As we already informed, for various security reasons, the dynamic scripting was disabled with the release of Elasticsearch 1.2.0. This means that you couldn’t modify scripts on-the-fly. That changed with the recent release of Elasticsearch 1.3.0.
With the release of Elasticsearch 1.3.0 the MVEL scripting language is marked as deprecated and the new, default language is Groovy. This was done because of security reasons – there were exploits for using MVEL and MVEL can’t be sandboxed. On the other hand Groovy can be sandboxed, which allowed Elasticsearch developers to enable dynamic scripting for it. In general, dynamic scripting is enabled again, for all scripting languages that can be sandboxed and thus are not a security treat.
There are a few limitation when one would compare other scripting languages to Lucene expressions module – i.e. Lucene expressions can only work on numeric fields and don’t have access to stored field. The documentation on Lucene expressions module can be found at: http://lucene.apache.org/core/4_9_0/expressions/index.html?org/apache/lucene/expressions/js/package-summary.html.