ElasticPress icon indicating copy to clipboard operation
ElasticPress copied to clipboard

Published 20 hours ago verified publisher icon 10up

ElasticSearch 7 Soon to be EOL: Test and raise the max version to a more recent version of Elasticsearch

Open maiorano84 opened this issue 11 months ago • 2 comments

Is your enhancement related to a problem? Please describe.

Elasticsearch 8 was released in Februrary 2022. Since then, it does not appear that any tests or adjustments have been made to support recent versions, with the maximum supported version still being listed as 7.10.

Elasticsearch operates roughly on an 18-24 month release cycle between major versions. With that in mind, it can expected that version 9 is just around the corner, which means version 7 will be marked EOL and no longer supported.

It seems rather alarming that so little attention has been paid to keeping dependency versions up to date, despite how critical it is both from an operational and security perspective.

Designs

No response

Describe alternatives you've considered

At this point, if 10Up cannot - or will not - confirm support for modern versions of ElasticSearch, we will likely have to take this in-house and roll our own plugin due to the security risks involved with using ElasticPress.

Code of Conduct

  • [X] I agree to follow this project's Code of Conduct

maiorano84 avatar Mar 03 '24 21:03 maiorano84

You could also contribute PRs or fork it and provide it for everyone...

It has been a while since I've dug into the guts of elaaticpress, but I dont recall finding anything particularly broken when using it with Elasticsearch 8.x. It likewise worked with OpenSearch

My suspicion is that since Elasticpress.io is a hosted elasticsearch service, they are not allowed to use anything beyond 7.10 and are therefore are not saying anything about it.

nickchomey avatar Mar 04 '24 00:03 nickchomey

@nickchomey

We would be happy to provide a version of ElasticPress to the community that is properly maintained and tested, though unfortunately the timeline of that is a ways off. I would need to take this back to my team to see what options we have before going down that road.

That said, I've seen numerous reports stating "8.x doesn't seem broken", but that's coming from average users, not contributors or maintainers which is frustrating. We need official word and documentation or something that says that this is on their radar.

If they're running their service on outdated architecture, all the more reason for everyone to self-host, or move on to a different plugin. Letting any kind of architecture languish for 2+ years is inexcusable.

maiorano84 avatar Mar 04 '24 01:03 maiorano84

Closed by #3854.

felipeelia avatar Mar 07 '24 17:03 felipeelia