manual backport

jakelandis · Jun 4, 2024 · eaf0fde · eaf0fde
1 parent fc5dcb5
commit eaf0fde
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 6 deletions.
diff --git a/docs/changelog/105709.yaml b/docs/changelog/105709.yaml
@@ -1,6 +1,11 @@
 pr: 105709
-summary: Disable validate when rewrite parameter is sent and the index access control
-  list is non-null
+summary: Apply stricter Document Level Security (DLS) rules for the validate query API with the rewrite parameter.
 area: Security
-type: bug
+type: breaking
 issues: []
+breaking:
+  title: "Apply stricter Document Level Security (DLS) rules for the validate query API with the rewrite parameter"
+  area: REST API
+  details: When Document Level Security (DLS) is applied to the validate query API with the rewrite parameter, stricter security rules apply.
+  impact: If needed, test workflows with DLS enabled to ensure that the stricter security rules do not impact your application.
+  notable: false
diff --git a/docs/changelog/105714.yaml b/docs/changelog/105714.yaml
@@ -1,5 +1,11 @@
 pr: 105714
-summary: Cross check livedocs for terms aggs when index access control list is non-null
-area: "Aggregations"
-type: bug
+summary: Apply stricter Document Level Security (DLS) rules for terms aggregations when min_doc_count is set to 0.
+area: Security
+type: breaking
 issues: []
+breaking:
+  title: "Apply stricter Document Level Security (DLS) rules for terms aggregations when min_doc_count is set to 0"
+  area: REST API
+  details: When Document Level Security (DLS) is applied to terms aggregations and min_doc_count is set to 0, stricter security rules apply.
+  impact: If needed, test workflows with DLS enabled to ensure that the stricter security rules do not impact your application.
+  notable: false
diff --git a/docs/reference/migration/migrate_8_14.asciidoc b/docs/reference/migration/migrate_8_14.asciidoc
@@ -41,6 +41,25 @@ Remove any document-level security (DLS) or field-level security (FLS) definitio
 ====
 
 
+[discrete]
+[[breaking_814_dls_changes]]
+==== Stricter Document Level Security (DLS)
+
+[[stricter_dls_814]]
+.Document Level Security (DLS) applies stricter checks for the validate query API and for terms aggregations when min_doc_count is set to 0.
+
+[%collapsible]
+====
+*Details* +
+When Document Level Security (DLS) is applied to terms aggregations and min_doc_count is set to 0, stricter security rules apply.
+
+When Document Level Security (DLS) is applied to the validate query API with the rewrite parameter, stricter security rules apply.
+
+*Impact* +
+If needed, test workflows with DLS enabled to ensure that the stricter security rules do not impact your application.
+====
+
+
 [discrete]
 [[deprecated-8.14]]
 === Deprecations

diff --git a/docs/reference/release-notes/8.14.0.asciidoc b/docs/reference/release-notes/8.14.0.asciidoc
@@ -11,6 +11,8 @@ Also see <<breaking-changes-8.14,Breaking changes in 8.14>>.
 
 Security::
 * Prevent DLS/FLS if `replication` is assigned {es-pull}108600[#108600]
+* Apply stricter Document Level Security (DLS) rules for the validate query API with the rewrite parameter {es-pull}105709[#105709]
+* Apply stricter Document Level Security (DLS) rules for terms aggregations when min_doc_count is set to 0 {es-pull}105714[#105714]
 
 [[bug-8.14.0]]
 [float]