Elastic Release Notes

Follow

43 release notes curated from 27 sources by the Releasebot Team. Last updated: Jun 30, 2026

Get this feed:

Elastic Products

  • June 2026
    • No date parsed from source.
    • First seen by Releasebot:
      Jun 30, 2026
    • Modified by Releasebot:
      Jul 1, 2026
    Elastic logo

    Elasticsearch by Elastic

    9.3.7

    Elasticsearch adds ES|QL, inference, and Machine Learning updates with improved memory handling, safer PyTorch model access, better OOM messaging, and a PyTorch 2.7.1 upgrade, plus fixes for serialization, error handling, and model deletion.

    Features and enhancements

    Inference

    • [Inference] Add requires org.apache.commons.lang3 to module-info #151794

    Machine Learning

    • Better messaging regarding OOM process termination #2841
    • Improve adherence to memory limits for the bucket gatherer #2848
    • Report the actual memory usage of the autodetect process #2846
    • Restrict file system access for pytorch models #2851
    • Update the PyTorch library to version 2.7.1 #2863

    Fixes

    ES|QL

    • Resolve surrogates in union type field resolution before plan serialization #151633 (issue: #151475)

    Infra/Core

    • Pass through includeSourceInError #142335

    Machine Learning

    • Fix bug causing incorrect error on force deleting already deleted model #107188 (issue: #105420)
    • Revert "[ML] Add extra validation in trained_model creation" #152000
    Original source
  • June 2026
    • No date parsed from source.
    • First seen by Releasebot:
      Jun 24, 2026
    Elastic logo

    Elasticsearch by Elastic

    9.3.6

    Elasticsearch releases broad fixes and enhancements across security, search, ES|QL, machine learning, inference, and transforms, with improved role permissions, better memory and model handling, stronger validation, and multiple stability and performance updates.

    Features and enhancements

    Authorization

    • Update the built-in kibana_system role to grant manage, create_index, read, index, write, and delete privileges on the axonius.alert_finding and axonius.incident indices, replacing the previous axonius.alert_and_incident index #149797

    Data streams

    • [otel-data] Explicitly map http.response.status_code as long #149631

    Inference

    • Upgrade commons-lang3 version for the inference plugin #150242

    Machine Learning

    • Better messaging regarding OOM process termination #2841
    • Improve adherence to memory limits for the bucket gatherer #2848
    • Report the actual memory usage of the autodetect process #2846
    • Restrict file system access for pytorch models #2851
    • Update the PyTorch library to version 2.7.1 #2863

    Network

    • Upgrade netty to 4.1.135.Final #151099

    Security

    • Optimize literal action automaton builds #151093 (issues: #123872, #105723)

    Fixes

    Analysis

    • Fix Nynorsk stemmer UnsupportedOperationException. The light_nynorsk and minimal_nynorsk stemmers no longer fail with an HTTP 500 error during index creation due to passing an immutable map to Lucene's analysis factory. #150345

    Authentication

    • Move SAML metadata resolution to background thread #144381 (issue: #138031)

    ES|QL

    • Catch StackOverflowError in deeply nested RLIKE patterns #150238 (issue: #149838)
    • Enforce limit for max nested functions #149971
    • Fix wrong warning in expressions with unrolled multivalues #145968
    • [ESQL] Refactor Greatest and Least functions to use evaluator map #128429 (issue: #114036)

    ILM

    • Truncate error for ILM's step_info instead of string #150413

    Inference

    • Validate inference embedding model before checking for existing uses #150150 (issues: #147062, #150084)
    • When a streaming inference request is canceled, immediately release apache client networking resources #149987
    • [Inference API] Fix Streaming publisher shutdown race condition #150789 (issue: #150742)

    Infra/Core

    • Don't apply time zones to epoch-based timestamps #148663
    • Filter _source field names by code point #151146
    • Fix OS stats for cgroup paths containing colons #151095

    Machine Learning

    • Add extra validation in trained_model creation #150227

    Query Languages

    • EQL/SQL: Enforce max expression depth checks #150003

    Search

    • Add IT covering search during rolling restart #149667 (issue: #86927)

    Security

    • Make Automatons wildcard code-point aware #151143

    TSDB

    • Fix OTLP histogram handling for single-count histograms without bucket boundaries #151411

    Transform

    • Honor ClusterHealth timeout when waiting for transform internal index shards #149462 (issue: #149400)
    Original source
  • All of your release notes in one feed

    Join Releasebot and get updates from Elastic and hundreds of other software products.

    Create account
  • Jun 2, 2026
    • Date parsed from source:
      Jun 2, 2026
    • First seen by Releasebot:
      Jun 3, 2026
    Elastic logo

    Elastic

    The essential Elastic 2026 wrap-up for Microsoft Build attendees and Azure developers

    Elastic ships 2026 updates across AI, observability, and security, adding multime­dia embeddings, Agent Builder context controls, faster columnar metrics, MCP apps in developer tools, and new pipeline and identity protections for Azure and GitHub workflows.

    AI agents that remember. 30x faster than Prometheus. One index for all media. Here’s what Elastic shipped in 2026.

    So far in 2026 Elastic has shipped four advances that change what your search and what our AI stack can do.

    • Elastic Inference Service (EIS) now hosts jina-embeddings-v5-omni, which puts text, images, video, and audio in a single Elasticsearch index across nearly 100 languages.
    • Elastic Agent Builder shipped context management, skills, and enterprise connectors so that AI agents stay accurate across long conversations at scale.
    • The rebuilt metrics engine stores OpenTelemetry (OTel) data at 3.75 bytes per data point and queries it 160x faster than earlier Elasticsearch TSDS.
    • Elastic Security Labs open-sourced a CI/CD pipeline detector that catches GitHub Actions and Azure DevOps attackers before they reach production.

    Catch up with what we’ve shipped in 2026 in this blog.

    4 reasons Elastic is the platform for Azure developers in 2026

    1. Elasticsearch is now the retrieval layer for agents built on Azure AI Foundry

    The single biggest production failure for AI agents is context — wrong data, stale data, or no data at all reaching the agent at inference time. Elastic 9.4 solves this with three production-grade advances to Agent Builder, now generally available:

    1. Skills: Instructional packages are loaded by the agent on demand, giving it domain expertise without bloating every context window. Five purpose-built skills have shipped for security operations, five have shipped for site reliability engineering (SRE) workflows, and more are in development.
    2. Native Microsoft 365 connectors: SharePoint and Drive content surfaces directly into agent context through a semantic metadata layer. Your enterprise corpus becomes the retrieval backbone; Elasticsearch is the index.
    3. Context management at scale: Query result offloading, compaction, and summarization keep long, multi-turn agent conversations accurate and cost-efficient in production.

    GPU-accelerated indexing via NVIDIA cuVS — generally available in Elastic 9.4 — delivers a 12x improvement in indexing throughput. DiskBBQ, Elastic's vector indexing algorithm, has improved query latency by at least 3x for queries with restrictive filters. For AI workloads running on Azure with high-cardinality embeddings, this is the infrastructure advantage that shows up in latency and cost at scale.

    The Microsoft Azure AI integration is a first-class citizen in the Elasticsearch Labs ecosystem. If you are using Azure OpenAI Service or Azure AI Foundry models, Elasticsearch is ready as the retrieval backbone with hybrid search (BM25 + vector), reranking, and context engineering built in.

    For TypeScript and JavaScript developers in the Azure ecosystem, Elastic also shipped a fluent, type-safe Elasticsearch Query Language (ES|QL) query builder in April 2026. No more raw string interpolation for queries. No more runtime surprises from typos in field names.

    One index for every media type your agent touches

    Microsoft 365 content is not only text. SharePoint libraries hold PDFs, slide decks, and scanned images. Teams capture meeting recordings. Azure Blob Storage holds product photography, training videos, and audio files from customer calls. Until now, indexing each type required a separate model and a separate pipeline.

    jina-embeddings-v5-omni is hosted on Elastic Inference Service and puts text, images, video, and audio in a single Elasticsearch index. One query retrieves semantically relevant content across every media type simultaneously, covering nearly 100 languages. The model is available in two sizes, small and nano; both are optimized for standard GPU hardware.

    For developers with existing text indices, jina-embeddings-v5-omni generates text embeddings identical to jina-embeddings-v5-text. You can extend a text index to handle images, audio, and video without rebuilding it. With Elasticsearch BBQ quantization enabled, the model loses less than 3% performance while storing embeddings in 93% less space.

    Note: jina-embeddings-v5-omni is available for non-commercial evaluation on a CC-BY-NC-4.0 license. Contact Elastic Sales for commercial deployment.

    2. Elastic is now inside VS Code, Cursor, and GitHub Copilot

    In April 2026, Elastic shipped MCP Apps — interactive UIs rendered inside an AI conversation and built on the MCP App standard, coauthored by Anthropic and OpenAI. Three MCP Apps launched simultaneously: security, observability, and search. All three work natively inside VS Code Copilot, Cursor, and Claude Desktop.

    The Elastic Security MCP App delivers six interactive security operations center (SOC) dashboards rendered inline in the chat without leaving the coding environment:

    1. Interactive UI: Alert Triage: Fetch, filter, and classify security alerts. Severity grouping, AI verdict cards, process tree, and network events.
    2. Attack Discovery: AI-correlated attack chain analysis with on-demand generation. Attack narrative cards with confidence scoring, entity risk, and MITRE mapping.
    3. Case management: Create, search, and manage investigation cases. Case list with alerts, observables, comments tabs, and AI actions.
    4. Detection rules: Browse, tune, and manage detection rules. Rule browser with KQL search, query validation, and noisy-rule analysis.
    5. Threat hunt: ES|QL workbench with entity investigation. Query editor, clickable entities, and investigation graph.
    6. Sample data: Generate ECS security events for common attack scenarios. Scenario picker with four prebuilt attack chains.

    Every action writes back to Elasticsearch and Kibana through the same APIs the product uses. Role-based access controls are enforced through the existing Elasticsearch API key. Setup is a single .mcpb bundle double-click. No new infrastructure. No new governance model.

    The Kubernetes Observability MCP App brings AKS investigation skills directly into VS Code. When a pod crashes, the AI coding agent can query root cause, surface structured evidence, and recommend next steps without opening a dashboard.

    Install both bundles from the latest GitHub release.

    3. Elasticsearch is now a production-grade columnar metrics engine

    Azure is all-in on OpenTelemetry. Azure Monitor, AKS, Azure Functions, and Azure AI Foundry all emit OpenTelemetry protocol (OTLP) data natively. If you are already collecting OTel telemetry from your Azure workloads, the question is where it lands and how fast you can query it when something breaks at 2:00 a.m.

    Elastic rebuilt Elasticsearch's metrics engine from the ground up in 2026, and the results are significant. The new columnar metrics engine stores OTel metrics at 3.75 bytes per data point — down from 25 bytes a year ago, a 6.6x improvement in storage efficiency. Query performance improved by up to 160x compared to earlier versions of Elasticsearch TSDS. Indexing throughput for OTel data improved by up to 50%.

    The architectural work behind these numbers involved three layers:

    1. Fully columnar storage: Elastic replaced inverted indices and BKD trees on dimension fields with doc value skippers, a Lucene-native structure that amplifies the columnar layout and eliminates duplicate index overhead. Each field is stored in its own file. No row-level tracking. No storage bloat.
    2. Vectorized ES|QL compute engine: The new TS source command, generally available in Elastic 9.4, executes time series aggregations using a two-level model: an inner aggregation per time series, such as RATE() or AVG_OVER_TIME(), and then an outer aggregation over the results. The compute engine processes data in time series sort order with zero-copy decoding directly into the primitive arrays it operates on. Counter rate, gauge average, and windowed queries all run with parallel vectorized execution.
    3. Native OTLP ingestion: A dedicated OTLP protobuf endpoint, generally available in Elastic 9.3, accepts data directly from OpenTelemetry collectors with no JSON translation layer. Hashing over dimensions for time series ID calculations is amortized across data points in a single protobuf message, reducing indexing overhead by 20%.

    For Azure AKS teams with existing PromQL-based dashboards and alert rules, Elastic 9.4 ships native PromQL support (technical preview) in Kibana. Existing queries work without modification. The same TSDS storage and vectorized compute engine power both PromQL and ES|QL queries side by side.

    The result is a single platform for logs, metrics, traces, and security data with no separate backends to operate, no cardinality limits, and no per-metric pricing. For Azure developers who are already emitting OTel data, landing it in Elasticsearch costs less to store and queries faster than running a dedicated metrics stack alongside your existing log infrastructure.

    A sample ES|QL time series query for Azure AKS workloads is provided.

    4. Elastic now secures the apps you build, including the pipeline that deploys them

    CI/CD pipelines are a top attack target in 2026, and they target Azure and GitHub developers directly.

    Elastic Security Labs published research in April 2026 on a pattern that played out across the industry: Attackers stopped going after production servers and started targeting the automation that deploys to them. In September 2025, the GhostAction campaign stole 3,325 secrets from 817 GitHub repositories by injecting malicious workflow files. In February 2026, HackerBot-Claw compromised Aqua Security's Trivy repository, exposing 33,000 secrets across 7,000 machines via a GitHub Actions misconfiguration that Microsoft's own security team subsequently documented.

    Elastic Security Labs open-sourced cicd-abuse-detector — a drop-in CI template using 50+ signal extraction patterns plus large language model (LLM) reasoning to detect suspicious changes to GitHub Actions, GitLab CI, and Azure DevOps pipelines. It runs on a standard ubuntu-latest runner with no Python dependencies. Verdicts ship to Elasticsearch for cross-platform correlation.

    One query. Every platform. Historically queryable.

    For Entra ID and Active Directory environments, Elastic Security 9.4 ships four new Entity Analytics capabilities that resolve identity noise at the data model level:

    1. Entity resolution: Unifies Okta, Microsoft Entra ID, and Active Directory into one verified identity record per employee (When a threat actor moves laterally using the same identity across three systems, Elastic sees it as one entity, not three separate alerts.)
    2. Dynamic watchlists: Injects risk multipliers for Azure privileged admins, executives, and crown-jewel service accounts
    3. Entity-driven hunting leads: Surfaces proactive, environment-specific threat hunting leads rather than a blank hunt query
    4. Precision entity identification: Governs identity unification automatically at the platform level

    For Azure AI Foundry and LLM applications, the Azure AI Foundry integration, shipped in Elastic 9.1, centralizes observability by pulling logs and metrics from any AI model hosted on Azure AI Foundry into Elasticsearch automatically. From there, Elastic Observability delivers full distributed tracing across agent chains, token cost tracking, latency monitoring, and safety evaluation, so you can see exactly what your agent did, what it cost, and where it broke.

    For GitHub Actions and Azure DevOps users managing Kibana, Elastic 9.4 ships Dashboards as Code — version-controlled Kibana dashboards deployed through CI/CD pipelines. Dashboards live in source control alongside your application code. Pull requests, review gates, and automated rollouts apply to your observability and security views the same way they apply to the services those views monitor.

    Compliance: FIPS 140-3 compliance for Elasticsearch and Kibana is generally available in Elastic 9.4, ahead of the September 2026 deadline.

    Elastic Cloud Serverless is live in nine Azure regions worldwide and will continue Azure regional expansion in the coming months.

    Start here: 4 actions for Microsoft Build attendees

    1. Wire Elasticsearch into your Azure AI Foundry agent today. Start a free Elastic Cloud trial. Navigate to the Microsoft Azure AI integration. Connect your first Azure OpenAI-backed agent to Elasticsearch as the retrieval layer. A working prototype takes under an hour.
    2. Install the Elastic MCP Apps in VS Code. Download the .mcpb bundle from the latest release. Connect it in VS Code Copilot using your Elasticsearch URL and API key. Your first security triage or Kubernetes investigation runs inside the chat in five minutes.
    3. Land your Azure OTel metrics in Elasticsearch. Enable the managed OTLP endpoint on Elastic Cloud. Point your Azure Monitor OTel collector at it. Query your AKS metrics, host telemetry, and application traces in a single ES|QL pipeline — no separate metrics backend required.
    4. Harden your GitHub Actions and Azure DevOps pipelines. Clone the cicd-abuse-detector repo. Add it to your next pull request check. Review the full threat model against your pipeline configuration. The entire setup runs on your existing runner with no dependencies beyond the Claude Code CLI.

    The Elasticsearch Platform in 2026 was built for developers who work in the Microsoft and Azure ecosystem. Agents, metrics, pipelines, and identity all converge here. Build with us.

    The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.

    Original source
  • May 2026
    • No date parsed from source.
    • First seen by Releasebot:
      May 30, 2026
    Elastic logo

    Elasticsearch by Elastic

    9.4.2

    Elasticsearch ships broad fixes and enhancements across search, ES|QL, machine learning, inference, vector search, transforms, PromQL, SQL, and logging, with improved stability, memory handling, default behaviors, and compatibility updates.

    Features and enhancements

    Infra/Logging

    • Upgrade to log4j 2.26.0 #132166 (issue: #132035)

    Machine Learning

    • Add EuroBERT and Jina v5 ops to graph validation allowlist #3015
    • Better error handling regarding quantiles state documents #2894
    • Better handling of invalid JSON state documents #2895
    • Better messaging regarding OOM process termination #2841
    • Downgrade log severity for a batch of recoverable errors #2889
    • Harden pytorch_inference with TorchScript model graph validation #3008 (issue: #2890)
    • Improve adherence to memory limits for the bucket gatherer #2848
    • Report the actual memory usage of the autodetect process #2846
    • Restrict file system access for pytorch models #2851
    • Update the PyTorch library to version 2.7.1 #2863

    Search

    • Add logging tracking to _xpack/usage #148087

    Fixes

    Aggregations

    • Aggs: Account aggs uncompressed size on coordinator reduction #148885 (issue: #147190)
    • Aggs: Fix auto_date_histogram/date_histogram inside a global agg #147427 (issue: #92570)
    • Fix ArrayIndexOutOfBoundsException in date_histogram with hard_bounds outside data #148765 (issue: #148763)

    CCR

    • Fix CCR follow to handle indexing_complete race #145304

    Distributed

    • Fix FsBlobContainer.moveBlobAtomic fallback on CIFS filesystems #148777 (issue: #148811)

    ES|QL

    • Disallow casting to snapshot-only type #148813 (issue: #147867)
    • Fix "optimized incorrectly" error from project reorder #149053 (issue: #148612)
    • Fix ArrayIndexOutOfBoundsException in centroid grouping evaluateFinal #148815 (issue: #141318)
    • Fix FROM *_logs index name validation #149395 (issue: #146073)
    • Fix InvalidMappedField equals/hashCode and lazy error message #146117 (issue: #145907)
    • Fix errors in blockloaders when filtering nulls on histograms #148983 (issue: #147854)
    • Lucene TermsEnum and PostingsEnum may only be used from acquiring thread #149297
    • Node-reduce driver should not release search contexts on failure #145960 (issue: #145509)
    • Normalize _timeseries to JSON for stored source #148716 (issue: #148414)
    • Use search threadpool for coordination in ES|QL #149034

    Inference

    • Honor task settings for Amazon Bedrock and Google Vertex chat completion #149268 (issue: #148792)
    • [Inference API] Fix NPE for Inference usage when referencing a embedding task type #149636
    • [Inference API] Fixing potential NPE if InferenceContext is null #148921
    • [Inference API] Use image/jpeg instead of image/jpg for inference validation MIME type #148793

    Infra/Core

    • Pin server-launcher native -march to x86-64-v2 #148542 (issue: #148326)
    • Use toTruncatedString in chunked objects toString #147860 (issue: #143694)

    Infra/Logging

    • Monitor exceptions in processing queries and log them as failures #148362

    Machine Learning

    • Fix flaky CIoManagerTest/testFileIoGood test #3017

    PromQL

    • Default PromQL index to metrics-* #148489
    • Default Prometheus discovery APIs to metrics-* #148770

    SQL

    • Fix REPLACE with empty pattern #148616

    Search

    • Default exclude_inference_fields to exclude_vectors at REST #148527 (issue: #146425)
    • Fix UOE in CanMatch empty-shards skipped-by-cluster map #148754
    • Fix synonym reloads not propagating through AnalyzerWrapper subclasses #147695 (issue: #146914)
    • Pass CircuitBreakingException through SearchExecutionContext#toQuery #148607
    • Update RuleQueryBuilder to eagerly rewrite organic query #149323 (issue: #146106)

    Transform

    • Only run next search once #148268 (issue: #147716)
    • Propagate deprecation warnings #147934 (issues: #82935, #82936)

    Vector Search

    • Fix gpu close resource ordering #149054
    • GPU codec: fall back to CPU graph build on flush when GPU is busy #149373
    Original source
  • May 2026
    • No date parsed from source.
    • First seen by Releasebot:
      May 29, 2026
    Elastic logo

    Kibana by Elastic

    9.4.2

    Kibana ships 9.4.2 with security vulnerability fixes and broad stability improvements across search, alerting, cases, connectors, dashboards, Discover, ES|QL, Fleet, machine learning, management, and workflows. It also improves accessibility and endpoint setup UX.

    The 9.4.2 release contains fixes for potential security vulnerabilities. Check our security advisory for more details.

    Features and enhancements

    Search

    • Improves the Add inference endpoint and Edit inference endpoint flyouts with clearer titles, a footer Save button, task type descriptions in the selector, always-visible endpoint ID and API reference fields, and inline validation for required fields [#262143].

    Fixes

    Alerting and cases

    • Fixes an issue that caused rules with large action parameter payloads to fail when saving or executing [#269467].
    • Fixes case workflow templates resolving from the wrong owner [#268719].
    • Fixes phrase search in the All Cases view [#266827].

    Connectivity

    • Fixes the email connector to reject malformed email addresses (for example, local parts or domain labels with leading or trailing hyphens) that mail servers would reject, preventing unnecessary SMTP connection attempts [#268496].
    • Fixes HTTP connector TLS options when connecting through proxies [#269898].
    • Fixes client-side navigation in the content connectors UI to honor server.basePath and space URL prefixes, preventing 404s on connector detail tabs and after creation [#269571].

    Dashboards and Visualizations

    • Fixes the links panel transform to remove an unsupported enhancements property [#270230].
    • Fixes the Lens API so XY charts with legends at the top or bottom return the correct configuration [#268729].
    • Fixes the Lens Visualization API rejecting rank_by with operation: "count" on terms buckets when no field is specified, so Count can rank by all documents without a field [#268620].
    • Fixes the Visualization API to correctly show default datatable colored badges [#268425].
    • Fixes gauge chart min, max, and goal configuration to reject unsupported reference-based metric operations (moving_average, differences, cumulative_sum, counter_rate) that require a date histogram [#268168].

    Data ingestion and Fleet

    • Parses top-level elasticsearch fields in integration packages on upgrade or reinstall [#269080].
    • Fixes the agent enrollment Confirm incoming data step timing out for integrations that ingest backdated data by checking event.ingested instead of @timestamp [#268224].

    Discover

    • Preserves the expanded document selection after refresh when comparing documents in Discover [#268328].

    ES|QL editor

    • Allows null in CASE() expressions combined with other types [#269051].

    Elastic Observability solution

    For the Elastic Observability 9.4.2 release information, refer to Elastic Observability Solution Release Notes.

    Elastic Security solution

    For the Elastic Security 9.4.2 release information, refer to Elastic Security Solution Release Notes.

    Management

    • Fixes missing modal and popover labels for screen readers across Stack Management UIs [#269652].

    Machine Learning

    • Fixes File upload not disabling data view creation when the user lacks data view creation capabilities [#268167].

    Workflows

    • Makes the with block optional in workflow YAML for connector steps that have no required parameters [#269047].
    Original source
  • Similar to Elastic with recent updates:

  • May 28, 2026
    • Date parsed from source:
      May 28, 2026
    • First seen by Releasebot:
      May 29, 2026
    Elastic logo

    Elastic

    Elastic Stack 8.19.16 released

    Elastic releases Elastic Stack 8.19.16 with security vulnerability fixes and recommended upgrade guidance.

    Version 8.19.16 of the Elastic Stack was released today. We recommend you upgrade to this latest version. We recommend 8.19.16 over the previous versions 8.19.15.

    The 8.19.16 release contains fixes for potential security vulnerabilities. Please see our security advisory for more details.

    For details of the issues that have been fixed and a full list of changes for each product in this version, please refer to the release notes.

    Original source
  • May 28, 2026
    • Date parsed from source:
      May 28, 2026
    • First seen by Releasebot:
      May 29, 2026
    Elastic logo

    Elastic

    Elastic Stack 9.3.5 released

    Elastic releases 9.3.5 of the Elastic Stack with security vulnerability fixes and recommended upgrades.

    Version 9.3.5 of the Elastic Stack was released today. We recommend you upgrade to this latest version. We recommend 9.3.5 over the previous versions 9.3.4.

    The 9.3.5 release contains fixes for potential security vulnerabilities. Please see our security advisory for more details.

    For details of the issues that have been fixed and a full list of changes for each product in this version, please refer to the release notes.

    Original source
  • May 28, 2026
    • Date parsed from source:
      May 28, 2026
    • First seen by Releasebot:
      May 29, 2026
    Elastic logo

    Elastic

    Elastic Stack 9.4.2 released

    Elastic releases 9.4.2 of the Elastic Stack with security fixes and recommended upgrade guidance.

    Version 9.4.2 of the Elastic Stack was released today. We recommend you upgrade to this latest version. We recommend 9.4.2 over the previous versions 9.4.1.

    The 9.4.2 release contains fixes for potential security vulnerabilities. Please see our security advisory for more details.

    For details of the issues that have been fixed and a full list of changes for each product in this version, please refer to the release notes.

    Original source
  • May 2026
    • No date parsed from source.
    • First seen by Releasebot:
      May 15, 2026
    Elastic logo

    Elasticsearch by Elastic

    9.4.1

    Elasticsearch releases machine learning, inference, and ES|QL fixes plus security updates, with better error handling, memory reporting, and PyTorch hardening. It also adds reranking inference support, improves vector search and watcher stability, and updates key libraries.

    Features and enhancements

    Machine Learning

    • Add EuroBERT and Jina v5 ops to graph validation allowlist #3015
    • Better error handling regarding quantiles state documents #2894
    • Better handling of invalid JSON state documents #2895
    • Better messaging regarding OOM process termination #2841
    • Downgrade log severity for a batch of recoverable errors #2889
    • Harden pytorch_inference with TorchScript model graph validation #3008 (issue: #2890)
    • Improve adherence to memory limits for the bucket gatherer #2848
    • Report the actual memory usage of the autodetect process #2846
    • Restrict file system access for pytorch models #2851
    • Update the PyTorch library to version 2.7.1 #2863

    Security

    • Update elastic-apm-agent-java8 to 1.55.6 #148271

    Fixes

    Data streams

    • Update failure store redirect logic to exclude backpressure exceptions #148154

    ES|QL

    • Bugfix - Block Loader Pushdown + Union Types #147940
    • Disallow empty lists in named params, only #147748 (issue: #147448)
    • ES|QL query approximation: enforce minimum number of sampled source rows #147886

    Inference

    • Implement RerankingInferenceService for Elastic service #148365
    • [Inference API] Fix inference initialization thread exhaustion #147063

    Machine Learning

    • Fix flaky CIoManagerTest/testFileIoGood test #3017

    Vector Search

    • [DiskBBQ] Check that precondition should not be overwritten on update #148111 (issue: #148004)

    Watcher

    • Fix race in TickerScheduleTriggerEngine by checking watcher to node allocation #147678 (issue: #146874)
    Original source
  • May 13, 2026
    • Date parsed from source:
      May 13, 2026
    • First seen by Releasebot:
      May 14, 2026
    Elastic logo

    Elastic

    Elastic Stack 9.4.1 released

    Elastic releases Elastic Stack 9.4.1 with bug fixes and updates recommended over 9.4.0.

    Version 9.4.1 of the Elastic Stack was released today. We recommend you upgrade to this latest version. We recommend 9.4.1 over the previous versions 9.4.0.

    For details of the issues that have been fixed and a full list of changes for each product in this version, please refer to the release notes.

    Original source
  • May 2026
    • No date parsed from source.
    • First seen by Releasebot:
      May 12, 2026
    • Modified by Releasebot:
      Jun 30, 2026
    Elastic logo

    Kibana by Elastic

    9.4.1

    Kibana fixes alerting and dashboard issues, improving active alert document handling and resolving validation and flyout bugs in dashboard controls and ES|QL editing.

    Fixes

    Alerting

    • Fixes empty rule type fields, such as kibana.alert.reason, on active alert documents when a delayed alert graduates to active during a flapping hold without an executor report. #266012

    Dashboards and Visualizations

    • Fixes a critical validation failure that occurred when dashboard controls had null titles. Control titles are now converted to undefined during transforms, allowing validation to pass #268220.
    • Fixes a regression where the dashboard remained locked in an open-flyout state after closing the ES|QL control edit flyout when editing an existing query-based control #267605.

    Elastic Security solution

    For the Elastic Security 9.4.1 release information, refer to Elastic Security Solution Release Notes.

    Original source
  • May 5, 2026
    • Date parsed from source:
      May 5, 2026
    • First seen by Releasebot:
      May 5, 2026
    Elastic logo

    Elastic

    Elastic 9.4: Workflows GA, Agent Builder updates, and Prometheus/PromQL support

    Elastic releases Elastic 9.4, a major Elasticsearch Platform update with GA Workflows, expanded Search and AI capabilities, stronger observability for logs and metrics, and deeper Security features including automation, entity analytics, and forensic tools.

    Today, we are pleased to announce the general availability of Elastic 9.4 as the latest version of the Elasticsearch Platform. In addition to including new features that help developers with context engineering, application and infrastructure monitoring, and AI-powered security operations, Elastic 9.4 introduces a broad set of capabilities in Elastic Search & AI, Elastic Observability, and Elastic Security.

    The Elasticsearch Platform

    Elastic 9.4 delivers an Elasticsearch Platform that has grown more capable across four dimensions: automation and orchestration, query language expressiveness, AI-native analyst experiences, and the governance and compliance infrastructure that enterprise deployments require.

    Automation and orchestration

    Elastic Workflows is now generally available. Workflows is the automation and orchestration layer that connects Elastic to the broader operational world, enabling teams to trigger actions in external systems, coordinate multistep processes, and close the loop between what the platform detects and what it actually does about it. Teams building with Agent Builder will find Workflows to be its natural companion: Agent Builder defines what an agent knows and can reason over; Workflows defines what it does when it acts.

    ES|QL → A best-in-class query language

    ES|QL, Elastic’s premier piped query language, continues to advance in 9.4, adding five new capabilities, all in technical preview, including:

    • Subqueries enable analysts to run and combine independent pipelines in a single statement, eliminating the need to stitch results across multiple queries by hand.
    • Approximate Queries trade a small degree of aggregation precision for dramatically faster response times on large datasets with confidence signals so that analysts always know how much to trust the result.
    • Logical Views enable teams to define complex query logic once and reuse it as a named data source across dashboards, alerts, and ad-hoc queries.
    • JSON Function Extraction pulls specific elements from any JSON-mapped field or raw _source document using standard path notation — no reindexing or pipeline changes required.
    • Access to All Ingested Fields eliminates the "ignorance cliff." Fields that were missed at mapping time are no longer permanently inaccessible, giving teams full query coverage over everything they've ingested.

    AI-native Kibana

    With Elastic 9.4, Kibana is becoming increasingly AI-native. AI-Powered Dashboard Creation (technical preview) enables analysts to describe what they want to see in natural language and watch Kibana build it iteratively, in conversation, with no manual configuration. In addition, Dashboards as Code (technical preview) gives platform teams the complementary capability: dashboards managed as version-controlled and code-reviewable assets deployed through CI/CD pipelines, replacing the fragile (and now “old school”) saved-object export/import workflow entirely. Together, these new features represent Kibana's continued evolution toward a more intelligent, collaborative workspace.

    Operate with confidence

    Elastic 9.4 also delivers a meaningful set of advances for the operators and compliance teams responsible for keeping the platform healthy, auditable, and secure. Notable enhancements — all generally available — include:

    • Query activity in Kibana gives administrators instant visibility into every long-running query with its origin and the ability to cancel it in a single click.
    • Search Analytics Logs extends the audit trail to every query across DSL, ES|QL, EQL, and SQL, capturing latency, request origin, and full query body with no configuration required.
    • Per-user authentication for Kibana Connectors replaces shared service account credentials with individual user identity, giving compliance teams accurate, trustworthy audit trails across integrations.
    • FIPS 140-3 Compliance, now generally available for both Elasticsearch and Kibana, delivers full-stack coverage ahead of the September 2026 deadline with a clean upgrade path and no data migration required.

    Search & AI

    Elastic 9.4 gives developers building AI agents with Elasticsearch more of what production demands: tighter control over what agents know and how they act, deeper visibility into how they perform, and better economics for the vector workloads underneath them.

    Agent Builder enhancements

    With Elastic 9.4, Agent Builder has been extended to optimize context with a set of interlocking capabilities and enhancements that control how agents acquire context, use it efficiently, and act on what they find. New capabilities and enhancements include:

    • Skills, which act as instructional guides that teach the agent how to complete specific tasks and are loaded only when needed
    • In-chat interaction (and preview) with Kibana objects like dashboards, workflows, ES|QL queries — enabling chat-based creation, refinement, and analysis
    • A new semantic metadata layer across Elastic and all connected sources like Drive and SharePoint that acts as a discovery backbone for these objects, giving agents rich understanding of data to optimize reasoning
    • Improved context management with query result offloading, compaction, and summarization that delivers better performance and cost-efficiency for long, multi-turn interactions

    In sum, users are now able to create more reliable, lower-cost, and higher-performing agents.

    VectorDB enhancements

    DiskBBQ, Elastic’s best vector indexing and search algorithm, has improved in Elasticsearch 9.4. Among the many enhancements, query latency has improved by at least 3x for queries with restrictive filters and the performance of vector comparisons improved (thanks to the now extensive use of native code), impacting both indexing and search. In addition, it is now possible to use BBQ to quantize to vectors with elements of two, four, and seven bits, enabling better recall when a single bit is insufficient. Together, these updates will help to ensure an optimal balance of speed and cost-efficiency for your production AI workloads.

    GPU-accelerated vector indexing, released as technical preview in Elastic 9.3, is now generally available. By integrating NVIDIA cuVS, an open source library for GPU-accelerated vector search and data clustering, into Elasticsearch, self-managed Elastic customers can expect to see up to a 12x improvement in indexing throughput and 7x faster force merging.

    Developer onboarding assistant

    A new conversational assistant guides developers from idea to working search implementation in Cursor, Claude Code, and Kibana. It asks what you're building, understands your data, recommends the right approach, walks through mapping and indexing, and generates a working implementation — proactively surfacing Elasticsearch concepts at every step. For teams building their first search application or prototyping a new use case, this replaces hours of documentation reading with minutes of guided building.

    Dynamic LLM connectors and Inference Management

    New LLM models are now available as connectors between stack releases. Alongside this, Elastic 9.4 establishes a single, authoritative Inference Management experience within the Elastic ecosystem, resulting in one place to manage inference endpoints, models, and connectors across all of your Search & AI workflows.

    Elastic Observability

    AI workloads, Kubernetes sprawl, and microservice proliferation have pushed metrics volumes from millions of time series events into the hundreds of millions. SREs now correlate across more high-cardinality signals, more services, and more ephemeral infrastructure than ever with less time to do it. The existing tools make it worse: On Datadog, custom metrics drive the bill up to 52% on average, so teams strip out high-cardinality labels to stay in budget, then go hunting for those exact labels mid-incident. On Prometheus and Grafana, cardinality still degrades performance, logs and metrics live in separate backends, and correlating a single timestamp means pivoting between two query languages. Either way, teams end up blind at exactly the wrong moment.

    Elastic Observability 9.4 brings metrics up to the same standard teams already rely on for logs. Elasticsearch is now the fastest place to run them: 25x faster than Prometheus, 2.6x more storage-efficient, and less than 50% the cost of Datadog with no cardinality limits and no custom metric penalties. Native PromQL support in Kibana means existing queries, dashboards, and alert rules work without modification.

    9.4 also introduces the first agentic investigation capabilities in Elastic Observability. Kubernetes is first with an AI-driven workflow that helps SREs identify root cause before they even open a dashboard.

    Best-in-class metrics experience

    Elastic 9.4 is the start of a whole new era of using Elasticsearch for metrics. Faster storage at scale supports a production-ready time-series query language and native Prometheus and PromQL. Together, these capabilities give SREs and observability teams a single platform for logs, metrics, and traces with no toolchain migration required. Notable enhancements include:

    • Elasticsearch TSDB performance improvements, now generally available, deliver both a significant storage requirements reduction (2.6x more efficient than Prometheus) and ingestion throughput gains. When combined with query performance improvements (25x faster than Prometheus and Mimir), it becomes easy to see how users can now ingest more data, retain data longer, and query data faster — all without proportional hardware spend. Long story short, Elasticsearch TSDB is production-ready for mission-critical observability workloads.
    • Native Prometheus and PromQL support, available now as a technical preview, enables you to ship Prometheus metrics directly to Elasticsearch and execute PromQL queries directly in Kibana. Use the patterns you already know in combination with ES|QL, a single piped query language for logs, metrics, and traces.
    • ES|QL time-series support, now generally available, enables you to perform time-series analysis at scale with expanded aggregation functions (e.g., rate, changes, cumulative, trange, and clamp) and full time-range filtering. It’s now in a fully supported foundation for building critical monitoring, alerting, and reporting workflows across both logs and metrics without switching languages or tools mid-workflow.

    Agentic Kubernetes observability

    Elastic Observability is releasing an agentic Kubernetes observability experience that automatically goes from alert to root cause:

    • Kubernetes based agentic investigation workflows in Kibana that trigger on an alert and return a structured root cause hypothesis with evidence and next steps before the engineer opens a single dashboard.
    • A new Kubernetes observability MCP app brings Kubernetes-specific skills directly into Claude, VS Code, and other MCP-compatible AI hosts with more MCP apps on the way.
    • A set of out-of-the-box dashboards, SLOs, and ML jobs provide additional ad-hoc analysis if needed.

    Agent Skills for observability

    Agent Skills are open source packages that give your AI coding agent native Elastic Observability expertise, so it can run real observability workflows within Elastic. This release covers five core workflows SREs and developers run daily:

    • Instrument applications with OpenTelemetry
    • Search logs
    • Manage SLOs
    • Assess service health
    • Monitor LLM applications

    These tasks require familiarity with specific APIs, index patterns, and Kibana workflows. For domain knowledge that's easy to get wrong and time-consuming to repeat across every service and environment, Agent Skills package that knowledge into reusable units for consistent and accurate execution.

    Managed OTLP endpoint now generally available on Elastic Cloud

    And, in case you missed it, the managed OTLP endpoint is now generally available on Elastic Cloud Hosted, giving teams a simple path to send OpenTelemetry data — logs, metrics, and traces — directly into Elastic. There is no need to deploy or operate collectors for basic ingestion, reducing management overhead. This lowers the friction of adopting OpenTelemetry, speeds data onboarding, and cuts the maintenance cost of a self-managed collector layer.

    Elastic Security

    Elastic 9.4 advances security across five dimensions:

    • native workflow automation that eliminates the need for a standalone SOAR tool;
    • data management and compliance capabilities that make that automation trustworthy;
    • purpose-built AI agent skills that bring multistep SOC intelligence to alert triage, hunting, and investigation;
    • a new approach to entity analytics that resolves identity noise at the architecture level; and
    • expanded endpoint forensics depth for investigation and response teams.

    Native automation for the Agentic SOC

    Elastic Workflows is now generally available for Enterprise customers, bringing native automation directly into Elastic Security, the agentic security operations platform that already includes unified SIEM and XDR. Security teams can now automate the defined tasks across every alert, investigation, and case — enrichment, triage, response, notification, and case creation — where their security data already lives.

    Enhancing data management and compliance

    Building on the Elastic Workflows news, automation is only trustworthy when the underlying data is complete and access is properly governed. Elastic 9.4 addresses both via:

    • Granular detection and alert permissions, now generally available, enables security teams to configure separate access controls for detection rules and alerts, ensuring junior analysts can triage and update alerts without modifying core detection rule logic.
    • SIEM Readiness: Visibility Health and Data Coverage, available as a technical preview, delivers a centralized, continuously updated health view inside Elastic Security. It evaluates Coverage, Quality, Continuity, and Retention across five log categories (Endpoint, Identity, Network, Cloud, and Application/SaaS), so teams always know if their data is in the right shape to support active detections.

    Agent Skills for security users

    Elastic 9.4 introduces five purpose-built skills to the Elastic AI Agent, giving it deep domain expertise across the SOC workflows that matter most: alert triage, detection rule authoring, entity investigation, threat hunting, and anomaly analysis. Two platform skills, dashboard management and graph creation, are also available to the Elastic AI Agent alongside the security-specific ones. Workflow authoring ships as an experimental capability in 9.4. The Elastic AI Agent can invoke multiple skills in sequence, moving from threat hunting to detection tuning to workflow creation within a single investigation. More security skills are in development, including detection emulation, binary analysis, and alert deduplication.

    Identify the entity behind the attack with entity analytics (not just the signal)

    Elastic 9.4 solves identity noise at the data model level with entity analytics — not with more dashboards, but with four new generally available capabilities that give analysts one authoritative record per person with aggregated risk and context:

    • Precision Entity Identification unifies disparate logs into high-confidence, verified identity profiles for users, hosts, and services, governed automatically at the platform level, not by the analyst.
    • Entity Resolution consolidates fragmented digital accounts — Okta, Entra, Active Directory — into a single unified record per employee.
    • Dynamic Watchlists inject risk-score multipliers for high-value entities — executives, privileged admins, users in notice periods, or any “crown jewel” designation your team defines, making organizational context a first-class input to risk scoring.
    • Entity-Driven Hunting Leads shifts hunting from reactive to proactive by surfacing risk-based leads tailored to your environment's actual behavioral patterns with narrative context, not a blank page.

    Deeper forensics, faster response

    Elastic 9.4 extends the depth and reach of endpoint investigation from remote script execution to cross-platform memory forensics to redesigned Osquery workflows via four new generally available features:

    • Runscript Response Action and Script Library enables analysts to execute scripts remotely on endpoints directly from the Response Console or as an automated rule action backed by a centralized library of reusable, standardized scripts, enabling consistent remediation, custom forensic triage, and MSSP-scale operations.
    • Memory Dump Response Action for Linux extends cross-platform memory forensics to Linux, enabling acquisition of process memory across major operating systems from within Elastic Security without external tooling for fileless malware, memory-resident attacks, and runtime artifact extraction.
    • Osquery enhancements deliver a completely redesigned experience with a unified history page, enhanced result views, and advanced search and filtering, closing usability gaps and improving analyst efficiency at scale.
    • Jumplists Osquery Table Extension and Forensic Query Packs provide prebuilt queries targeting Browser History, Amcache, and Jumplists, giving teams ready-to-run forensic artifacts for reconstructing user activity timelines and attacker behavior.

    In case you missed it …

    A lot happens at Elastic in between releases, and the space between Elastic 9.3 and Elastic 9.4 was no exception. For readers who may have missed some of the big news, here’s a short list of things to know and read:

    • Elastic AutoOps is now free! Elastic AutoOps brings diagnostics and operational insights directly to your environment, transforming the way you manage Elasticsearch, now with no additional cost.
    • Cross-project search is now available as a technical preview. Query across multiple Elastic Cloud Serverless projects simultaneously from a single interface without collapsing project-level isolation or security boundaries.
    • Unified API keys for Elastic Cloud Serverless and Elasticsearch are now available. Use one API key to manage both infrastructure and data queries across projects with fine-grained permission controls intact.
    • New ARM-based hardware profiles deliver better price-performance — up to 40% better on storage optimized workloads with Graviton4 and up to 25% better on CPU-intensive workloads with Axion.
    • Elastic Cloud Serverless expansion continues: With recent additions across Azure, AWS, and Google Cloud, Elastic Cloud Serverless is now available in 29 regions worldwide.

    Start here now

    With a raft of impactful, new, and enhanced platform features like Agent Builder and Workflows, significant advances in our time series capabilities, and so much more, Elastic 9.4 is ready to help you and your organization transform data into answers, actions, and outcomes.

    So … what are you waiting for? Elastic 9.4 is now available on Elastic Cloud — the hosted Elasticsearch service that includes all of the new features in this latest release.

    The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.

    In this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.

    Elastic, Elasticsearch, and associated marks are trademarks, logos or registered trademarks of Elasticsearch B.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.

    Original source
  • May 2026
    • No date parsed from source.
    • First seen by Releasebot:
      May 5, 2026
    • Modified by Releasebot:
      May 14, 2026
    Elastic logo

    Kibana by Elastic

    9.4.0

    Kibana releases a broad 9.4 update with major new dashboards, Discover, ES|QL, Fleet, Agent Builder, and Search capabilities, plus new connectors, workflow tools, and platform improvements. It also raises recommended memory and includes many stability fixes.

    We now recommend that your Kibana instances have at least 2 GB of memory, especially when using Platinum or Enterprise Kibana features, and for production workloads.New Elastic Cloud Hosted deployments now default to 2 GB of RAM for each Kibana instance.

    Features and enhancements

    Alerting:

    • Makes maximumCasesToOpen a runtime property #259255.
    • Adds an auto-push case option to the case connector #249251.
    • Exposes the maximumCasesToOpen parameter in the case action connection #247990.
    • Adds additional workflow steps #256922.
    • Alert deletion is now generally available #247465.

    Elastic Agent Builder:

    • Updates Test tool flyout to support datetime picker #249549.
    • Simplifies the ES|QL test tool parameter types #249855.
    • Exposes configuration_overrides in agent_builder/converse API #249256.
    • Adds support for array parameter types in ES|QL tools #250386.
    • Migrates the flyout to a sidebar #252918.
    • Adds server-side support for user-created skills in Agent Builder #252493.
    • Adds agent and tools RBAC sub features #254464.
    • Agent Builder's default agent is no longer read-only and can now be customized per Kibana space #256333.
    • Adds user-created skills to Agent Builder #252221.
    • Allows Agent Builder to detect outdated attachments and lets users refresh them into the next message #257658.
    • Allows ES|QL generation to search index patterns #253492.
    • Allows agents to run one or more workflows before each execution, enabling prompt modifications or conditional abort #252452.
    • Adds audit logging for agent and tool create, update, and delete actions #252143.

    Connectivity:

    • Adds support for the region parameter to the Bedrock Connector #252956.
    • Adds a Jina Reader data source connector #247527.
    • Adds a Jira Cloud data source connector #251345.
    • Adds a SharePoint Online data source connector #251544.
    • Adds a ServiceNow data source connector #252430.
    • Adds a Microsoft Teams data source connector #252465.
    • Adds a Tavily data source connector #252717.
    • Adds a Google Calendar data source connector #252740.
    • Adds a Slack data source connector #252972.
    • Adds an Amazon S3 data source connector #253753.
    • Adds a Salesforce data source connector #254303.
    • Adds a Zendesk data source connector #254739.
    • Adds a Firecrawl data source connector #255004.
    • Adds a 1Password data source connector #255076.
    • Adds a PagerDuty data source connector #255154.
    • Adds a Zoom data source connector #255174.
    • Adds a Figma data source connector #255322.
    • Adds a Gmail data source connector #255565.
    • Adds an AWS Lambda data source connector #256150.
    • Adds a Confluence Cloud data source connector #256508.
    • Adds a Google Cloud Storage data source connector #257374.
    • Adds a SharePoint Server data source connector #258014.
    • Adds a GitHub data source connector #258169.
    • Adds an Azure Blob Storage data source connector #259439.
    • Adds a GCP Cloud Functions data source connector #261277.
    • Adds an AbuseIPDB data source connector #245421.
    • Adds an AlienVault OTX data source connector #245421.
    • Adds a GreyNoise data source connector #245421.
    • Adds a Shodan data source connector #245421.
    • Adds a URLVoid data source connector #245421.
    • Adds a VirusTotal data source connector #245421.

    Dashboards and Visualizations:

    • A new Dashboard skill is now available in Agent Builder. This skill allows you to create and update dashboards through natural language chat, using the chat UI in Kibana, the Chat API, or the MCP server. Describe what you want to visualize and the agent builds a dashboard with ES|QL-powered visualizations. #261530.

    • New API endpoints are now available in technical preview to manage your dashboards and visualization library. The Dashboards API gives you full read and write access to dashboards, including their panels, controls, sections, and display options. The Visualizations API lets you create and manage visualizations as standalone saved objects in the Kibana Visualizations library. #256302.

    • Adds the ability to show and export Dashboard API JSON in a flyout #255382.

    • Controls are now available as a panel type, allowing them to be freely placed anywhere in your dashboards #245588.

    • Makes Contains the default search technique for options list controls #250992.

    • Allows IP fields to be searched using CIDR notation in controls #250875.

    • Extends the selectable area for dragging, collapsing and expanding sections to their entire header #258502.

    • Allows dragging of opened collapsible sections #257191.

    • Enforces panel limits on dashboards: up to 100 top-level items (panels, unpinned controls, and sections combined), up to 100 panels per section, and up to 100 pinned controls #256102.

    • Makes the filter pills section collapsible #255887.

    • Adds a grid size gauge while resizing panels #255363.

    • Adds a borderless option to panel settings #255021.

    • Adds library support for markdown panels #248779.

    • Allows panels to be dragged while they're in focus for editing #251327.

    • Redesigns the panel titles #251720.

    • Refreshes the Dashboards app menu #246153.

    • Adds a Discover session panel option to dashboards #256293.

    • Editing an unlinked Discover session panel in a dashboard now saves changes back to that panel #250438.

    • Filtering a field value in a Discover ES|QL session embedded in a dashboard now creates a DSL filter, consistent with how filtering works elsewhere #249357.

    • Adds a tab selector to Discover session panels in Dashboards, with improved warning messages when a tab or data view can't be retrieved #252311.

    • Adds ES|QL support to Vega visualizations #247186.

    • Enables ES|QL multi-terms charts in Lens #244743.

    • Allows filtering from legend actions when possible for ES|QL visualizations #248789.

    • Suggests line charts for timeseries ES|QL queries (TS / PromQL) in Lens #252661.

    • Retrieves variable types from the ES|QL query response #254436.

    • Enables dashboard and URL drilldown for ES|QL charts #253223.

    • Defaults the visualization type to line chart when the x-axis contains a timestamp, instead of a bar chart #253930.

    • Adds a new optimized color palette for line charts #253437.

    • Adds a Badge color option for table values in Lens, allowing cell values to be displayed as colored badges instead of text or background coloring #257408.

    • Adds a new list legend layout for horizontal legends (top and bottom), offering a more space-efficient alternative to the grid layout. This is now the default for XY charts #257092.

    • Adds sort order options for heatmap visualization axes #244696.

    • Adds a middle position option for the primary metric styling settings of metric charts #260902.

    • Improves tick labels for time-based X axes in ES|QL heatmap visualizations #259218.

    • Improves datatable visualization performance for large datasets in Lens #256234.

    • Enables fixed-width number formatting in Lens visualizations for cleaner alignment #251576.

    • Introduces a Severity color palette in Lens color mapping #250198.

    • Improves the badge colors for metric trend indicators in Lens #256255.

    • Legend actions in Lens XY and Partition charts now only appear on hover #255616.

    • Removes the font-weight configuration option from Lens Metric chart titles, defaulting to medium weight #254941.

    • Updates axis title and label colors in Lens and dashboard charts to be less visually prominent #254587.

    • Displays row numbers by default in Lens data tables #247834.

    Data ingestion and Fleet:

    • Allows remote Elasticsearch outputs and service tokens in Serverless #262101.
    • Renames Cloud Connector to Federated Identity in the UX #261353.
    • Adds support for monitoring OpenTelemetry (OTel) collectors in Fleet in technical preview. You can now add OTel collector agents using the Add > Collector (OpAMP) button in the Fleet UI #260654.
    • Introduces support for version-specific policies in Fleet when integrations specify agent version requirements, ensuring agents receive only configurations compatible with their version #258796.
    • Shows UI warnings for integrations with upcoming deprecations #257937.
    • Resolves and merges templates listed in template_paths #257730.
    • Adds permission verifier background tasks #257516.
    • Installs package dependencies automatically #256700.
    • Requests user review when auto-upgrading packages with deprecations #255273.
    • Adds an out-of-the-box alerting rule template to freshly installed integrations for monitoring idle data streams #254730.
    • Displays warnings for deprecated integration features #253923.
    • Shows warnings in the UI when an integration is deprecated #251860.
    • Allows Fleet to install integration-managed SLO templates for creating new SLOs #250369.
    • Migrates input configurations when the migrate_from field is specified in the package manifest #242934.
    • Updates the maximum supported package specification version to 3.6 #261362.
    • Adds a new Alerting tab to the integrations UI for viewing and managing alerting-related assets #253948.
    • Allows integration rollback when only some integration policies are upgraded #253646.
    • Ensures the time series index mode is not enabled for input packages with non-metrics data streams #251205.
    • Adds authentication fields to Elastic Agent binary download sources managed by Fleet for connecting to self-hosted artifact registries #250557.
    • Improves memory usage during Fleet setup by deferring package reinstalls to async tasks #248235.

    Discover:

    • Redesigns the ES|QL editor footer in Discover: removes the row limit and timestamp indicators, and adds query run statistics #244284.

    • Adds a fields browser to the ES|QL editor in Discover #252749.

    • Adds a layout toggle to show or hide the data table in Discover, with the state persisted in the URL #259083.

    • Adds a grouped view in Discover for ES|QL queries that use STATS ... BY with a single grouping field. A new toolbar selector lets you pivot by that field or switch back to the standard table view. #220119.

    • Converts DSL filters to ES|QL when possible when switching to ES|QL mode #259260.

    • Persists the query mode (ES|QL or classic) to local storage so that the next sessions open with the last mode used #250388.

    • Shows Streams field descriptions in the ES|QL editor and field sidebar #260582.

    • Filters from the top-level ES|QL WHERE clause now propagate into per-metric charts in the Discover metrics grid #249103.

    • Adds support for visualizing tdigest and exponential_histogram histogram metrics in the Discover metrics grid #249269.

    • Hides the data table by default when the metrics-specific Discover experience is triggered #260607.

    • Adds the ability to restore recently closed tab groups #253365.

    • Hovering over an entry in the recently closed tabs menu now shows a preview of what the tab contained #246973.

    • Moves the inspector menu item to the tab menu #258767.

    • The chart interval is now saved with Discover sessions and restored when reopening them #246426.

    • Adds notifications for background search completion #249857.

    • Adds a Save Discover table to dashboard option #259626.

    • Adds default table columns for indexes and views with a small number of fields #255292.

    • The doc viewer flyout now stays open when switching between Discover tabs and remembers which tab (such as Table or JSON) was active in each #246612.

    ES|QL editor:

    • Adds PromQL support in Kibana through ES|QL #249854.

    • Adds support for the USER_AGENT command #261314.

    • Adds support for the MMR command #257208.

    • Adds autocomplete and validation support for the approximate setting in the ES|QL editor #248946.

    • Adds support for KQL syntax to the quick search option #247224.

    • Adds autocomplete to the KQL function #249510.

    • Adds support for unmapped fields #248606.

    • Adds support for timezone handling #247917.

    • Makes the FORK command generally available #261904.

    • Makes the RERANK command generally available #252242.

    • Redesigns the ES|QL editor interface #251223.

    • Adds a data source browser to the ES|QL editor #251897.

    • Adds support for ES|QL views to the editor #261907.

    • Adds ES|QL query statistics to the editor #251029.

    • Improves ES|QL editor autocomplete for full-text search functions: MATCH_PHRASE's second argument now only suggests literal values, and FTS functions are excluded from EVAL suggestions except inside SCORE() #247003.

    • Improves line commenting in the ES|QL editor to match standard IDE conventions #254851.

    • Improves query pretty printing #257440.

    • Adds an ES|QL indentation shortcut to the editor #247234.

    • Simplifies the Run and Cancel button states in the ES|QL editor #254121.

    • Highlights multiple word occurrences in search results #258764.

    Elastic Observability solution:
    For the Elastic Observability 9.4.0 release information, refer to Elastic Observability Solution Release Notes.
    Elastic Security solution:
    For the Elastic Security 9.4.0 release information, refer to Elastic Security Solution Release Notes.
    Kibana platform:

    • In container deployments, automatically sets the Node.js heap size to 60% of available memory, up to a maximum of 4096 MB, when no heap size is explicitly configured #246073.
    • Adds a feedback button to Kibana's header #225074.
    • Remembers the pagination state when navigating back from an edit on the Users page, instead of always returning to page 1 and resetting the search #261152.
    • Distinguishes between session idle timeouts and session lifespan timeouts #252779.
    • Improves Index Management index list load performance on large clusters with many indices #246276.
    • Adds a Query Activity page under Stack Management for viewing and canceling long-running queries #253216.

    Machine Learning:

    • Updates Security ML jobs to use entity analytics fields for host and user fields #255339.
    • Adds a link to manage anomaly detection jobs in the Machine Learning left navigation #260605.
    • Anomaly detection now automatically closes the job when stopping a datafeed #259603.
    • Adds aria labels to anomaly detection job wizard combo boxes #258509.
    • Updates the v3_rare_process_by_host_windows bucket span to two hours #255855.
    • Changes the rare process by host Windows job bucket span from 15m to 4h #255385.
    • Adds a new single APM Correlations endpoint for latency and failed transactions #254607.
    • Adds Gemini 2.5 Flash Lite, Claude 4.5 Haiku, and Claude 4.6 Sonnet preconfigured connectors #253109.
    • Adds a dynamic default connector in GenAI settings #252861.
    • Adds a zoom in button to the date picker #252252.
    • Adds Anthropic Claude Opus 4.6 preconfigured connector #252177.
    • Uses the location field to correctly set provider config in AI/Inference Connector creation #250838.
    • Adds the proxy URL setting for product documentation artifact #250771.
    • Adds new preconfigured connectors #249379.
    • Moves the results view buttons closer to the job selection controls in Anomaly Detection #249261.
    • Adds missing ES|QL commands and functions documentation for inference tasks #249089.
    • Enhances model memory estimation for supplied configurations in anomaly detection #248479.
    • Adds the timeout parameter to InferenceChatModel #248326.
    • Adds time window buttons to the date picker #248142.
    • Adds a button to synchronize saved objects in trained models #247691.
    • Refreshes the Overview page #247573.
    • Marks 429 errors as user errors in Inference/AI Connector #246640.
    • Opens matching pattern docs in a new Discover tab #245695.

    Search:

    • Adds warnings to the Feature Settings page for models that are invalid #262262.
    • Deprecates search indices in favor of index management #260210.
    • Adds a Models page for inference management #259374.
    • Adds a Model Settings UI for inference endpoint assignments #258871.
    • Sets Jina v5 as the default inference endpoint for semantic_text fields when it's available #257464.
    • Adds an AI assistant-led onboarding option to the Elasticsearch getting started page #255192.
    • Automatically creates AI connectors for Elastic Inference Service chat completion endpoints when they are added #254826.
    • Adds sorting capabilities to the Inference Endpoints table, allowing users to sort by Endpoint, Service, Type, or Model using a dropdown or by clicking column headers #252189.
    • Adds a summary stats bar to the Inference Endpoints page displaying counts for Services, Models, Types, and Endpoints #251558.
    • Adds a copy-to-clipboard button for inference endpoint names in the Inference Endpoints management page #251494.
    • Improves the External Inference page by hiding the Elasticsearch service provider from the Add Inference Endpoint flyout, since Elasticsearch endpoints are managed internally #261851.
    • Adds a model detail flyout with endpoint management #260307.
    • Reduces search latency by switching to long-polling when HTTP/2 multiplexing is available, eliminating unnecessary wait times #256564.
    • Improves the Inference Endpoints management page by adding a view to group by service #254296.
    • Improves the Inference Endpoints management page by adding a view to group by models, making this the default view #252984.
    • Consolidates Type, Preconfigured, and Tech Preview badges under the endpoint name and removes the dedicated Type column in the inference endpoints table #252621.
    • Improves AI connector setup by auto-populating the model field with recommended defaults #250506.
    • Improves the inference endpoints page by adding a Model column and enabling search by model name #249779.
    • Adds descriptions to the semantic_text field inference endpoint select #249265.
    • Fixes layout instability in the inference endpoint selector when endpoint names are long #247417.
    • Displays the API key tab if the user has permission, and hides it for users without API key management permissions #246979.
    • Updates the Search homepage design #246777.

    Workflows:

    • Adds import and export features for workflows #257976.
    • Adds the workflows.executionFailed trigger so you can run workflows when another workflow fails. Use it to send notifications (for example, Slack), run cleanup, or trigger retries #257633.
    • Adds a server-side workflow validation endpoint #254502.
    • Makes the manual run API public #253010.
    • Whitelists Streams APIs as Kibana workflow steps #252068.
    • Adds the entries Liquid filter for iterating over object keys #259249.
    • Adds cases workflow steps #253119,#256922.

    Fixes

    Alerting:

    • Fixes an issue where Stack alerts sent recovery notifications but remained active in Kibana instead of transitioning to recovered #261012.
    • Fixes stale uiamApiKey leaking through object spread in rule updates #263887.
    • Fixes OpenAPI alerting rule params schemas missing accepted keys for burn-rate windows and Elasticsearch query sourceFields #263634.
    • Fixes an index template update failing due to system-managed fields #262534.
    • Adds the application/x-zip-compressed MIME type as an accepted value for cases file attachment #262414.
    • Fixes alert recovery targeting the wrong document when multiple lifecycles exist for the same instance ID #261012.
    • Fixes cloneRule leaking source rule API keys to cloned rules #260549.
    • Fixes incremental_id drift issues #258789.
    • Fixes Webhook Connector accessTokenUrl validation #258290.
    • Fixes additional fields not being included #257625.
    • Fixes a discrepancy between tracked alerts and alerts in task state #257235.
    • Fixes a problem generating a report with multi-page Canvas workpads #255022.
    • Fixes a blank page appearing at the end of PDF exports when using the Print format option with an even number of dashboard visualizations #254957.
    • Fixes an error not being caught from scheduleUnusedUrlsCleanupTask() #254574.
    • Fixes a bug with PagerDuty where setting the Custom details field causes rules to fail #253683.
    • Improves error handling within the content stream code for multiple reporting attempts #252982.
    • Fixes rule execution failing due to null execution UUIDs #252618.
    • Improves handling of 204 responses #251090.
    • Fixes timestamp override for ES|QL CSV scheduled reports with relative time ranges #248169.
    • Fixes Failed to check if maintenance windows are active error #261048.
    • Updates total_event in the Elasticsearch document when attaching an event #247996.
    • Encodes the search term in the cases page #247992.
    • Adds max character validation to the email connector params and config #246453.
    • Fixes the wrong time zone being applied when a CSV report has a local date comparison #244405.

    Connectivity:

    • Fixes defaultModel not being injected for the Other OpenAI provider on run and test sub-actions #260747.
    • Fixes MCP connectors ignoring the proxy and SSL configuration from the actions plugin #255813.
    • Adds the datasource name to the namespace to allow creating multiple sources of the same type #249123.

    Dashboards and Visualizations:

    • Fixes an issue that could prevent a dashboard from showing its latest saved state #262695.
    • Prevents a false positive warning about unsaved changes when sharing a dashboard while in View Mode #261051.
    • Fixes regressions for space-relative links and same-window target #260782.
    • Improves ES|QL suggestions logic in Lens #258475.
    • Adjusts scroll behavior when dropping a panel to a new position #258445.
    • Fixes screen reader announcements when entering full screen mode on a dashboard #258230.
    • Fixes an issue with logic for detecting unsaved changes for dashboards in non-default spaces #257762.
    • Fixes an issue where visualizations stayed focused after closing the variables editor flyout #257263.
    • Fixes Add from library adding incorrect embeddable state #257261.
    • Fixes dashboard panels getting stuck in infinite loading state after an error instead of showing error messages #257188.
    • Fixes an issue where editing a library visualization would correctly save changes but visually show its previous saved state in dashboards referencing that visualization until the page was refreshed #256984.
    • Stops adding a default title when creating ES|QL charts in Lens #256475.
    • Fixes the pinned state for variable (ES|QL) and range slider controls #256035.
    • Fixes timeFilter's quick mode in Maps stored state, that could prevent maps from loading #255178.
    • Fixes an issue where saving a dashboard included access control features when a user profile, which is required for access control, was not available #255065.
    • Fixes an issue occurring when saving a map containing filters #253537.
    • Fixes configuration panel scrolling in the Lens editor when the content exceeds available height #253247.
    • Changes dashboard background color to white #253068.
    • Changes the default height of link panels to 2 rows #252707.
    • Fixes the library annotation group not syncing across panels after an update in Lens #252640.
    • Fixes KQL character escaping when a query is generated from the Top values column (breakdown) in Lens #250925.
    • Fixes an issue where PDF/PNG reports are cut off at the end when a dashboard has a markdown panel #249644.
    • Limits variable suggestions to variables within scope #248365.
    • Re-fetches control options when the timerange changes #248068.
    • Fixes link color contrast in Lens data tables #247721.
    • Removes | LIMIT 10 from the ES|QL panel in dashboards when creating a visualization in Lens #247427.
    • Fixes compound filters showing unsaved changes on dashboard load #247309.
    • Increases default top values from 3 or 5 to 9 categories in Lens #247015.
    • Fixes the handling of a quote as a dead key #246773.
    • Fixes an issue where embeddables cannot load when no references are provided #257779.
    • Fixes runtime_mappings being ignored or overridden in Vega visualization data requests #253560.
    • Changes the Gauge chart default color palette to the status palette #246734.

    Data ingestion and Fleet:

    • Fixes package policy count filters: uses NOT latest_revision:false instead of latest_revision:true #263717.
    • Disables the output selector for managed policies in the package policy edit form #263494.
    • Fixes permissions for spanevents stored in logs data streams #263415.
    • Handles compressed responses from Elasticsearch #262394.
    • Fixes the table sorting announcement for accessibility #262226.
    • Fixes the learn more focus for accessibility #261902.
    • Fixes Define as JSON announcement for accessibility #261896.
    • Fixes the pipelines table row index announcement for accessibility #261369.
    • Includes input_output in inference
      processor #260517.
    • Fixes the selected log level when there is a policy override #259425.
    • Avoids icon announcement duplication for accessibility #259185.
    • Fixes processors accessibility announcements #259096.
    • Adds version-specific policies telemetry #259031.
    • Fixes space-awareness for Fleet bulk agent actions (unenroll, upgrade, reassign to policy) #258582.
    • Fixes an auto upgrade bug when upgrading agents in other policies interfered with the calculation #258387.
    • Validates generated OpenAPI output #258267.
    • Fixes package policy creation failing with a data_stream.type validation error for input-only integrations that use dynamic signal types, such as OpenTelemetry collector packages #258143.
    • Improves error handling in debug API #258115.
    • Fixes the unenroll task and adds an FTR test #255726.
    • Fixes the incorrect installation of assets #254923.
    • Filters out unenrolled agents in the cleanup policy revisions task #254899.
    • Fixes an issue where an agent rolled back after an upgrade could not be upgraded again in the Fleet UI #253850.
    • Fixes a TypeError when an integration has no SVG icons #251308.
    • Adds back support for generating a CSV report of Fleet agent data in serverless environments #247185.

    Discover:

    • Fixes the date picker showing empty when switching from KQL to ES|QL #261175.
    • Fixes a tab URL state leak when leaving Discover #262929.
    • Resets the time field when the updated index pattern does not have it #262001.
    • Resets the default profile state when transitioning between tab modes #255226.
    • Makes matches cells expandable for long field filter matches #255093.
    • Fixes URL, Badge, Color, and other field formatters incorrectly rendering fields with missing or null values #251892.
    • Fixes filtering out null values from the Discover histogram legend in ES|QL mode #249302.
    • Fixes Search entire time range for date nanos #248495.
    • Prevents doc viewer flyout tabs from unnecessarily re-mounting on query refresh #248203.
    • Fixes dropdown menus staying open when switching tabs #247836.
    • Makes static-lookup formatter work with aggregated boolean fields #249311.
    • Adds a check to ensure ES|QL is valid before matching the Metrics profile #248917.
    • Prevents losing draft queries when switching tabs #247968.
    • Fixes an issue where quickly opened tabs could not complete loading #246941.
    • Fixes the default app state handling when detecting unsaved changes #246664.

    ES|QL editor:

    • Fixes ES|QL multi-value filtering with STATS #260998.
    • Fixes STATS generated columns with inline WHERE #260196.
    • When no local indices are available, the ES|QL query suggestion now correctly considers remote indices #257340.
    • Fixes ES|QL variable controls not displaying server-side errors in the editor #263020.
    • Fixes autocomplete fetches piling up without cancellation when typing rapidly in the ES|QL editor #255664.
    • Fixes incorrect validation of the TS (time series) command #253635.
    • Fixes some GROK patterns not being recognized, which caused columns to appear as unknown #246871.
    • Aborts in-flight long-running queries for ES|QL controls #254487.
    • Fixes incorrect KQL bar results for some indices #254119.

    Elastic Observability solution:
    For the Elastic Observability 9.4.0 release information, refer to Elastic Observability Solution Release Notes.
    Elastic Security solution:
    For the Elastic Security 9.4.0 release information, refer to Elastic Security Solution Release Notes.
    Kibana platform:

    • Sets auto_expand_replicas to fix yellow health on single-node Elasticsearch clusters #263096.
    • Allows space color to be cleared, falling back to default #261826.
    • Fixes the data stream and indices duplication for accessibility #261786.
    • Fixes an incorrect announcement for accessibility #261603.
    • Announces policy button with distinguishable names for accessibility #261313.
    • Prevents duplicate Leave without saving? modal on solution view cancel #260958.
    • Fixes inactive component template row focus and badge accessibility labels #260719.
    • Fetches the last available version #259798.
    • Fixes the Stack Monitoring shard legend not showing node placement #257854.
    • Fixes Stack Monitoring Elasticsearch nodes CPU usage sorting #257852.
    • Fixes an issue where the Kibana JSON logger could print a JSON object with a large number of numbered keys #256233.
    • Resolves an issue with the spaces list displaying No spaces match text on load #255654.
    • Adds waitFor for the privilege button #255094.
    • Fixes the embeddable console auto-closing on chrome/overlay clicks #253382.
    • Fixes a problem loading the doc count in index management when viewing larger page sizes with long index names #252422.
    • Fixes share feature rounding #251073.
    • Handles paging through more than 10,000 API keys #250826.
    • Fixes Stack Monitoring Recent Log Entries timestamps to respect Kibana's time zone setting (dateFormat:tz) #249016.
    • Fixes an issue with share modal where all time ranges were being shared as absolute #248804.
    • Fixes createAuditEvents always returning failure as outcome #247152.
    • Fixes the monitoring breadcrumbs for the solution view #249751.

    Machine Learning:

    • Ensures the single metric chart shows anomaly actions correctly in Anomaly Explorer #263925.
    • Formats time_of_day / time_of_week values in anomaly detection alerting rule notifications and results preview #261034.
    • Fixes the anomaly swim lane embeddable refresh in Anomaly Detection #259962.
    • Fixes a jobs list console error in Data frame analytics #258591.
    • Disables start and update deployment actions for Rerank models in trained models #257400.
    • Fixes the field statistics saved search not updating when the dashboard changes filter #257241.
    • Fixes the update of the job rules flyout in Anomaly Detection Single Metric Viewer #257196.
    • Fixes screen reader announcements for flyouts #256409.
    • Improves Smart Grouping performance and re-enables it in Log rate analysis #253704.
    • Fixes headings in Log rate and pattern analysis and Change point detection for accessibility #253266.
    • Fixes the today and this week filters for Log Rate and Pattern Analysis embeddables #252925.
    • Fixes the file size limit check in file upload #251515.
    • Fixes occasional file preview corruption in file upload #250532.
    • Fixes word break in Anomaly Detection page titles #250058.
    • Passes abort signal to Elasticsearch in file upload #249623.
    • Updates the Packetbeat DNS tunneling datafeed to include runtime mappings #249317.
    • Fixes counter metric fields being missing in the Anomaly detection dropdown #248187.
    • Fixes broken Data Visualizer and AIOps navigation breadcrumbs and sidebar in solutions #248167.
    • Disables ES|QL field stats for TS command #247641.
    • Fixes the display of the map view for small screen sizes in Data Visualizer #247615.
    • Fixes an anomaly chart empty query bug #246841.
    • Fixes deanonymization offset drift and adds regression coverage #256112.
    • Improves anonymization error messages when the NER model is not available #247696.
    • Adds a refusal field to assistant conversations #243423.

    Management:

    • Fixes the code box stale announcement for accessibility #261921.
    • Announces data streams stats toggle change for accessibility [#261911](https://github.com/elastic/k
    Original source
  • May 2026
    • No date parsed from source.
    • First seen by Releasebot:
      May 5, 2026
    • Modified by Releasebot:
      May 15, 2026
    Elastic logo

    Elasticsearch by Elastic

    9.4.0

    Elasticsearch adds major ES|QL and time series upgrades, including Views, PromQL support, METRICS_INFO and TS_INFO commands, plus new Prometheus-compatible endpoints. It also improves downsampling accuracy, storage efficiency, and query performance.

    Highlights

    ES|QL now supports Views: virtual indices whose fields are produced by an ES|QL query. A view is referenced inside a `FROM` clause exactly like a regular index, alongside other indices, views, and wildcards. Complex processing pipelines can be hidden behind a view, exposing a stable set of columns without requiring callers to know the underlying source structure. A single query can combine multiple pre-processed data sources by listing several views in one `FROM` clause, with each view's pipeline running independently. Common transformations such as renames, type conversions, derived fields, and aggregations can be defined once in a view and reused across many queries, dashboards, and alerts. PromQL is now supported as a source command in ES|QL (Tech Preview). Users can now leverage their existing knowledge of PromQL while benefiting from the powerful features and scalability of Elasticsearch. This enhancement expands the versatility of ES|QL and makes it easier for users to integrate with Prometheus data sources.The syntax is illustrated in the following example: ```esql PROMQL index=k8s-downsampled start="2026-02-17T08:00:00Z" end="2026-02-17T09:00:00Z" step=30m avg_bytes=(avg(rate(network.total_bytes_in[30m]))) | SORT avg_bytes DESC, step; ``` ES|QL adds the `METRICS_INFO` command for queries that start with a time series (`TS`) source. It returns one row per distinct metric, with columns such as `metric_name`, `data_stream`, `unit`, `metric_type`, `field_type`, and `dimension_fields`, derived from time series metadata in the index. It unlocks inspecting which metrics exist and how they are typed before you aggregate with `STATS`.For example, list metrics sorted by name: ```esql TS my_data_stream | METRICS_INFO | SORT metric_name ``` Or filter to counters only: ```esql TS my_data_stream | METRICS_INFO | WHERE metric_type == "counter" | SORT metric_name ``` We're introducing a Prometheus-compatible `POST /_prometheus/api/v1/write` REST entrypoint that allows receiving data via Prometheus remote write protocol (Tech Preview). Elasticsearch can now be used as a Prometheus storage backend, consuming data sent in Prometheus native format. ES|QL adds the `TS_INFO` command for time series (`TS`) queries. It returns one row per metric and time series combination. You get the same metadata columns as `METRICS_INFO`, plus a `dimensions` column with a JSON object of dimension keys and values for that series. That unlocks inferring which labels apply to each series when exploring or validating time series data.For example: ```esql TS my_data_stream | TS_INFO | SORT metric_name, dimensions ``` Until Elasticsearch `9.3`, both downsampling methods (`aggregate` and `last_value`) used to store only the last value of a counter in the downsampled document. This works great for the `last_value` method where we optimise for storage efficiency, but it is not ideal for the `aggregate` method where we optimise for accuracy.In Elasticsearch `9.4`, we change the way the (default) `aggregate` sampling method is working. We store the first encountered value for a counter in the downsampled document and then we add auxiliary documents when we detect counter resets. This enables the rate calculation to take the counter resets into account and produce more accurate results. This change is backwards compatible. Time series aggregations in ES|QL are enhanced to support windows smaller than the time bucket. ```esql TS metrics | STATS AVG(RATE(requests, 5m)) BY TBUCKET(10m), host ``` Previously, only window values that were equal or exact multiples of the time bucket were supported. Time series aggregations in ES|QL are enhanced to support windows that are not an exact multiple of the time bucket. ```esql TS metrics | STATS AVG(RATE(requests, 15m)) BY TBUCKET(10m), host ``` Previously, only window values that were exact multiples of the time bucket were supported. This updates our diskbbq algorithm and format. - It now provides 3x or more better search performance on very restrictive filters (prefilters on centroids) - Provides a way to condition non iid vectors (expert API for now) - Gives more bit options (1, 2, 4, and 7 bits!) - More native code improvements for overall performance The `_id` field has a significant storage footprint in metrics applications, as it requires both storing and indexing unique document identifiers that are rarely used for direct lookups. To alleviate this, we are introducing synthetic IDs for indices in time-series mode. Instead of indexing the `_id` field, a Bloom filter is used for fast, lightweight duplicate detection at ingest time. Lookups and operations that previously relied on `_id` are delegated to other indexed fields on the document, such as timestamps, or dimension fields, preserving the same query and retrieval functionality.This offers up to 40% storage improvement for OTLP metrics and reduces the cpu overhead for segment merging due to the lack of an inverted index for `_id` fields. We're introducing a Prometheus-compatible /_prometheus/api/v1/query_range REST endpoint (Tech Preview) that: - Accepts the standard Prometheus range query parameters (query, start, end, step, optional index) - Translates the PromQL expression into an ES|QL PROMQL command and executes it via EsqlQueryAction - Converts the columnar ES|QL response into the Prometheus matrix JSON format and returns it to the caller We're introducing a Prometheus-compatible `GET /_prometheus/api/v1/series` REST entrypoint that accepts Prometheus series selectors and returns matching label sets (Tech Preview). This is typically used for auto-completion in web UIs. The first bytes of a time series id (tsid) include a hash of the metric name(s) for each doc of a time-series index. Counter rate evaluation leverages these bytes to assign tsids to workers inside the ES|QL compute engine. This (a) improves parallelism by dividing work in a granular and uniform fashion, and (b) leads to dense, sequential access patterns per time series that have been optimized to avoid copies between counter value decoding and rate calculations.Rate execution performance thus improves substantially, with up to 5x faster query responses. We're introducing a Prometheus-compatible `GET /_prometheus/api/v1/labels` REST entrypoint for time series discovery and label enumeration and introspection (Tech Preview). Web UIs can use this for label auto-completion. We're introducing a Prometheus-compatible `GET /_prometheus/api/v1/query` REST endpoint that evaluates a PromQL expression at a single point in time and returns vector results (Tech Preview). The instant query endpoint currently runs a short range query under the hood and returns the last sample. In Elasticsearch `9.4` we expand the supportability of `aggregate_metric_double` to include non-native operations in ES|QL, such as `std_dev`, using the average. The average is calculated using the `sum` and `value_count` sub-fields. The average was selected because in most cases it is a more representative signal compared to a single sub-field. Native operations such as `max`, `min`, `sum`, `avg`, and `count` will be supported natively by the respective sub-fields.For example, the following query is now supported where `network.eth0.tx` is a an `aggregate_metric_double`: ```esql FROM k8s-downsampled | STATS max = max(network.eth0.tx), std_dev = STD_DEV(network.eth0.tx) by pod | sort pod ``` Response: ``` max:double | std_dev:double | pod:keyword 1060.0 | 275.6970067 | one 824.0 | 184.1213952 | three 1419.0 | 356.9865993 | two ```

    Features and enhancements

    Aggregations:

    • Bump heap usage limits for INLINE STATS #144679

    Analysis:

    • Inject circuit breaker into forked SynonymMapBuilder #144800
    • Support custom rulesets in analysis-icu/icu-transform plugin #143060

    Authentication:

    • Add Clone API Key endpoint #142633 (issue: #59304)

    Authorization:

    • Update View CRUD Actions to be Index Actions #141570
    • [Entity Store] Add permissions for Entity Store datastream #145981

    CCS:

    • CPS and project routing support for templated searches #139446

    CRUD:

    • Do not mark bulk indexing requests as retried after primary relocations #142157 (issue: #141586)

    Codec:

    • Add dynamic bloom filter sizing based on document count #141342
    • Add panama simd implementation of contains function for BinaryDocValuesContainsTermQuery #143922
    • Allow loading BYTE_LENGTH without decompressing Zstd byte ref blocks #141322
    • ES819 Binary doc values: compact doc offsets using bit packing #142772
    • Enable large blocks for binary doc values by default. This mainly affects fields of type wildcard, ignored source, values hitting ignore above threshold and ignore malformed numbers and dates. #145216
    • Fast codePointCount implementation for BytesRef #140388
    • Push contains binary doc values query down to es819 codec #143898
    • Rewrite *substring* wildcard queries to contains term queries for binary doc values keywords #143433
    • Track bloom filter disk usage in IndexDiskUsageAnalyzer #142106
    • Upgrade zstd to version 1.5.7 #140530
    • Use DirectAccessInput in ZstdDecompressor to avoid intermediate heap copy #145658
    • Use max instead of median for merged bloom filter size #143302
    • CodePointCount implementation using Panama vectors API #140693 (issue: #140567)

    Data streams:

    • Add 'logs.otel' and 'logs.ecs' stream types #141564 (issue: #141040)
    • Ensure DLM only runs one general loop at a time #143883
    • Support Failure Stores in Cross Cluster Search #139316

    Distributed:

    • Batch index creation #144074
    • Batch snapshot update tasks after external change #142091
    • Ensure that synthetic _id is usable after restarts/relocations #138678
    • Health reports GREEN when provisionally unassigned replica #144773
    • Increase the per-index limit for merges to half the CPUs #141389
    • Opt-in persistent task reassignment on node shutdown #143306

    Downsampling:

    • Collect dimensions only once per tsid when downsampling #145089
    • Rate calculation for downsampled counters becomes aware of counter resets when the aggregate sampling method is used. #143381 (issue: #136178)
    • Use the tdigest type and compression from TDigest in downsampling #143247

    ES|QL:

    • Add APM telemetry for SET statement #141719
    • Add Arrow-native Block & Vector implementations #142981
    • Add CCS Remote Views Detection #143384
    • Add Connector SPI and gRPC/Arrow Flight module #142667
    • Add Google Cloud Storage data source plugin #142563
    • Add JSON_EXTRACT ES|QL scalar function #142375
    • Add LZ4, Snappy, and Brotli decompression codecs #144688
    • Add METRICS_INFO command #141667 (issue: #139296)
    • Add MMR command for result diversification #143867
    • Add MV_UNION Function #139664
    • Add ORC predicate pushdown via SearchArgument #144686
    • Add Parquet filter pushdown with bloom filter, statistics, and dictionary row-group skipping #144832
    • Add TS_INFO information retrieval command #142721 (issue: #139296)
    • Add Views Security Model #141050
    • Add Warning for Sort Under Lookup Join #141482 (issue: #141483)
    • Add FormatReadContext to consolidate FormatReader API #143928
    • Add IntRangeVector for selected groups in aggregation #141205
    • Add LongLongSwissHash - specialization for grouping by two long fields #140838
    • Add appliesTo to the TRange and TBucket functions #142160
    • Add anonymous Azure access via auth=none #144475
    • Add anonymous GCS access via auth=none #144476
    • Add anonymous S3 access via auth=none #144471
    • Add blocks and vectors for more Arrow numeric types #145111
    • Add cloud API rate limiting for external sources #144734
    • Add column pruning for external datasources #143903
    • Add configurable bracket-based multi-value support for CSV reader #143890
    • Add coordinator-only caching for external source metadata #145300
    • Add data node execution for external sources #143209
    • Add dense_vector equality and inequality support in ES|QL #140005 (issue: #139929)
    • Add error handling and propagation for external source execution #143333
    • Add error policy and configurable options for CSV format reader #143779
    • Add extended distribution tests and fault injection for external sources #143420
    • Add info into the profile of METRICS_INFO and TS_INFO #145634
    • Add limit pushdown for external data sources #143515
    • Add local parallelism and partition detection for external sources #143154
    • Add logic to fold project tags metadata on data nodes #141935
    • Add mapper-size plugin's _size metadata attribute #141427 (issue: #136956)
    • Add memory tracking for TS_INFO and METRICS_INFO #143491 (issue: #139296)
    • Add parallel execution for Arrow Flight multi-endpoint sources #143345
    • Add parameter support in PromQL query durations #139873 (issue: #139508)
    • Add pluggable partition detection and virtual columns #143120
    • Add positional readBytes API to StorageObject SPI #143703
    • Add schema reconciliation for multi-file external sources #145220
    • Add split SPI, partition detection, and filter hint extraction #143005
    • Add split discovery and distribution for external sources #143114
    • Add support for ORC file format #142900
    • Add support for dense_vector in COALESCE #142974 (issue: #139928)
    • Add support for binary operators with AMD #143996 (issue: #142094)
    • Add support for project METADATA #140592
    • Add support for top-level arithmetic ops to TS|STATS #140135 (issue: #139570)
    • Add syntax support and parsing for SET approximate #139908
    • Add telemetry (stack) for query settings #141836
    • Add timezone to add and sub operators, and ConfigurationAware planning support #140101
    • Add xerial snappy-java to compression-libs #145393
    • Added three new simple but useful spatial functions: ST_Dimension, ST_GeometryType, ST_IsEmpty #144703
    • Added timezone support to date_format #138517
    • Adding ES|QL USER_AGENT command #144384 (issue: #134886)
    • Adding ES|QL command REGISTERED_DOMAIN #142680 (issue: #133942)
    • Adding ES|QL command URI_PART #140004 (issue: #134885)
    • Adding MV_INTERSECTS function #140662
    • Adding sparkline aggregate function #141388
    • Adds LIMIT BY ESQL command in Tech Preview #145225 (issue: #112918)
    • Adds ST_SIMPLIFY geospatial function #136309 (issue: #44747)
    • Allow TBUCKET to skip the from/to parameters when Kibana adds a timestamp range filter. Exmaple: TBUCKET(100) #144057
    • Allow evaluatable grouping functions (Like BUCKET) in LIMIT BY #146642
    • Attribute ES|QL shard search load in Lucene operators #142841
    • Avoid caching multiple times in doc-partitioning #142913
    • Bridge Connector SPI to ExternalSplit #143331
    • Buffer reuse in ParquetStorageObjectAdapter and StorageObject #143700
    • Byte-based buffer backpressure for external sources #144218
    • CSV schema inference and parsing enhancements #144050
    • Case Support for Compound Types #140677
    • Converted PackedValuesBlockHash.bytes to BreakingBytesRefBuilder for better memory tracking #140171
    • Count aggregation for histograms #141138
    • DS: Parquet file handling improvements #145123
    • Data sources: Azure plugin #143236
    • Data sources: ZSTD, BZIP2 #143228
    • Datasources: GZIP #143035
    • Document and test Parquet page-index filtering #145571
    • ESQL - Add dense_vector field type to SUM function #142129
    • ESQL - Improve search performance by adding min competitive aware collection when using multiple shards / threads #142406 (issue: #136267)
    • ESQL 137269 some csv tests for lookup join behavior with multivalues #144520
    • ESQL mv_difference function #141895
    • ESQL: Improve field reference tracking in FORK command #137678 (issue: #137283)
    • ESQL: Prune unused regex extract nodes in optimizer #140982 (issue: #132437)
    • ESQL: Support intra-row field references in ROW command #140217 (issue: #140119)
    • ESQL: enable unmapped_fields="load" in tech preview #145052 (issue: #142369)
    • ES|QL - Add parsing, preanalysis and analysis timing information to profile #139540
    • ES|QL - Top N queries are parallelized #143133
    • ES|QL - dense_vector support for COUNT, PRESENT, ABSENT aggregator functions #139914 (issue: #135688)
    • ES|QL CHUNK function multi-valued field support #141240
    • ES|QL Improve LOOKUP JOIN on single keyword #144704
    • ES|QL Top Snippets multi-valued field support #142117
    • ES|QL Views support #134995
    • ES|QL TEXT_EMBEDDING function is GA #140555
    • ES|QL dense vector functions are GA #140545
    • ES|QL approximate analytical queries #131828
    • ES|QL command RERANK is GA #141508
    • Enable PromQL command in ES|QL #140808
    • Enable distributed pipeline breakers for external sources via FragmentExec #143696
    • Enable doc-partitioning for more queries #143095
    • Extract centroid from doc values for ST_CENTROID_AGG over geo_shape and cartesian_shape #142528 (issue: #142640)
    • Fix ORC type support gaps #145074
    • Fix Parquet and ORC datasource allocation overhead #143791
    • Fix Parquet type support gaps #144059
    • Fix review feedback and add test coverage for PR #143703 #143900
    • Fix window validation in time-series aggregations when TBUCKET uses a numeric target count #144291
    • Format "_query" response dates using the given timezone #139529
    • GCS native async I/O via ReadChannel #144733
    • Harden distributed external source execution #144277
    • Implement EXPLAIN for local data node plans #142748
    • Implementing rerank on multi values #140672
    • Improve Lookup Join performance with CachedDirectoryReader #139314 (issue: #137268)
    • Improve memory usage and tracking by moving union types into ValuesSourceReaderOperator #140384
    • Improve ndjson schema inference for date-time #145553
    • Introduce "Swiss Table"-based hashing to ES|QL, a SIMD-accelerated hash table resulting in significantly higher throughput on uniform, high-cardinality workloads #145010
    • Introduce Geospatial functions ST_Buffer and ST_SimplifyPreserveTopology #145154
    • Introduce SwissTable-based hashing for ES|QL STATS #139343
    • Introduce adaptive block hash for long/int #141237
    • JSON_EXTRACT: zero-copy byte slicing for object, array, and number extraction #143702
    • LIMIT BY fixed telemetry and tests #146992
    • MMR Command: Grammar and Logical Plan #140684
    • Make MV_EXPAND GA #144543
    • Make datasources plugins lazy #142815
    • Minimize Hadoop dependencies for ORC plugin #146944
    • Optimize TopNOperator to avoid resorting when input is already sorted #141094 (issue: #131221)
    • Partition rate query using tsid prefixes #144818
    • Per-file filter pushdown awareness #145755
    • Periodically emit partial aggregation results #141392
    • Push STARTS_WITH/LIKE prefix to Parquet and ORC #145640
    • Push stats to external source via metadata #143940
    • Reapply "Introduce pluggable external datasource framework" #142707
    • Reapply "NDJSON datasource" #142855
    • Refactor inference operator architecture for multi-value field support #139694
    • Register TSV as a separate format with tab delimiter #143906
    • Remove Hadoop JARs from Parquet plugin #146780 (issue: #146716)
    • Remove hadoop-client-runtime from datasource plugins #146206 (issue: #146203)
    • Remove implicit limit appended for each subquery branch #139058
    • Remove implicit limit for FORK #145429
    • Remove snapshot protection from node reduce late materialization #142834
    • Review fixes for datasource framework #142565
    • Route external source I/O through esql_worker thread pool #144596
    • Schema-aware filter pushdown for DATETIME and DECIMAL #145641
    • Shrink description #140089
    • Skip files with no projected column overlap in UNION_BY_NAME #145701
    • Skip time series field type merge for non-TS agg queries #143262
    • Speed up remote Parquet reads #144454
    • Stats pushdown past EVAL/RENAME for external sources #144806
    • Stream results from topn #140088
    • Support arithmetic operations for dense_vectors: scalar version #141060 (issue: #140538)
    • Support arithmetic operations for dense_vectors: vector version #140539 (issue: #140537)
    • Support of a window that is not an exact multiple of the bucket #143704
    • Support shapes in ST_CENTROID_AGG #141657
    • Support target bucket count in TBUCKET with explicit from/to date range #142747
    • Support window smaller than time bucket #143661
    • TRange timezone support #139911
    • Type conflict resolution in unmapped-fields load #143693 (issues: #142004, #141912)
    • Use avg metric for AMD default metric #141331
    • Use less memory in ValuesFromMany #140062
    • Validate TOP_SNIPPETS query argument is foldable at verification #142763 (issue: #142462)
    • Various fixes to spatial functions (ST_ENVELOPE and ST_NPOINTS) #139618
    • [ES|QL|DS] Add circuit breaker to the Parquet datasource #144491
    • [ES|QL|DS] Parquet row-group level split parallelism #144018
    • [ES|QL|DS] Wire parallel parsing into production for text formats #143997
    • ToString/ToDatetime/ToDateNanos converters timezone support #138985
    • support DATE_RANGE field type #133309
    • Add CHICKEN function to ES|QL #140645

    Engine:

    • Ensure acquired snapshot commit is always flushed #144067 (issue: #143993)

    Indices APIs:

    • More actionable PUT /{index}/_settings error #138611

    Inference:

    • Add FireworksAI chat completion support #142664
    • Add FireworksAI inference service for embeddings #137130
    • Add embedding task support to ElasticInferenceService #141547
    • Add provider validation call to Update Inference Endpoint operation #140003 (issue: #122356)
    • Added Reasoning support for Chat Completion in the Inference Plugin #143242
    • Added service settings update logic for AI21 provider in the Inference Plugin #142597 (issue: #122356)
    • Added service settings update logic for Alibaba Cloud Search provider in the Inference Plugin #142738 (issue: #122356)
    • Enable multimodal inputs for all chat completion integrations #144509
    • Removed the max_tokens request parameter for Chat Completion with Reasoning in the Inference Plugin #143242
    • [Inference API] Add Chat Completion to Amazon Bedrock for the Inference API #139411
    • [Inference API] Add custom headers for Azure OpenAI Service #142969
    • [Inference API] Add support for embedding task to JinaAI service #140323
    • [Inference API] Adding OAuth2 support for Azure OpenAI #143896
    • [Inference API] Expose Endpoint Heuristics through Inference API #141393
    • [Inference API] Handle preconfigured endpoints with embedding task type #141788
    • [Inference API] Parse endpoint metadata from persisted endpoints #143081
    • [Inference API] Support multimodal inputs for chat completion #142736
    • [Inference API] Update authorized endpoints when their fingerprint or version changed #143567

    Infra/Core:

    • Add DateFormatter.tryParse() #144474
    • Expose byte offsets on XContentParser via getCurrentLocation() #143501 (issue: #142873)

    Infra/Plugins:

    • [Fleet] Add OpAMP field mappings to fleet-agents #142550
    • [Fleet] Add metadata mappings for OpAMP #145824

    Infra/Scripting:

    • Painless hoist constant collection .contains calls #143311 (issue: #137849)

    Ingest Node:

    • Update Grok to use the new Matcher#setTimeout #139405
    • [INGEST] GrokProcessor: add validate_only option to skip field extraction #145126

    Logs:

    • Default index.mapping.use_doc_values_skipper to true for logsdb #142851
    • Store fallback match only text fields in binary doc values #140189

    Machine Learning:

    • Add EuroBERT and Jina v5 ops to graph validation allowlist #3015
    • Add a suggestion for fixing the ML node allocation error #139520
    • Add exponential-backoff retry for AD job opening during system-initiated reassignments #144478
    • Add support for nested NDJSON records in TextStructure endpoints #141045 (issue: #127777)
    • Better error handling regarding quantiles state documents #2894
    • Better handling of invalid JSON state documents #2895
    • Better messaging regarding OOM process termination #2841
    • Downgrade log severity for a batch of recoverable errors #2889
    • Harden pytorch_inference with TorchScript model graph validation #3008 (issue: #2890)
    • Improve adherence to memory limits for the bucket gatherer #2848
    • Report the actual memory usage of the autodetect process #2846
    • Restrict file system access for pytorch models #2851
    • Update the PyTorch library to version 2.7.1 #2863

    Mapping:

    • Add option to enable accurate leaf arrays for flattened fields #145376
    • Add passthrough support to flattened field type for mapped sub-fields #145131
    • Add properties support to flattened field type #144451
    • Aggregate metric double use average #142135
    • Improve the supportability of aggregate_metric_double by non-native ES|QL aggregation functions, such as std_dev. #145742
    • Remove redundant root doc values from flattened fields if index=false #143907
    • Set default semantic_text index type to disk_bbq by using dense_vector defaults #145374
    • Store flattened field data in binary doc values #140246
    • Update semantic text to use BFLOAT16 by default #144236

    Monitoring:

    • Add mode and codec fields to Stack Monitoring index template #143673

    Packaging:

    • Flip cloud-ess-fips default from FIPS 140-2 to FIPS 140-3 #140788

    Performance:

    • Allow intermediate builds in PR-based benchmarks #142472
    • Correctly reference non-main branches in benchmark script #142303
    • Relax PR-based benchmarks target branch #142297

    PromQL:

    • Add Prometheus instant query REST endpoint #145321
    • Add Prometheus labels REST endpoint #144952
    • Add Prometheus query_range endpoint #144416
    • Add Prometheus series REST endpoint #144494
    • Implement Prometheus remote write indexing support #141957

    Ranking:

    • Use VectorScorer to consume AcceptDocs iterator for lazy bulk scoring in VectorScoringUtils #145835 (issue: #145834)

    Reindex:

    • Add reindex-from-remote blocklist setting #145357
    • Disable OCC in update/delete-by-query for seq_no-less indices #143465

    Relevance:

    • GA chunk_rescorer in text_similarity_reranker #139830

    SQL:

    • Add project_routing to CLI #138965
    • Add support for API key to JDBC and CLI #142021

    Search:

    • Account for ES|QL Lucene query rewrite in recent search load #141819
    • Add semantic_text field type to MMR Result Diversification Retriever #141666
    • Add search task watchdog to log hot threads on slow search #142746
    • Added return_intermediate_results query param to toggle when partial results are returned for a get async results operation #141073 (issue: #139828)
    • CPS handles datastreams #140637
    • Expose keep_alive in async task status #144010
    • Fail MatchQueryParser if it generates a query with more clauses than allowed by max_clause_count #143233 (issue: #143032)
    • Ids Query: Use max result window as upper limit #140515 (issue: #138758)
    • Makes scroll CPS compatible #140977
    • Making use of sort optimization written from search in search shards #144247 (issue: #143945)
    • Only consider the primary sort when determining concurrency #143608
    • Optimize script sorts that do not require query scores #139748
    • Optimize search shard iterator sort #140747 (issue: #135472)
    • PIT context relocation work on main repo #137675
    • Prevent creating too many nested boolean clauses while creating the lucene query to avoid query explosion #143220
    • Ref-counting SearchHits from InternalTopHits to SearchResponse #142732
    • Search/query logging support for _search, ES|QL, EQL, SQL #139920
    • Semantic text default inference id setting #143486
    • Switch default model for semantic_text to jina-v5 #142980
    • Take control of max clause count verification in Lucene searcher #139752
    • Update text_similarity_rank_retriever to default to chunking settings optimal for inference ID #137397
    • Upgrade Elasticsearch to Apache Lucene 10.4 #141882
    • Use IndexOrDocValuesQuery in IpFieldType#termQuery #140735
    • Use IndexOrDocValuesQuery in NumberFieldType#termQuery implementations #140734
    • CanMatch returns numSkipped per cluster instead of all skipped shards #142170

    Searchable Snapshots:

    • Add SparseFileTracker.getAbsentBytesWithin #141179
    • Split blob-cache freelist using decays #142545
    • Trigger cache decay at 5% left on freq 0 #142685

    Security:

    • Allow deleting multiple views in one request #145816
    • Don't allow querying views with DLS or FLS #144903
    • Make ServiceAccountToken APIs Available in Serverless #140631
    • Upgrade bouncycastle to 1.84 #147197
    • Use opaque random session IDs for ESQL compute sessions #142249

    Snapshot/Restore:

    • Batching of snapshot-delete start updates #141998
    • Identify Elasticsearch as user-agent in S3 calls #141881
    • Reduce memory usage of TransportGetSnapshotsAction #142468
    • Report shard snapshot pauses in shutdown status #144717
    • Strengthen MPU-based CAS in S3 repo
    Original source
  • Apr 30, 2026
    • Date parsed from source:
      Apr 30, 2026
    • First seen by Releasebot:
      Apr 30, 2026
    Elastic logo

    Elastic

    Elastic Stack 9.3.4 released

    Elastic releases Elastic Stack 9.3.4 with an APM HTTP/2 fix for strict clients.

    Version 9.3.4 of the Elastic Stack was released today. We recommend you upgrade to this latest version. We recommend 9.3.4 over the previous versions 9.3.3.

    Fixed

    Fixed a regression where APM’s HTTP/2 connections could fail with strict clients due to framing errors.

    For details of the issues that have been fixed and a full list of changes for each product in this version, please refer to the release notes.

    Original source
Releasebot

Curated by the Releasebot team

Releasebot is an aggregator of official release notes from hundreds of software vendors and thousands of sources.

Our editorial process involves the manual review and audit of release notes procured with the help of automated systems.