search

10up / ElasticPress

A fast and flexible search and query engine for WordPress.
https://elasticpress.io
GNU General Public License v2.0
1.24k stars 312 forks source link

ElasticSearch 7 Soon to be EOL: Test and raise the max version to a more recent version of Elasticsearch #3852

Closed maiorano84 closed 6 months ago

maiorano84 commented 6 months ago

Is your enhancement related to a problem? Please describe.

Elasticsearch 8 was released in Februrary 2022. Since then, it does not appear that any tests or adjustments have been made to support recent versions, with the maximum supported version still being listed as 7.10.

Elasticsearch operates roughly on an 18-24 month release cycle between major versions. With that in mind, it can expected that version 9 is just around the corner, which means version 7 will be marked EOL and no longer supported.

It seems rather alarming that so little attention has been paid to keeping dependency versions up to date, despite how critical it is both from an operational and security perspective.

Designs

No response

Describe alternatives you've considered

At this point, if 10Up cannot - or will not - confirm support for modern versions of ElasticSearch, we will likely have to take this in-house and roll our own plugin due to the security risks involved with using ElasticPress.

Code of Conduct

nickchomey commented 6 months ago

You could also contribute PRs or fork it and provide it for everyone...

It has been a while since I've dug into the guts of elaaticpress, but I dont recall finding anything particularly broken when using it with Elasticsearch 8.x. It likewise worked with OpenSearch

My suspicion is that since Elasticpress.io is a hosted elasticsearch service, they are not allowed to use anything beyond 7.10 and are therefore are not saying anything about it.

maiorano84 commented 6 months ago

@nickchomey

We would be happy to provide a version of ElasticPress to the community that is properly maintained and tested, though unfortunately the timeline of that is a ways off. I would need to take this back to my team to see what options we have before going down that road.

That said, I've seen numerous reports stating "8.x doesn't seem broken", but that's coming from average users, not contributors or maintainers which is frustrating. We need official word and documentation or something that says that this is on their radar.

If they're running their service on outdated architecture, all the more reason for everyone to self-host, or move on to a different plugin. Letting any kind of architecture languish for 2+ years is inexcusable.

felipeelia commented 6 months ago

Closed by #3854.