diff --git a/docs/reference/aggregations/metrics/extendedstats-aggregation.asciidoc b/docs/reference/aggregations/metrics/extendedstats-aggregation.asciidoc index b71427ae9cb55..6eb2f18928a81 100644 --- a/docs/reference/aggregations/metrics/extendedstats-aggregation.asciidoc +++ b/docs/reference/aggregations/metrics/extendedstats-aggregation.asciidoc @@ -109,7 +109,7 @@ GET /exams/_search // CONSOLE // TEST[setup:exams] -This will interpret the `script` parameter as an `inline` script with the `painless` script language and no script parameters. To use a file script use the following syntax: +This will interpret the `script` parameter as an `inline` script with the `painless` script language and no script parameters. To use a stored script use the following syntax: [source,js] -------------------------------------------------- diff --git a/docs/reference/modules/plugins.asciidoc b/docs/reference/modules/plugins.asciidoc index 240f984091345..ad708e88024cd 100644 --- a/docs/reference/modules/plugins.asciidoc +++ b/docs/reference/modules/plugins.asciidoc @@ -6,7 +6,7 @@ Plugins are a way to enhance the basic elasticsearch functionality in a custom manner. They range from adding custom mapping types, custom -analyzers (in a more built in fashion), native scripts, custom discovery +analyzers (in a more built in fashion), custom script engines, custom discovery and more. See the {plugins}/index.html[Plugins documentation] for more. diff --git a/docs/reference/modules/scripting/security.asciidoc b/docs/reference/modules/scripting/security.asciidoc index 7e7d5ccf6b209..37168f56b8f14 100644 --- a/docs/reference/modules/scripting/security.asciidoc +++ b/docs/reference/modules/scripting/security.asciidoc @@ -47,21 +47,6 @@ Bad: * Users can write arbitrary scripts, queries, `_search` requests. * User actions make documents with structure defined by users. -[float] -[[modules-scripting-security-do-no-weaken]] -=== Do not weaken script security settings -By default Elasticsearch will run inline, stored, and filesystem scripts for -the builtin languages, namely the scripting language Painless, the template -language Mustache, and the expression language Expressions. These *ought* to be -safe to expose to trusted users and to your application servers because they -have strong security sandboxes. The Elasticsearch committers do not support any -non-sandboxed scripting languages and using any would be a poor choice because: -1. This drops a layer of security, leaving only Elasticsearch's builtin -<>. -2. Non-sandboxed scripts have unchecked access to Elasticsearch's internals and -can cause all kinds of trouble if misused. - - [float] [[modules-scripting-other-layers]] === Other security layers diff --git a/docs/reference/modules/scripting/using.asciidoc b/docs/reference/modules/scripting/using.asciidoc index 37f75f6557a31..646bd4dd0921c 100644 --- a/docs/reference/modules/scripting/using.asciidoc +++ b/docs/reference/modules/scripting/using.asciidoc @@ -178,14 +178,12 @@ DELETE _scripts/calculate-score === Script Caching All scripts are cached by default so that they only need to be recompiled -when updates occur. File scripts keep a static cache and will always reside -in memory. Both inline and stored scripts are stored in a cache that can evict -residing scripts. By default, scripts do not have a time-based expiration, but +when updates occur. By default, scripts do not have a time-based expiration, but you can change this behavior by using the `script.cache.expire` setting. You can configure the size of this cache by using the `script.cache.max_size` setting. By default, the cache size is `100`. NOTE: The size of stored scripts is limited to 65,535 bytes. This can be changed by setting `script.max_size_in_bytes` setting to increase that soft -limit, but if scripts are really large then alternatives like -<> scripts should be considered instead. +limit, but if scripts are really large then a +<> should be considered.