Releases: authzed/spicedb
v1.36.2
333532c
tstirrat15
Tanner Stirrat
This fixes a small issue with the spicedb datastore head command but is otherwise the same as https://github.com/authzed/spicedb/releases/tag/v1.36.0
Full Changelog: v1.36.0...v1.36.2
Docker Images
This release is available at authzed/spicedb:v1.36.2, quay.io/authzed/spicedb:v1.36.2, ghcr.io/authzed/spicedb:v1.36.2
v1.36.0
d0e5fca
tstirrat15
Tanner Stirrat
Highlights
🔐 Added relationship integrity: protects authorization data in an underlying SpiceDB datastore from inadvertent modification.
📋 Reorganized spicedb serve flags into logically-related flagsets
🚤 Ensure cursored LRv2 calls are dispatched to LRv2
Features
- Relationship integrity by @josephschorr in #1980
- Implement non-experimental bulk import and export by @tstirrat15 in #2065
Enhancements
- Ensure cursored LRv2 calls are dispatched to LRv2 by @josephschorr in #2040
- Ensure the validationfile loader passes the full caveats to the typesystem by @josephschorr in #2042
- Check data structure improvements by @josephschorr in #2037
- Reorganize serve flags into flagsets by @tstirrat15 in #2023
- Add a default connect timeout for watch in CRDB driver by @josephschorr in #2041
- Have diffexpr handle the case of adding to a single child expression by @josephschorr in #2038
- Add configurable max buffer size for watch change tracker by @josephschorr in #2044
- Add continuous checkpointing to Datastore Features by @vroldanbet in #2064
- Add analyzer to enforce usage of VT versions of marshalling and unmarshalling by @tstirrat15 in #2043
- Make the max size exceeded error public by @josephschorr in #2049
- Add goreleaser configuration to push Windows package to Chocolatey by @josephschorr in #1879
Fixes
- Cleanup handling of internal errors in Check dispatch by @josephschorr in #2029
- Only add the finalizer on iterators when CI testing by @josephschorr in #2034
- Ensure the validationfile loader passes the full caveats to the typesystem by @josephschorr in #2042
- Fix data type for pg_class relcount by @josephschorr in #2046
- Remove unnecessary branch from limit logic by @tstirrat15 in #2030
- Remove duplicate update test by @josephschorr in #2051
- Remove warning for an arrow referencing a relation in its own namespace by @josephschorr in #2062
- Fix security errors in lint steps by @tstirrat15 in #2061
Updated dependencies
- Integrate updates to cobrautil by @tstirrat15 in #2031
- Bump golang from 1.22.5-alpine3.20 to 1.23.0-alpine3.20 in the docker group by @dependabot in #2050
- Bump the go-mod group with 32 updates by @dependabot in #2052
- Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 in the go_modules group by @dependabot in #2054
What's Changed
Full Changelog: v1.35.3...v1.36.0
Docker Images
This release is available at authzed/spicedb:v1.36.0, quay.io/authzed/spicedb:v1.36.0, ghcr.io/authzed/spicedb:v1.36.0
v1.35.3
What's Changed
- Ensure debug information is returned for recursive checks that dispatch by @josephschorr in #2017
- Add expression diffing library for schema by @josephschorr in #2016
- Change the filter count check to a debug assertions by @josephschorr in #2014
- Fix logging behavior around setting goproc limits by @tstirrat15 in #2018
- Add nicer error if the Postgres primary node has gone readonly by @josephschorr in #2025
- Ensure all resources are returned for relation check when caveats are specified by @josephschorr in #2027
- bump cobrautil for automaxprocs fix by @ecordell in #2028
Full Changelog: v1.35.2...v1.35.3
Docker Images
This release is available at authzed/spicedb:v1.35.3, quay.io/authzed/spicedb:v1.35.3, ghcr.io/authzed/spicedb:v1.35.3
Contributors
Assets 16
v1.35.2
What's Changed
- Add an extra
source_codefield to developer warnings by @josephschorr in #2007 - Add ability to get warnings from the WASM dev interface by @josephschorr in #2008
- Handle functioned arrows in warnings system by @josephschorr in #2009
- Bump the go-mod group with 21 updates by @dependabot in #2011
- Add server version middleware to serve-testing by @josephschorr in #2006
- Fix experimental LookupResources2 to shear the tree earlier on indirect permissions by @josephschorr in #2005
Full Changelog: v1.35.1...v1.35.2
Docker Images
This release is available at authzed/spicedb:v1.35.2, quay.io/authzed/spicedb:v1.35.2, ghcr.io/authzed/spicedb:v1.35.2
Contributors
Assets 16
v1.35.1
What's Changed
- Switch caching package's interface to be generic and add experimental flag to try different caches by @josephschorr in #1990
- Fix conversion of caveat debug context by @josephschorr in #2000
- bump Docker to address security scanners surfacing CVE by @vroldanbet in #2004
Full Changelog: v1.35.0...v1.35.1
Docker Images
This release is available at authzed/spicedb:v1.35.1, quay.io/authzed/spicedb:v1.35.1, ghcr.io/authzed/spicedb:v1.35.1
Contributors
Assets 15
v1.35.0
Warning
1.35.0 introduces a bug in the debug information for caveats that make use of time or other custom values, causing an error to be returned when requesting debug information. This will be fixed in 1.35.1
Highlights
💘 Initial support for intersection arrows in SpiceDB schema
📖 Read replica support for Postgres and MySQL
💪 New Experimental implementation of LookupResources: better, faster, stronger
🔍 New Dispatch Chunk Size parameter. Users can tune this parameter to boost performance with wide relations.
Features
- Read replica support for Postgres and MySQL datastores by @josephschorr in #1878
- Initial support for Intersection arrow by @josephschorr in #1937
- Implement a new, experimental variant of LookupResources as LookupResources2 by @josephschorr in #1905
- LookupResources2 follow-ups by @vroldanbet in #1994
- Start on a steelthread test framework by @josephschorr in #1949
- Have steelthread tests run in parallel and against all datastores by @josephschorr in #1957
- Add a steelthread test for intersection arrows by @josephschorr in #1959
- Add a steelthread test for an indirect permission for LR by @josephschorr in #1960
- Add additional steelthread tests and fix a memdb bug by @josephschorr in #1956
Enhancements
- Enriches postgres revisions with txID and timestamp by @vroldanbet in #1951
- Adjust pg revision timestamps by @vroldanbet in #1972
- Add ability to toggle off specific warnings via magic comments by @josephschorr in #1984
- Additional dispatch chunk safeguards by @vroldanbet in #1997
Fixes
- Workaround to snapcraft regression by @vroldanbet in #1958
- Move integration test file into the correct directory by @josephschorr in #1961
- Fixed lsp panicing on formatting malformed content by @sabify in #1971
- Ensure that the bootstrap overwrite flag actually fully overwrites by @josephschorr in #1983
- Remove apparently unneeded COALESCE call by @josephschorr in #1991
- Fix debug traces when caveats use the same param name by @josephschorr in #1987
Updated dependencies
- Bump goreleaser/goreleaser-action from 5 to 6 in the github-actions group by @dependabot in #1962
- Move to go 1.22.5 for a reporting go lang vuln by @josephschorr in #1968
- Bump github.com/rs/cors from 1.10.1 to 1.11.0 in /magefiles in the go_modules group across 1 directory by @dependabot in #1977
- Bump the go-mod group with 22 updates by @dependabot in #1963
- Update gRPC to v1.65.0 to fix reported gRPC vuln by @josephschorr in #1978
New Contributors
Full Changelog: v1.34.0...v1.35.0
v1.34.0
Note
All datastores have a migration to add a new table for the count relationships API
Highlights
🧮 New experimental count relationships API
⏩ Better performance for minimize_latency calls on multi-region Spanner
🚩Better error messages for attempting to write invalid subjects on relationships
What's Changed
- makes it possible to compare datastore-specific revisions with datastore.NoRevision by @vroldanbet in #1907
- Add Experimental Relationship Counter API by @josephschorr in #1901
- goreleaser: refactor brew formula by @jzelinskie in #1912
- Make sure to escape underscores in resource ID prefix matches in filters by @josephschorr in #1911
- goreleaser: use build.head? in install by @jzelinskie in #1913
- Ensure stability of exclusions in validation package by @josephschorr in #1916
- Bump the go-mod group with 21 updates by @dependabot in #1919
- adds automaxprocs and automemlimit by @vroldanbet in #1921
- Update CLA link in
CONTRIBUTING.mdto point to v2 by @coderbydesign in #1918 - Return a proper error code if a wildcard subject is specified by @josephschorr in #1928
- Bump github.com/mostynb/go-grpc-compression from 1.2.2 to 1.2.3 in the go_modules group by @dependabot in #1932
- spanner: use stale reads for current_timestamp for optimized revision by @ecordell in #1935
- README: fix discord badge by @jzelinskie in #1936
- Add the debug trace to the details of the recursion error by @josephschorr in #1930
- Ensure the object type prefix is used for caveat refs as well by @josephschorr in #1940
- Support credential JSON for Spanner by @lexcao in #1942
- Add a custom linter to find any recursive error marshaling for zerolog by @josephschorr in #1944
- Add better subject error messages on write/delete validation by @josephschorr in #1943
- Export Spanner credential JSON for datastore by @lexcao in #1946
- Fix/bulk loader nullstring by @heissa83 in #1945
- Small optimized revision handling improvements by @josephschorr in #1947
- Move to go 1.22.4 for a reported go vuln by @josephschorr in #1950
- Fix empty value on optional credentialsJSON for Spanner by @lexcao in #1948
- .github: bump to snapcraft 8.x by @jzelinskie in #1952
New Contributors
- @coderbydesign made their first contribution in #1918
- @lexcao made their first contribution in #1942
- @heissa83 made their first contribution in #1945
Full Changelog: v1.33.0...v1.34.0
Docker Images
This release is available at authzed/spicedb:v1.34.0, quay.io/authzed/spicedb:v1.34.0, ghcr.io/authzed/spicedb:v1.34.0
Contributors
Assets 16
v1.33.1
Full Changelog: v1.33.0...v1.33.1
Docker Images
This release is available at authzed/spicedb:v1.33.1, quay.io/authzed/spicedb:v1.33.1, ghcr.io/authzed/spicedb:v1.33.1
v1.33.0
Highlights
🪞 Added experimental reflection APIs for reflecting information from SpiceDB schemas
⏩ Improvements in CEL performance
What's Changed
- Bump the go-mod group with 21 updates by @dependabot in #1882
- Improvements around usage of CEL by @josephschorr in #1883
- refactor bulk export relationships logic by @vroldanbet in #1886
- fetch git tags so that trivy sees the right binary version by @vroldanbet in #1887
- expose BulkExportRelationships service controller logic by @vroldanbet in #1888
- .github: pass snap store creds to goreleaser by @jzelinskie in #1889
- Start on experimental reflection apis by @josephschorr in #1885
- pkg/cmd: auto complete otel, log flags by @jzelinskie in #1890
- Update grpc health probe for reported vuln in Go by @josephschorr in #1893
- Add ExperimentalDependentRelations reflection API by @josephschorr in #1891
- Add ExperimentalComputablePermissions API by @josephschorr in #1894
- Switch spanner datastore to use the built-in stats table for estimating rel count by @josephschorr in #1892
- Remove unused datastore config by @josephschorr in #1898
- ROADMAP: init by @jzelinskie in #1902
Full Changelog: v1.32.0...v1.33.0
Docker Images
This release is available at authzed/spicedb:v1.33.0, quay.io/authzed/spicedb:v1.33.0, ghcr.io/authzed/spicedb:v1.33.0
Contributors
Assets 15
v1.32.0
Highlights
🔐 AWS IAM Authentication for Postgres, MySQL datastores
✅ LSP now supports linting rules
🐧 Linux packages now distribute shell completion
What's Changed
- add support for AWS IAM authentication for postgres by @j-white in #1858
- lsp: implement didChange and fix logging by @jzelinskie in #1868
- Ignore AST nodes without rune positioning information (such as comments) by @josephschorr in #1869
- Include doc comments in resolver generated source by @josephschorr in #1870
- Add configurable limits for all APIs by @josephschorr in #1871
- add aws iam authentication for mysql by @j-white in #1867
- goreleaser: init snap, linux shell completions by @jzelinskie in #1744
- Begin support for warnings and linting in schema by @josephschorr in #1880
- Add warnings to the LSP by @josephschorr in #1881
- generate manpages for releases by @jzelinskie in #1779
New Contributors
Full Changelog: v1.31.0...v1.32.0
Docker Images
This release is available at authzed/spicedb:v1.32.0, quay.io/authzed/spicedb:v1.32.0, ghcr.io/authzed/spicedb:v1.32.0
