Releases: couchbase/sync_gateway
Sync Gateway 3.0.8.1 - August 2023
3.1.1 — July 2023
Release notes at https://docs.couchbase.com/sync-gateway/3.1/release-notes.html#maint-3-1-1
What's Changed (generated)
- 3.1.1 backport of allow /db/ if default collection is configured with other named collections (#6222) by @torcolvin in #6230
- Update release 3.1.1 docs by @torcolvin in #6241
- 3.1.1 backport of Rest API tweaks for docs (#6182) by @torcolvin in #6249
- CBG-3023 backport of cbgt cluster connection fails with HTTP polling enabled and TLS disabled by @torcolvin in #6271
- CBG-3035 (3.1.1 backport) remove cached connections when bucket disappear by @torcolvin in #6274
- CBG-3032 (3.1.1 backport) Make sure CE import uses checkpoints (#6261) by @torcolvin in #6272
- CBG-3019 CBG-3038 CBG-3040 3.1.1 cbgt backports by @torcolvin in #6273
- CBG-3030: [3.1.1] Fix panic for assigning to nil map inside Mutable1xBody by @gregns1 in #6275
- CBG-3039 (3.1.1 backport) Ensure proveAttachments works for v2 attachments with a v2 replication protocol by @torcolvin in #6276
- CBG-2864 (3.1.1 backport) of ability to override CORS config on a per DB basis by @torcolvin in #6277
- CBG-3034 (3.1.1 backport) allow DELETE on a broken DB config by @torcolvin in #6278
- CBG-3031: [3.1.1] Allow one-shot replications to wait for DCP to catch up on changes feed by @gregns1 in #6281
- CBG-3052: [3.1.1] pick up cbgt fix for panic in import feed by @gregns1 in #6283
- CBG-3042: [3.1.1] attachment compaction code erroneously sets failOnRollback by @gregns1 in #6282
- CBG-3036: [3.1.1] Replicator will not reconnect when max_back_off != 0 by @gregns1 in #6292
- [3.1.1 Backport] CBG-3033: Move processes into db online function by @bbrks in #6298
- CBG-3091: [3.1.1] backport the small fix for flake on TestReconnectReplicator in jenkins by @gregns1 in #6299
- [3.1.1 Backport] CBG-3103: Allow keyspace requests to initialize OIDC provider with correct callback URL (#6310) by @bbrks in #6312
- (3.1.1 backport) CBG-3109 allow autoImport unspecified and xattrs=false to work by @torcolvin in #6316
- [3.1.1 Backport] CBG-3129: Prevent unnecessary user updates when using OIDC claims to grant channel/roles by @bbrks in #6323
- [3.1.1 Backport] CBG-3131: Handle ErrImportCancelled case for OnDemandImportForGet (#6325) by @bbrks in #6327
- CBG-3041 [3.1.1 Backport] Support async database initialization by @adamcfraser in #6328
- (backport 3.1.1) CBG-3130 notify on request plus unused sequence docs (#6326) by @torcolvin in #6329
- (3.1.1 backport) CBG-3108 don't log non SG indexes (#6317) by @torcolvin in #6330
Full Changelog: 3.1.0...3.1.1
Contributors
Assets 2
3.0.8 — June 2023
Release notes at https://docs.couchbase.com/sync-gateway/3.0/release-notes.html#maint-3-0-8
What's Changed (generated)
- [3.0.8 Backport] CBG-2944 Ensure proveAttachments works for v2 attachments with a v2 replication protocol by @adamcfraser in #6268
- (3.0.8 backport) CBG-2855 Allow one-shot replications to wait for DCP to catch up on changes feed by @torcolvin in #6284
Full Changelog: 3.0.7...3.0.8
Contributors
Assets 2
3.0.7 — May 2023
Release notes at https://docs.couchbase.com/sync-gateway/3.0/release-notes.html#maint-3-0-7
New Features
CBG-2846 -- Ability to define CORS as part of DB config
Enhancements
CBG-2841 -- Add a flag to sg-collect collection to delete zip once uploaded
Fixed Issues
CBG-2850 — Avoid leaking information about database existence on public API
3.1.0 — April 2023
Version 3.1.0 of Sync Gateway delivers the following features and enhancements:
Scopes and Collections
In 3.1, Sync Gateway has significantly improved by incorporating Scopes and Collections support:
- Scopes and Collections Support: Adding Scopes and Collections support allows for an improved method of defining and enforcing data access control. This enhancement ensures that only authorized users can use the appropriate data.
- Simplified Data Organization and Synchronization: Streamlining the data organization and synchronization processes, enabling users to build and scale applications more efficiently while maintaining high security.
Synchronization between Couchbase Lite clients and Couchbase Server is accomplished by:
Sync Gateway Metadata Isolation
- Scopes and Collections for Isolation
Scopes and collections are used to isolate Sync Gateway metadata. - Default Scope/Collection for System Data
The _default scope/collection is used for system data maintained by Sync Gateway. In contrast, user-defined scopes/collections are used for application data. - Separating System Metadata and Application Data
Using separate Scopes and collections for system metadata and application data helps to logically isolate them and avoid accidental modification or deletion of system metadata by the application. - Implementing Role-Based Access Controls (RBAC)
To further safeguard against such risks, an SDK-based application implements role-based access controls (RBAC) to restrict access to the _default scope/collection, which typically contains critical sync metadata.
Sync Gateway and Couchbase Lite Clients
-
Direct Syncing of Scopes
Sync Gateway enables Couchbase Lite clients to sync one or more Scopes directly to other Couchbase Lite clients over a local network via Couchbase Lite Peer-to-Peer protocol. -
Bypassing Cloud-Based Control Points
This can be done without the need for a cloud-based control point. -
Setting Up Replications
A Couchbase Lite client can set up one or more replications to one or more Sync Gateway database endpoints. -
Syncing Collections
Each replication can sync one or all collections associated with that Scope. -
Local Persistence of Data
The Couchbase Lite client can also locally persist data in a Scope not synced to remote Sync Gateway.
Enhancements
CBG-2729 - Info-level logging when a remote webhook filter is empty
CBG-2721 - Add a flag to sg-collect collection to delete zip once uploaded
CBG-2689 - Add sync_function_exception_count stat
CBG-2660 - Use MaxInt64 for high sequence queries
CBG-2559 - Move history to end of marshalled SyncData
CBG-2510 - Docs not being tombstoned with replication DocID filter
CBG-2450 - Leading null character in document ID causes ISGR to terminate pull replication
CBG-2418 - Make a Runtime Database Config to explicitly track if a database is suspended
CBG-2362 - Identify whether SG is running in persistent config mode (or not) via REST API
CBG-2177 - Maintain long-lived bucket connections for persistent config
CBG-2138 - Inform client they need to contact another SGW
CBG-2137 - Support downloading meta(data) from S3 and resuming the bucket
CBG-2136 - Support uploading meta(data) to S3 for hibernation
CBG-2135 - Add API to stop/start access to a given bucket for hibernation
CBG-2064 - Allow mapping OIDC claims to user roles/channels
CBG-2047 - Update client-golang to 1.11.1+ CVE-2022-21698
CBG-2027 - User API Enhancements - include details and limit
CBG-2026 - Option to disable basic auth on public REST API
CBG-2017 - Handle removed buckets in background persistent config update polling
CBG-1969 - Support CBL clients that don't increment revpos when attachment body changes
Issues and Resolutions
Fixed Issues
CBG-2731 - AccessLock not being released when a PUSH replication is ongoing
CBG-2556 - Inefficient sequence parsing during ISGR checkpointing
CBG-2248 - Config admin API doesn't use Etags when config comes from JSON
CBG-2247 - Etags should be quoted
CBG-2208 - Index compaction failing due to not found handling
CBG-2183 - Revocation of non-existent role causes replication panic
CBG-2174 - Periodic high response times on REST API due to persistent config polling
CBG-2134 - Guest user is not initialised with access to public channel ("!")
CBG-2119 - Update DisablePasswordAuth to False does not work
CBG-2102 - Admin auth credentials not verified when using x.509 auth between SG and CBS
CBG-2101 - User endpoint: missing first user if name_only=false
CBG-2065 - Update golang.org/x/text to 0.3.3+ CVE-2020-14040 in SGW 2.8.x
CBG-2059 - HTTP logs incorrectly redact document name if the database name contains it
CBG-2058 - Compaction w/ import and xattrs enabled can panic
CBG-2048 - Update nhooyr.io/websocket gin-gonic/gin CVE-2020-28483
CBG-2030 - _user endpoint pagination causes query error
CBG-2010 - CBL revpos handling causes attachment fetch per write for docs with attachments
Known Issues
CBG-798 - Sync Gateway requires Couchbase Server nodes to use the same SSL memcached port
2.8.4 — Feb 2023
Generated release notes
| Key | Summary |
|---|---|
| CBG-2706 | Compact expected/processed when safe seq unchanged |
| CBG-2704 | ISGR Sequence checkpointing maintains unnessesary entries |
| CBG-2701 | Use MaxInt64 for high sequence queries |
| CBG-2698 | Add conflictIncludesRev support for proposeChanges |
| CBG-2607 | Update websocket implementation |
Full Changelog: 2.8.3...2.8.4
3.0.3 — June, 2022
https://docs.couchbase.com/sync-gateway/3.0/release-notes.html#maint-3-0-3
Important: This version includes fixes for critical issues from v3.0.0
Therefore v3.0.0 is replaced by v3.0.3. If you are using v3.0.0 we strongly recommend upgrading to v3.0.3.
Enhancements
- CBG-2032 - Prevent use of internal underscore properties
- CBG-2033 - Restrict ability to modify SG config documents
- CBG-2035 - Handle removed buckets in background persistent config update polling
- CBG-2044 - Option to disable basic auth on public REST API
- CBG-2057 - User API Enhancements - include details and limit
- CBG-2069 - Support CBL clients that don’t increment revpos when attachment body changes
- CBG-2078 - Option to make GUEST access read-only
Fixed Issues
- CBG-1953 - Console logging not being enabled when only a log key set
- CBG-1996 - Implementation for supporting top-level properties with an underscore prefix
- CBG-1998 - Fix race condition caused when getting user roles
- CBG-1999 - Unable to upsert replication config username or password independently
- CBG-2000 - One shot sub changes request does not decrement NumPullReplActiveOneShot stat when completed
- CBG-2011 - CBL revpos handling causes attachment fetch per write for docs with attachments
- CBG-2011 - _user endpoint pagination causes query error
- CBG-2055 - Mutating a document with an attachment on over CBL causes the attachment to be deleted from the bucket
- CBG-2072 - crc32c values with leading zeros trigger unnecessary import
- CBG-2099 - User endpoint: missing first user if name_only=false
3.0.0 — February, 2022
https://docs.couchbase.com/sync-gateway/3.0/release-notes.html#lbl-rel300
Caution: Sync Gateway 3.0 introduces some breaking changes.
If you are upgrading from 2.x, please refer to the Upgrading page. The migration to 3.0 configuration is a ONE WAY process.
Overview of Sync Gateway 3.0
This release of Sync Gateway introduces significant strategic new features and enhancements aimed at boosting the functionality supporting mobile and edge computing solutions.
Most significant are the major architectural enhancements to make sync gateway node configuration simpler, more modular and cluster-aware. The secure, encrypted, REST API endpoints now support persistent configuration changes to simplify management and administration.
New Features
Centralized Persistent Modular Configuration
Centralized Persistent Modular Configuration is a core enhancement that makes it simpler for administrators to configure and manage the Sync Gateway.
This enhancement removes reliance on monolithic JSON configuration files whilst providing a modular and cluster-aware approach to Sync Gateway node configuration.
Basic startup configuration settings bootstrap your Sync Gateway nodes and securely connect them to a Couchbase Server. Configuration of cluster-wide Sync Gateway databases, access control policies and inter-Sync Gateway replications is then provided using the Admin REST API.
Secure Administration
This major enhancement complements the introduction of the centralized persistent configuration by introducing secure administration of a cluster through the Admin REST API.
The Admin REST API now enforces authentication and role-based access control by default.
TLS Encryption Enabled by Default
The default enabling of secure TLS connections for all Couchbase Server, Client and REST API communication ensures that all communication is encrypted; enforcing and encouraging security best practices.
User Defined Extended Attributes(XAttrs) for Access Control
Use extended attributes (metadata) to avoid the need to embed sensitive access grant information such as channels and roles within document bodies.
This key architectural enhancement enforces separation of concerns by providing you the option to use Extended Attributes (XATTRs) to specify channel access grants outside of your document bodies.
Auto-Purge on Channel Access Revocation in Inter-Sync Gateway Replication
This enhancement to inter-Sync Gateway replication technology helps with the enforcement of data privacy and governance in complex workflows.
Use Environment Variables in Configuration File
Sync Gateway configuration is extended to allow the use of defined environment variables as substitution values inside the configuration file. This allows users to determine, pick-up and substitute appropriate values during Sync Gateway start-up.
Enhancements
Compacting
Attachments added post 3.0 are automatically removed from the bucket upon reference removal, document delete or document purge.
The {db}/_compact API includes an option to remove any redundant pre-3.0 attachments.
Resync
The _resync process has been enhanced to better handle large datasets, minimizing timeout and out-of-memory issues. The process now runs asynchronously, uses query pagination and supports sequence regeneration.
Other Enhancements
- CBG-1760 - Error upfront when the configured logFilePath is not writable
- CBG-1705 - ew op' on results close
- CBG-1672 - Return 422 status for unprocessible deltas instead of 404 to use non-delta retry handling
- CBG-1664 - Validate javascript syntax in DbConfig.validate()
- CBG-1643 - Add additional context for gocb errors when using self-signed cert
- CBG-1590 - Retrieve existing doc metadata prior to calling downloadOrVerifyAttachments
- CBG-1558 - panic after failed unmarshal in GetDeepMutableBody
- CBG-1473 - Enable log redaction by default
- CBG-1424 - discoverInterfaceName should resolve hostnames before trying to find network interface stats using IP addresses
- CBG-1391 - Treat existing cbgt index as recoverable error
- CBG-1390 - Add warning threshold for excessively large number of channels per user
- CBG-1359 - Increase default minimum TLS version TLS1.2
- CBG-1343 - Increase initial wait time for index creation retry
- CBG-1342 - Avoid retry on 'duplicate index name' index creation error
- CBG-1326 - Log if channels expand to a smaller set than requested
- CBG-1301 - Persistent Config
- CBG-1284 - Mobile Attachment Cleanup
- CBG-1282 - XATTRS Access Grants
- CBG-1280 - Channel Access Revocation
- CBG-1273 - Add Prometheus alert examples
- CBG-1253 - Add USE INDEX to index readiness queries
- CBG-1251 - Support Apple (M1) Silicon
- CBG-1245 - Include channel name in validfrom logging
- CBG-1217 - Ensure change listener goroutines terminates (both Tap and DCP feeds) before the server is stopped
- CBG-1170 - Upgrade to go 1.15
- CBG-1127 - Treat resurrected tombstones as non-conflict when no shared history
- CBG-949 - Improve error when non-upgradable HTTP request is sent to _blipsync endpoint
- CBG-841 - Force users to opt in to accepting unsigned tokens from providers in SG’s provider config.
- CBG-715 - High CPU usage in high volume basic auth scenarios
- CBG-641 - Admin API Auth
- CBG-551 - Avoid storing _removed:true revision bodies in the revision cache
Issues and Resolutions
Known Issues
- CBG-798 - Sync Gateway requires Couchbase Server nodes to use the same SSL memcached port
- CBG-1953 - Console logging not being enabled when only a log key set
Fixed Issues
- CBG-1439 - database.abandoned_seqs stat is unused
- CBG-1438 - SgwIntStat.SetIfMax incorrectly sums old and new values
- CBG-1428 - ISGR should ignore _removed:true bodies when purgeOnRemoval is disabled
- CBG-1427 - ISGR should not try sending a delta when deltaSrc is a tombstone
- CBG-1412 - JSON strings in some responses not being correctly escaped
- CBG-1388 - sg_collect does not package archived log files (*.log.gz)
- CBG-1376 - Some Delta Sync errors logged at WARN level should be DEBUG
- CBG-1339 - Creating mobile tombstone for existing CBS tombstone causes loop
- CBG-1335 - Mutating _rev on localDocument in conflict resolver results in merge error
- CBG-1325 - Incorrect email validation (too strict)
- CBG-1304 - ISGR: Pull replications incompatible with active-side allow_conflicts=false
- CBG-1246 - Changes limit incorrectly applied in case of CBG-946
- CBG-1231 - Prevent import cfg startup races
- CBG-1200 - Calling DELETE on a non-existent document creates a tombstone with empty body
- CBG-1172 - ISGR credentials with characters requiring URL encoding cause blipsync to fail
- CBG-1161 - DefaultPurgeInterval specified in days and used as though in hours
- CBG-1113 - CBL1.x/Websocket based changes feeds leak goroutine on disconnect
- CBG-789 - Updating a blob with new data does not update SG’s metadata on sync
Sync Gateway 2.8.3 - October, 2021
https://docs.couchbase.com/sync-gateway/2.8/release-notes.html#lbl-rel283
Tip: Users of earlier Sync Gateway releases should plan to upgrade to this release at the earliest opportunity.
Issues and Resolutions
Enhancements
- CBG-1665 - Limit the number of open N1QL connections
- CBG-1444 - discoverInterfaceName should resolve hostnames before trying to find network interface stats using IP addresses
Known Issues
- CBG-798 — Sync Gateway requires Couchbase Server nodes to use the same SSL memcached port
Fixed Issues
- CBG-1725 - ISGR Pull checkpoint sequences unreliable
- CBG-1724 - Incorrect email validation (too strict)
- CBG-1723 - CBL1.x/Websocket based changes feeds leak goroutine on disconnect
- CBG-1717 - norev message sequence has wrong property name
- CBG-1696 - Empty query results when using bypass channel cache
- CBG-1543 - Metrics API port should not serve public API routes
- CBG-1454 - ISGR: filtered push replication replicates channel removal revisions
- CBG-1451 - SgwIntStat.SetIfMax incorrectly sums old and new values
- CBG-1379 - Retry OIDC client initialization when the provider is not reachable
- CBG-1362 - Fix cacert-only handling for DCP connection
Sync Gateway 2.8.2 - March, 2021
https://docs.couchbase.com/sync-gateway/2.8/release-notes.html#lbl-rel282
Tip: Users of 2.8.1 should upgrade to this release at the earliest opportunity.
Issues and Resolutions
Release 2.8.2 fixes an issue that could result in Sync Gateway entering an infinite loop when creating a mobile tombstone, if a Couchbase Server tombstone already exists for that key.
Known Issues
- CBG-798 — Sync Gateway requires Couchbase Server nodes to use the same SSL memcached port
- CBG-1127 — Treat resurrected tombstones as non-conflict when no shared history
Fixed Issues
- CBG-1341 — Creating mobile tombstone for existing CBS tombstone causes loop