The Groovy scripting language was introduced in Elasticsearch in version 1.4 as a replacement for MVEL. This replacement was supposed to address a number of security vulnerabilities in MVEL (among other things). However, Groovy also introduced some serious vulnerabilities that led to some high profile attacks.
While those specific vulnerabilities were ultimately patched, the decision was made that Groovy was not a safe option for multitenant configurations. As a result, Groovy scripting is only enabled for single tenant plans.
Groovy Errors
If your app returns errors containing ExpressionScriptCompilationException, it's likely that you need Groovy Scripting enabled on your cluster. This is a feature available on Dedicated and Enterprise plans. Users with a Business or Enterprise plan should contact us to get Groovy enabled. Users on our multitenant plans can still use dynamic scripting with the faster (but somewhat limited) Lucene Expressions language.
Ready to take a closer look at Bonsai?
Find out if Bonsai is a good fit for you in just 15 minutes.
