As this year comes to a close, we wanted to reflect on the key releases, events and milestones for our company and the community.
We started the new year with the beta version of the Search Guard Auth Token Service. This feature allows any user logged into Search Guard to create access tokens which can be used for external applications, scripts, etc. without having to use a password. Auth tokens can have a limited set of permissions, a limited lifetime and can be revoked by the user. Read more here
We publish Search Guard v49, which includes the GA release of the Auth Token Service and huge performance improvements for bulk operations, nearly doubling the throughput. We also released a new implementation for OIDC authentication which makes it possible to access IdPs sitting behind a proxy. Check it out
Search Guard turns 50! Well, in terms of release versions. Search Guard 50 for Elasticsearch 7.11.1 and 7.11.2. Including improvements for audit logging, tenant configuration and Signals Alerting. Further details here
. And let's not forget Search Guard on K8s - a public beta version of our new Helm Charts has been released as well!
Amazon recently announced the introduction of OpenSearch, an Open Source fork of Elasticsearch and Kibana, which is entirely community-driven. The complete codebase is released under the Apache 2.0 license. Floragunn fully supports OpenSearch, and we are happy to contribute our year-long experience regarding security and alerting in the Elasticsearch ecosystem to OpenSearch. As a Search Guard user, you will have the option to run either the Elastic Stack or OpenSearch.
Of course we were starting this month with May the 4th and concluded with towel day on 25th. Also we enjoyed to finally be able to go out again grab a beer with friends and meet to have a pizza. A surprising discovery was that some of our users still run Search Guard 5 until this day! Overall this month developed to be all about people. We held our annual all hands meeting online (as always). Our management had a minor change within the assistants, one out - one in. Also we saw our young developer leave the nest and head out into the world with our very best wishes.
The middle of the year was a big month for the community with AWS coming out with Open Search RC1
. We had another Search Guard release, where we adapted our release policy: We will release new major versions of Search Guard both for the most recent Elasticsearch version and for Elasticsearch 7.10.2, i.e., the last version based on the Apache2 licensed Elasticsearch code, check it out here
. And also this month Search Guard turned 5 - Happy Birthday!
Now available: Search Guard 52 for Elasticsearch 7.13.x and 7.10.2. The new version brings security bug fixes, improvements for Document Level Security and for OIDC and JWT-based authentication. Get it now.
We published a cumulative bug fix release that includes security and non-security-related fixes. The release is available for all Search Guard versions down to Elasticsearch 7.4.0! We highly recommend upgrading now
Search Guard for OpenSearch is here! We have a pre-release version that we would love you to test! We even have demo installer scripts ready for download! Get started here
Attending our first in person conference of the year: B-Boost in La Rochelle, France. Great event
in an amazing location. Picture perfect weather with like minded people - what more could we ask for in a two day event.
Sponsoring the Open Source Monitoring Conference (OSMC) in Nuremberg for the second time. Read about the conference itself here
. It was an interesting event where we gave a talk entitled, "An introduction to OpenSearch and it's impact on FOSS". The event itself was really well done - hats off to NETWAYS Events for all the organisation!
We also fixed a security issue for clusters running Search Guard 42 or later on ES 7.7.0 or later. The flaw only affects indices marked as "hidden". We recommend upgrading to v52.2 nonetheless. Read more here
We end the year with the infamous Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105! We release Search Guard for Elasticsearch 7.16.1 and 7.16.2 which mitigates the issue.
And Last but not Least
As a Search Guard user, you now have the option to either run Elasticsearch or OpenSearch. We are fully committed to the community and will continue to deliver products and services based on user demand. It's been a turbulent year for our industry - let's see what the next one brings.
Finally, we wanted to take a moment to say thank you to all of you! Our users, our customers, our partners and our team, as well as the the community itself. Happy New Year to you all.