elasticsearch/docs/reference/release-notes/8.9.2.asciidoc

[[release-notes-8.9.2]]
== {es} version 8.9.2

Also see <<breaking-changes-8.9,Breaking changes in 8.9>>.

[[known-issues-8.9.2]]
[float]
=== Known issues
include::8.7.1.asciidoc[tag=no-preventive-gc-issue]

[float]
[[security-updates-8.9.2]]
=== Security updates

* {es} generally filters out sensitive information and credentials before
logging to the audit log. It was found that this filtering was not applied when
requests to {es} use certain deprecated `_xpack/security` URIs for APIs. The
impact of this flaw is that sensitive information, such as passwords and tokens,
might be printed in cleartext in {es} audit logs. Note that audit logging is
disabled by default and needs to be explicitly enabled. Even when audit logging
is enabled, request bodies that could contain sensitive information are not
printed to the audit log unless explicitly configured.
+
The issue is resolved in {es} 8.9.2.
+
For more information, see our related
https://discuss.elastic.co/t/elasticsearch-8-9-2-and-7-17-13-security-update/342479[security
announcement].

[[bug-8.9.2]]
[float]
=== Bug fixes

Data streams::
* Avoid lifecycle NPE in the data stream lifecycle usage API {es-pull}98260[#98260]

Geo::
* Fix mvt error when returning partial results {es-pull}98765[#98765] (issue: {es-issue}98730[#98730])

Ingest Node::
* Revert "Add mappings for enrich fields" {es-pull}98683[#98683]