Monday, February 8, 2021

Elastic License Changes and Security Onion

Elastic License Changes

Elastic has finalized their new Elastic License v2:

For additional background, please see:

To summarize those articles, Elastic is changing their licensing and the Elastic Stack will no longer be available under the Apache license. Basic usage continues to be free, but source code will be dual licensed as either SSPL or Elastic License and binary packages will only be available under the Elastic License.

Here are some important points from

The Elastic License v2 (ELv2) is a very simple, non-copyleft license, allowing for the right to "use, copy, distribute, make available, and prepare derivative works of the software” and has only three high-level limitations. You cannot:

Provide the products to others as a managed service 

Circumvent the license key functionality or remove/obscure features protected by license keys 

Remove or obscure any licensing, copyright, or other notices

Security Onion and the Elastic Stack

Up until now, Security Onion has distributed the Apache-licensed version of the Elastic Stack by default and provided an option for users to accept the Elastic License and switch to the Features version. Starting in Elastic 7.11, there will be no more Apache version and so we will be distributing the Elastic version under the Elastic License.

We expect that the majority of our users will accept the Elastic License. Those that do will get more features than they previously had under the Apache license.

For those that can't accept the Elastic License or would prefer an open source license, we plan to investigate open source forks as they become available. If we find a suitable open source fork, then we will consider making it an option to users so that you can either accept our default of Elastic License or switch to an open source license.

Next Steps

We are planning releases for both Security Onion 16.04 and Security Onion 2 to include Elastic 7.10.2, which is currently the last version of the Elastic Stack available under the Apache license. We will then start working on integrating Elastic 7.11 into Security Onion 2 under the Elastic License.


  • If you're currently running Security Onion 16.04, then this shouldn't affect you immediately. Currently, we don't have any plans to make any Elastic licensing changes to Security Onion 16.04 since it reaches End of Life on 4/16/2021. However, you should plan to upgrade to Security Onion 2 soon.
  • If you're running Security Onion 2 using the current default of Apache-licensed Elastic, then a future update will ask if you want to accept the new Elastic License and, if so, you will then have the option to continue as a free user or upgrade to an Elastic paid plan.
  • If you're currently running Security Onion 2 and have manually switched to Elastic Features, then a future update will ask if you want to accept the new Elastic License and you can continue operating as you are today, either as a free user or upgrading to an Elastic paid plan.


Does this Elastic License change affect Security Onion 16.04 or Security Onion 2?

This Elastic License change primarily affects Security Onion 2. Since Security Onion 16.04 reaches End of Life on 4/16/2021, we are planning for it to remain on Elastic 7.10.2 which is still under the Apache license. Once Elastic 7.11 is released, we will then start working towards integrating that into Security Onion 2.

Does this Elastic License change mean that Elastic now costs money?

No, if you accept the Elastic License, then you can continue using Elastic for free with the basic feature set.

Which Security Onion components are changing license?

Elastic components are changing to the Elastic License. All other Security Onion components remain under their existing open source licenses.

Is the Elastic License an OSI-approved open source license?

No, the Elastic License is not an OSI-approved open source license. This applies to both Elastic License v1 and Elastic License v2.

Is SSPL an OSI-approved open source license?

No, SSPL is not an OSI-approved open source license. 

Does SSPL apply to Security Onion?

No, SSPL only applies if you are working directly with the dual-licensed Elastic source code and explicitly choose SSPL instead of the Elastic license. Security Onion distributes binary packages, which will only be under the Elastic License and not SSPL.

Is Security Onion allowed to distribute Elastic under the Elastic License?

In 2019, Security Onion Solutions signed an agreement with Elastic allowing us to distribute Elastic Features under Elastic License v1. The new Elastic License v2 explicitly allows for distribution.

What if I have additional questions?

If you have questions specific to Security Onion 2, you can use our community discussions site:

If you have questions specific to the Elastic License or SSPL, Elastic has published the following email address:

UPDATE 2021/02/10 - Improved the answer to "Does SSPL apply to Security Onion?"

No comments:

Search This Blog

Featured Post

Celebrating 10 Years of Security Onion Solutions and Announcing Security Onion Pro!

From Doug Burks, Founder and CEO of Security Onion Solutions:  There’s an old saying that it takes ten years to be an overnight success. Tha...

Popular Posts

Blog Archive