Skip to content

6.0.0-RC1

Pre-release
Pre-release
Compare
Choose a tag to compare
@github-actions github-actions released this 29 Apr 16:17
· 1551 commits to master since this release
6.0.0-RC1
3940001
This commit was signed with the committer’s verified signature. The key has expired.
ujibang Andrea Di Cesare
GPG key ID: 7BA1A9E22D2D1BA1
Expired
Verified
Learn about vigilant mode.

Release notes

RESTHeart 6.0

  • GraphQL API
  • Polyglot JavaScript Services and Interceptors on GraalVM
  • Buildable as native image with GraalVM
  • Extended (and simplified) Security
  • Performance Optimizations
  • Upgrade to Java 16 and GraalVM 21.1.0

Notable Commits

  • ✨ Add Experimental Node.js services when running on GraalVM's node (8f22b93)
  • ✨ Allow to use @filter var in aggregation (8a694d3)
  • 💥 Upgrade to Java 16 (9eca78e)
  • ⬆️ Upgrade karate to v1.0.1 (f80813c)
  • ⬆️ Update GraalVM to v21.1.0 (e58a034)
  • 🐛 Fix file created in wrong file bucket if bucket name contains . (01efa4f)
  • ✨ JS services implemented exporting the function handle(request, response) (912a91a)
  • ✨ JS plugins load their require dependencies form plugins//node_modules (15ad000)
  • ✨ Add OriginVetoer that protects from CSRF attacks by forbidding requests whose Origin header is not whitelisted (3a9cedc)
  • ✨ An Authorizer can be an ALLOWER or a VETOER: a secured request is allowed when no VETOER denies it and at least one ALLOWER allows it (8246116)
  • ⬆️ Upgrade dependencies (8db65a4)
  • 🚸 Simplify using @user in aggregation stages (7f4d849)
  • 🚸 Interpolate @mongoPermissions vars in aggregation stages (2d4f689)
  • 🚸 Simplify using MongoPermissions in aggreation stages (de8cdb5)
  • Add data fetching optimization with DataLoader (b9e6769)
  • 🐛 Fix Response.setInError() not setting error flag (but for MongoResponse implementation) (131d24d)
  • 🔒 Fix SnakeYAML unsafe deserialization (5f72a32)
  • 💥 conf-file option for FileAclAuthorizer and FileAclAuthorizer is now relative to the restheart main configuration file (29d2b3c)
  • ✨ New variables available in aggregation stages (3aee747)
  • ✨ Add attribute 'secure' to @RegisterPlugin (ef7e695)
  • ✨ Extend acl predicate language for simplified security definition (b238d15)
  • ⬆️ Update java-jwt to 3.14.0 (47e55a9)
  • 💥 new default writeMode (2555ce8)
  • RndTokenManager caches handle MongoRealmAccount and FileRealAccount on account update (a3db35d)
  • GraphQL service uses default collection for app definitions when configuration is missing (6a2f837)
  • Refactor BaseAclPermission to use functional Predicate and allow to programmatically extend the permission with additional predicates with permission.setPredicate(getPredicate().and(additionalPredicate)) (0c891e1)
  • Allow all MongoPermissions to MongoAclAuthorizer's root role (1ffcb78)
  • Refactor MongoPermissions (23938a2)
  • Set NONE as default value for 'eager' qparam. This disables the MongoDb cursors preallocation by default. (9aa67ca)
  • Some performance and memory optimizations (fd52830)
  • Remove lock on file deletion (d0618d2)
  • Use faster Caffeine library for Cache implementation (ec6543c)
  • BaseAclPermission embeds the permission raw data (7685a0a)
  • Renamed commons package org.restheart.idm to org.restheart.security (e797aff)
  • GraphQL app definitions are validated at document creation and update (f05741c)
  • Check GraphQL app definitions (62ec37b)
  • Add back instance-base-url into configuration file, commented out by default (a3559cb)
  • Treat empty db and collection names as reserved resources (1692404)
  • JavaScript Interceptor Deployer honor the pluginClass option. This allows intercepting services of any type (45831af)
  • Update classgraph to v4.8.102 (8d52e7a)
  • Update reflect-config for native-image build (4f1d75f)
  • Memory usage optimization, let huge scanResult object from classgraph to be garbage collected (cecd694)
  • Replace use of deprecated JsonUtils with BsonUtils (e2c7e70)
  • Renamed JsonUtils to BsonUtils (94cfb97)
  • Handle error returning 409 when creating a db when already exists with differet case (9300002)
  • On collection 'stream' metadata update or collection/db deletion all related websocket connections are closed and change streams are conseguently updated (6d02cf9)
  • Add operationResult to response on collection metadata writes (4f580f2)
  • Fix NPE on change stream when aggregation removes fullDocument, documentKey, updateDescription or operationType (8023ea4)
  • Allow to use @user.var in ACL predicates (d2445d0)
  • Allow to use the variables '@request' and '@mongoPermissions' in readFilter, writeFilter and mongo.overriddenProps ACL permissions (21e4977)
  • Performance improvement by caching the computation of the interceptors that are applicable for each request (f29adb8)
  • Add native-image conf for graphql + ignore graphql tests (bfb897a)
  • Disable Xnio ThreadExecutor on native image, this avoids the need to downgrade xnio due to https://github.com/SoftInstigate/graalvm-undertow-issue (812b8cb)
  • Update org.everit.json.schema to 1.12.2 (1ef7f83)
  • Handle error returning 409 when creating a db when already exists with differet case (0c57f15)
  • Refactor how PipelineInfo is obtained from request (066fff2)
  • Fix operationResult not availabe in PATCH document response (f3c15fa)
  • 💥 Interceptors can be implemented in JavaScript on GraalVM (bf8c10e)
  • MongoPermissionsProtectedProps handles dot notation on update operators (fe18729)
  • Log 'Connecting to MongoDB...' before starting connection attempt (652a14d)
  • Bump to 6.0.0-SNAPSHOT (497777b)
  • PingService honors the header Accept=text/html (51afcdf)
  • 💥 Script to generate keystore now creates a Certificate Authority to issue the certificate, this allows the certificate to be imported and used by modern browsers (d15dad9)
  • 💥 Add script generate-self-signed-keystore.sh (69bebb2)
  • 💥 MongoDB bulk delete, bulk patch and db management operations are forbidden unless the applied ACL permission explicitly whitelists them. Write mode is forced to have POST only inserting, PUT and PATCH only updating unless the applied ACL permission explicitly allows using the ?wm query parameter (b98abc7)
  • 💥 fileAclAuthorizer supports same extended permission options than mongoAclAuthorizer (9cf60ce)
  • 💥 Add script to generate the java keystore from letsencrypt certificate archive (71f8a9d)
  • Add GraphAppDefinitionChecker (5950ecb)
  • 💥 Improve performance of NodeService by caching javascript code evaluation (11060e6)
  • Set Content-Type for PingService (30f74a9)
  • 💥 Allow node plugins to return Promise + handle timeout (b966e2c)
  • 💥 Allow RESTHeart to be run on GraalVM with node --jvm and add NodeService to deploy node plugins (2c13085)
  • PolyglotDeployer only activates when running on GraalVM (ed0f3eb)
  • JavaScript services can be bound to any uri and secured via options (c792412)
  • 💥 Services can be plugged programmatically with PluginsRegistry.plugService() (d74c603)
  • 💥 JavaScript plugins have access to the MongoClient if initialized by MongoService (881abfb)
  • PolyglotDeployer implements StringService (81edb4d)
  • Add StringService (880e049)
  • 💥 Added GraphQLRequest class. Now both content-types application/json and application/graphql are supported and server response is in the format required by GraphQL specification. (72808d3)
  • Add native-image configuration for restheart-polyglot (75d2b79)
  • 💥 Enhance ChannelReader by using ByteBufferPool from Exchange (f2e7551)
  • Now is possible to map a GraphQL field with a MongoDB field that has a different name (d2a036f)
  • 💥 Support writeMode for bulk POST (c2eb75d)
  • 💥 Add --version command option (cd01daa)
  • Bson String, Int32, Int64, Double and Boolean scalars are now managed by graphql-java built-in scalars but replacing their 'Coercing' component (120e03e)
  • Added some BSON scalars. Now a unique general GraphQLDataFetcher is used. (b9a6ae1)
  • Added BsonInt32, BsonInt64, BsonString and BsonDocument scalars (e5c4199)
  • Switched to BsonDocument and implemented ObjectId Scalar (23ec82f)
  • Introduced a loading cache for app definitions. Moreover, now is possible to handle requests sended to /graphql/ endpoint if mappings, of app named '', are already loaded into database. (ace9eee)
  • Modified how relationships between documents of different collections are mapped. (88dac28)
  • Now ONE-TO-ONE relationships are supported. Refactoring: introduced a Mapping abstract class to model both Query mappings and Association mappings. (1a6aa1f)
  • Introduced two differents GraphQLDataFetcher (SingleDataFetcher, MultipleDataFetcher). Implemented a method to interpolate arguments of mongodb methods (e.g. find(), limit(), skip() etc.) with GraphQL query arguments. Code cleanup. (2775738)
  • Added Query, QueryBuilder, GraphQLApp and GraphQLDataFetcher classes (Not tested yet). (acc92a8)
  • Implemented prototype graphql data fetecher that build the query dynamically (04aff32)
  • Add graphql module (1fcd6e6)
Assets 5
Loading