Skip to content

release-notes-8.19.asciidoc

Latest commit

 

History

History
531 lines (395 loc) · 24.6 KB

release-notes-8.19.asciidoc

File metadata and controls

531 lines (395 loc) · 24.6 KB

Release notes

This section summarizes the changes in each release.

Also see:

  • {kibana-ref}/release-notes.html[{kib} release notes]

  • {beats-ref}/release-notes.html[{beats} release notes]

{fleet} and {agent} 8.19.7

Bug fixes

Elastic Agent

  • Fix quoting of boolean values in Helm charts. #10681

  • Fix issue where switching to OTEL runtime would cause data to be re-ingested. #10857

  • Fix signal handling for the EDOT Collector. #10908

  • Reload agent binary source settings as configured in Fleet. #10993

Fleet Server

  • Fix issue that prevented checkin local_metadata from being updated. #5824

  • Fix issue where a malformed components field prevented agent authentication. #5858

{fleet} and {agent} 8.19.6

New features and enhancements

Elastic Agent

  • Add logs_metrics_traces.yml sample in EDOT for Windows. #10514

  • Include OTel Collector internal telemetry in Agent monitoring. #9928

  • Update OTel Collector components to v0.137.0. #10391

Fleet Server

  • Update Go to v1.25.3. #5699

Bug fixes

Elastic Agent

  • Improve logging to catch early errors on startup. #10158 #9099

  • Fix an incorrectly formatted log message when a provider fails. #10217

  • Inspect: Handle components with slashes in their name. #10442

{fleet} and {agent} 8.19.5

New features and enhancements

Elastic Agent

  • Agent cleans up downloads directory and the new versioned home if upgrade fails. #9386 #5235

  • When there is a disk space error during an upgrade, agent responds with clean insufficient disk space error message. #9392 #5235

  • Add Headers Setter extension to EDOT Collector. #9903 #9889

  • Update OTel components to v0.132.0. #9964

Bug fixes

Elastic Agent

  • Include aggregated agent status in HTTP liveness checks. #9673 #9576

  • Reduce-default-telemetry-frequency. #9987

  • Fix stuck upgrade state by clearing coordinator overridden state after failed upgrade. #9992

  • Include components units status in HTTP liveness checks. #10060 #8047

{fleet} and {agent} 8.19.4

New features and enhancements

Elastic Agent

  • Bump kube-stack Helm Chart to 0.9.1 and enable the cluster collector. #9535

  • Enhanced loggers for easier debugging of upgrade related issues. #9689 #9536

Bug fixes

Elastic Agent

  • Redact secrets from pre-config, computed-config, components-expected, and components-actual files in diagnostics archive. #9560

  • Retry service start command upon failure with 30-second delay. #9313

  • Fix reporting of scheduled upgrade details across restarts and cancels. #9562 #8778

  • Enable root user to re-enroll unprivileged agent for mac and linux. #9603 #8544

  • Fix missing liveness healthcheck during container enrollment. #9612 #9611

  • Enable admin user to re-enroll unprivileged agent for windows. #9623 #8544

  • Treat exit code 284 from Endpoint binary as non-fatal. #9687

  • Ensure failed upgrade actions are removed from queue and details are set. #9634 #9629

Fleet Server

  • Restore connection limiter. #5372

    Restore connection level limiter to prevent OOM incidents. This limiter is used in addition to the request-level throttle so that once our in-flight requests reaches max_connections a 429 is returned, but if the total connections the server uses is over max_connections*1.1 the server drops the connection before the TLS handshake.

  • Build fleet-server as fully static binary to restore OS matrix compatibility. #5392 #5262

{fleet} and {agent} 8.19.3

Review important information about the 8.19.3 release.

Known issues

fleet-agents template is missing mappings

Security updates

Elastic Agent

  • Upgrade Go version to 1.24.6. #9287

New features

The 8.19.3 release adds the following new and notable features.

Elastic Agent

  • Adjust the timeout for Elastic Defend check command. #9213

Enhancements

Elastic Agent

  • Update OTel components to v0.130.0. #9343

Bug fixes

Elastic Agent

  • On Windows, retry saving the Agent information file to disk. #9224 #5862

  • Correct hints annotations parsing to resolve only ${Kubernetes.*} placeholders instead of resolving all ${…​} patterns. #9307

  • Treat exit code 28 from endpoint binary as non-fatal. #9320

  • Fixed jitter backoff strategy reset. #9342 #8864

  • Fix Docker container failing to start with no matching vars: ${Env.elasticsearch_api_key:} and similar errors by restoring support for : to set default values. #9451 #9328

  • Fix deb upgrade by stopping elastic-agent service before stopping endpoint. #9462

Fleet Server

  • Fix 503 handling in enrollment. #5232 #5197

  • Remove extra ES search when preparing agent policy. #5283

  • Reset trace links on bulk items when returning to pool. #5317

{fleet} and {agent} 8.19.2

Review important information about the 8.19.2 release.

Known issues

fleet-agents template is missing mappings

Bug fixes

Fleet Server

{fleet} and {agent} 8.19.1

Review important information about the 8.19.1 release.

Known issues

fleet-agents template is missing mappings

New features

The 8.19.1 release adds the following new and notable features.

Elastic Agent

  • Add K8s leader elector OTel extension. #9065

Enhancements

Elastic Agent

  • Include the forwardconnector as an EDOT Collector component. #8753

  • Update OTel components to v0.129.0. #8819

  • Update APM config extension to v0.4.0. #8819

  • Update Elastic trace processor to v0.7.0. #8819

  • Update Elastic APM connector to v0.4.0. #8819

  • Update API key auth extension to v0.2.0. #8819

  • Update Elastic infra metrics processor to v0.16.0. #8819

  • Rename OTel collector config file in diagnostics from otel-final.yaml to otel-merged.yaml. #9052

Bug fixes

Elastic Agent

  • Remove incorrect logging that unprivileged installations are in beta. #8715 #8689

  • Ensure standalone Elastic Agent uses log level from configuration instead of persisted state. #8784 #8137

  • Resolve deadlocks in runtime checkin communication. #8881 #7944

  • Remove init.d support from RPM packages. #8896 #8840

{fleet} and {agent} 8.19.0

Review important information about the {fleet} and {agent} 8.19.0 release.

Security updates

{agent}

  • Upgrade To Go 1.24.3. #8109

{fleet-server}

  • Upgrade golang.org/x/net to v0.34.0 and golang.org/x/crypto to v0.32.0. #4405

Known issues

Setting the log level on individual {agents} is not possible

Details

There is a known issue where it is not possible to set the log level on individual {agents} as the Agent logging level setting is not available on the {agent}'s details page.

Impact

No workaround is available at the moment, but a fix is expected to be available in a future patch release. Note that the agent logging level can still be set on a per-policy basis in the agent policy’s Settings tab.

{agent} does not process Windows security events

Details

There is a known issue where {agent} does not process Windows security events on hosts running Windows 10, Windows 11, and Windows Server 2022.

Impact

No workaround is available at the moment, but a fix is expected to be available in {agent} 8.19.1.

{agents} remain in an "Upgrade scheduled" state

Details

There is a known issue where {agent} remains in an Upgrade scheduled state when a scheduled {agent} upgrade is cancelled. Attempting to restart the upgrade on the UI returns an error: The selected agent is not upgradeable: agent is already being upgraded..

Impact

Until this issue is fixed in a later patch version, you can call the Upgrade an agent endpoint of the Kibana Fleet API with the force parameter set to true to force-upgrade the {agent}:

curl --request POST \
  --url https://<KIBANA_HOST>/api/fleet/agents/<AGENT_ID>/upgrade \
  --user "<SUPERUSER_NAME>:<SUPERUSER_PASSWORD>" \
  --header 'Content-Type: application/json' \
  --header 'kbn-xsrf: true' \
  --data '{"version": "<VERSION>","force": true}'

To force-upgrade multiple {agents}, call the Bulk upgrade agents endpoint of the Kibana Fleet API with the force parameter set to true:

curl --request POST \
  --url https://<KIBANA_HOST>/api/fleet/agents/bulk_upgrade \
  --user "<SUPERUSER_NAME>:<SUPERUSER_PASSWORD>" \
  --header 'Content-Type: application/json' \
  --header 'kbn-xsrf: true' \
  --data '{"version": "<VERSION>","force": true,"agents":["<AGENT_IDS>"]}'
fleet-agents template is missing mappings

Details

On May 2, 2025 a known issue was discovered that the .fleet-agents index template was missing a mapping for the local_metadata.complete attribute. This may cause agent checkins to be rejected and the agents to appear as offline.

In this {fleet}'s logs this will appear as:

elastic fail 400: document_parsing_exception: [1:209] object mapping for [local_metadata] tried to parse field [local_metadata] as object, but found a concrete value
Eat bulk checkin error; Keep on truckin'

And in the {agent} logs it will appear as:

"log.level":"error","@timestamp":"2025-04-22:12:35:25.295Z","message":"Eat bulk checkin error; Keep on truckin'","component":{"binary":"fleet-server","dataset":"elastic_agent.fleet_server","id":"fleet-server-es-containerhost","type":"fleet-server"},"log":{"source":"fleet-server-es-containerhost"},"service.type":"fleet-server","error.message":"elastic fail 400: document_parsing_exception: [1:209] object mapping for [local_metadata] tried to parse field [local_metadata] as object, but found a concrete value","ecs.version":"1.6.0","service.name":"fleet-server","ecs.version":"1.6.0"

This attribute was added to the template in versions: 8.17.11 8.18.3, and 8.19.3.

Further investigation revealed that the .fleet-agents index template was not correctly applied due to an unchanged _meta.managed_index_mappings_version number. This change also affects other attributes as well, such as upgrade_attempts, namespaces, unprivileged, and unhealthy_reason. If there is an error related to any of these attributes, there will be a similar error message in the logs.

Impact

Updating to a version with a fixed _meta.managed_index_mappings_version will correctly apply the new index template. The fixed versions are 8.18.8, 8.19.4, 9.0.8, 9.1.4.

New features

The 8.19.0 release Added the following new and notable features.

{agent}
{fleet-server}

  • Add ability for enrollment to take an agent id. #4290 #4226

Enhancements

{agent}

  • Allow upgrading deb or rpm agents when using Elastic Defend with tamper protection. #6907 #6394

  • Include all metadata that is sent to Fleet in the agent-info.yaml file in diagnostics by default. #7029

  • Add ApiKey prefix to Motel host configurations. #7063

  • Add elastic.agent.fips to local_metadata. #9159 #8939 #9029 #9095 #8671 #8672 #9143 #7112 #7112

  • Validate pbkdf2 settings when in FIPS mode. #7187

  • FIPS compliant agent file vault. #7360

  • With this change FIPS compliant agents will only be able to upgrade to other FIPS compliant agents. This change also restricts non-FIPS to FIPS upgrades as well. #7312

  • Updated the error messages returned for FIPS upgrades. #7453

  • Update OTel components to v0.121.0.

  • Update OTel components to v0.122.0. #7725

  • Update OTel components to v0.123.0. #7996

  • Retry enrollment requests on any error. #8056

  • Update OTel components to v0.125.0.

  • Update OTel components to v0.127.0.

  • Remove deprecated OTel Elasticsearch exporter config *_dynamic_index from code and samples. #8592

  • Include the forwardconnector as an EDOT collector component. #8753

  • Update OTel components to v0.129.0.

  • Update apm config extension to v0.4.0.

  • Update Elastic trace processor to v0.7.0.

  • Update Elastic APM connector to v0.4.0.

  • Update API key auth extension to v0.2.0.

  • Update Elastic infra metrics processor to v0.16.0.

{fleet-server}

  • Bump Go to v1.23.5. #4353

  • Clear agent.upgrade_attempts when upgrade is complete. #4528

  • Pbkdf2 settings validation is FIPS compliant. #4542

  • Update to Go v1.24.0. #4543

  • Add version metadata to version command output. #4820

  • Update Go to v1.24.3. #4891

Upgrades

{agent}

  • Bump apmconfig extension to v0.3.0.

Bug fixes

{agent}

  • Fix TSDB version_conflict_engine_exception caused by incorrect kube-stack Helm values. #9159 #8939 #9029 #9095 #8671 #8672 #9143 #6928

  • Make enroll command backoff more conservative. #9159 #8939 #9029 #9095 #8671 #8672 #9143 #6983 #6761

  • Add missing null checks to AST methods. #9159 #8939 #9029 #9095 #8671 #8672 #9143 #7009 #6999

  • Fixes an issue where fixpermissions on Windows incorrectly returned an error message due to improper handling of Windows API return values. #7059 #6917

  • Support IPv6 hosts in enroll URL. #7036

  • Support IPv6 host in gRPC config. #7035

  • Support IPv6 host in agent monitoring HTTP config. #7073

  • Rotate logger output file when writing to a symbolic link. elastic-agent-pull}6938[#6938]

  • Do not fail Windows permission updates on missing files/paths. #7305 #7301

  • Make otelcol executable in the Docker image. #9159 #8939 #9029 #9095 #8671 #8672 #9143 #7345

  • Fix Elasticsearch exporter configuration in kube-stack values. #9159 #8939 #9029 #9095 #8671 #8672 #9143 #7380

  • Ship journalctl in the elastic-agent, elastic-agent-complete, and elastic-agent-ubi Docker images to enable reading journald logs. Journalctl is not present on Wolfi images. #8492 #44040

  • Preserve agent run state on DEB and RPM upgrades. #7999 #3832

  • Use --header from enrollment when communicating with Fleet Server. #8071 #6823

  • Address a race condition that can occur in agent diagnostics if log rotation runs while logs are being zipped.

  • Use paths.tempdir for diagnostics actions. #8472

  • Use Debian 11 to build Linux/ARM to match Linux/AMD64. Upgrades Linux/ARM64’s statically linked glibc from 2.28 to 2.31. #8497

  • Relax file ownership check to allow admin re-enrollment on Windows. #8503 #7794

  • Remove incorrect logging that unprivileged installations are in beta. #8715 #8689

  • Ensure standalone Elastic Agent uses log level from configuration instead of persisted state. #8784 #8137

  • Resolve deadlocks in runtime checkin communication. #8881 #7944

  • Removed init.d support from RPM packages. #8896 #8840

{fleet-server}