Last checked and updated on 10 Jun 2026
What Is New in Elasticsearch 6.7
Elasticsearch 6.7 delivers significant enhancements across security, search, and infrastructure management. This release focuses on making powerful features more accessible and improving the overall resilience of the cluster.
| Category | Key Updates |
|---|---|
| New Features | Built-in API key service, Painless script support for reindex/update-by-query, JDBC client. |
| Security | Free basic security features (TLS, role-based access control), FIPS 140-2 readiness. |
| Improvements | CCR leader index statistics, GeoIP processor performance, Index Lifecycle Management preview. |
| Deprecations | Deprecated the `_threadpool` and `_nodehotthreads` endpoints. |
What security features are now available for free?
This is a major shift for the ecosystem. The basic security features that were once part of the paid X-Pack subscription are now available to all users. This includes TLS for encrypted communication, role-based access control (RBAC) to manage user permissions, and file-based user authentication.
In practice, this means you can now secure your clusters without a license. You get encryption for data in transit and fine-grained control over who can access what data right out of the box. This is a huge win for securing development and staging environments without extra cost.
How does the built-in API key service work?
The new API key service allows clients to authenticate without using a username and password. You can generate an API key that grants specific permissions, which is much safer for application-to-application communication than hardcoding user credentials.
You manage it through the new /_security/api_key endpoint. This is a game-changer for writing scripts and application code, as it reduces the risk associated with credential exposure. The tokens are also easier to rotate and manage compared to traditional user accounts.
What search and scripting improvements were added?
You can now use Painless scripts in the _reindex and _update_by_query APIs. This lets you perform complex document transformations during these operations directly within Elasticsearch, eliminating the need for a separate client-side script for many tasks.
The GeoIP processor in Ingest nodes also got a performance boost. It's now more efficient at enriching your documents with geographical data from IP addresses, which speeds up your data ingestion pipelines.
Is there anything new for managing data and infrastructure?
Yes, Cross-Cluster Replication (CCR) now exposes statistics on leader indices. You can monitor the replication process from the leader's perspective, giving you better visibility into the health and performance of your CCR setup.
Index Lifecycle Management (ILM) is also introduced as a preview feature. It provides a managed way to handle indices through their lifecycle-from hot and warm phases to cold and ultimately deletion-based on policies you define. This is the foundation for automated index management.
FAQ
Do I need to pay for TLS and role-based access control in 6.7?
No. These core security features are now free and included in the default distribution. You can enable them without a license to encrypt node-to-node and client-to-node communication and to control user access to indices and APIs.
What is the main benefit of the new API key feature?
It provides a more secure method for applications and tools to authenticate with Elasticsearch. Instead of using a user's password, you generate a token with specific privileges, which is safer for automation and reduces the blast radius if the token is compromised.
Can I use Painless scripts to modify documents during a reindex?
Yes, absolutely. This is a powerful new capability. You can now write a Painless script as part of a reindex or update-by-query request to transform your documents on the fly, which is far more efficient than doing it client-side.
What was deprecated in this release that I should know about?
The _threadpool and _nodehotthreads endpoints are now deprecated. You should start using the replacement endpoints, _nodes/thread_pool and _nodes/hot_threads, respectively, as the old ones will be removed in a future version.
Is Index Lifecycle Management production-ready in 6.7?
No, it is released as a preview feature. This means it's available for you to test and provide feedback on, but it is not yet recommended for production use. Expect it to be fully supported in a future release.