5.4.2

Release 5.4.2

RESTHeart 5.4.2 introduces major memory optimizations in the case of large JSON payloads.

New commits since 5.4.1

• cb69416 - (tag: 5.4.2) Release 5.4.2
• 8f735f5 - Add JDK distribution
• d86de7b - Merge branch '5.4.x' of github.com:SoftInstigate/restheart into 5.4.x
  |
  | * 62519db - ⬆️ Upgrade Undertow to v2.2.10.Final
  | * 7e07395 - ⚡ Avoid String.trim() in Minify().minify() to optimize memory usage
  | * 41bc1f4 - ⚡ Avoid double call of heavy response.readContent() in ResponseSender
• | bcc9916 - runs-on: ubuntu-20.04
  |/
• 9cada74 - Rename file [skip ci]
• f09c67c - Fix actions
• 1fc1c08 - Remove sonar plugin
• 7195a2e - Fix broken link [skip ci]
• 75946d9 - Remove badges [skip ci]
• 0d70242 - ♻️ Bump to v5.4.2-SNAPSHOT

6.0.5

Release 6.0.5

This release solves a couple of minor bugs with WebSockets.

Quick download links:

• restheart.tar.gz
• restheart.zip

Run with Docker

You can run RESTHeart and MongoDB with Docker, go to Run with Docker for instructions.

Notable Commits

• 6f552b2 - Check for empty websocket connection header values
• 16ae1e1 - Fix websocket handshake request headers check
• 15fe187 - Build and Push GraalVM Docker image [skip ci]
• ab8216d - Build and Push multi-arch Docker images for GraalVM

6.0.4

Release 6.0.4

This release fix a bug that prevented a JavaScript interceptor to get deployed at startup time.

Quick download links:

• restheart.tar.gz
• restheart.zip

Run with Docker

You can run RESTHeart and MongoDB with Docker, go to Run with Docker for instructions.

Notable Commits

• ef6c40f - 🐛 Fix js interceptor not deployed at startup time

6.0.3

Release 6.0.3

This release fixes an annoying bug in the new JavaScript services and interceptors execution.

Quick download links:

• restheart.tar.gz
• restheart.zip

Run with Docker

You can run RESTHeart and MongoDB with Docker, go to Run with Docker for instructions.

Notable Commits

• 998137f - 🔧 Add reflect configuration for filterOperatorsBlacklist for native image
• f280fc6 - 🚑 Fix Multi threaded access error on JavaScript services and interceptors execution

6.0.2

Quick download links:

• restheart.tar.gz
• restheart.zip

Run with Docker

You can run RESTHeart and MongoDB with Docker, go to Run with Docker for instructions.

Multi-CPU architecture support for Docker images

Docker images can support multiple architectures, which means that a single image may contain variants for different architectures, and sometimes for different operating systems.

When running an image with multi-architecture support, docker automatically selects the image variant that matches your OS and architecture.

The Docker build process now creates images for the following platforms:

• linux/amd64
• linux/arm64
• linux/ppc64le
• linux/s390x
• linux/arm/v7

Ref: https://docs.docker.com/desktop/multi-arch/

Docker Hub repository: https://hub.docker.com/r/softinstigate/restheart

Release notes

This release

• fixes an error log message on OPTIONS /graphql/<app> request
• improves the error message on invalid GraphQLPOST /graphql/<app> request

Notable Commits

• 💡 Add comments to acl.json and acl.yml clarifying the name of the username property in acl permission depending on used authenticator (8d9ee44)
• ♻️ Improve error message on invalid graphql request (fca2cf2)
• 🐛 Fix error on OPTIONS /graphql/app (9285d93)
• ✨ ping service handles OPTIONS verb (ad8c4ea)

6.0.1

Release 6.0.1

note: this should have been a 6.1 release, as we introduced some breaking changes... 😩

The most important fix was a performance problem with the tokenBasicAuthMechanism which led to very high CPU utilization in some circumstances.

• f433acf - (tag: 6.0.1) Release 6.0.1
• 0fdf3a3 - set version 6.0.1-SNAPSHOT
• ca36bf2 - Don't push latest tag
• 1548aae - Bump to 6.0.1-SNAPSHOT
• cd85132 - 🐛 tokenBasicAuthMechanism has maximum priority to avoid other mechanisms to attempt authentication when using auth tokens
• 401a7e2 - ♻️ Remove some log messages
• 028328f - 🐛 close ProxyRequest and ProxyResponse old buffers on setBuffer()
• 2c53773 - ♻️ Better indent code
• aa3d140 - 🐛 Fix memory leack with proxy requests
• 78199cf - ♻️ Refactor MetricsHandler.writeTo() to use ServiceResponse.setCustomerSender()
• ac9d866 - Update README.md
• 6d11dd9 - Update README [skip ci]
• 9c87046 - 🔧 Add comment to ACL files about root-role of mongoAclAuthorizer [skip ci]
• 1ff433f - 🔧 Update description of Authorizer configuration option [skip ci]
• 790f6ba - Update README.md
• 1087dce - Update README.md
• a2abcaa - 🔧 Update native image reflect configuration for org.restheart.db classes of module commons
• bef5d80 - ♻️ Move GenerateGraalvmReflectConfig.java to package org.restheart.graal
• 0cb59ea - ♻️ Refactor imports due to move OperationResult and BulkOperationResult to package org.restheart.mongodb.db of commons module
• 09d28fd - ♻️ Move OperationResult and BulkOperationResult to package org.restheart.mongodb.db of commons module
• df91c3f - 🔧 filterOperatorsBlacklist is not enabled by default
• 420637f - ♻️ Refactor filterOperatorsBlacklist for 6 global predicate inverse check logic
• 431aa3c - ✨ Add filterOperatorsBlacklist, a global blacklist for mongodb operators in filter query parameter
• 7d391e0 - ✏️ Fix volume exampe in docker-compose-graalvm.yml [skip ci]
• cca56ea - ✨ Add GraalVM docker compose [skip ci]
• b2c99b5 - ✅ Fix mongoGetDocInteceptor test js interceptor [skip ci]
• 039aeb1 - 🔖 Bump to version 6.0.0-SNAPSHOT [skip ci]
• 2c710e1 - ✅ Add test js interceptor
• 77c60d9 - 🔧 Add reflect config for package org.restheart.security to allow classes host access from JavaScript

5.4.1

Release notes

Fix a memory leak affecting proxying and monitoring requests

Notable Commits

• 🐛 Fix memory leak with proxy requests (5f15a7e)
• ✏️ Fix typo in method LambdaUtils.throwsSneakyException() (b1e6592)
• ♻️ Refactor MetricsHandler.writeTo() to use ServiceResponse.setCustomerSender() (2fda08f)

5.4.0

Release notes

Adds the new plugin filterOperatorsBlacklist that allows blacklisting MongoDB operators in the filter query parameter

Notable Commits

• f09e209 - ✨ Add filterOperatorsBlacklist, a global blacklist for mongodb operators in filter query parameter

6.0.0

Quick download links:

• restheart.tar.gz
• restheart.zip

Run with Docker

You can run RESTHeart and MongoDB with Docker, go to Run with Docker for instructions.

Release notes

RESTHeart 6.0

• GraphQL API for MongoDB
• JavaScript Framework to develop Services and Interceptors on GraalVM
• Buildable as native image with GraalVM
• Extended (and simplified) Security
• Dynamic Change Streams
• Variables in aggregations and permissions
• Performance Optimizations
• Upgrade to Java 16 and GraalVM 21.1.0

See more on RESTHeart v6 on official documentation

Notable Commits

• ✨ Add Experimental Node.js services when running on GraalVM's node (8f22b93)
• ✨ Allow to use @filter var in aggregation (8a694d3)
• 💥 Upgrade to Java 16 (9eca78e)
• ⬆️ Upgrade karate to v1.0.1 (f80813c)
• ⬆️ Update GraalVM to v21.1.0 (e58a034)
• 🐛 Fix file created in wrong file bucket if bucket name contains . (01efa4f)
• ✨ JS services implemented exporting the function handle(request, response) (912a91a)
• ✨ JS plugins load their require dependencies form plugins//node_modules (15ad000)
• ✨ Add OriginVetoer that protects from CSRF attacks by forbidding requests whose Origin header is not whitelisted (3a9cedc)
• ✨ An Authorizer can be an ALLOWER or a VETOER: a secured request is allowed when no VETOER denies it and at least one ALLOWER allows it (8246116)
• ⬆️ Upgrade dependencies (8db65a4)
• 🚸 Simplify using @user in aggregation stages (7f4d849)
• 🚸 Interpolate @mongoPermissions vars in aggregation stages (2d4f689)
• 🚸 Simplify using MongoPermissions in aggreation stages (de8cdb5)
• Add data fetching optimization with DataLoader (b9e6769)
• 🐛 Fix Response.setInError() not setting error flag (but for MongoResponse implementation) (131d24d)
• 🔒 Fix SnakeYAML unsafe deserialization (5f72a32)
• 💥 conf-file option for FileAclAuthorizer and FileAclAuthorizer is now relative to the restheart main configuration file (29d2b3c)
• ✨ New variables available in aggregation stages (3aee747)
• ✨ Add attribute 'secure' to @RegisterPlugin (ef7e695)
• ✨ Extend acl predicate language for simplified security definition (b238d15)
• ⬆️ Update java-jwt to 3.14.0 (47e55a9)
• 💥 new default writeMode (2555ce8)
• RndTokenManager caches handle MongoRealmAccount and FileRealAccount on account update (a3db35d)
• GraphQL service uses default collection for app definitions when configuration is missing (6a2f837)
• Refactor BaseAclPermission to use functional Predicate and allow to programmatically extend the permission with additional predicates with permission.setPredicate(getPredicate().and(additionalPredicate)) (0c891e1)
• Allow all MongoPermissions to MongoAclAuthorizer's root role (1ffcb78)
• Refactor MongoPermissions (23938a2)
• Set NONE as default value for 'eager' qparam. This disables the MongoDb cursors preallocation by default. (9aa67ca)
• Some performance and memory optimizations (fd52830)
• Remove lock on file deletion (d0618d2)
• Use faster Caffeine library for Cache implementation (ec6543c)
• BaseAclPermission embeds the permission raw data (7685a0a)
• Renamed commons package org.restheart.idm to org.restheart.security (e797aff)
• GraphQL app definitions are validated at document creation and update (f05741c)
• Check GraphQL app definitions (62ec37b)
• Add back instance-base-url into configuration file, commented out by default (a3559cb)
• Treat empty db and collection names as reserved resources (1692404)
• JavaScript Interceptor Deployer honor the pluginClass option. This allows intercepting services of any type (45831af)
• Update classgraph to v4.8.102 (8d52e7a)
• Update reflect-config for native-image build (4f1d75f)
• Memory usage optimization, let huge scanResult object from classgraph to be garbage collected (cecd694)
• Replace use of deprecated JsonUtils with BsonUtils (e2c7e70)
• Renamed JsonUtils to BsonUtils (94cfb97)
• Handle error returning 409 when creating a db when already exists with differet case (9300002)
• On collection 'stream' metadata update or collection/db deletion all related websocket connections are closed and change streams are conseguently updated (6d02cf9)
• Add operationResult to response on collection metadata writes (4f580f2)
• Fix NPE on change stream when aggregation removes fullDocument, documentKey, updateDescription or operationType (8023ea4)
• Allow to use @user.var in ACL predicates (d2445d0)
• Allow to use the variables '@request' and '@mongoPermissions' in readFilter, writeFilter and mongo.overriddenProps ACL permissions (21e4977)
• Performance improvement by caching the computation of the interceptors that are applicable for each request (f29adb8)
• Add native-image conf for graphql + ignore graphql tests (bfb897a)
• Disable Xnio ThreadExecutor on native image, this avoids the need to downgrade xnio due to https://github.com/SoftInstigate/graalvm-undertow-issue (812b8cb)
• Update org.everit.json.schema to 1.12.2 (1ef7f83)
• Handle error returning 409 when creating a db when already exists with differet case (0c57f15)
• Refactor how PipelineInfo is obtained from request (066fff2)
• Fix operationResult not availabe in PATCH document response (f3c15fa)
• 💥 Interceptors can be implemented in JavaScript on GraalVM (bf8c10e)
• MongoPermissionsProtectedProps handles dot notation on update operators (fe18729)
• Log 'Connecting to MongoDB...' before starting connection attempt (652a14d)
• Bump to 6.0.0-SNAPSHOT (497777b)
• PingService honors the header Accept=text/html (51afcdf)
• 💥 Script to generate keystore now creates a Certificate Authority to issue the certificate, this allows the certificate to be imported and used by modern browsers (d15dad9)
• 💥 Add script generate-self-signed-keystore.sh (69bebb2)
• 💥 MongoDB bulk delete, bulk patch and db management operations are forbidden unless the applied ACL permission explicitly whitelists them. Write mode is forced to have POST only inserting, PUT and PATCH only updating unless the applied ACL permission explicitly allows using the ?wm query parameter (b98abc7)
• 💥 fileAclAuthorizer supports same extended permission options than mongoAclAuthorizer (9cf60ce)
• 💥 Add script to generate the java keystore from letsencrypt certificate archive (71f8a9d)
• Add GraphAppDefinitionChecker (5950ecb)
• 💥 Improve performance of NodeService by caching javascript code evaluation (11060e6)
• Set Content-Type for PingService (30f74a9)
• 💥 Allow node plugins to return Promise + handle timeout (b966e2c)
• 💥 Allow RESTHeart to be run on GraalVM with node --jvm and add NodeService to deploy node plugins (2c13085)
• PolyglotDeployer only activates when running on GraalVM (ed0f3eb)
• JavaScript services can be bound to any uri and secured via options (c792412)
• 💥 Services can be plugged programmatically with PluginsRegistry.plugService() (d74c603)
• 💥 JavaScript plugins have access to the MongoClient if initialized by MongoService (881abfb)
• PolyglotDeployer implements StringService (81edb4d)
• Add StringService (880e049)
• 💥 Added GraphQLRequest class. Now both content-types application/json and application/graphql are supported and server response is in the format required by GraphQL specification. (72808d3)
• Add native-image configuration for restheart-polyglot (75d2b79)
• 💥 Enhance ChannelReader by using ByteBufferPool from Exchange (f2e7551)
• Now is possible to map a GraphQL field with a MongoDB field that has a different name (d2a036f)
• 💥 Support writeMode for bulk POST (c2eb75d)
• 💥 Add --version command option (cd01daa)
• Bson String, Int32, Int64, Double and Boolean scalars are now managed by graphql-java built-in scalars but replacing their 'Coercing' component (120e03e)
• Added some BSON scalars. Now a unique general GraphQLDataFetcher is used. (b9a6ae1)
• Added BsonInt32, BsonInt64, BsonString and BsonDocument scalars (e5c4199)
• Switched to BsonDocument and implemented ObjectId Scalar (23ec82f)
• Introduced a loading cache for app definitions. Moreover, now is possible to handle requests sended to /graphql/ endpoint if mappings, of app named '', are already loaded into database. (ace9eee)
• Modified how relationships between documents of different collections are mapped. (88dac28)
• Now ONE-TO-ONE relationships are supported. Refactoring: introduced a Mapping abstract class to model both Query mappings and Association mappings. (1a6aa1f)
• Introduced two differents GraphQLDataFetcher (SingleDataFetcher, MultipleDataFetcher). Implemented a method to interpolate arguments of mongodb methods (e.g. find(), limit(), skip() etc.) with GraphQL query arguments. Code cleanup. (2775738)
• Added Query, QueryBuilder, GraphQLApp and GraphQLDataFetcher classes (Not tested yet). (acc92a8)
• Implemented prototype graphql data fetecher that build the query dynamically (04aff32)
• Add graphql module (1fcd6e6)

6.0.0-RC1

Release notes

RESTHeart 6.0

• GraphQL API
• Polyglot JavaScript Services and Interceptors on GraalVM
• Buildable as native image with GraalVM
• Extended (and simplified) Security
• Performance Optimizations
• Upgrade to Java 16 and GraalVM 21.1.0

Notable Commits

• ✨ Add Experimental Node.js services when running on GraalVM's node (8f22b93)
• ✨ Allow to use @filter var in aggregation (8a694d3)
• 💥 Upgrade to Java 16 (9eca78e)
• ⬆️ Upgrade karate to v1.0.1 (f80813c)
• ⬆️ Update GraalVM to v21.1.0 (e58a034)
• 🐛 Fix file created in wrong file bucket if bucket name contains . (01efa4f)
• ✨ JS services implemented exporting the function handle(request, response) (912a91a)
• ✨ JS plugins load their require dependencies form plugins//node_modules (15ad000)
• ✨ Add OriginVetoer that protects from CSRF attacks by forbidding requests whose Origin header is not whitelisted (3a9cedc)
• ✨ An Authorizer can be an ALLOWER or a VETOER: a secured request is allowed when no VETOER denies it and at least one ALLOWER allows it (8246116)
• ⬆️ Upgrade dependencies (8db65a4)
• 🚸 Simplify using @user in aggregation stages (7f4d849)
• 🚸 Interpolate @mongoPermissions vars in aggregation stages (2d4f689)
• 🚸 Simplify using MongoPermissions in aggreation stages (de8cdb5)
• Add data fetching optimization with DataLoader (b9e6769)
• 🐛 Fix Response.setInError() not setting error flag (but for MongoResponse implementation) (131d24d)
• 🔒 Fix SnakeYAML unsafe deserialization (5f72a32)
• 💥 conf-file option for FileAclAuthorizer and FileAclAuthorizer is now relative to the restheart main configuration file (29d2b3c)
• ✨ New variables available in aggregation stages (3aee747)
• ✨ Add attribute 'secure' to @RegisterPlugin (ef7e695)
• ✨ Extend acl predicate language for simplified security definition (b238d15)
• ⬆️ Update java-jwt to 3.14.0 (47e55a9)
• 💥 new default writeMode (2555ce8)
• RndTokenManager caches handle MongoRealmAccount and FileRealAccount on account update (a3db35d)
• GraphQL service uses default collection for app definitions when configuration is missing (6a2f837)
• Refactor BaseAclPermission to use functional Predicate and allow to programmatically extend the permission with additional predicates with permission.setPredicate(getPredicate().and(additionalPredicate)) (0c891e1)
• Allow all MongoPermissions to MongoAclAuthorizer's root role (1ffcb78)
• Refactor MongoPermissions (23938a2)
• Set NONE as default value for 'eager' qparam. This disables the MongoDb cursors preallocation by default. (9aa67ca)
• Some performance and memory optimizations (fd52830)
• Remove lock on file deletion (d0618d2)
• Use faster Caffeine library for Cache implementation (ec6543c)
• BaseAclPermission embeds the permission raw data (7685a0a)
• Renamed commons package org.restheart.idm to org.restheart.security (e797aff)
• GraphQL app definitions are validated at document creation and update (f05741c)
• Check GraphQL app definitions (62ec37b)
• Add back instance-base-url into configuration file, commented out by default (a3559cb)
• Treat empty db and collection names as reserved resources (1692404)
• JavaScript Interceptor Deployer honor the pluginClass option. This allows intercepting services of any type (45831af)
• Update classgraph to v4.8.102 (8d52e7a)
• Update reflect-config for native-image build (4f1d75f)
• Memory usage optimization, let huge scanResult object from classgraph to be garbage collected (cecd694)
• Replace use of deprecated JsonUtils with BsonUtils (e2c7e70)
• Renamed JsonUtils to BsonUtils (94cfb97)
• Handle error returning 409 when creating a db when already exists with differet case (9300002)
• On collection 'stream' metadata update or collection/db deletion all related websocket connections are closed and change streams are conseguently updated (6d02cf9)
• Add operationResult to response on collection metadata writes (4f580f2)
• Fix NPE on change stream when aggregation removes fullDocument, documentKey, updateDescription or operationType (8023ea4)
• Allow to use @user.var in ACL predicates (d2445d0)
• Allow to use the variables '@request' and '@mongoPermissions' in readFilter, writeFilter and mongo.overriddenProps ACL permissions (21e4977)
• Performance improvement by caching the computation of the interceptors that are applicable for each request (f29adb8)
• Add native-image conf for graphql + ignore graphql tests (bfb897a)
• Disable Xnio ThreadExecutor on native image, this avoids the need to downgrade xnio due to https://github.com/SoftInstigate/graalvm-undertow-issue (812b8cb)
• Update org.everit.json.schema to 1.12.2 (1ef7f83)
• Handle error returning 409 when creating a db when already exists with differet case (0c57f15)
• Refactor how PipelineInfo is obtained from request (066fff2)
• Fix operationResult not availabe in PATCH document response (f3c15fa)
• 💥 Interceptors can be implemented in JavaScript on GraalVM (bf8c10e)
• MongoPermissionsProtectedProps handles dot notation on update operators (fe18729)
• Log 'Connecting to MongoDB...' before starting connection attempt (652a14d)
• Bump to 6.0.0-SNAPSHOT (497777b)
• PingService honors the header Accept=text/html (51afcdf)
• 💥 Script to generate keystore now creates a Certificate Authority to issue the certificate, this allows the certificate to be imported and used by modern browsers (d15dad9)
• 💥 Add script generate-self-signed-keystore.sh (69bebb2)
• 💥 MongoDB bulk delete, bulk patch and db management operations are forbidden unless the applied ACL permission explicitly whitelists them. Write mode is forced to have POST only inserting, PUT and PATCH only updating unless the applied ACL permission explicitly allows using the ?wm query parameter (b98abc7)
• 💥 fileAclAuthorizer supports same extended permission options than mongoAclAuthorizer (9cf60ce)
• 💥 Add script to generate the java keystore from letsencrypt certificate archive (71f8a9d)
• Add GraphAppDefinitionChecker (5950ecb)
• 💥 Improve performance of NodeService by caching javascript code evaluation (11060e6)
• Set Content-Type for PingService (30f74a9)
• 💥 Allow node plugins to return Promise + handle timeout (b966e2c)
• 💥 Allow RESTHeart to be run on GraalVM with node --jvm and add NodeService to deploy node plugins (2c13085)
• PolyglotDeployer only activates when running on GraalVM (ed0f3eb)
• JavaScript services can be bound to any uri and secured via options (c792412)
• 💥 Services can be plugged programmatically with PluginsRegistry.plugService() (d74c603)
• 💥 JavaScript plugins have access to the MongoClient if initialized by MongoService (881abfb)
• PolyglotDeployer implements StringService (81edb4d)
• Add StringService (880e049)
• 💥 Added GraphQLRequest class. Now both content-types application/json and application/graphql are supported and server response is in the format required by GraphQL specification. (72808d3)
• Add native-image configuration for restheart-polyglot (75d2b79)
• 💥 Enhance ChannelReader by using ByteBufferPool from Exchange (f2e7551)
• Now is possible to map a GraphQL field with a MongoDB field that has a different name (d2a036f)
• 💥 Support writeMode for bulk POST (c2eb75d)
• 💥 Add --version command option (cd01daa)
• Bson String, Int32, Int64, Double and Boolean scalars are now managed by graphql-java built-in scalars but replacing their 'Coercing' component (120e03e)
• Added some BSON scalars. Now a unique general GraphQLDataFetcher is used. (b9a6ae1)
• Added BsonInt32, BsonInt64, BsonString and BsonDocument scalars (e5c4199)
• Switched to BsonDocument and implemented ObjectId Scalar (23ec82f)
• Introduced a loading cache for app definitions. Moreover, now is possible to handle requests sended to /graphql/ endpoint if mappings, of app named '', are already loaded into database. (ace9eee)
• Modified how relationships between documents of different collections are mapped. (88dac28)
• Now ONE-TO-ONE relationships are supported. Refactoring: introduced a Mapping abstract class to model both Query mappings and Association mappings. (1a6aa1f)
• Introduced two differents GraphQLDataFetcher (SingleDataFetcher, MultipleDataFetcher). Implemented a method to interpolate arguments of mongodb methods (e.g. find(), limit(), skip() etc.) with GraphQL query arguments. Code cleanup. (2775738)
• Added Query, QueryBuilder, GraphQLApp and GraphQLDataFetcher classes (Not tested yet). (acc92a8)
• Implemented prototype graphql data fetecher that build the query dynamically (04aff32)
• Add graphql module (1fcd6e6)