elastic
diff --git a/‎java-client/src/main/java/co/elastic/clients/elasticsearch/_types/Time.java
+4-3 b/‎java-client/src/main/java/co/elastic/clients/elasticsearch/_types/Time.java
+4-3
diff --git a/‎java-client/src/main/java/co/elastic/clients/elasticsearch/doc-files/api-spec.html
+23-19 b/‎java-client/src/main/java/co/elastic/clients/elasticsearch/doc-files/api-spec.html
+23-19
diff --git a/‎java-client/src/main/java/co/elastic/clients/elasticsearch/security/ClusterPrivilege.java
+2 b/‎java-client/src/main/java/co/elastic/clients/elasticsearch/security/ClusterPrivilege.java
+2
diff --git a/‎java-client/src/main/java/co/elastic/clients/elasticsearch/security/CreateServiceTokenRequest.java
+53-9 b/‎java-client/src/main/java/co/elastic/clients/elasticsearch/security/CreateServiceTokenRequest.java
+53-9
diff --git a/‎java-client/src/main/java/co/elastic/clients/elasticsearch/security/ElasticsearchSecurityAsyncClient.java
+36 b/‎java-client/src/main/java/co/elastic/clients/elasticsearch/security/ElasticsearchSecurityAsyncClient.java
+36
diff --git a/‎java-client/src/main/java/co/elastic/clients/elasticsearch/security/ElasticsearchSecurityClient.java
+37 b/‎java-client/src/main/java/co/elastic/clients/elasticsearch/security/ElasticsearchSecurityClient.java
+37
@@ -43,16 +43,17 @@
 import java.util.function.Function;
 import javax.annotation.Nullable;
 
-// typedef: _types.Time
+// typedef: _types.Duration
 
 /**
  * Whenever durations need to be specified, e.g. for a timeout parameter, the
  * duration must specify the unit, like 2d for 2 days.
  * 
  * @see <a href=
- *      "https://github.com/elastic/elasticsearch/blob/8.3/libs/core/src/main/java/org/elasticsearch/core/TimeValue.java">Documentation
+ *      "https://github.com/elastic/elasticsearch/blob/master/libs/core/src/main/java/org/elasticsearch/core/TimeValue.java">Documentation
  *      on elastic.co</a>
- * @see <a href="../doc-files/api-spec.html#_types.Time">API specification</a>
+ * @see <a href="../doc-files/api-spec.html#_types.Duration">API
+ *      specification</a>
  */
 @JsonpDeserializable
 public class Time implements TaggedUnion<Time.Kind, Object>, JsonpSerializable {
 
@@ -2022,29 +2022,29 @@
 'searchable_snapshots.stats.Request': 'searchable_snapshots/stats/SearchableSnapshotsStatsRequest.ts#L24-L36',
 'searchable_snapshots.stats.Response': 'searchable_snapshots/stats/SearchableSnapshotsStatsResponse.ts#L22-L27',
 'security._types.ApiKey': 'security/_types/ApiKey.ts#L23-L33',
-'security._types.ApplicationGlobalUserPrivileges': 'security/_types/Privileges.ts#L163-L165',
+'security._types.ApplicationGlobalUserPrivileges': 'security/_types/Privileges.ts#L164-L166',
 'security._types.ApplicationPrivileges': 'security/_types/Privileges.ts#L26-L39',
 'security._types.ClusterNode': 'security/_types/ClusterNode.ts#L22-L24',
-'security._types.ClusterPrivilege': 'security/_types/Privileges.ts#L41-L78',
+'security._types.ClusterPrivilege': 'security/_types/Privileges.ts#L41-L79',
 'security._types.CreatedStatus': 'security/_types/CreatedStatus.ts#L20-L22',
 'security._types.FieldRule': 'security/_types/RoleMappingRule.ts#L33-L42',
 'security._types.FieldSecurity': 'security/_types/FieldSecurity.ts#L22-L25',
-'security._types.GlobalPrivilege': 'security/_types/Privileges.ts#L159-L161',
+'security._types.GlobalPrivilege': 'security/_types/Privileges.ts#L160-L162',
 'security._types.GrantType': 'security/_types/GrantType.ts#L20-L23',
-'security._types.IndexPrivilege': 'security/_types/Privileges.ts#L137-L157',
-'security._types.IndicesPrivileges': 'security/_types/Privileges.ts#L80-L103',
-'security._types.ManageUserPrivileges': 'security/_types/Privileges.ts#L167-L169',
+'security._types.IndexPrivilege': 'security/_types/Privileges.ts#L138-L158',
+'security._types.IndicesPrivileges': 'security/_types/Privileges.ts#L81-L104',
+'security._types.ManageUserPrivileges': 'security/_types/Privileges.ts#L168-L170',
 'security._types.Realm': 'security/_types/RoleMappingRule.ts#L44-L46',
 'security._types.RealmInfo': 'security/_types/RealmInfo.ts#L22-L25',
 'security._types.RoleMapping': 'security/_types/RoleMapping.ts#L25-L31',
 'security._types.RoleMappingRule': 'security/_types/RoleMappingRule.ts#L23-L31',
 'security._types.TransientMetadataConfig': 'security/_types/TransientMetadataConfig.ts#L20-L22',
 'security._types.User': 'security/_types/User.ts#L22-L29',
-'security._types.UserProfile': 'security/_types/UserProfile.ts#L41-L47',
-'security._types.UserProfileHitMetadata': 'security/_types/UserProfile.ts#L27-L30',
-'security._types.UserProfileUser': 'security/_types/UserProfile.ts#L32-L39',
-'security._types.UserProfileWithMetadata': 'security/_types/UserProfile.ts#L49-L52',
-'security.activate_user_profile.Request': 'security/activate_user_profile/Request.ts#L23-L36',
+'security._types.UserProfile': 'security/_types/UserProfile.ts#L43-L49',
+'security._types.UserProfileHitMetadata': 'security/_types/UserProfile.ts#L29-L32',
+'security._types.UserProfileUser': 'security/_types/UserProfile.ts#L34-L41',
+'security._types.UserProfileWithMetadata': 'security/_types/UserProfile.ts#L51-L54',
+'security.activate_user_profile.Request': 'security/activate_user_profile/Request.ts#L23-L37',
 'security.activate_user_profile.Response': 'security/activate_user_profile/Response.ts#L22-L24',
 'security.authenticate.Request': 'security/authenticate/SecurityAuthenticateRequest.ts#L22-L28',
 'security.authenticate.Response': 'security/authenticate/SecurityAuthenticateResponse.ts#L25-L40',
@@ -2064,7 +2064,7 @@
 'security.create_api_key.Request': 'security/create_api_key/SecurityCreateApiKeyRequest.ts#L26-L51',
 'security.create_api_key.Response': 'security/create_api_key/SecurityCreateApiKeyResponse.ts#L23-L49',
 'security.create_api_key.RoleDescriptor': 'security/create_api_key/types.ts#L30-L39',
-'security.create_service_token.Request': 'security/create_service_token/CreateServiceTokenRequest.ts#L23-L34',
+'security.create_service_token.Request': 'security/create_service_token/CreateServiceTokenRequest.ts#L24-L39',
 'security.create_service_token.Response': 'security/create_service_token/CreateServiceTokenResponse.ts#L22-L27',
 'security.create_service_token.Token': 'security/create_service_token/types.ts#L22-L25',
 'security.delete_privileges.FoundStatus': 'security/delete_privileges/types.ts#L20-L22',
@@ -2080,11 +2080,11 @@
 'security.delete_user.Response': 'security/delete_user/SecurityDeleteUserResponse.ts#L20-L22',
 'security.disable_user.Request': 'security/disable_user/SecurityDisableUserRequest.ts#L23-L35',
 'security.disable_user.Response': 'security/disable_user/SecurityDisableUserResponse.ts#L20-L22',
-'security.disable_user_profile.Request': 'security/disable_user_profile/Request.ts#L23-L45',
+'security.disable_user_profile.Request': 'security/disable_user_profile/Request.ts#L24-L47',
 'security.disable_user_profile.Response': 'security/disable_user_profile/Response.ts#L22-L24',
 'security.enable_user.Request': 'security/enable_user/SecurityEnableUserRequest.ts#L23-L35',
 'security.enable_user.Response': 'security/enable_user/SecurityEnableUserResponse.ts#L20-L22',
-'security.enable_user_profile.Request': 'security/enable_user_profile/Request.ts#L23-L45',
+'security.enable_user_profile.Request': 'security/enable_user_profile/Request.ts#L24-L47',
 'security.enable_user_profile.Response': 'security/enable_user_profile/Response.ts#L22-L24',
 'security.enroll_kibana.Request': 'security/enroll_kibana/Request.ts#L22-L28',
 'security.enroll_kibana.Response': 'security/enroll_kibana/Response.ts#L20-L25',
@@ -2122,7 +2122,7 @@
 'security.get_user.Response': 'security/get_user/SecurityGetUserResponse.ts#L23-L25',
 'security.get_user_privileges.Request': 'security/get_user_privileges/SecurityGetUserPrivilegesRequest.ts#L23-L36',
 'security.get_user_privileges.Response': 'security/get_user_privileges/SecurityGetUserPrivilegesResponse.ts#L26-L37',
-'security.get_user_profile.Request': 'security/get_user_profile/Request.ts#L22-L44',
+'security.get_user_profile.Request': 'security/get_user_profile/Request.ts#L23-L46',
 'security.get_user_profile.Response': 'security/get_user_profile/Response.ts#L23-L25',
 'security.grant_api_key.ApiKeyGrantType': 'security/grant_api_key/types.ts#L31-L34',
 'security.grant_api_key.GrantApiKey': 'security/grant_api_key/types.ts#L25-L29',
@@ -2132,6 +2132,9 @@
 'security.has_privileges.IndexPrivilegesCheck': 'security/has_privileges/types.ts#L33-L44',
 'security.has_privileges.Request': 'security/has_privileges/SecurityHasPrivilegesRequest.ts#L25-L42',
 'security.has_privileges.Response': 'security/has_privileges/SecurityHasPrivilegesResponse.ts#L24-L32',
+'security.has_privileges_user_profile.PrivilegesCheck': 'security/has_privileges_user_profile/types.ts#L26-L33',
+'security.has_privileges_user_profile.Request': 'security/has_privileges_user_profile/Request.ts#L24-L38',
+'security.has_privileges_user_profile.Response': 'security/has_privileges_user_profile/Response.ts#L22-L37',
 'security.invalidate_api_key.Request': 'security/invalidate_api_key/SecurityInvalidateApiKeyRequest.ts#L23-L37',
 'security.invalidate_api_key.Response': 'security/invalidate_api_key/SecurityInvalidateApiKeyResponse.ts#L23-L30',
 'security.invalidate_token.Request': 'security/invalidate_token/SecurityInvalidateTokenRequest.ts#L23-L35',
@@ -2159,10 +2162,11 @@
 'security.saml_prepare_authentication.Response': 'security/saml_prepare_authentication/Response.ts#L22-L28',
 'security.saml_service_provider_metadata.Request': 'security/saml_service_provider_metadata/Request.ts#L23-L34',
 'security.saml_service_provider_metadata.Response': 'security/saml_service_provider_metadata/Response.ts#L20-L24',
-'security.suggest_user_profiles.Request': 'security/suggest_user_profiles/Request.ts#L23-L51',
+'security.suggest_user_profiles.Hint': 'security/suggest_user_profiles/types.ts#L23-L34',
+'security.suggest_user_profiles.Request': 'security/suggest_user_profiles/Request.ts#L24-L66',
 'security.suggest_user_profiles.Response': 'security/suggest_user_profiles/Response.ts#L29-L35',
 'security.suggest_user_profiles.TotalUserProfiles': 'security/suggest_user_profiles/Response.ts#L24-L27',
-'security.update_user_profile_data.Request': 'security/update_user_profile_data/Request.ts#L26-L68',
+'security.update_user_profile_data.Request': 'security/update_user_profile_data/Request.ts#L27-L70',
 'security.update_user_profile_data.Response': 'security/update_user_profile_data/Response.ts#L22-L24',
 'shutdown._types.Type': 'shutdown/_types/types.ts#L20-L24',
 'shutdown.delete_node.Request': 'shutdown/delete_node/ShutdownDeleteNodeRequest.ts#L24-L45',
@@ -2505,10 +2509,10 @@
         if (hash.length > 1) {
             hash = hash.substring(1);
         }
-        window.location = "https://github.com/elastic/elasticsearch-specification/tree/679f9a5c53c5b764fe02ebba39d9b94b94634684/specification/" + (paths[hash] || "");
+        window.location = "https://github.com/elastic/elasticsearch-specification/tree/135ae054e304239743b5777ad8d41cb2c9091d35/specification/" + (paths[hash] || "");
     </script>
 </head>
 <body>
-    Please see the <a href="https://github.com/elastic/elasticsearch-specification/tree/679f9a5c53c5b764fe02ebba39d9b94b94634684/specification/">Elasticsearch API specification</a>.
+    Please see the <a href="https://github.com/elastic/elasticsearch-specification/tree/135ae054e304239743b5777ad8d41cb2c9091d35/specification/">Elasticsearch API specification</a>.
 </body>
 </html>
@@ -81,6 +81,8 @@ public enum ClusterPrivilege implements JsonEnum {
 
 	ManageTransform("manage_transform"),
 
+	ManageUserProfile("manage_user_profile"),
+
 	ManageWatcher("manage_watcher"),
 
 	Monitor("monitor"),
 
@@ -24,6 +24,7 @@
 package co.elastic.clients.elasticsearch.security;
 
 import co.elastic.clients.elasticsearch._types.ErrorResponse;
+import co.elastic.clients.elasticsearch._types.Refresh;
 import co.elastic.clients.elasticsearch._types.RequestBase;
 import co.elastic.clients.json.JsonpDeserializable;
 import co.elastic.clients.json.JsonpDeserializer;
@@ -36,15 +37,16 @@
 import co.elastic.clients.util.ObjectBuilderBase;
 import jakarta.json.stream.JsonGenerator;
 import java.lang.String;
-import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 import java.util.Objects;
 import java.util.function.Function;
 import javax.annotation.Nullable;
 
 // typedef: security.create_service_token.Request
 
 /**
- * Creates a service account token for access without requiring basic
+ * Creates a service accounts token for access without requiring basic
  * authentication.
  * 
  * @see <a href=
@@ -53,18 +55,23 @@
  */
 
 public class CreateServiceTokenRequest extends RequestBase {
+	@Nullable
 	private final String name;
 
 	private final String namespace;
 
+	@Nullable
+	private final Refresh refresh;
+
 	private final String service;
 
 	// ---------------------------------------------------------------------------------------------
 
 	private CreateServiceTokenRequest(Builder builder) {
 
-		this.name = ApiTypeHelper.requireNonNull(builder.name, this, "name");
+		this.name = builder.name;
 		this.namespace = ApiTypeHelper.requireNonNull(builder.namespace, this, "namespace");
+		this.refresh = builder.refresh;
 		this.service = ApiTypeHelper.requireNonNull(builder.service, this, "service");
 
 	}
@@ -74,10 +81,11 @@ public static CreateServiceTokenRequest of(Function<Builder, ObjectBuilder<Creat
 	}
 
 	/**
-	 * Required - An identifier for the token name
+	 * An identifier for the token name
 	 * <p>
 	 * API name: {@code name}
 	 */
+	@Nullable
 	public final String name() {
 		return this.name;
 	}
@@ -91,6 +99,19 @@ public final String namespace() {
 		return this.namespace;
 	}
 
+	/**
+	 * If <code>true</code> then refresh the affected shards to make this operation
+	 * visible to search, if <code>wait_for</code> (the default) then wait for a
+	 * refresh to make this operation visible to search, if <code>false</code> then
+	 * do nothing with refreshes.
+	 * <p>
+	 * API name: {@code refresh}
+	 */
+	@Nullable
+	public final Refresh refresh() {
+		return this.refresh;
+	}
+
 	/**
 	 * Required - An identifier for the service name
 	 * <p>
@@ -107,18 +128,22 @@ public final String service() {
 	 */
 
 	public static class Builder extends ObjectBuilderBase implements ObjectBuilder<CreateServiceTokenRequest> {
+		@Nullable
 		private String name;
 
 		private String namespace;
 
+		@Nullable
+		private Refresh refresh;
+
 		private String service;
 
 		/**
-		 * Required - An identifier for the token name
+		 * An identifier for the token name
 		 * <p>
 		 * API name: {@code name}
 		 */
-		public final Builder name(String value) {
+		public final Builder name(@Nullable String value) {
 			this.name = value;
 			return this;
 		}
@@ -133,6 +158,19 @@ public final Builder namespace(String value) {
 			return this;
 		}
 
+		/**
+		 * If <code>true</code> then refresh the affected shards to make this operation
+		 * visible to search, if <code>wait_for</code> (the default) then wait for a
+		 * refresh to make this operation visible to search, if <code>false</code> then
+		 * do nothing with refreshes.
+		 * <p>
+		 * API name: {@code refresh}
+		 */
+		public final Builder refresh(@Nullable Refresh value) {
+			this.refresh = value;
+			return this;
+		}
+
 		/**
 		 * Required - An identifier for the service name
 		 * <p>
@@ -174,7 +212,8 @@ public CreateServiceTokenRequest build() {
 
 				propsSet |= _service;
 				propsSet |= _namespace;
-				propsSet |= _name;
+				if (request.name() != null)
+					propsSet |= _name;
 
 				if (propsSet == (_namespace | _service | _name))
 					return "PUT";
@@ -194,7 +233,8 @@ public CreateServiceTokenRequest build() {
 
 				propsSet |= _service;
 				propsSet |= _namespace;
-				propsSet |= _name;
+				if (request.name() != null)
+					propsSet |= _name;
 
 				if (propsSet == (_namespace | _service | _name)) {
 					StringBuilder buf = new StringBuilder();
@@ -228,7 +268,11 @@ public CreateServiceTokenRequest build() {
 
 			// Request parameters
 			request -> {
-				return Collections.emptyMap();
+				Map<String, String> params = new HashMap<>();
+				if (request.refresh != null) {
+					params.put("refresh", request.refresh.jsonValue());
+				}
+				return params;
 
 			}, SimpleEndpoint.emptyMap(), false, CreateServiceTokenResponse._DESERIALIZER);
 }
@@ -1256,6 +1256,42 @@ public CompletableFuture<HasPrivilegesResponse> hasPrivileges() {
 				HasPrivilegesRequest._ENDPOINT, this.transportOptions);
 	}
 
+	// ----- Endpoint: security.has_privileges_user_profile
+
+	/**
+	 * Determines whether the users associated with the specified profile IDs have
+	 * all the requested privileges.
+	 * 
+	 * @see <a href=
+	 *      "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-has-privileges-user-profile.html">Documentation
+	 *      on elastic.co</a>
+	 */
+
+	public CompletableFuture<HasPrivilegesUserProfileResponse> hasPrivilegesUserProfile(
+			HasPrivilegesUserProfileRequest request) {
+		@SuppressWarnings("unchecked")
+		JsonEndpoint<HasPrivilegesUserProfileRequest, HasPrivilegesUserProfileResponse, ErrorResponse> endpoint = (JsonEndpoint<HasPrivilegesUserProfileRequest, HasPrivilegesUserProfileResponse, ErrorResponse>) HasPrivilegesUserProfileRequest._ENDPOINT;
+
+		return this.transport.performRequestAsync(request, endpoint, this.transportOptions);
+	}
+
+	/**
+	 * Determines whether the users associated with the specified profile IDs have
+	 * all the requested privileges.
+	 * 
+	 * @param fn
+	 *            a function that initializes a builder to create the
+	 *            {@link HasPrivilegesUserProfileRequest}
+	 * @see <a href=
+	 *      "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-has-privileges-user-profile.html">Documentation
+	 *      on elastic.co</a>
+	 */
+
+	public final CompletableFuture<HasPrivilegesUserProfileResponse> hasPrivilegesUserProfile(
+			Function<HasPrivilegesUserProfileRequest.Builder, ObjectBuilder<HasPrivilegesUserProfileRequest>> fn) {
+		return hasPrivilegesUserProfile(fn.apply(new HasPrivilegesUserProfileRequest.Builder()).build());
+	}
+
 	// ----- Endpoint: security.invalidate_api_key
 
 	/**
 
@@ -1294,6 +1294,43 @@ public HasPrivilegesResponse hasPrivileges() throws IOException, ElasticsearchEx
 				this.transportOptions);
 	}
 
+	// ----- Endpoint: security.has_privileges_user_profile
+
+	/**
+	 * Determines whether the users associated with the specified profile IDs have
+	 * all the requested privileges.
+	 * 
+	 * @see <a href=
+	 *      "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-has-privileges-user-profile.html">Documentation
+	 *      on elastic.co</a>
+	 */
+
+	public HasPrivilegesUserProfileResponse hasPrivilegesUserProfile(HasPrivilegesUserProfileRequest request)
+			throws IOException, ElasticsearchException {
+		@SuppressWarnings("unchecked")
+		JsonEndpoint<HasPrivilegesUserProfileRequest, HasPrivilegesUserProfileResponse, ErrorResponse> endpoint = (JsonEndpoint<HasPrivilegesUserProfileRequest, HasPrivilegesUserProfileResponse, ErrorResponse>) HasPrivilegesUserProfileRequest._ENDPOINT;
+
+		return this.transport.performRequest(request, endpoint, this.transportOptions);
+	}
+
+	/**
+	 * Determines whether the users associated with the specified profile IDs have
+	 * all the requested privileges.
+	 * 
+	 * @param fn
+	 *            a function that initializes a builder to create the
+	 *            {@link HasPrivilegesUserProfileRequest}
+	 * @see <a href=
+	 *      "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-has-privileges-user-profile.html">Documentation
+	 *      on elastic.co</a>
+	 */
+
+	public final HasPrivilegesUserProfileResponse hasPrivilegesUserProfile(
+			Function<HasPrivilegesUserProfileRequest.Builder, ObjectBuilder<HasPrivilegesUserProfileRequest>> fn)
+			throws IOException, ElasticsearchException {
+		return hasPrivilegesUserProfile(fn.apply(new HasPrivilegesUserProfileRequest.Builder()).build());
+	}
+
 	// ----- Endpoint: security.invalidate_api_key
 
 	/**