关键漏洞信息 Breaking Changes Removed the Bouncy Castle Security Provider: Search Guard now defaults to using Java Cryptography Extensions (JCE) for cryptographic functionality. This might impact TLS connections, JWT signature verification, authentication with OIDC and SAML, and other cryptographic operations. Removed Legacy Configuration Format: Support for has been removed in favor of . TLS on the REST Layer Enabled by Default: TLS is enabled by default on the REST layer with the new configuration parameter. Action Groups Attribute is Mandatory: The attribute in action groups is mandatory. Audit Log Bulk Request Body Logging is Disabled by Default: The new configuration parameter is set to control logging of bulk request bodies. Support for TLS 1.0 and TLS 1.1 Has Been Dropped: Support for outdated and insecure TLS 1.0 and TLS 1.1 protocols is removed. Security Fixes FLS Rules Fix: FLS rules which grant access to object subfields are now working correctly. Async Search Status: Support for asynchronous search status request functionality. LDAP - TLS Setup Improvements: Improved detection and handling of mixed LDAP:// and LDAPS:// host configurations. sgctl Fixes: corrected a bug that occurred during user creation with uncommon characters in the username. DLS Role Parsing Bug Fix: Fix for a bug where DLS rules were not applied when Singal’s watch was executing.