Releases: authzed/spicedb
v1.37.1
Note
1.37.1 fixes a reported issue with LookupResources v2. It is recommended that all users of v1.37.0 upgrade to v1.37.1. See: GHSA-3c32-4hq9-6wgj
Full Changelog: v1.37.0...v1.37.1
Docker Images
This release is available at authzed/spicedb:v1.37.1, quay.io/authzed/spicedb:v1.37.1, ghcr.io/authzed/spicedb:v1.37.1
v1.37.0
Warning
1.37.0 enables LookupResources v2 by default, which was found to not be passing caveat context to dispatches in certain scenarios, causing permissions of CONDITIONAL to be returned instead of determined results. We recommend upgrading to v1.37.1 which fixes this problem. See: GHSA-3c32-4hq9-6wgj
Highlights
⭐ LookupResources v2 now enabled by default!
Features
- Enable LRv2 by default and update the steelthread tests by @josephschorr in #2079
Enhancements
- Add support for secondary dispatching on LR2 by @josephschorr in #2069
- Stop using yaml anchors in release action configuration by @tstirrat15 in #2071
- Make bulk export service functions use read-only datastore by @vroldanbet in #2072
- README: rework sections: zanzibar, contrib, users by @jzelinskie in #2060
- Register common flags with helper by @tstirrat15 in #2074
Fixes
- Fix serve-devtools command and flags by @tstirrat15 in #2073
- Fixes memory leak via HTTP Gateway by @vroldanbet in #2075
- Remove duplicate and redundant code by @cuishuang in #2080
Updated dependencies
- Bump to most recent version of goreleaser by @tstirrat15 in #2067
New Contributors
@cuishuang made their first contribution in #2080
Full Changelog: v1.36.3...v1.37.0
v1.36.2
333532c
tstirrat15
Tanner Stirrat
This fixes a small issue with the spicedb datastore head command but is otherwise the same as https://github.com/authzed/spicedb/releases/tag/v1.36.0
Full Changelog: v1.36.0...v1.36.2
Docker Images
This release is available at authzed/spicedb:v1.36.2, quay.io/authzed/spicedb:v1.36.2, ghcr.io/authzed/spicedb:v1.36.2
v1.36.0
d0e5fca
tstirrat15
Tanner Stirrat
Highlights
🔐 Added relationship integrity: protects authorization data in an underlying SpiceDB datastore from inadvertent modification.
📋 Reorganized spicedb serve flags into logically-related flagsets
🚤 Ensure cursored LRv2 calls are dispatched to LRv2
Features
- Relationship integrity by @josephschorr in #1980
- Implement non-experimental bulk import and export by @tstirrat15 in #2065
Enhancements
- Ensure cursored LRv2 calls are dispatched to LRv2 by @josephschorr in #2040
- Ensure the validationfile loader passes the full caveats to the typesystem by @josephschorr in #2042
- Check data structure improvements by @josephschorr in #2037
- Reorganize serve flags into flagsets by @tstirrat15 in #2023
- Add a default connect timeout for watch in CRDB driver by @josephschorr in #2041
- Have diffexpr handle the case of adding to a single child expression by @josephschorr in #2038
- Add configurable max buffer size for watch change tracker by @josephschorr in #2044
- Add continuous checkpointing to Datastore Features by @vroldanbet in #2064
- Add analyzer to enforce usage of VT versions of marshalling and unmarshalling by @tstirrat15 in #2043
- Make the max size exceeded error public by @josephschorr in #2049
- Add goreleaser configuration to push Windows package to Chocolatey by @josephschorr in #1879
Fixes
- Cleanup handling of internal errors in Check dispatch by @josephschorr in #2029
- Only add the finalizer on iterators when CI testing by @josephschorr in #2034
- Ensure the validationfile loader passes the full caveats to the typesystem by @josephschorr in #2042
- Fix data type for pg_class relcount by @josephschorr in #2046
- Remove unnecessary branch from limit logic by @tstirrat15 in #2030
- Remove duplicate update test by @josephschorr in #2051
- Remove warning for an arrow referencing a relation in its own namespace by @josephschorr in #2062
- Fix security errors in lint steps by @tstirrat15 in #2061
Updated dependencies
- Integrate updates to cobrautil by @tstirrat15 in #2031
- Bump golang from 1.22.5-alpine3.20 to 1.23.0-alpine3.20 in the docker group by @dependabot in #2050
- Bump the go-mod group with 32 updates by @dependabot in #2052
- Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 in the go_modules group by @dependabot in #2054
What's Changed
Full Changelog: v1.35.3...v1.36.0
Docker Images
This release is available at authzed/spicedb:v1.36.0, quay.io/authzed/spicedb:v1.36.0, ghcr.io/authzed/spicedb:v1.36.0
v1.35.3
What's Changed
- Ensure debug information is returned for recursive checks that dispatch by @josephschorr in #2017
- Add expression diffing library for schema by @josephschorr in #2016
- Change the filter count check to a debug assertions by @josephschorr in #2014
- Fix logging behavior around setting goproc limits by @tstirrat15 in #2018
- Add nicer error if the Postgres primary node has gone readonly by @josephschorr in #2025
- Ensure all resources are returned for relation check when caveats are specified by @josephschorr in #2027
- bump cobrautil for automaxprocs fix by @ecordell in #2028
Full Changelog: v1.35.2...v1.35.3
Docker Images
This release is available at authzed/spicedb:v1.35.3, quay.io/authzed/spicedb:v1.35.3, ghcr.io/authzed/spicedb:v1.35.3
Contributors
Assets 16
v1.35.2
What's Changed
- Add an extra
source_codefield to developer warnings by @josephschorr in #2007 - Add ability to get warnings from the WASM dev interface by @josephschorr in #2008
- Handle functioned arrows in warnings system by @josephschorr in #2009
- Bump the go-mod group with 21 updates by @dependabot in #2011
- Add server version middleware to serve-testing by @josephschorr in #2006
- Fix experimental LookupResources2 to shear the tree earlier on indirect permissions by @josephschorr in #2005
Full Changelog: v1.35.1...v1.35.2
Docker Images
This release is available at authzed/spicedb:v1.35.2, quay.io/authzed/spicedb:v1.35.2, ghcr.io/authzed/spicedb:v1.35.2
Contributors
Assets 16
v1.35.1
What's Changed
- Switch caching package's interface to be generic and add experimental flag to try different caches by @josephschorr in #1990
- Fix conversion of caveat debug context by @josephschorr in #2000
- bump Docker to address security scanners surfacing CVE by @vroldanbet in #2004
Full Changelog: v1.35.0...v1.35.1
Docker Images
This release is available at authzed/spicedb:v1.35.1, quay.io/authzed/spicedb:v1.35.1, ghcr.io/authzed/spicedb:v1.35.1
Contributors
Assets 15
v1.35.0
Warning
1.35.0 introduces a bug in the debug information for caveats that make use of time or other custom values, causing an error to be returned when requesting debug information. This will be fixed in 1.35.1
Highlights
💘 Initial support for intersection arrows in SpiceDB schema
📖 Read replica support for Postgres and MySQL
💪 New Experimental implementation of LookupResources: better, faster, stronger
🔍 New Dispatch Chunk Size parameter. Users can tune this parameter to boost performance with wide relations.
Features
- Read replica support for Postgres and MySQL datastores by @josephschorr in #1878
- Initial support for Intersection arrow by @josephschorr in #1937
- Implement a new, experimental variant of LookupResources as LookupResources2 by @josephschorr in #1905
- LookupResources2 follow-ups by @vroldanbet in #1994
- Start on a steelthread test framework by @josephschorr in #1949
- Have steelthread tests run in parallel and against all datastores by @josephschorr in #1957
- Add a steelthread test for intersection arrows by @josephschorr in #1959
- Add a steelthread test for an indirect permission for LR by @josephschorr in #1960
- Add additional steelthread tests and fix a memdb bug by @josephschorr in #1956
Enhancements
- Enriches postgres revisions with txID and timestamp by @vroldanbet in #1951
- Adjust pg revision timestamps by @vroldanbet in #1972
- Add ability to toggle off specific warnings via magic comments by�@josephschorr�in�#1984
- Additional dispatch chunk safeguards by�@vroldanbet�in�#1997
Fixes
- Workaround to snapcraft regression by�@vroldanbet�in�#1958
- Move integration test file into the correct directory by�@josephschorr�in�#1961
- Fixed lsp panicing on formatting malformed content by�@sabify�in�#1971
- Ensure that the bootstrap overwrite flag actually fully overwrites by�@josephschorr�in�#1983
- Remove apparently unneeded COALESCE call by @josephschorr in #1991
- Fix debug traces when caveats use the same param name by @josephschorr in #1987
Updated dependencies
- Bump goreleaser/goreleaser-action from 5 to 6 in the github-actions group by @dependabot in #1962
- Move to go 1.22.5 for a reporting go lang vuln by @josephschorr in #1968
- Bump github.com/rs/cors from 1.10.1 to 1.11.0 in /magefiles in the go_modules group across 1 directory by @dependabot in #1977
- Bump the go-mod group with 22 updates by @dependabot in #1963
- Update gRPC to v1.65.0 to fix reported gRPC vuln by @josephschorr in #1978
New Contributors
Full Changelog: v1.34.0...v1.35.0
v1.34.0
Note
All datastores have a migration to add a new table for the count relationships API
Highlights
🧮 New experimental count relationships API
⏩ Better performance for minimize_latency calls on multi-region Spanner
🚩Better error messages for attempting to write invalid subjects on relationships
What's Changed
- makes it possible to compare datastore-specific revisions with datastore.NoRevision by @vroldanbet in #1907
- Add Experimental Relationship Counter API by @josephschorr in #1901
- goreleaser: refactor brew formula by @jzelinskie in #1912
- Make sure to escape underscores in resource ID prefix matches in filters by @josephschorr in #1911
- goreleaser: use build.head? in install by @jzelinskie in #1913
- Ensure stability of exclusions in validation package by @josephschorr in #1916
- Bump the go-mod group with 21 updates by @dependabot in #1919
- adds automaxprocs and automemlimit by @vroldanbet in #1921
- Update CLA link in
CONTRIBUTING.mdto point to v2 by @coderbydesign in #1918 - Return a proper error code if a wildcard subject is specified by @josephschorr in #1928
- Bump github.com/mostynb/go-grpc-compression from 1.2.2 to 1.2.3 in the go_modules group by @dependabot in #1932
- spanner: use stale reads for current_timestamp for optimized revision by @ecordell in #1935
- README: fix discord badge by @jzelinskie in #1936
- Add the debug trace to the details of the recursion error by @josephschorr in #1930
- Ensure the object type prefix is used for caveat refs as well by @josephschorr in #1940
- Support credential JSON for Spanner by @lexcao in #1942
- Add a custom linter to find any recursive error marshaling for zerolog by @josephschorr in #1944
- Add better subject error messages on write/delete validation by @josephschorr in #1943
- Export Spanner credential JSON for datastore by @lexcao in #1946
- Fix/bulk loader nullstring by @heissa83 in #1945
- Small optimized revision handling improvements by @josephschorr in #1947
- Move to go 1.22.4 for a reported go vuln by @josephschorr in #1950
- Fix empty value on optional credentialsJSON for Spanner by @lexcao in #1948
- .github: bump to snapcraft 8.x by @jzelinskie in #1952
New Contributors
- @coderbydesign made their first contribution in #1918
- @lexcao made their first contribution in #1942
- @heissa83 made their first contribution in #1945
Full Changelog: v1.33.0...v1.34.0
Docker Images
This release is available at authzed/spicedb:v1.34.0, quay.io/authzed/spicedb:v1.34.0, ghcr.io/authzed/spicedb:v1.34.0
Contributors
Assets 16
v1.33.1
Full Changelog: v1.33.0...v1.33.1
Docker Images
This release is available at authzed/spicedb:v1.33.1, quay.io/authzed/spicedb:v1.33.1, ghcr.io/authzed/spicedb:v1.33.1