1.1. 3.4.x Branch

1.1.1. Version 3.4.1

1.1.1.1. Highlights

  • #5255: Set upgrade_hash_on_auth to false to disable automatic password hashing upgrades.

1.1.1.2. Bufixes

  • #5254: Handle the case when the QuickJS scanner has no valid views.

1.1.1.3. Tests

  • #5253: Increase timeout for couch_work_queue test.

1.1.1.4. Docs

  • #5256: Explain holding off 3.4.0 binaries and the reason for making a 3.4.1 release.

1.1.2. Version 3.4.0

1.1.2.1. Warning

CouchDB version 3.4.0 includes a feature to automatically upgrade password hashes to a newer algorithm and a configuration option that enables this feature by default. As a consequence, if you are upgrading to CouchDB version 3.4.0 from an earlier version and then have to roll back to the earlier version, some of your _users documents might have already automatically ugpraded to the new algorithm. Your older version of CouchDB does not understand the resulting password hash and cannot authenticate the user any more until the earlier password hash is restored manually by an adminstrator.

As a result, the CouchDB team has decided to issue a 3.4.1 release setting the configuration option to disable this new auto-upgrade feature.

The issue was found after the formal 3.4.0 release process has concluded, so the source release is available normally, but the CouchDB team has not made 3.4.0 convenience binaries available. The team recommends to upgrade to 3.4.1 instead when it is available.

The CouchDB team also recommends enabling the feature by setting the upgrade_hash_on_auth configuration option to true as soon as you are safely running on 3.4.1 and have no more need to roll back the version.

1.1.2.2. Breaking Changes

  • #5046: JWT: require valid exp claim by default

    Users of JWT rightly expect tokens to be considered invalid once they expire. It is a surprise to some that this requires a change to the default configuration. In the interest of security we will now require a valid exp claim in tokens. Administrators can disable the check by changing required_claims back to the empty string.

    We recommend adding nbf as a required claim if you know your tokens will include it.

  • #5203: Continuous change feeds with descending=true&limit=N

    Changes requests with feed=continuous&descending=true&limit=N, when N is greater than the number of db updates, will no longer wait on db changes and then repeatedly re-send the first few update sequences. The request will return immediately after all the existing update sequences are streamed back to the client.

1.1.2.3. Highlights

    .-.
        /  |
       /\  | .-._.)  (  )   .-..-.  .-.  )  (
      /  \ |(   )(    )(   / ./.-'_(  | (    )
 .-' /    \| `-'  `--': \_/  (__.'  `-'-'`--':
(__.'      `.
  • #4291: Introducing Nouveau (beta) a modern, from-the-ground-up implementation of Lucene-based full-text search for CouchDB. Please test this thoroughly and report back any issues you might find.

Advantages over SpiderMonkey:

  • Significantly smaller and easier to integrate codebase. We’re using ~6 C files vs 700+ SM91 C++ files.

  • Built with Apache CouchDB as opposed having to maintain a separate SpiderMonkey package for OSs that don’t support it (*cough*RedHat9*cough*).

  • Better sandboxing support.

  • Preliminary test results show multiple performance improvements.

    • 4x faster than SpiderMonkey 1.8.5.

    • 5x faster than SpiderMonkey 91.

    • 6x reduced memory usage per couchjs process (5MB vs 30MB).

  • Allows compiling JavaScript bytecode ahead of time.

  • QuickJS can be built alongside SpiderMonkey and toggled on/off at runtime:

    ./configure --dev --js-engine=quickjs
    
  • This makes it the default engine. But SpiderMonkey can still be set in the config option:

    [couchdb]
    js_engine = spidermonkey | quickjs
    
  • CouchDB also now includes a scanner plugin that, when enabled, can scan all design docs in all your databases in the background and report incompatibilities between SpiderMonkey and QuickJS. This allows you to safely migrate to QuickJS.

  • #4570, #4578, #4576: Adopt xxHash in favour of md5 for couch_file checksums and ETag calculation. 30% performance increase for large (128K) docs. No difference for smaller docs.

  • #4814: Introduce PBKDF2-SHA256 for password hashing. The existing PBKDF2-SHA1 variant is now deprecated. Increases the default iteration count to 600000. Also introduce a password hash in-memory cache with a low iteration number, to keep interactive requests fast for a fixed time.

    Entries in the password hash cache are time-limited, unused entries are automatically deleted, and there is a capacity bound.

    Existing hashed user doc entries will be automatically upgraded during the next successful authentication. To disable auto-upgrading set the [chttpd_auth] upgrade_hash_on_auth config setting to false.

  • #4512: Mango: add keys-only covering indexes. Improves query response times for certain queries up to 10x at p(95).

  • #4681: Introduce optional countermeasures as we run out of disk space.

  • #4847: Require auth for _replicate endpoint. This continues the 3.x closed-by-default design goal.

  • #5032: Temporarily block access by client IP for repeated authentication failures. Can be disabled in config.

  • Many small performance improvements, see the Performance section.

1.1.2.4. Features and Enhancements

  • #5212: Allow configuring TLS signature_algs and eccs curves for the clustered port.

  • #5136: Print log dir on dev/run startup.

  • #5150: Ensure rexi_buffer metric includes the internal buffered messages.

  • #5145: Add aggregate rexi_server and rexi_buffer message queue metrics.

  • #5093, #5178: Ensure replication jobs migrate after any the shard map changes.

  • #5079: Move to Erlang 25 minimum.

  • #5069: Update Fauxton to v1.3.1.

  • #5067: Support Erlang/OTP 27.

  • #5053: Use the built-in crypto:pbkdf2_hmac function.

  • #5036: Remove replication_job_supervisor.

  • #5035: Modernise couch_replicator_supervisor.

  • #5019: Remove unused build files.

  • #5017: Remove unused boot_dev_cluster.sh.

  • #5014: Add Couch Scanner module.

  • #5013: Improve dist diagnostics.

  • #4990: Add dbname to mango exec stats.

  • #4987: Replace khash with maps in ddoc_cache_lru.

  • #4984: Fabric: switch to maps for view rows.

  • #4979: Git ignore top level clouseau directory.

  • #4977: Replace khash with maps in couch_event_server.

  • #4976: Add metrics for fast vs slow password hashing.

  • #4965: Handle multiple response copies for _purged_infos API.

  • #4878: Add an option to scrub some sensitive headers from external json.

  • #4834: Wait for newly set admin creds to be hashed in setup.

  • #4821: Do not fail compactions if the last step is delayed by ioq.

  • #4810: Mango: add $beginsWith operator.

  • #4769: Improve replicator error handling.

  • #4766: Add new HTTP endpoint /_node/_local/_smoosh/status.

  • #4736: Stop client process and clean up if client disconnects.

  • #4703: Add _purged_infos endpoint.

  • #4685: Add "CouchDB-Replicator/..." user agent to replicator /_session requests.

  • #4680: Shard splitting: allow resumption of failed jobs and make timeout configurable.

  • #4677: Crash replication jobs on unexpected 4xx errors.

  • #4670: Allow setting of additional ibrowse options like prefer_ipv6.

  • #4662: Mango: extend _explain with candidate indexes and selector hints.

  • #4625: Add optional logging of security issues when replicating.

  • #4623: Better upgrade handling of instance_start_time in replicator.

  • #4613: Add option to suppress version info via HTTP header.

  • #4601: Add simple fabric benchmark.

  • #4581: Support Erlang/OTP 26.

  • #4575: Add {verify, verify_peer} for TLS validation.

  • #4569: Mango: add keys_examined for execution_stats.

  • #4558: Make Erlang/OTP 24 the minimum supported Erlang version.

  • #4513: Make timeouts for _view and _search configurable.

  • #4483: Add RFC5424 compliant report logging.

  • #4475: Add type and descriptions to prometheus output.

  • #4443: Automatically enable FIPS mode at runtime.

  • #4438: Upgrade hash algorithm for proxy auth.

  • #4432: Hide shard-sync and purge documents from _local_docs.

  • #4431: Allow definition of JWT roles claim as comma-separated list.

  • #4404: Respond with 503 immediately if search not available.

  • #4347: Remove failed couch_plugins experiment.

  • #5046: JWT: require valid exp claim by default.

  • #5065: Update Fauxton UI to version v1.3.1.

1.1.2.5. Performance

  • #5172: Remove unique_integer bottleneck from couch_lru.

  • #5168: Update couch_lru to use maps.

  • #5104: Update xxhash from upstream tag v0.8.2.

  • #5037: Optimise fabric:all_dbs().

  • #4911: Optimise and clean up couch_multidb_changes.

  • #4852: Optimise _active_tasks.

  • #4786, #4789: Add extra timing stats for couch_js engine commands.

  • #4679: Fix multipart parse attachment longer than expected error.

  • #4672: Remove folsom and reimplement required functionality with new Erlang/OTP primitives resulting in up to 19x faster histogram operations.

  • #4617: Use a faster sets implementation available since OTP 24.

  • #4608: Add metrics for fsync calls and query engine operations.

  • #4604: 6x speedup for common mem3:dbname/1 function.

  • #4603: Update vm.args settings, increased Erlang distribution buffer size to 32MB.

  • #4598: Speed up internal replicator.

  • #4507, #4525: Add more prometheus metrics.

  • #4505: Treat JavaScript internal errors as fatal.

  • #4494: Treat single-element keys as key.

  • #4473: Avoid re-compiling filter view functions.

  • #4401: Enforce doc ids _changes filter optimisation limit and raise it from 100 to 1000.

  • #4394: Mango: push fields selection down to data nodes.

1.1.2.6. Bugfixes

  • #5223, #5228, #5226: Fix handling IPv6 addresses for _session endpoints in replicator.

  • #5191, #5193: Fix error loop with system freeze when removing a node from a cluster.

  • #5188: Fix units for replicator cluster_start_period config setting.

  • #5185: Use an explicit message for replicator doc processor delayed init. Fixes a rare case when the replicator will never start scanning and monitoring _replicator dbs for changes.

  • #5184: Remove compatibility couch_rand module.

  • #5179: Do not leak fabric_rpc workers if coordinator is killed.

  • #5205: Cleanly abort responses when path doesn’t start with slash.

  • #5204, #5203, #5200, #5201: Fix continuous changes feeds with a limit greater than total.

  • #5169: Make sure we never get an inconsistent couch_lru cache.

  • #5167: Remove unused close_lru gen_server call.

  • #5160: Ensure we run fabric worker cleanup in more cases.

  • #5158: Fix PowerShell PSScriptAnalyzer warnings.

  • #5153, #5156: Upgrade recon and fix Erlang/OTP 27 compiler warnings.

  • #5154: Replace 0/1 to false/true for config keys.

  • #5152: Improve worker cleanup on early coordinator exit to reduce the occurrence of spurious exit:timeout errors in the log.

  • #5151: Use atom for config key with_spidermonkey.

  • #5147: Add passively closed client monitoring to search.

  • #5144: Cleanup deprecated and unused functionality in rexi.

  • #5143: Remove unused external functions and local external calls.

  • #5130, #5132, #5138, #5163, #5170: Implement persistent node names.

  • #5131: Remove unused couch_db_header module.

  • #5084, #5126: Simplify and fix hyper. Remove external hyper dependency.

  • #5117, #5118: Validate target doc id for COPY method.

  • #5111, #5114: Make sure config reload finds new .ini files in .d directories.

  • #5110: Remove last remnant of snap install in ./configure. That happens in couchdb-pkg now.

  • #5089, #5103: Fix _scheduler/docs/... path 500 errors.

  • #5101: Fix replicator scheduler job stopping crash.

  • #5100: Simplify couchdb.cmd.in and remove app version.

  • #5097: Remove couch_io_logger module.

  • #5066: Handle multiple Set-Cookie headers in replicator session plugin.

  • #5060: Cleanup a few clauses in fabric_view_changes.

  • #5030: Always commit if we upgrade 2.x view files. Fixes misleading wrong signature error.

  • #5025: Fix seedlist to not return duplicate json keys.

  • #5008: Fix case clause error in replicator _scheduler/docs response.

  • #5000: Remove repetitive word in source commends (5000!).

  • #4962: Make multidb changes shard map aware.

  • #4958: Mango: use rolling execution statistics.

  • #4921: Make sure to reply to couch_index_server clients.

  • #4910: couch_passwords:verify should always return false for bad inputs.

  • #4908: Mango: communicate rows read for global stats collection.

  • #4906: Flush chttpd_db monitor refs on demonitor.

  • #4904: Git ignore all .hypothesis directories.

  • #4887: Look up search node name in config for weatherreport.

  • #4837: Fix update bug in ets_lru.

  • #4811: Prevent delayed opener error from crashing index servers.

  • #4794: Fix incorrect raising of database_does_not_exist error.

  • #4784: Fix parsing of node name from ERL_FLAGS in remsh.

  • #4782, #4891: Mango: prevent occasional duplication of paginated text results.

  • #4761: Fix badrecord error when replicator is logging HTTP usage.

  • #4759: TLS: use HTTP rules for hostname verification.

  • #4758: Remove sensitive headers from the mochiweb request in pdict.

  • #4751: Mango: correct behaviour of fields on _explain.

  • #4722: Fix badmatch error when purge requests time out.

  • #4716: Fix pending count for reverse changes feed.

  • #4709: Mango: improve handling of invalid fields.

  • #4704, #4707: Fix empty facet search results.

  • #4682: _design_doc/queries with keys should only return design docs.

  • #4669: Allow for more than two replicator socket options.

  • #4666: Improve error handling in config API.

  • #4659: Mango: remove duplicates from indexable_fields/1 results.

  • #4658: Fix undefined range in mem3_rep purge replication logic.

  • #4653: Fix ability to use ; inside of config values.

  • #4629: Fix prometheus to survive mem3_sync termination.

  • #4626: Fix purge infos replicating to the wrong shards during shard splitting.

  • #4602: Fix error handling for the _index endpoint and document _index/_bulk_delete.

  • #4555: Fix race condition when creating indexes.

  • #4524: Querying _all_docs with non-string key should return an empty list.

  • #4514: GET invalid path under _index should not cause 500 response.

  • #4509: Make remsh work with quoted cookie.

  • #4503: Add error_info clause for 410 Gone.

  • #4491: Fix couch_index to avoid crashes under certain conditions.

  • #4485: Catch and log any error from mem3:local_shards in index_server.

  • #4473: Fix prometheus counter metric naming.

  • #4458: Mango: Fix text index selection for queries with $regex.

  • #4416: Allow _local doc writes to the replicator dbs.

  • #4370: Ensure design docs are uploaded individually when replicating with bulk_get.

  • #4363: Fix replication _scheduler/docs total_rows.

  • #4360: Fix handling forbidden exceptions from workers in fabric_doc_update.

  • #4353: Fix replication job_link.

  • #4348: Fix undefined function warning in weatherreport.

  • #4343: Fix undef when parsing replication doc body.

1.1.2.7. Tests

  • #5219: Allow for overriding the host on running Mango tests.

  • #5192: Clean elixir build artifacts with make clean.

  • #5190: Remove flaky couch key tree test.

  • #5187: Do not test SpiderMonkey libs when it is disabled on Windows.

  • #5183: Remove redundant and racy assertion in the couchdb_os_proc_pool test.

  • #5182: Set minimum Elixir version to 1.15.

  • #5180: Bump Clouseau to 2.23.1 in CI.

  • #5128: Update Erlang in CI, support Elixir 1.17.

  • #5102: Use a shorter 4000 msec replicator scheduling interval for tests.

  • #5078, #5085: Make app and release versions uniform. Remove the unused rel version.

  • #5068: Fix flakiness in fabric_bench.

  • #5054: Update a few deps and improve CI.

  • #5050: Update CI OSes.

  • #5048: Update CI Erlang versions.

  • #5040: Fix invalid call to exit/2 in couch_server.

  • #5039: Improve fabric all_dbs test.

  • #5024: Fix flaky _changes async test.

  • #4982: Fix flaky password hashing test.

  • #4980: Fix password test timeout.

  • #4973: Handling node number configuration in dev/run.

  • #4959: Enable Clouseau for more platforms.

  • #4953: Improve retries in dev/run cluster setup.

  • #4947: Add tests for _changes endpoint.

  • #4938: Add tests for _changes with different parameters.

  • #4903: Add extra rev tree changes tests.

  • #4902: Fix flaky tests by increasing timeout.

  • #4900: More flaky fixes for cluster setup.

  • #4899: Reduce EUnit log noise.

  • #4898: Simplify couch_changes_tests.erl using macro ?TDEF_FE.

  • #4893: Relax restriction on [admins] in dev local.ini.

  • #4889: Do not use admin party for integration tests.

  • #4873: Fix test for text index creation.

  • #4863: Fix flaky users_db_security test.

  • #4808: Fix flaky couch_stream test.

  • #4806: Mango: do not skip json tests when Clouseau installed.

  • #4803: Fix flaky ddoc_cache test some more.

  • #4765: Fix flaky mem3 reshard test.

  • #4763: Plug hole in unit test coverage of view cursor functions.

  • #4726: Support Elixir 1.15.

  • #4691: make elixir should match what we run in CI.

  • #4632: Fix test database recreation logic.

  • #4630: Add extra assert in flaky couch_file test.

  • #4620: Add Erlang/OTP 26 to Pull Request CI matrix.

  • #4552, #4553: Fix flaky couchjs error test.

  • #4453: Fix flaky LRU test that the new super fast macOS CI worker noticed.

  • #4422: Clean up JSON index selection and add unit tests.

  • #4345: Add test coverage for replicator user_ctx parser.

1.1.2.8. Docs

  • #5221: Add notes about JavaScript engine compatibility issues and how to use the new scanner feature.

  • #5162: Update CVE backport policy.

  • #5134: Remove JSON2 reference as we no longer ship our own JSON.

  • #5063: Fix duplicate keys in find query.

  • #5045: Create Python virtualenv on Windows for docs.

  • #5038: Fix small detail about conflicts in Overview section.

  • #4999: Change server instance to cluster for UUID docs.

  • #4955: Revamp the installation instructions for FreeBSD.

  • #4951: Add extension for copying code blocks with just one click.

  • #4950: Improve changes feed API documentation.

  • #4948: Update Sphinx package version to 7.2.6.

  • #4946: Update Sphinx/RTD dependencies.

  • #4942: Fix invalid JSON in _db_updates example.

  • #4940: Re-wrote snap installation guide lines for 3.3.

  • #4933: Set docs version numbers dynamically from file.

  • #4928: Add missing installation OSes for convenience binaries.

  • #4925: Break long lines for better readability within tables.

  • #4774: Amend description of use_index on /{db}/_find.

  • #4743: Ban the last monster.

  • #4684: Add _design_docs/queries and _local_docs/queries.

  • #4645: Add authentication data to examples.

  • #4636: Clarify default quorum calculation.

  • #4561: Clarify encoding length in performance section.

  • #4402: Fix example code in partitioned databases.

1.1.2.9. Builds

  • #4840: Add Debian 12 (bookworm) to CI and binary packages.

1.1.2.10. Other

What’s new, Scooby-Doo?