3.1.0 — April 2023
Version 3.1.0 of Sync Gateway delivers the following features and enhancements:
Scopes and Collections
In 3.1, Sync Gateway has significantly improved by incorporating Scopes and Collections support:
- Scopes and Collections Support: Adding Scopes and Collections support allows for an improved method of defining and enforcing data access control. This enhancement ensures that only authorized users can use the appropriate data.
- Simplified Data Organization and Synchronization: Streamlining the data organization and synchronization processes, enabling users to build and scale applications more efficiently while maintaining high security.
Synchronization between Couchbase Lite clients and Couchbase Server is accomplished by:
Sync Gateway Metadata Isolation
- Scopes and Collections for Isolation
Scopes and collections are used to isolate Sync Gateway metadata. - Default Scope/Collection for System Data
The _default scope/collection is used for system data maintained by Sync Gateway. In contrast, user-defined scopes/collections are used for application data. - Separating System Metadata and Application Data
Using separate Scopes and collections for system metadata and application data helps to logically isolate them and avoid accidental modification or deletion of system metadata by the application. - Implementing Role-Based Access Controls (RBAC)
To further safeguard against such risks, an SDK-based application implements role-based access controls (RBAC) to restrict access to the _default scope/collection, which typically contains critical sync metadata.
Sync Gateway and Couchbase Lite Clients
-
Direct Syncing of Scopes
Sync Gateway enables Couchbase Lite clients to sync one or more Scopes directly to other Couchbase Lite clients over a local network via Couchbase Lite Peer-to-Peer protocol. -
Bypassing Cloud-Based Control Points
This can be done without the need for a cloud-based control point. -
Setting Up Replications
A Couchbase Lite client can set up one or more replications to one or more Sync Gateway database endpoints. -
Syncing Collections
Each replication can sync one or all collections associated with that Scope. -
Local Persistence of Data
The Couchbase Lite client can also locally persist data in a Scope not synced to remote Sync Gateway.
Enhancements
CBG-2729 - Info-level logging when a remote webhook filter is empty
CBG-2721 - Add a flag to sg-collect collection to delete zip once uploaded
CBG-2689 - Add sync_function_exception_count stat
CBG-2660 - Use MaxInt64 for high sequence queries
CBG-2559 - Move history to end of marshalled SyncData
CBG-2510 - Docs not being tombstoned with replication DocID filter
CBG-2450 - Leading null character in document ID causes ISGR to terminate pull replication
CBG-2418 - Make a Runtime Database Config to explicitly track if a database is suspended
CBG-2362 - Identify whether SG is running in persistent config mode (or not) via REST API
CBG-2177 - Maintain long-lived bucket connections for persistent config
CBG-2138 - Inform client they need to contact another SGW
CBG-2137 - Support downloading meta(data) from S3 and resuming the bucket
CBG-2136 - Support uploading meta(data) to S3 for hibernation
CBG-2135 - Add API to stop/start access to a given bucket for hibernation
CBG-2064 - Allow mapping OIDC claims to user roles/channels
CBG-2047 - Update client-golang to 1.11.1+ CVE-2022-21698
CBG-2027 - User API Enhancements - include details and limit
CBG-2026 - Option to disable basic auth on public REST API
CBG-2017 - Handle removed buckets in background persistent config update polling
CBG-1969 - Support CBL clients that don't increment revpos when attachment body changes
Issues and Resolutions
Fixed Issues
CBG-2731 - AccessLock not being released when a PUSH replication is ongoing
CBG-2556 - Inefficient sequence parsing during ISGR checkpointing
CBG-2248 - Config admin API doesn't use Etags when config comes from JSON
CBG-2247 - Etags should be quoted
CBG-2208 - Index compaction failing due to not found handling
CBG-2183 - Revocation of non-existent role causes replication panic
CBG-2174 - Periodic high response times on REST API due to persistent config polling
CBG-2134 - Guest user is not initialised with access to public channel ("!")
CBG-2119 - Update DisablePasswordAuth to False does not work
CBG-2102 - Admin auth credentials not verified when using x.509 auth between SG and CBS
CBG-2101 - User endpoint: missing first user if name_only=false
CBG-2065 - Update golang.org/x/text to 0.3.3+ CVE-2020-14040 in SGW 2.8.x
CBG-2059 - HTTP logs incorrectly redact document name if the database name contains it
CBG-2058 - Compaction w/ import and xattrs enabled can panic
CBG-2048 - Update nhooyr.io/websocket gin-gonic/gin CVE-2020-28483
CBG-2030 - _user endpoint pagination causes query error
CBG-2010 - CBL revpos handling causes attachment fetch per write for docs with attachments
Known Issues
CBG-798 - Sync Gateway requires Couchbase Server nodes to use the same SSL memcached port