FileAccessTree.java‎
Lines changed: 9 additions & 8 deletions b/‎libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/FileAccessTree.java‎
Lines changed: 9 additions & 8 deletions
diff --git a/‎libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/PolicyManager.java‎
Lines changed: 12 additions & 19 deletions b/‎libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/PolicyManager.java‎
Lines changed: 12 additions & 19 deletions
@@ -28,9 +28,9 @@ dependencies {
   api "org.hamcrest:hamcrest:${versions.hamcrest}"
 
   // mockito
-  api 'org.mockito:mockito-core:5.11.0'
-  api 'org.mockito:mockito-subclass:5.11.0'
-  api 'net.bytebuddy:byte-buddy:1.14.12'
+  api 'org.mockito:mockito-core:5.15.2'
+  api 'org.mockito:mockito-subclass:5.15.2'
+  api 'net.bytebuddy:byte-buddy:1.15.11'
   api 'org.objenesis:objenesis:3.3'
 }
 
 
@@ -0,0 +1,6 @@
+pr: 120944
+summary: Aggregations cancellation after collection
+area: Aggregations
+type: bug
+issues:
+ - 108701
@@ -0,0 +1,5 @@
+pr: 121196
+summary: Fix geoip databases index access after system feature migration
+area: Ingest Node
+type: bug
+issues: []
@@ -0,0 +1,11 @@
+pr: 121667
+summary: Add deprecation warning for flush API
+area: Machine Learning
+type: deprecation
+issues:
+ - 121506
+deprecation:
+  title: Add deprecation warning for flush API
+  area: REST API
+  details: The anomaly detection job flush API is deprecated since it is only required for the post data API, which was deprecated since 7.11.0.
+  impact: This should have a minimal impact on users as the flush API is only required for the post data API, which was deprecated since 7.11.0.
@@ -0,0 +1,5 @@
+pr: 121911
+summary: Fix ENRICH validation for use of wildcards
+area: ES|QL
+type: bug
+issues: []
@@ -11,7 +11,7 @@ apache-compress = "org.apache.commons:commons-compress:1.26.1"
 apache-rat = "org.apache.rat:apache-rat:0.11"
 asm = { group = "org.ow2.asm", name="asm", version.ref="asm" }
 asm-tree = { group = "org.ow2.asm", name="asm-tree", version.ref="asm" }
-bytebuddy = "net.bytebuddy:byte-buddy:1.14.12"
+bytebuddy = "net.bytebuddy:byte-buddy:1.15.11"
 checkstyle = "com.puppycrawl.tools:checkstyle:10.3"
 commons-codec = "commons-codec:commons-codec:1.11"
 commmons-io = "commons-io:commons-io:2.2"
 
@@ -1724,9 +1724,9 @@
             <sha256 value="1d31696445697720527091754369082a6651bd49781b6005deb94e56753406f9" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="net.bytebuddy" name="byte-buddy" version="1.14.12">
-         <artifact name="byte-buddy-1.14.12.jar">
-            <sha256 value="970636134d61c183b19f8f58fa631e30d2f2abca344b37848a393cac7863dd70" origin="Generated by Gradle"/>
+      <component group="net.bytebuddy" name="byte-buddy" version="1.15.11">
+         <artifact name="byte-buddy-1.15.11.jar">
+            <sha256 value="fa08998aae1e7bdae83bde0712c50e8444d71c0e0c196bb2247ade8d4ad0eb90" origin="Generated by Gradle"/>
          </artifact>
       </component>
       <component group="net.java.dev.jets3t" name="jets3t" version="0.9.0">
@@ -4118,14 +4118,14 @@
             <sha256 value="f97483ba0944b9fa133aa29638764ddbeadb51ec3dbc02074c58fa2caecd07fa" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="org.mockito" name="mockito-core" version="5.11.0">
-         <artifact name="mockito-core-5.11.0.jar">
-            <sha256 value="f076c96b1f49b8d9bc42e46b0969aaf5684c40c8b5b679d400e5d880073a0e00" origin="Generated by Gradle"/>
+      <component group="org.mockito" name="mockito-core" version="5.15.2">
+         <artifact name="mockito-core-5.15.2.jar">
+            <sha256 value="bf48b7372d9491d5ec8aebb4cdd187d15663931599c0fbe7410166ce0e1e58ff" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="org.mockito" name="mockito-subclass" version="5.11.0">
-         <artifact name="mockito-subclass-5.11.0.jar">
-            <sha256 value="61e65116bf6178cd3a5f1cecc0d73d68395e7c175d07a7f9478650f55b36fb1d" origin="Generated by Gradle"/>
+      <component group="org.mockito" name="mockito-subclass" version="5.15.2">
+         <artifact name="mockito-subclass-5.15.2.jar">
+            <sha256 value="bf332f658d5437446525911449da3474be170053735bf870ac2caaeaffc2fd34" origin="Generated by Gradle"/>
          </artifact>
       </component>
       <component group="org.mortbay.jetty" name="jetty" version="6.1.26">
 
@@ -34,11 +34,17 @@ public abstract class AbstractEntitlementsIT extends ESRestTestCase {
                 Map.of("properties", List.of("es.entitlements.checkSetSystemProperty", "es.entitlements.checkClearSystemProperty"))
             )
         );
-
-        builder.value(Map.of("file", Map.of("path", tempDir.resolve("read_dir"), "mode", "read")));
-        builder.value(Map.of("file", Map.of("path", tempDir.resolve("read_write_dir"), "mode", "read_write")));
-        builder.value(Map.of("file", Map.of("path", tempDir.resolve("read_file"), "mode", "read")));
-        builder.value(Map.of("file", Map.of("path", tempDir.resolve("read_write_file"), "mode", "read_write")));
+        builder.value(
+            Map.of(
+                "files",
+                List.of(
+                    Map.of("path", tempDir.resolve("read_dir"), "mode", "read"),
+                    Map.of("path", tempDir.resolve("read_write_dir"), "mode", "read_write"),
+                    Map.of("path", tempDir.resolve("read_file"), "mode", "read"),
+                    Map.of("path", tempDir.resolve("read_write_file"), "mode", "read_write")
+                )
+            )
+        );
     };
 
     private final String actionName;
 
@@ -9,7 +9,7 @@
 
 package org.elasticsearch.entitlement.runtime.policy;
 
-import org.elasticsearch.entitlement.runtime.policy.entitlements.FileEntitlement;
+import org.elasticsearch.entitlement.runtime.policy.entitlements.FilesEntitlement;
 
 import java.nio.file.Path;
 import java.util.ArrayList;
@@ -20,18 +20,19 @@
 import static org.elasticsearch.core.PathUtils.getDefaultFileSystem;
 
 public final class FileAccessTree {
-    public static final FileAccessTree EMPTY = new FileAccessTree(List.of());
+    public static final FileAccessTree EMPTY = new FileAccessTree(FilesEntitlement.EMPTY);
     private static final String FILE_SEPARATOR = getDefaultFileSystem().getSeparator();
 
     private final String[] readPaths;
     private final String[] writePaths;
 
-    private FileAccessTree(List<FileEntitlement> fileEntitlements) {
+    private FileAccessTree(FilesEntitlement filesEntitlement) {
         List<String> readPaths = new ArrayList<>();
         List<String> writePaths = new ArrayList<>();
-        for (FileEntitlement fileEntitlement : fileEntitlements) {
-            String path = normalizePath(Path.of(fileEntitlement.path()));
-            if (fileEntitlement.mode() == FileEntitlement.Mode.READ_WRITE) {
+        for (FilesEntitlement.FileData fileData : filesEntitlement.filesData()) {
+            var path = normalizePath(Path.of(fileData.path()));
+            var mode = fileData.mode();
+            if (mode == FilesEntitlement.Mode.READ_WRITE) {
                 writePaths.add(path);
             }
             readPaths.add(path);
@@ -44,8 +45,8 @@ private FileAccessTree(List<FileEntitlement> fileEntitlements) {
         this.writePaths = writePaths.toArray(new String[0]);
     }
 
-    public static FileAccessTree of(List<FileEntitlement> fileEntitlements) {
-        return new FileAccessTree(fileEntitlements);
+    public static FileAccessTree of(FilesEntitlement filesEntitlement) {
+        return new FileAccessTree(filesEntitlement);
     }
 
     boolean canRead(Path path) {
 
@@ -16,7 +16,7 @@
 import org.elasticsearch.entitlement.runtime.policy.entitlements.CreateClassLoaderEntitlement;
 import org.elasticsearch.entitlement.runtime.policy.entitlements.Entitlement;
 import org.elasticsearch.entitlement.runtime.policy.entitlements.ExitVMEntitlement;
-import org.elasticsearch.entitlement.runtime.policy.entitlements.FileEntitlement;
+import org.elasticsearch.entitlement.runtime.policy.entitlements.FilesEntitlement;
 import org.elasticsearch.entitlement.runtime.policy.entitlements.InboundNetworkEntitlement;
 import org.elasticsearch.entitlement.runtime.policy.entitlements.LoadNativeLibrariesEntitlement;
 import org.elasticsearch.entitlement.runtime.policy.entitlements.OutboundNetworkEntitlement;
@@ -73,14 +73,16 @@ public static ModuleEntitlements none(String componentName) {
         }
 
         public static ModuleEntitlements from(String componentName, List<Entitlement> entitlements) {
-            var fileEntitlements = entitlements.stream()
-                .filter(e -> e.getClass().equals(FileEntitlement.class))
-                .map(e -> (FileEntitlement) e)
-                .toList();
+            FilesEntitlement filesEntitlement = FilesEntitlement.EMPTY;
+            for (Entitlement entitlement : entitlements) {
+                if (entitlement instanceof FilesEntitlement) {
+                    filesEntitlement = (FilesEntitlement) entitlement;
+                }
+            }
             return new ModuleEntitlements(
                 componentName,
                 entitlements.stream().collect(groupingBy(Entitlement::getClass)),
-                FileAccessTree.of(fileEntitlements)
+                FileAccessTree.of(filesEntitlement)
             );
         }
 
@@ -164,23 +166,14 @@ private static Map<String, List<Entitlement>> buildScopeEntitlementsMap(Policy p
     }
 
     private static void validateEntitlementsPerModule(String componentName, String moduleName, List<Entitlement> entitlements) {
-        Set<Class<? extends Entitlement>> flagEntitlements = new HashSet<>();
+        Set<Class<? extends Entitlement>> found = new HashSet<>();
         for (var e : entitlements) {
-            if (e instanceof FileEntitlement) {
-                continue;
-            }
-            if (flagEntitlements.contains(e.getClass())) {
+            if (found.contains(e.getClass())) {
                 throw new IllegalArgumentException(
-                    "["
-                        + componentName
-                        + "] using module ["
-                        + moduleName
-                        + "] found duplicate flag entitlements ["
-                        + e.getClass().getName()
-                        + "]"
+                    "[" + componentName + "] using module [" + moduleName + "] found duplicate entitlement [" + e.getClass().getName() + "]"
                 );
             }
-            flagEntitlements.add(e.getClass());
+            found.add(e.getClass());
         }
     }