Version 0.11.2 contains important security fixes. Previous 0.11.x releases are not recommended for regular usage.
_temp_viewsare now admin-only resources.
_bulk_docsnow requires a valid Content-Type header of
endkeyproperties of the request object passed to list and show functions now contain JSON objects representing the URL encoded string values in the query string. Previously, these properties contained strings which needed to be converted to JSON before using.
req argument to show, list, update and validation functions now contains
the member method with the specified HTTP method of the current request.
Previously, this member was called
method is following RFC 2616
(HTTP 1.1) closer.
The /db/_admins handler has been removed and replaced with a /db/_security object. Any existing _admins will be dropped and need to be added to the security object again. The reason for this is that the old system made no distinction between names and roles, while the new one does, so there is no way to automatically upgrade the old admins list.
The security object has 2 special fields,
contain lists of names and roles which are admins or readers on that database.
Anything else may be stored in other fields on the security object. The entire
object is made available to validation functions.
JSON handling in the query server has been upgraded to use json2.js. This allows us to use faster native JSON serialization when it is available.
In previous versions, attempts to serialize undefined would throw an exception, causing the doc that emitted undefined to be dropped from the view index. The new behavior is to serialize undefined as null. Applications depending on the old behavior will need to explicitly check for undefined.
Another change is that E4X’s XML objects will not automatically be
stringified. XML users will need to call
to return a string value. #8d3b7ab3
The default configuration has been changed to avoid causing basic-auth popups
which result from sending the WWW-Authenticate header. To enable basic-auth
popups, uncomment the
httpd/WWW-Authenticate line in
The query server line protocol has changed for all functions except map, reduce, and rereduce. This allows us to cache the entire design document in the query server process, which results in faster performance for common operations. It also gives more flexibility to query server implementators and shouldn’t require major changes in the future when adding new query server features.
JSON request bodies are validated for proper UTF-8 before saving, instead of waiting to fail on subsequent read requests.
Continuous changes are now newline delimited, instead of having each line followed by a comma.