Skip to content

3.1.0 — April 2023
Compare
Choose a tag to compare
@torcolvin torcolvin released this 22 May 14:16
· 373 commits to master since this release
3.1.0
2a9837d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Version 3.1.0 of Sync Gateway delivers the following features and enhancements:

Scopes and Collections

In 3.1, Sync Gateway has significantly improved by incorporating Scopes and Collections support:

  1. Scopes and Collections Support: Adding Scopes and Collections support allows for an improved method of defining and enforcing data access control. This enhancement ensures that only authorized users can use the appropriate data.
  2. Simplified Data Organization and Synchronization: Streamlining the data organization and synchronization processes, enabling users to build and scale applications more efficiently while maintaining high security.

Synchronization between Couchbase Lite clients and Couchbase Server is accomplished by:

Sync Gateway Metadata Isolation

  • Scopes and Collections for Isolation
    Scopes and collections are used to isolate Sync Gateway metadata.
  • Default Scope/Collection for System Data
    The _default scope/collection is used for system data maintained by Sync Gateway. In contrast, user-defined scopes/collections are used for application data.
  • Separating System Metadata and Application Data
    Using separate Scopes and collections for system metadata and application data helps to logically isolate them and avoid accidental modification or deletion of system metadata by the application.
  • Implementing Role-Based Access Controls (RBAC)
    To further safeguard against such risks, an SDK-based application implements role-based access controls (RBAC) to restrict access to the _default scope/collection, which typically contains critical sync metadata.

Sync Gateway and Couchbase Lite Clients

  • Direct Syncing of Scopes
    Sync Gateway enables Couchbase Lite clients to sync one or more Scopes directly to other Couchbase Lite clients over a local network via Couchbase Lite Peer-to-Peer protocol.

  • Bypassing Cloud-Based Control Points
    This can be done without the need for a cloud-based control point.

  • Setting Up Replications
    A Couchbase Lite client can set up one or more replications to one or more Sync Gateway database endpoints.

  • Syncing Collections
    Each replication can sync one or all collections associated with that Scope.

  • Local Persistence of Data
    The Couchbase Lite client can also locally persist data in a Scope not synced to remote Sync Gateway.

Enhancements

CBG-2729 - Info-level logging when a remote webhook filter is empty

CBG-2721 - Add a flag to sg-collect collection to delete zip once uploaded

CBG-2689 - Add sync_function_exception_count stat

CBG-2660 - Use MaxInt64 for high sequence queries

CBG-2559 - Move history to end of marshalled SyncData

CBG-2510 - Docs not being tombstoned with replication DocID filter

CBG-2450 - Leading null character in document ID causes ISGR to terminate pull replication

CBG-2418 - Make a Runtime Database Config to explicitly track if a database is suspended

CBG-2362 - Identify whether SG is running in persistent config mode (or not) via REST API

CBG-2177 - Maintain long-lived bucket connections for persistent config

CBG-2138 - Inform client they need to contact another SGW

CBG-2137 - Support downloading meta(data) from S3 and resuming the bucket

CBG-2136 - Support uploading meta(data) to S3 for hibernation

CBG-2135 - Add API to stop/start access to a given bucket for hibernation

CBG-2064 - Allow mapping OIDC claims to user roles/channels

CBG-2047 - Update client-golang to 1.11.1+ CVE-2022-21698

CBG-2027 - User API Enhancements - include details and limit

CBG-2026 - Option to disable basic auth on public REST API

CBG-2017 - Handle removed buckets in background persistent config update polling

CBG-1969 - Support CBL clients that don't increment revpos when attachment body changes

Issues and Resolutions
Fixed Issues
CBG-2731 - AccessLock not being released when a PUSH replication is ongoing

CBG-2556 - Inefficient sequence parsing during ISGR checkpointing

CBG-2248 - Config admin API doesn't use Etags when config comes from JSON

CBG-2247 - Etags should be quoted

CBG-2208 - Index compaction failing due to not found handling

CBG-2183 - Revocation of non-existent role causes replication panic

CBG-2174 - Periodic high response times on REST API due to persistent config polling

CBG-2134 - Guest user is not initialised with access to public channel ("!")

CBG-2119 - Update DisablePasswordAuth to False does not work

CBG-2102 - Admin auth credentials not verified when using x.509 auth between SG and CBS

CBG-2101 - User endpoint: missing first user if name_only=false

CBG-2065 - Update golang.org/x/text to 0.3.3+ CVE-2020-14040 in SGW 2.8.x

CBG-2059 - HTTP logs incorrectly redact document name if the database name contains it

CBG-2058 - Compaction w/ import and xattrs enabled can panic

CBG-2048 - Update nhooyr.io/websocket gin-gonic/gin CVE-2020-28483

CBG-2030 - _user endpoint pagination causes query error

CBG-2010 - CBL revpos handling causes attachment fetch per write for docs with attachments

Known Issues

CBG-798 - Sync Gateway requires Couchbase Server nodes to use the same SSL memcached port

Assets 2