Releases: SoftInstigate/restheart
7.5.0
Release 7.5.0
Major improvements
- 🚀Enhanced metrics #468
- New monitoring feature https://restheart.org/docs/monitoring
- 🚀 Support for MongoDB v7
- ✅Upgrade GraalVM to v23.0.1 (17.0.8-graal) #481
- ✅Extend permission predicates to check requests content #479
- Three new permission predicates:
bson-request-prop-equals
,bson-request-prop-equals
,bson-request-array-is-subset
https://restheart.org/docs/security/authorization#predicates
- Three new permission predicates:
- ✅Forbid creating or updating a user with the
root-role
#480rootRoleGuard
forbids accounts handled by mongoAclAuthorizer to gain theroot-role
defined by themongoAclAuthorizer
https://restheart.org/docs/security/other-security-plugins#root-role-guard
More details on this milestone at https://github.com/SoftInstigate/restheart/milestone/49?closed=1
Deprecation notice
Starting from this release, we no longer run our integration tests against MongoDB 3.6.
List of supported MongoDB versions:
- 4.2
- 4.4
- 5.0
- 6.0
- 7.0
Also this release deprecates the MongoService monitoring that will be removed in v8.0.
Full Changelog: 7.4.6...7.5.0
7.4.6
Release 7.4.6
Minor security patches.
New commits
- 28e4c5a - (tag: 7.4.6) Release version 7.4.6
- cd01e11 - Fix catchingInterruptedExceptionWithoutInterrupt
- c65dc73 - Ignore the master branch when there are tags [skip ci]
- 41e3da3 - pull all required images before building
- dc97c53 - Upgrade actions to docker/build-push-action@v4
- a617583 - Upgrade dependencies to patch possibile security vulnerabilities
- f4dc45a - Update README.md [skip ci]
Full Changelog: 7.4.5...7.4.6
7.4.5
Release 7.4.5
Improve handling of GraphQL json bad requests. An example follows:
request
POST /graphql/foo
Content-Type: application/json
{
“query”: { this { is { invalid { json } } } }
}
response
{
“http status code”: 400,
“http status description”: “Bad Request”,
“message”: “query field must be a string”
}
Before 7.4.5 this was returning the generic 500 error status code.
Full Changelog: 7.4.3...7.4.5
7.4.3
Release 7.4.3
Minor security patch release.
Updated dependencies for known vulnerabilities:
- graalvm.version to 22.3.3
- guava to 32.1.2-jre
- undertow-core to 2.3.7.Final
Full Changelog: 7.4.2...7.4.3
7.4.2
Release 7.4.2
d9907c4 🔧 audience claim configuration for JwtAuthenticationMechanism is optional
b60a12d 🐛 Fix boolean type not supported in interpolation of acl permission
912925d Set log level to warning when a Replica Set is not present
Full Changelog: 7.4.1...7.4.2
7.4.1
Release 7.4.1
Upgrade undertow-core to 2.3.6.Final
fix: pom.xml to reduce vulnerabilities (#460)
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-IOUNDERTOW-3358786
Full Changelog: 7.4.0...7.4.1
7.4.0
Release 7.4.0
This release adds the following new features:
- MongoService supports
application/x-www-form-urlencoded
andmultipart/form-data content
types for write requests jwtTokenManager
can be configured to add properties from account document to the JWT
It also updates all dependencies to latest versions.
Notable commits since the previous release
9f0f5fe 🥅 Improve response error for GraphQL app with missing db or collection in mapping
23ae157 ✨ jwtTokenManager can be configured to add properties from account document to the JWT
d859462 Upgrade all tests to JUnit 5
bb0c919 ✅ Add test for MongoService support of application/x-www-form-urlencoded and multipart/form-data content types
3d1bbe7 ♻️ Improve MongoService handling of multipart/form requests
27037c1 ✨ MongoService handles multipart/form write requests to collections building BSONdocument from parts/fields
fdaa6a4 🥅 Avoid closing request channel in AuthenticationCallHandler when Transfer-Encoding=chunked
321cea4 ✨ MongoService accepts Content-Type application/x-www-form-urlencoded or multipart/form-data for write requests
Full Changelog: https://github.com/SoftInstigate/restheart/compare/7.3.5..7.4.0
7.3.5
Release 7.3.5
This release fixes the following bugs and upgrades org.everit.json.schema to v1.14.2:
- request content is not initialized if request.isInError() is true
- avoid $merge/$out-suffixed aggregations to return data
New commits since the previous release
4eb66d2 🐛 Fix request content is not initialized if request.isInError() is true
8b3f449 ♻️ Replace String.trim() with String.strip()
77c19af 🐛 Avoid $merge/$out-suffixed aggregations to return data
59b90e4 ⬆️ Upgrade org.everit.json.schema to v1.14.2
Full Changelog: https://github.com/SoftInstigate/restheart/compare/7.3.34..7.3.5
7.3.4
Release 7.3.4
This release upgrades all major dependencies to latest version including Undertow, MongoDB driver and json-path.
It fixes a security issue that might cause unauthorized requests from utilizing system resources.
It also fixes some minor bugs and introduces performance improvements.
New commits since the previous release
74fafc6 🔧 Update reflect-config to fix MongoService ?cache with native images
0a96be6 🔧 Update reflect configuration for native image builds after dependencies upgrade
fa9c3ab 🥅 Avoid closing request channel in AuthenticationCallHandler when Transfer-Encoding=chunked
e9363f6 ♻️ Refactoring MongoService file content type detection moving logic from MongoRequestContentInjector to new interceptor FileMediaTypeDetector
e8feba1 ⬆️ Upgrade MongoDB driver to v4.9.0
e6f4296 ⚡ Avoid MongoService read operation after document insert with POST and PUT
4072bbd ⚡ Close the request channel before endExchange in AuthenticationCallHandler to prevent delays when handling requests with large data payloads
7c91adc ⬆️ Upgrade json-path to v2.8.0
21a3637 ⬆️ Upgrade undertow to v2.3.5.Final and graphql-java to v20.1
e1e967e 🔒 Request content is lazily read when Request.getContent() is first invoked. This prevents unauthorized requests from utilizing system resources
afb7858 ⚡ Small performance improvement when tracing headers are not used
0413ca1 ♻️ Refactor code to generate the Location response header in PostCollectionHandler
65ac8e5 🐛 Fix #452
Full Changelog: 7.3.3...7.3.4
7.3.3
Release 7.3.3
Fix minor issues.
New commits since the previous release
- 021d4fb - (tag: 7.3.3) Release version 7.3.3
- d54521d - 🔧 Update native image build resource-config.json to avoid warning SLF4J: Class path contains multiple SLF4J bindings
- 745d595 - 🔊 Add logs to monitor scanning of jars for plugins
- d01014d - ✨ Add plugins-packages and plugins-scanning-verbose configuration parameters. Also use the number of threads equal to availableProcessors() for plugins scanning
- 0dea144 - 🥅 Handle MongoDB error 51108 (invalid flag in regex options) to return 400 Bad Request
- 06d8bca - Update README [skip ci]
- a84a357 - ✨ MongoService handles DELETE /_sessions/sid to kill a session
- dda8ab1 - Fix typos in const name [skip ci]
- d0b8497 - Merge branch 'master' into 7.3.x
|\
| * 8e8e579 - Replace deprecated method [skip ci]
| * ab7b3d1 - Replace deprecated method - | 93f35df - 7.3.3-SNAPSHOT [skip ci]
Full Changelog: 7.3.2...7.3.3