[RELEASE] Release version 3.0.0

[opensearch-trigger-bot]

Release Status: 3.0.0-beta1 (In-Progress)

# Release Status: 3.0.0-alpha1 (Done 2025/03/18)

(3.0.0-alpha1 ensures early Integration - Ensure code compilation)

(You can still push feature to 3.0.0-beta1 if not ready by 3.0.0-alpha1)

Release OpenSearch and OpenSearch Dashboards 3.0.0

I noticed that a manifest was automatically created in manifests/3.0.0. Please follow the following checklist to make a release.

How to use this issue

This Release Issue

This issue captures the state of the OpenSearch release, its assignee (Release Manager) is responsible for driving the release. Please contact them or @mention them on this issue for help. There are linked issues on components of the release where individual components can be tracked. For more information check the the Release Process OpenSearch Guide.

Please refer to the following link for the release version dates: Release Schedule and Maintenance Policy.

Entrance Criteria

Criteria	Status	Description	Comments
Each component release issue has an assigned owner	🟢
Documentation draft PRs are up and in tech review for all component changes	🔴
Sanity testing is done for all components	🔴
Code coverage has not decreased (all new code has tests)	🔴
Release notes are ready and available for all components	🔴
Roadmap is up-to-date (information is available to create release highlights)	🔴
Release ticket is cut, and there's a forum post announcing the start of the window	🔴
Any necessary security reviews are complete	🔴

OpenSearch 3.0.0-beta1 exit criteria status:

Criteria	Status	Description	Comments
Performance tests are run, results are posted to the release ticket and there no unexpected regressions	🔴
No unpatched vulnerabilities of medium or higher severity that have been publicly known for more than 60 days	🔴
Documentation has been fully reviewed and signed off by the documentation community.	🔴
All integration tests are passing	🔴
Release blog is ready	🔴

OpenSearch-Dashboards 3.0.0-beta1 exit criteria status:

Criteria	Status	Description	Comments
Documentation has been fully reviewed and signed off by the documentation community	🔴
No unpatched vulnerabilities of medium or higher severity that have been publicly known for more than 60 days	🔴
All integration tests are passing	🔴
Release blog is ready	🔴

Preparation

• Release manager assigned.
• Update release page on the website with release manager and release issue details. Sample PR
• Existence of label in each component repo. For more information check the release-label section.
• Increase the build frequency.
• Release Issue.

Campaigns

• Component Release Issue.
• Release Campaigns.

Version Increment - (2025/03/24-2025/03/28 3.0.0-beta1)

• Core Version Increment.
• Components Version Increment.

Feature Freeze - (Ends 2025/04/07 3.0.0-beta1)

• OpenSearch / OpenSearch-Dashboards core and components teams finalize their features.

Code Complete - (Ends 2025/04/07 3.0.0-beta1)

• Mark this as done once the Code Complete is reviewed.
• Create/Verify pull requests to add each component to relase input manifests/3.0.0-beta1/opensearch-3.0.0-beta1.yml and manifests/3.0.0-beta1/opensearch-dashboards-3.0.0-beta1.yml.

Release Branch, Release Candidate Creation and Testing - (2025/04/08 3.0.0-beta1)

• Core Release Branch.
• Components Release Branch.
• Generate Release Candidate.
• Docker Scan.
• Integ Test.
  • TAR
  • RPM
  • DEB
  • Windows
• Backwards Compatibility Tests.
• Broadcast and Communication.
• Release Candidate Lock.
• Stop Release Candidate periodic auto builds

Performance testing validation - (2025/04/15 3.0.0-beta1)

• Post the benchmark-tests
• Longevity tests do not show any issues.

Pre Release - (2025/04/21 3.0.0-beta1)

• Release Labeled Issues.
• Go or No-Go.
• Release Notes.

Release - (2025/04/22 3.0.0-beta1)

• Central Promotion Workflow.
• Collaboration with the Project Management Team.

Release Checklist.

Release Checklist

Pre-Release activities

• Promote Repos.
  • • OS
  • • OSD
• Promote Artifacts.
  • • Windows
  • • Linux Debian
  • • Linux RPM
  • • Linux TAR
• Consolidated Release Notes.

Release activities

• Docker Promotion.
• Release Validation part 1.
  • • OpenSearch and OpenSearch Dashboard Validation.
  • • Validate the native plugin installation.
• Merge consolidated release notes PR.
• Website and Documentation Changes.
  • • Merge staging website PR.
  • • Promote the website changes to prod.
  • • Add website alert.
• Release Validation part 2.
  • • Validate the artifact download URL's and signatures.
• Release Validation part 3.
  • • Trigger the validation build (Search for Completed validation for <> in the logs).
• Maven Promotion.
• Publish blog posts.
• Advertise on Social Media.
• Post on public slack and Github Release issue.

Post Release

• Release Tags.
• Input Manifest Update.
• OpenSearch Build Release notes.
• Decrease the Build Frequency.
• Retrospective Issue.
• Helm and Ansible Playbook release.
• Upcoming Release Preparation.

Components

Replace with links to all component tracking issues.

Component	On track	Release Notes
{COMPONENT_ISSUE_LINK}	{INDICATOR}}	{STATUS}

OS:

• [RELEASE] Release version 3.0.0 OpenSearch#8756 @expani @sandeshkr419
• [RELEASE] Release version 3.0.0 common-utils#498 @peterzhuamazon
• [RELEASE] Release version 3.0.0 job-scheduler#426 @prudhvigodithi
• [RELEASE] Release version 3.0.0 security#3049 @cwperks
• [RELEASE] Release version 3.0.0 k-NN#996 @Vikasht34
• [RELEASE] Release version 3.0.0 geospatial#356 @will-hwang
• [RELEASE] Release version 3.0.0 cross-cluster-replication#1090 @RS146BIJAY
• [RELEASE] Release version 3.0.0 ml-commons#1140 @mingshl
• [RELEASE] Release version 3.0.0 neural-search#225 @will-hwang
• [RELEASE] Release version 3.0.0 notifications#712 @AWSHurneyt
• [RELEASE] Release version 3.0.0 observability#1574 @vamsimanohar
• [RELEASE] Release version 3.0.0 reporting#731 @vamsimanohar
• [RELEASE] Release version 3.0.0 sql#1880 @noCharger
• [RELEASE] Release version 3.0.0 asynchronous-search#318 @sgup432
• [RELEASE] Release version 3.0.0 anomaly-detection#967 @kaituo @junweid62
• [RELEASE] Release version 3.0.0 alerting#1035 @amsiglan @AWSHurneyt
• [RELEASE] Release version 3.0.0 security-analytics#1025 @amsiglan @AWSHurneyt
• [RELEASE] Release version 3.0.0 index-management#861 @tandonks
• [RELEASE] Release version 3.0.0 performance-analyzer#509 @Gaganjuneja
• [RELEASE] Release version 3.0.0 custom-codecs#107 @RS146BIJAY
• [RELEASE] Release version 3.0.0 flow-framework#487 @dbwiddis
• [RELEASE] Release version 3.0.0 skills#169 @zhichao-aws
• [RELEASE] Release version 3.0.0 query-insights#31 @ansjcy
• [RELEASE] Release version 3.0.0 opensearch-system-templates#13 @mohit10011999 @mgodwan
• [RELEASE] Release version 3.0.0 opensearch-learning-to-rank-base#119 @rithin-pullela-aws
• [RELEASE] Release version 3.0.0 opensearch-remote-metadata-sdk#55 @dbwiddis

OSD:

• [RELEASE] Release version 3.0.0 OpenSearch-Dashboards#4583 @kavilla
• [RELEASE] Release version 3.0.0 dashboards-observability#704 @vamsimanohar
• [RELEASE] Release version 3.0.0 dashboards-reporting#150 @vamsimanohar
• [RELEASE] Release version 3.0.0 dashboards-visualizations#213 (Pending removal 3.0)
• [RELEASE] Release version 3.0.0 dashboards-query-workbench#97 @vamsimanohar
• [RELEASE] Release version 3.0.0 dashboards-maps#442 @will-hwang
• [RELEASE] Release version 3.0.0 anomaly-detection-dashboards-plugin#568 @kaituo
• [RELEASE] Release version 3.0.0 ml-commons-dashboards#234 @wanglam
• [RELEASE] Release version 3.0.0 index-management-dashboards-plugin#820 @tandonks
• [RELEASE] Release version 3.0.0 dashboards-notifications#87 @amsiglan @AWSHurneyt
• [RELEASE] Release version 3.0.0 alerting-dashboards-plugin#944 @amsiglan @AWSHurneyt
• [RELEASE] Release version 3.0.0 security-analytics-dashboards-plugin#996 @amsiglan @AWSHurneyt
• [RELEASE] Release version 3.0.0 security-dashboards-plugin#1525 @derek-ho
• [RELEASE] Release version 3.0.0 dashboards-search-relevance#254 @sejli
• [RELEASE] Release version 3.0.0 dashboards-assistant#99 @SuZhou-Joe @ruanyl
• [RELEASE] Release version 3.0.0 query-insights-dashboards#59 @ansjcy
• [RELEASE] Release version 3.0.0 dashboards-flow-framework#304 @ohltyler

Issues:

• [Deprecation] Properly deprecate Ubuntu2004 as CI build image/Supported OS and switch to Ubuntu2404 #5270
  • https://github.com/opensearch-project/opensearch-build/blob/main/release-notes/opensearch-release-notes-2.19.0.md#deprecation-notices
  • Replace Ubuntu 20.04 with Ubuntu 24.04 as it will be deprecated soon documentation-website#9165
• (New Key) Generating new PGP key for signing artifacts starting 3.0.0 with @opensearch.org email #5308
• (Optional?) [Workspace] Migrate tenant data to workspace security-dashboards-plugin#1847
• [BUG] OSD distribution for 3.0.0 is invalid due to security-analytics-dashboards-plugin security-analytics-dashboards-plugin#1185
  • Temporarily removed visualizations for 3.0-alpha1. security-analytics-dashboards-plugin#1272
• (New Key) Generating new PGP key for signing artifacts starting 3.0.0 with @opensearch.org email #5308
• [BUG] SecureMLRestIT.testPredictWithReadOnlyMLAccess Failed ml-commons#3640
• [Enhancement] Validation workflow YUM need to pull pgp key based on repo file #5413
• [Enhancement] Manifest lock on tag errors on qualifier #5415
• [BUG] Missing necessary license, description, developer information in maven pom geospatial#731
  • persist licenses and developer fields in pom file geospatial#732
• [BUG] Upgrade OS from 2.19.0 to 3.0.0-alpha1, the OS can't start up security#5191 (comment)
• Upgrade PyTorch Version ml-commons#3628
• [Enhancement] Validation workflow YUM need to pull pgp key based on repo file #5413
• [Enhancement] Manifest lock on tag errors on qualifier #5415
• [BUG] UT fails with recent monaco-editor version bump in OSD core alerting-dashboards-plugin#1228

Campaigns:

• [PROPOSAL] Release OpenSearch 3.0 .github#250
• [PROPOSAL] OpenSearch Release Schedule for Year 2025 .github#252
• [META] [Release 3.0] Planned Breaking Changes for 3.0 in Core/Plugins #5243
• [META] Set OpenSearch 3.0.0 baseline JDK version to JDK-21 OpenSearch#14011
• [META] OpenSearch 3.0 Core Release Tracker  OpenSearch#16935
• [Campaign] Add distribution level Backward Compatiblity tests to all plugins #3671
• Onboard all OpenSearch plugins to Smoke tests framework #5317
• Permanently turn-off Security Manager (JSM) starting 3.0 OpenSearch#17181
  • [Security Manager Replacement] Strengthen OS core security via systemd configuration  OpenSearch#16729
    • Add systemd configurations to strengthen OS core security OpenSearch#17107
    • Add systemd integ tests to run with docker OpenSearch#17308
    • Add sample integ tests for latest systemd unit file OpenSearch#17410
    • Support new OS core systemd and integTests in 3.0.0 and manifest updates #5345
    • (Systemd IntegTest) [Security Manager Replacement] Strengthen OS core security via systemd configuration  OpenSearch#16729 (comment)
    • Java agent based File interceptor OpenSearch#17633
    • [POC] [Security Manager Replacement] Native Java Agent (dynamic code rewriting, must be low overhead) OpenSearch#16731
    • Simplify policy evaluation OpenSearch#17712
  • [BUG] Systemd integTest did not check for opensearch:adm on deb packages OpenSearch#17614
• Support for FIPS compliance mode OpenSearch#14912
• [Node.js v20] Plugin Verification Meta Issue OpenSearch-Dashboards#9459
  • Update NodeJS from version 18 to 20 (v20.18.1 per Switch to NodeJS LTS 20 "Iron" OpenSearch-Dashboards#9171) v20.18.3 now:
    • [BUG] EOL of Node.js version 18.x used in Opensearch-dashboards OpenSearch-Dashboards#8463
    • Add 3.0.0-beta1 manifests for testing on node20/22 upgrade in OSD core #5337
    • Update nodeJS version to 20.18.3 in support of 3.0.0 #5276
    • https://opensearch.org/docs/latest/install-and-configure/os-comp/
    • https://opensearch.org/blog/explore-OpenSearch-2-19/
      • Update deprecation notice on 2.19 blog for 3.0 project-website#3678
    • https://github.com/opensearch-project/opensearch-build/blob/main/release-notes/opensearch-release-notes-2.19.0.md
      • Remove ganttcharts in 3.0.0 and update deprecation notice #5358
    • remove typescript definition in package.json security-dashboards-plugin#2197
    • [chore] upgrade to Node.js 20 OpenSearch-Dashboards#9466
    • Fix: fix potential memory leak in getDirectQueryConnections with node 20 OpenSearch-Dashboards#9575
• [PROPOSAL] Delay OpenSearch 3.0 Beta (by 2 weeks) .github#300
  • Update 3.0.0 schedule as 3.0.0-beta1 will be delayed by 2 weeks project-website#3707
• JDK24: [Feature Request] Add JDK-24 support OpenSearch#17661
  • Support JDK-24 builds on Jenkins #5426

PRs:

• Update beta1 qualifier for 3.0.0 version OpenSearch#17621
• Update beta1 builds and manifest entries #5411
• Update 3.0.0 from alpha1 to beta1 #5416
• Update 3.0.0 beta1 related events and dates project-website#3715
• Update 3.0.0-beta1 osd core branch to main in manifests #5424
• Resolve few typos for release schedule and calendar project-website#3722
• Publish 3.0.0 beta1 release schedule and events into production project-website#3726

Onboard beta1:

• OS:

  • Update beta1 qualifier for 3.0.0 version OpenSearch#17621
  • Change 3.0.0 qualifier from alpha1 to beta1 common-utils#808
  • [Release 3.0.0] Prepare for 3.0.0 beta1 release job-scheduler#752
  • Version bump to 3.0.0-beta1 ml-commons#3684
  • Bump version to 3.0.0-beta1 opensearch-remote-metadata-sdk#120
  • upgrade to beta1 from alpha1 for 3.0 release geospatial#733
  • Bump SQL main to version 3.0.0.0-beta1 sql#3489
  • Change qualifier from alpha1 to beta1 asynchronous-search#716
  • [Release 3.0] Bump version 3.0.0.0-beta1  skills#543
  • Migrate derived source from filter to mask k-NN#2612
  • [3.0] Update neural-search for OpenSearch 3.0 beta compatibility neural-search#1245
  • Update version qualifier to beta1. notifications#1011
  • Update version qualifier to beta1. alerting#1816
  • Update version qualifier to beta1. security-analytics#1500
  • Update 3.0.0 qualifier from alpha1 to beta1 index-management#1398
  • Bump ZTD lib version to 1.5.6-1. custom-codecs#232
  • Migrate from BC to BCFIPS libraries flow-framework#1087
  • Update 3.0.0 qualifier from alpha1 to beta1 query-insights#290
  • Update 3.0.0 qualifier from alpha1 to beta1 opensearch-learning-to-rank-base#154

• OSD

  • 
  • [chore] upgrade to Node.js 20 OpenSearch-Dashboards#9466
  • Increment version to 3.0.0.0-beta1 ml-commons-dashboards#409
  • Increment version to 3.0.0.0-beta1 dashboards-assistant#521
  • Bump version to 3.0.0.0-beta1; add release notes dashboards-flow-framework#685
  • Bump up version to 3.0.0-beta1 dashboards-maps#716
  • Update 3.0.0 qualifier from alpha1 to beta1 index-management-dashboards-plugin#1291
  • Update version qualifier to beta1. dashboards-notifications#336
  • Update version qualifier to beta1. alerting-dashboards-plugin#1227
  • Update version qualifier to beta1. security-analytics-dashboards-plugin#1275
  • Bump main to beta qual security-dashboards-plugin#2199
  • Bump to version 3.0.0.0-beta1 dashboards-search-relevance#491
  • Update 3.0.0 qualifier from alpha1 to beta1 query-insights-dashboards#154

Open Increment PR: https://github.com/pulls?q=is%3Apr+user%3Aopensearch-project+label%3Av3.0.0+%5BAUTO%5D+Increment+in%3Atitle+is%3Aopen+
Open PRs: https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aopensearch-project+label%3Av3.0.0
Open Issues: https://github.com/issues?q=is%3Aopen+is%3Aissue+archived%3Afalse+user%3Aopensearch-project+label%3Av3.0.0
Docs Pending: https://github.com/opensearch-project/documentation-website/issues?q=is%3Aissue+is%3Aopen+label%3Av3.0.0

Third Party Upgrades:

• [Release 3.0] Prepare for 3.0 release on Helm Charts helm-charts#648
• [Release 3.0] Prepare for 3.0 release on Ansible Playbook ansible-playbook#174
• [Release 3.0] Prepare for 3.0 release on Terraform Provider terraform-provider-opensearch#235

RFC/Discussion:

• [RFC] Decoupling OpenSearch Distribution, Server and Plugin versioning OpenSearch#17127
• [RFC] Migrating existing OpenSearch plugins from the main OpenSearch repository into their own dedicated repositories OpenSearch#17246

---

3.0.0-alpha1 issues/PRs

Issues:

• Bump up GCC version to 12.x or later to support SIMD AVX512 fp16 instructions #5226
• [Enhancement] Add Arm64 runner to docker build and ci runs #5248
• JDK23 supported on new gradle needs to be upgraded on plugins
  • Bump gradle to 8.10.2 and add JDK23 as part of the github checks k-NN#2432
  • Bump gradle to 8.10.2 and add JDK23 as part of the github checks reporting#1062
• [Release 3.0] Update com.github.johnrengelman.shadow to com.gradleup.shadow in gradle plugin #5267
  • [Release 3.0] Update common-utils shadow plugin repo and bump to 3.0.0.0-alpha1 common-utils#775
• [Deprecation] Properly deprecate Ubuntu2004 as CI build image/Supported OS and switch to Ubuntu2404 #5270
  • https://github.com/opensearch-project/opensearch-build/blob/main/release-notes/opensearch-release-notes-2.19.0.md#deprecation-notices
  • Replace Ubuntu 20.04 with Ubuntu 24.04 as it will be deprecated soon documentation-website#9165
  • Replace docker build image base from Ubuntu2004 to Ubuntu2404 #5328
  • Replace ubuntu2004 with ubuntu2404 on packer opensearch-ci#530
  • Update ubuntu2004 with ubuntu2404 images now in Jenkinsfiles #5364
  • Update ci ubuntu2404 script on awscliv2 installation opensearch-ci#532
  • Resolve ubuntu2404 agents startup issues on EC2  opensearch-ci#533
  • Update OS core systemd related test commands and switch to Ubuntu2404 Agents #5367
  • Update Ubuntu2404 image ami id on #533 opensearch-ci#534
• (New Key) Generating new PGP key for signing artifacts starting 3.0.0 with @opensearch.org email #5308
• (Optional?) [Workspace] Migrate tenant data to workspace security-dashboards-plugin#1847
• [BUG] BWC bug that cause query shard failure OpenSearch#17125
• [BUG] No enum constant org.opensearch.action.search.SearchPhaseName.CREATE_PIT OpenSearch#16750
  • [Bugfix] Fix IllegalArgumentException thrown when creating a PIT OpenSearch#16781
• [BUG] Missing bucket in terms aggregation with missing value OpenSearch#17391
• [BUG] repository-s3 plugin is broken in mainline OpenSearch#17426
• JDK21 / JDK24 LTS (03/18): Support JDK-23 (build time and runtime) OpenSearch#16257 (comment)
• [BUG] OSD distribution for 3.0.0 is invalid due to security-analytics-dashboards-plugin security-analytics-dashboards-plugin#1185
  • Temporarily removed visualizations for 3.0-alpha1. security-analytics-dashboards-plugin#1272
• (New Key) Generating new PGP key for signing artifacts starting 3.0.0 with @opensearch.org email #5308
• [BUG] SecureMLRestIT.testPredictWithReadOnlyMLAccess Failed ml-commons#3640
• [BUG] IntegTest failure on Windows due to doesn't match any of the locations specified by path.repo k-NN#2611
• [Enhancement] Validation workflow YUM need to pull pgp key based on repo file #5413
• [Enhancement] Manifest lock on tag errors on qualifier #5415
• [BUG] Missing necessary license, description, developer information in maven pom geospatial#731

Campaigns:

• [PROPOSAL] Release OpenSearch 3.0 .github#250
• [PROPOSAL] OpenSearch Release Schedule for Year 2025 .github#252
• [META] [Release 3.0] Planned Breaking Changes for 3.0 in Core/Plugins #5243
• [META] Set OpenSearch 3.0.0 baseline JDK version to JDK-21 OpenSearch#14011
• [META] OpenSearch 3.0 Core Release Tracker  OpenSearch#16935
• [Campaign] Add distribution level Backward Compatiblity tests to all plugins #3671
• Onboard all OpenSearch plugins to Smoke tests framework #5317
• Permanently turn-off Security Manager (JSM) starting 3.0 OpenSearch#17181
  • [Security Manager Replacement] Strengthen OS core security via systemd configuration  OpenSearch#16729
    • Add systemd configurations to strengthen OS core security OpenSearch#17107
    • Add systemd integ tests to run with docker OpenSearch#17308
    • Add sample integ tests for latest systemd unit file OpenSearch#17410
    • Support new OS core systemd and integTests in 3.0.0 and manifest updates #5345
    • (Systemd IntegTest) [Security Manager Replacement] Strengthen OS core security via systemd configuration  OpenSearch#16729 (comment)
    • Java agent based File interceptor OpenSearch#17633
    • [POC] [Security Manager Replacement] Native Java Agent (dynamic code rewriting, must be low overhead) OpenSearch#16731
    • Simplify policy evaluation OpenSearch#17712
  • [BUG] Systemd integTest did not check for opensearch:adm on deb packages OpenSearch#17614
• Support for FIPS compliance mode OpenSearch#14912
• [Node.js v20] Plugin Verification Meta Issue OpenSearch-Dashboards#9459
  • Update NodeJS from version 18 to 20 (v20.18.1 per Switch to NodeJS LTS 20 "Iron" OpenSearch-Dashboards#9171) v20.18.3 now:
    • [BUG] EOL of Node.js version 18.x used in Opensearch-dashboards OpenSearch-Dashboards#8463
    • Add 3.0.0-beta1 manifests for testing on node20/22 upgrade in OSD core #5337
    • Update nodeJS version to 20.18.3 in support of 3.0.0 #5276
    • https://opensearch.org/docs/latest/install-and-configure/os-comp/
    • https://opensearch.org/blog/explore-OpenSearch-2-19/
      • Update deprecation notice on 2.19 blog for 3.0 project-website#3678
    • https://github.com/opensearch-project/opensearch-build/blob/main/release-notes/opensearch-release-notes-2.19.0.md
      • Remove ganttcharts in 3.0.0 and update deprecation notice #5358
    • [chore] upgrade to Node.js 20 OpenSearch-Dashboards#9466
• [PROPOSAL] Delay OpenSearch 3.0 Beta (by 2 weeks) .github#300
• [BUG] Remove 2.20 before 3.0.0-alpha1 RC OpenSearch#17585
• [AUTOCUT] Distribution Build Failed for OpenSearch-Dashboards-3.0.0 OpenSearch-Dashboards#9397

Dreprecation:

• PA next step:
  • Deprecate performance-analyzer-rca performance-analyzer-rca#591
  • [RFC] Migrating Metrics From Performance Analyzer to OpenTelemetry Framework performance-analyzer#585
• Deprecate dashboards visualizations plugin dashboards-visualizations#430
• [Release 3.0] Planned Breaking Changes for 3.0 in Plugin dashboards-observability#2311
• [Release 3.0] Planned Breaking Changes for 3.0 in Plugin sql#3248
• Switch default vector engine from nmslib to faiss k-NN#2163

PRs:

• Update to Apache Lucene 10 for 3.0.0 OpenSearch#16366
• [Release 3.0] Bump 3.0.0 version with alpha qualifier (3.0.0-alpha) (later to 3.0.0-alpha1) OpenSearch#17020
• [Release 3.0] Switch alpha to alpha1 and update publish maven to support qualifier and meet requirements OpenSearch#17094
• [Release 3.0] Adding 3.0.0-alpha1 in manifests and Jenkins runs #5251
• [Release 3.0] Ensure 3.0.0 use lucene9 for now #5253
• Update CCR workflow to support v4 checkout action cross-cluster-replication#1488
• Fix compilation issues after upgrade to Lucene 10 security#5053
• Fix main knnlib dir in build script based on #2442 k-NN#2526
• Ensure AL2 build image keep libstdc++.so.6.0.24 version #5306
• Allow incremental build to respect version qualifier #5327
• Update incremental build to support qualifier on Jenkins opensearch-build-libraries#585
• Update distribution build to use libs 8.2.1 and fix incremental builds with qualifier #5334
• Update geospatial 3.x with publish jars to mavenlocal geospatial#726
• Add geospatial as sql dependencies in 3.x #5348
• Resolve issues where UPDATE_GITHUB_ISSUE is not supported in check-for-build #5350
• Update gradle version to 8.12.0 for JDK23 support reporting#1077
• Update version increment workflow to remove main/3.x updates #5353
• Update 3.0.0 events / releases / fix calendars project-website#3687
• Disable 3.0.0-alpha1 builds and remove ppc64le from Ubuntu due to awscliv2 lacks support #5366
• Update OS core systemd related test commands and switch to Ubuntu2404 Agents #5367
• Set vex notice to off in docker scan #5372
• Update OpenSearch gradle check version file location opensearch-build-libraries#606
• Add docker-compose file to support 3.0.0 #5375
• Update 3.x files and support gradle 8.13 html in report workflows #5377
• Delete package-lock.json as it is duplicate with yarn.lock query-insights-dashboards#133
• Add 3.0.0.0-alpha1 release notes in common utils common-utils#800
• add path.repo to KNN for 2.20 and 3.0.0-alpha1 #5387
• Update distribution builds to have revision replacing version #5390
• Reset jdk to 21 for test manifests and windows runner #5391
• Ensure scripted pipeline also pull latest docker images #5393
• Update integTest manifests path to remove leading 'manifests' prefix opensearch-build-libraries#614
• Add 'null' string validation if null is returned on cigroups opensearch-build-libraries#617
• Update integTests to match 8.3.2 libs updates #5395
• Update staging repo for geospatial-client and opensearch-geospatial publication geospatial#730
• Bump dep serialize-javascript version to 6.0.2 and @babel/runtime to 7.26.10 dashboards-observability#2389
• Update all ubuntu2004 to ubuntu2404 images #5398
• fixing security integ test ml-commons#3646
• Update binaryspec for deb creation as debmake=4.3.2-1 and above introduced nodejs #5401
• Add 3.0.0.0-alpha1 releasenotes asynchronous-search#714
• Add 3.0.0.0-alpha1 releasenotes performance-analyzer#793
• Update manifest repopath and temp resolve osd compiling issues on windows #5404
• Restore osd path as it does not correctly fix windows error #5405
• Retry on file/folder deletion with Windows longpath support OpenSearch-Dashboards#9561
• Add consolidated release notes for 3.0.0-alpha1 #5406
• Switch 3.0.0-alpha1 builds back to upstream #5408
• Update aptly version check to support ubuntu2404 opensearch-build-libraries#628
• Switch repo promotion to use 8.3.4 version #5412
• [PROPOSAL] Delay OpenSearch 3.0 Beta (by 2 weeks) .github#300

Version Bumps alpha1:
(OS)

• Fix test failure after lucene upgrade to 10 ml-commons#3426
• [Release 3.0] Update common-utils shadow plugin repo and bump to 3.0.0.0-alpha1 common-utils#775
• [Release 3.0] Bump main branch to use revision 3.0.0.0-alpha1 opensearch-remote-metadata-sdk#61
• [Release 3.0] Bump version 3.0.0.0-alpha1 and update shadowPlugin for Job Scheduler job-scheduler#722
• K-NN Plugin Upgrade with Lucene 10.0.1 k-NN#2429
• [3.0] Update neural-search for OpenSearch 3.0 compatibility neural-search#1141
• Fix compilation issues after upgrade to Lucene 10 security#5053
• [Release 3.0] Bump gradle 8.10.2 / JDK23 / 3.0.0.0-alpha1 on SQL plugin sql#3319
• [Release 3.0] Bump gradle 8.10.2 / JDK 23 / 3.0.0.0-alpha1 support on geospatial geospatial#723
• Update main to 3.0.0-alpha1 and fix breaking changes flow-framework#1026
• Update main branch for 3.0.0.0-alpha1 / gradle 8.10.2 / JDK23 asynchronous-search#698
• Version bump to opensearch-3.0.0-alpha1 and replaced usage of deprecated classes cross-cluster-replication#1504
• Update for Lucene 10 changes opensearch-learning-to-rank-base#144
• [Release 3.0] Added alpha1 qualifier. Updated shadow plugin reference. alerting#1786
• Fix breaking changes for 3.0.0 release anomaly-detection#1424
• Bump version 3.0.0-alpha1-SNAPSHOT observability#1904
• [Release 3.0] Add alpha1 qualifier. notifications#1002
• Bumping custom-codecs plugin version to 3.0.0-alpha1 and lucene upgrade custom-codecs#228
• Bumping opensearch-system-templates plugin version to 3.0.0-alpha1 opensearch-system-templates#60
  • Update gradle 8.10.2 JDK23 and support lucene10 opensearch-system-templates#62
• [Release 3.0] Bump version to 3.0.0-alpha1 & upgrade to gradle 8.10.2 query-insights#247
• Bump version 3.0.0-alpha1-SNAPSHOT reporting#1073
• [Release 3.0] Bump version 3.0.0.0-alpha1 skills#525
• [Release 3.0] Add alpha1 qualifier. security-analytics#1490
• [Release 3.0.0] Bump Version to 3.0.0-alpha1 and and updated shadowPlugin index-management#1384
• Bumps OS to 3.0.0-alpha1 and JDK 21 performance-analyzer#791
• Update Alpha1 to alpha1 in the release notes of 3.0.0.0-alpha1 query-insights#279

(OSD)

• Bump dashboards query workbench to version 3.0.0.0-alpha1 dashboards-query-workbench#444
• Bump opensearch to 3.0.0.0-alpha1 ml-commons-dashboards#400
• bump 3.0.0.0-alpha1 dashboards-assistant#450
• Bump dashboards-maps to version 3.0.0.0-alpha1 dashboards-maps#708
• feat: bump version to 3.0.0-alpha1 opensearch-dashboards-functional-test#1734
• Bump to alpha security-dashboards-plugin#2183
  • Fix alpha bump security-dashboards-plugin#2190
• Bump to version 3.0.0.0-alpha1 anomaly-detection-dashboards-plugin#985
• Bump to version 3.0.0.0-alpha1 dashboards-flow-framework#647
• Bump to version 3.0.0.0-alpha1 anomaly-detection-dashboards-plugin#985
• Index Management Dashboards plugin to version 3.0.0.0-alpha1 index-management-dashboards-plugin#1265
• Bump dashboards observability to version 3.0.0.0-alpha1 dashboards-observability#2364
• Bump to version 3.0.0.0-alpha1 dashboards-search-relevance#486
• Bump to 3.0.0-alpha1 query-insights-dashboards#127
• Bump dashboards reporting to version 3.0.0.0-alpha1 dashboards-reporting#536
• 3.0-alpha1 bump. security-analytics-dashboards-plugin#1268
• 3.0-alpha1 bump. alerting-dashboards-plugin#1218
• 3.0-alpha1 bump. dashboards-notifications#333

Gradle 8.10.2 Bump:

• Bump gradle to 8.10.2 and add JDK23 as part of the github checks k-NN#2432
  • [Release 3.0] Update gradle to 8.10.2 to support JDK23 k-NN#2460
• Bump gradle to 8.10.2 and add JDK23 as part of the github checks reporting#1062
• Bump gradle to 8.10.2 and add JDK23 as part of the github checks neural-search#1156
  • [Release 3.0] Update gradle to 8.10.2 for JDK23 and codecov to v5 and fix delete backport branches neural-search#1157
• Bump gradle to 8.10.2 and add JDK23 as part of the github checks opensearch-learning-to-rank-base#131
  • [Release 3.0] Bump gradle to 8.10.2 and support JDK23 opensearch-learning-to-rank-base#133
• Bump gradle to 8.10.2 and add JDK23 as part of the github checks cross-cluster-replication#1489
• Bump gradle to 8.10.2 and add JDK23 as part of the github checks sql#3315
  • [Release 3.0] Bump gradle 8.10.2 / JDK23 / 3.0.0.0-alpha1 on SQL plugin sql#3319
• Bump gradle to 8.10.2 and add JDK23 as part of the github checks geospatial#722
  • [Release 3.0] Bump gradle 8.10.2 / JDK 23 / 3.0.0.0-alpha1 support on geospatial geospatial#723
• Update main branch for 3.0.0.0-alpha1 / gradle 8.10.2 / JDK23 asynchronous-search#698
• Bump gradle to 8.10.2 and add JDK23 as part of the github checks anomaly-detection#1427
  • Upgrade gradle 8.10.2 and JDK 23 anomaly-detection#1428
• Bump gradle to 8.10.2 and add JDK23 as part of the github checks opensearch-system-templates#61
  • Update gradle 8.10.2 JDK23 and support lucene10 opensearch-system-templates#62
• [AUTOCUT] Distribution Build Failed for security-analytics-3.0.0 security-analytics#1350

GO/NOGO:

• [RELEASE] Release version 3.0.0 #3747 (comment)

• Update

[rishabh6788]

3.0.0-alpha1 Performance Report

There is no significant improvement or regression in indexing performance in 3.0.0-alpha1 compared to 2.19.1.
A few search queries have regressed which is being tracked in multiple issues, see https://github.com/opensearch-project/OpenSearch/issues?q=is%3Aissue%20state%3Aopen%20performance%20author%3Aexpani.

HTTP_LOGS

NYC_TAXIS

PMC

PERCOLATOR

BIG5

[opensearch-ci-bot]

See OpenSearch RC 8 and OpenSearch-Dashboards RC 8 details (3.0.0-alpha1)

OpenSearch RC 8 and OpenSearch-Dashboards RC 8 details

## OpenSearch 10932 and OpenSearch-Dashboards 8379 is ready for your test.

OpenSearch - Build 10932
OpenSearch Dashboards - Build 8379

• Use the following Docker-Compose to setup a cluster

  docker-compose.yml

    
  version: '3'
  services:
    opensearch-node1:
      image: opensearchstaging/opensearch:3.0.0-alpha1.10932
      container_name: opensearch-node1
      environment:
        - cluster.name=opensearch-cluster
        - node.name=opensearch-node1
        - discovery.seed_hosts=opensearch-node1,opensearch-node2
        - cluster.initial_cluster_manager_nodes=opensearch-node1,opensearch-node2
        - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping
        - OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123!
      ulimits:
        memlock:
          soft: -1
          hard: -1
        nofile:
          soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems
          hard: 65536
      volumes:
        - opensearch-data1:/usr/share/opensearch/data
      ports:
        - 9200:9200
        - 9600:9600 # required for Performance Analyzer
      networks:
        - opensearch-net
    opensearch-node2:
      image: opensearchstaging/opensearch:3.0.0-alpha1.10932
      container_name: opensearch-node2
      environment:
        - cluster.name=opensearch-cluster
        - node.name=opensearch-node2
        - discovery.seed_hosts=opensearch-node1,opensearch-node2
        - cluster.initial_cluster_manager_nodes=opensearch-node1,opensearch-node2
        - bootstrap.memory_lock=true
        - OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123!
      ulimits:
        memlock:
          soft: -1
          hard: -1
        nofile:
          soft: 65536
          hard: 65536
      volumes:
        - opensearch-data2:/usr/share/opensearch/data
      networks:
        - opensearch-net
    opensearch-dashboards:
      image: opensearchstaging/opensearch-dashboards:3.0.0-alpha1.8379
      container_name: opensearch-dashboards
      ports:
        - 5601:5601
      expose:
        - "5601"
      environment:
        OPENSEARCH_HOSTS: '["https://opensearch-node1:9200","https://opensearch-node2:9200"]'
      networks:
        - opensearch-net
  volumes:
    opensearch-data1:
    opensearch-data2:
  networks:
  
  opensearch-net:
  
  
  
  

  • Download the above docker-compose.yml on your machine.
  • Get latest image versions docker-compose pull.
  • Start the cluster docker-compose up.

• OpenSearch docker 3.0.0-alpha1.10932

  • Start without security
    • Docker command docker pull opensearchstaging/opensearch:3.0.0-alpha1.10932 && docker run -it -p 9200:9200 -e "discovery.type=single-node" -e "DISABLE_SECURITY_PLUGIN=true" opensearchstaging/opensearch:3.0.0-alpha1.10932
    • Connect command curl http://localhost:9200/
  • Start with security
    • Docker command

    docker pull opensearchstaging/opensearch:3.0.0-alpha1.10932 && docker run -it -p 9200:9200 -e "discovery.type=single-node" -e "OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123!" opensearchstaging/opensearch:3.0.0-alpha1.10932
    

    • Connect command curl --insecure 'https://admin:myStrongPassword123!@localhost:9200/'

• OpenSearch-Dashboards docker 3.0.0-alpha1.8379

  • Start without security
    • Docker command docker pull opensearchstaging/opensearch-dashboards:3.0.0-alpha1.8379 && docker run -it --network="host" -e "DISABLE_SECURITY_DASHBOARDS_PLUGIN=true" opensearchstaging/opensearch-dashboards:3.0.0-alpha1.8379
    • URL http://localhost:5601/
  • Start with security
    • Docker command docker pull opensearchstaging/opensearch-dashboards:3.0.0-alpha1.8379 && docker run -it --network="host" opensearchstaging/opensearch-dashboards:3.0.0-alpha1.8379
    • URL http://localhost:5601/

• Use TARs to deploy OpenSearch Manually

  • OpenSearch - Build 10932 (Note: Windows version does not have performance analyzer plugin)

    • arm64 [manifest] [tar] [rpm][deb]
    • x64 [manifest] [tar] [rpm] [deb] [windows]

  • OpenSearch Dashboards - Build 8379

    • arm64 [manifest] [tar][rpm][deb]
    • x64 [manifest] [tar][rpm] [deb] [windows]

Check how to install opensearch and dashboards on different platforms

Integration Test Results

• Use the https://metrics.opensearch.org/_dashboards/goto/9ed74dd90eb31c7b83f3542e43328088?security_tenant=global.

• Filter by the distribution_build_number. Use 10932 for OpenSearch and 8379 for OpenSearch Dashboards.
  Example when filtered with 10932 we can see all the passed/failed OpenSearch components. Check the metrics here.

• Find the list of the created AUTOCUT issues here https://github.com/issues?page=1&q=is%3Aopen+is%3Aissue+user%3Aopensearch-project+label%3Av3.0.0-alpha1+label%3Aautocut+%5BAUTOCUT%5D+in%3Atitle.

Thank you

OpenSearch Docker-Scan Results

Workflow run

opensearchstaging/opensearch:3.0.0-alpha1-alpha1 (amazon 2023.6.20250303 (Amazon Linux))
=================================================================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

OpenSearch-Dashboards Docker-Scan Results

Workflow run

opensearchstaging/opensearch-dashboards:3.0.0-alpha1-alpha1 (amazon 2023.6.20250303 (Amazon Linux))
============================================================================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)


Node.js (node-pkg)
==================
Total: 9 (UNKNOWN: 0, LOW: 1, MEDIUM: 7, HIGH: 1, CRITICAL: 0)

┌───────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────────────┬─────────────────────────────────────────────────────────────┐
│            Library            │ Vulnerability  │ Severity │ Status │ Installed Version │      Fixed Version      │                            Title                            │
├───────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────────────┼─────────────────────────────────────────────────────────────┤
│ @babel/runtime (package.json) │ CVE-2025-27789 │ MEDIUM   │ fixed  │ 7.23.2            │ 7.26.10, 8.0.0-alpha.17 │ Babel is a compiler for writing next generation JavaScript. │
│                               │                │          │        │                   │                         │ When using ......                                           │
│                               │                │          │        │                   │                         │ https://avd.aquasec.com/nvd/cve-2025-27789                  │
│                               │                │          │        │                   │                         │                                                             │
│                               │                │          │        │                   │                         │                                                             │
│                               │                │          │        │                   │                         │                                                             │
│                               │                │          │        │                   │                         │                                                             │
│                               │                │          │        ├───────────────────┤                         │                                                             │
│                               │                │          │        │ 7.23.8            │                         │                                                             │
│                               │                │          │        │                   │                         │                                                             │
│                               │                │          │        │                   │                         │                                                             │
│                               │                │          │        ├───────────────────┤                         │                                                             │
│                               │                │          │        │ 7.26.9            │                         │                                                             │
│                               │                │          │        │                   │                         │                                                             │
│                               │                │          │        │                   │                         │                                                             │
│                               │                │          │        ├───────────────────┤                         │                                                             │
│                               │                │          │        │ 7.5.0             │                         │                                                             │
│                               │                │          │        │                   │                         │                                                             │
│                               │                │          │        │                   │                         │                                                             │
├───────────────────────────────┼────────────────┼──────────┤        ├───────────────────┼─────────────────────────┼─────────────────────────────────────────────────────────────┤
│ canvg (package.json)          │ CVE-2025-25977 │ HIGH     │        │ 3.0.10            │ 4.0.3, 3.0.11           │ canvg: Prototype Pollution Vulneralbility                   │
│                               │                │          │        │                   │                         │ https://avd.aquasec.com/nvd/cve-2025-25977                  │
├───────────────────────────────┼────────────────┼──────────┤        ├───────────────────┼─────────────────────────┼─────────────────────────────────────────────────────────────┤
│ cookie (package.json)         │ CVE-2024-47764 │ LOW      │        │ 0.5.0             │ 0.7.0                   │ cookie: cookie accepts cookie name, path, and domain with   │
│                               │                │          │        │                   │                         │ out of bounds...                                            │
│                               │                │          │        │                   │                         │ https://avd.aquasec.com/nvd/cve-2024-47764                  │
├───────────────────────────────┼────────────────┼──────────┤        ├───────────────────┼─────────────────────────┼─────────────────────────────────────────────────────────────┤
│ prismjs (package.json)        │ CVE-2024-53382 │ MEDIUM   │        │ 1.27.0            │ 1.30.0                  │ prismjs: DOM Clobbering vulnerability within the Prism      │
│                               │                │          │        │                   │                         │ library's prism-autoloader plugin                           │
│                               │                │          │        │                   │                         │ https://avd.aquasec.com/nvd/cve-2024-53382                  │
│                               │                │          │        ├───────────────────┤                         │                                                             │
│                               │                │          │        │ 1.29.0            │                         │                                                             │
│                               │                │          │        │                   │                         │                                                             │
│                               │                │          │        │                   │                         │                                                             │
└───────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────────┴─────────────────────────────────────────────────────────────┘

[peterzhuamazon]

Signature validation 3.0.0-alpha1:

$ gpg --verify opensearch-3.0.0-alpha1-linux-x64.tar.gz.sig opensearch-3.0.0-alpha1-linux-x64.tar.gz
gpg: Signature made Tue Mar 18 17:54:22 2025 EDT
gpg:                using RSA key C2EE2AF6542C03B4
gpg: Good signature from "OpenSearch project <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: C5B7 4989 65EF D1C2 924B  A9D5 39D3 1987 9310 D3FC
     Subkey fingerprint: 2187 3199 B103 0FCD 49DA  83F8 C2EE 2AF6 542C 03B4

Note, we will switch keys for 3.0.0 GA for a new key.

• (New Key) Generating new PGP key for signing artifacts starting 3.0.0 with @opensearch.org email #5308

Thanks.

[zelinh]

Native plugin installation works for opensearch-3.0.0-alpha1

~/opensearch-3.0.0-alpha1 ./bin/opensearch-plugin install repository-s3
-> Installing repository-s3
-> Downloading repository-s3 from opensearch
[=================================================] 100%
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@     WARNING: plugin requires additional permissions     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.io.FilePermission config#plus read
* java.lang.RuntimePermission accessDeclaredMembers
* java.lang.RuntimePermission getClassLoader
* java.lang.RuntimePermission setContextClassLoader
* java.lang.reflect.ReflectPermission suppressAccessChecks
* java.net.NetPermission setDefaultAuthenticator
* java.net.SocketPermission * connect,resolve
* java.util.PropertyPermission aws.configFile read,write
* java.util.PropertyPermission aws.sharedCredentialsFile read,write
* java.util.PropertyPermission opensearch.allow_insecure_settings read,write
* java.util.PropertyPermission opensearch.path.conf read,write
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.

Continue with installation? [y/N]y
-> Installed repository-s3 with folder name repository-s3

[peterzhuamazon]

3.0.0-alpha1 maven: https://repo1.maven.org/maven2/org/opensearch/opensearch/3.0.0-alpha1/
(pending syncing)

[peterzhuamazon]

Hi All,

We have just release 3.0.0-alpha1 to the public! 🎉

• Artifacts Page: https://opensearch.org/versions/opensearch-3-0-0-alpha1.html
• Release Notes: https://github.com/opensearch-project/opensearch-build/blob/main/release-notes/opensearch-release-notes-3.0.0-alpha1.md
• Thanks everyone who helped in the process! We will start working on 3.0.0-beta1 next week!

Thanks!