[Fleet] only auto-install content packages newer than the installed version by juliaElastic · Pull Request #262509 · elastic/kibana

juliaElastic · 2026-04-10T11:30:55Z

Summary

The auto-install content packages task was using string equality (!== version) to decide whether to reinstall a package. This meant any version mismatch would trigger a reinstall, effectively downgrading packages. For example, if 2.0.0-preview was installed and the registry listed 1.4.0 as the latest stable, the task would downgrade to 1.4.0.

The fix replaces string equality with semverGt to make sure there are no downgrades happening.
A package is now only installed when the registry version is strictly newer than the installed version.

To verify:

install prerelease version of a content package

POST kbn:/api/fleet/epm/packages/kubernetes_otel/2.0.0-preview5
{
    "force": true
}

wait 10m until the auto install content packages task runs
verify that the kubernetes_otel package is not downgraded

Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
Documentation was added for features that require explanation or tutorials
Unit or functional tests were updated or added to match the most common scenarios
If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the docker list
This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The release_note:breaking label should be applied in these situations.
Flaky Test Runner was used on any tests changed
The PR description includes the appropriate Release Notes section, and the correct release_note:* label is applied per the guidelines
Review the backport guidelines and apply applicable backport:* labels.

Identify risks

Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss.

Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging.

See some risk examples
...

elasticmachine · 2026-04-10T11:31:03Z

Pinging @elastic/fleet (Team:Fleet)

macroscopeapp · 2026-04-10T11:33:50Z

Approvability

Verdict: Needs human review

This PR changes the runtime behavior of when content packages get auto-installed, switching from version mismatch detection to semantic version comparison to prevent downgrades. While the change is focused and well-tested, it modifies package installation decision logic that could affect production deployments, and the author is not a designated owner of the Fleet files being changed.

^{You can customize Macroscope's approvability policy. Learn more.}

elasticmachine · 2026-04-10T13:20:23Z

💛 Build succeeded, but was flaky

Buildkite Build
Commit: 46637f4

Failed CI Steps

Fleet Cypress Tests #1

Test Failures

[job] [logs] Fleet Cypress Tests #1 / View agents list Bulk actions should navigate to Maintenance and diagnostics submenu
[job] [logs] Fleet Cypress Tests #1 / View agents list Bulk actions should navigate to Security and removal submenu and show unenroll option
[job] [logs] Fleet Cypress Tests #1 / View agents list Bulk actions should show hierarchical menu with submenus

Metrics [docs]

✅ unchanged

criamico

LGTM 🚀

kibanamachine · 2026-04-10T14:56:11Z

Starting backport for target branches: 9.2, 9.3

https://github.com/elastic/kibana/actions/runs/24249149029

kibanamachine · 2026-04-10T15:04:47Z

💔 All backports failed

Status	Branch	Result
❌	9.2	Backport failed because of merge conflicts
❌	9.3	Backport failed because of merge conflicts

Manual backport

To create the backport manually run:

node scripts/backport --pr 262509

Questions ?

Please refer to the Backport tool documentation

…ersion Backport of elastic#262509 to 9.2 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

…ersion Backport of elastic#262509 to 9.3 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Backport of elastic#262509 test changes to 9.2 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Backport of elastic#262509 test changes to 9.3 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

…lled version (#262704) ## Summary Backport of #262509 to 9.3. The auto-install content packages task was using string equality (`!== version`) to decide whether to reinstall a package. This meant any version mismatch would trigger a reinstall, effectively downgrading packages. The fix replaces string equality with `semverGt` to ensure a package is only installed when the registry version is strictly newer than the installed version.  --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

…lled version (#262703) ## Summary Backport of #262509 to 9.2. The auto-install content packages task was using string equality (`!== version`) to decide whether to reinstall a package. This meant any version mismatch would trigger a reinstall, effectively downgrading packages. The fix replaces string equality with `semverGt` to ensure a package is only installed when the registry version is strictly newer than the installed version.  --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

kibanamachine · 2026-04-14T08:49:08Z