7.6.0

Release 7.6.0

What's new in this release

• Align GraphQL Response Content Types and Status Codes with Specification
• Extend GraphQL mappings with argument with default values and optional aggregation stages
• Support dot notation in aggregation $var and graphql mapping $arg operator
• Add rootDoc $arg to GraphQL mappings

More details on this milestone at https://github.com/SoftInstigate/restheart/milestone/52?closed=1

Full Changelog: 7.5.2...7.6.0

7.5.2

Release 7.5.2

This Release fixes some minor bugs with the GraphQL API plugin.

• 0296cf4 - 🐛 Fix exception on graphql request with operationName: null (2023-10-10 17:24:43 +0200)
• 230c042 - 🐛 Fix OPTIONS for graphql app endpoint (2023-10-10 17:00:05 +0200)

Full Changelog: 7.5.1...7.5.2

7.5.1

Release 7.5.1

This is a patch release with a few minor fixes.

New commits

• e6ea4e0 - (tag: 7.5.1) Release version 7.5.1 (2023-10-05 10:02:42 +0200)
• 4b72c4f - 🥅 Catch MongoDB error code 15998 (FieldPath field names may not be empty strings) and return 400 rather than 500 (2023-10-05 09:34:29 +0200)
• f2e2b22 - 🥅 Catch BSONException in MongoService and return 400 rather than 500 (2023-10-05 09:27:19 +0200)
• 18a8c39 - ⬆️ Upgrade snappy-java to v1.1.10.4 (2023-10-03 18:39:48 +0200)
• b361fcd - 🥅 polyglotDeployer handles error when plugin directory is not available (2023-10-04 13:42:45 +0200)
• 5a0cbe3 - 🐛 Fix startup error when the plugins directory includes spaces (2023-10-03 12:31:06 +0200)
• ef6286a - 📝 Update howto publish graalvm image [skip ci] (2023-09-21 09:37:45 +0200)

Full Changelog: 7.5.0...7.5.1

7.5.0

Release 7.5.0

Major improvements

• 🚀Enhanced metrics #468
  • New monitoring feature https://restheart.org/docs/monitoring
• 🚀 Support for MongoDB v7
• ✅Upgrade GraalVM to v23.0.1 (17.0.8-graal) #481
• ✅Extend permission predicates to check requests content #479
  • Three new permission predicates: bson-request-prop-equals, bson-request-prop-equals, bson-request-array-is-subset https://restheart.org/docs/security/authorization#predicates
• ✅Forbid creating or updating a user with the root-role #480
  • rootRoleGuard forbids accounts handled by mongoAclAuthorizer to gain the root-role defined by the mongoAclAuthorizer https://restheart.org/docs/security/other-security-plugins#root-role-guard

More details on this milestone at https://github.com/SoftInstigate/restheart/milestone/49?closed=1

Deprecation notice

Starting from this release, we no longer run our integration tests against MongoDB 3.6.

List of supported MongoDB versions:

• 4.2
• 4.4
• 5.0
• 6.0
• 7.0

Also this release deprecates the MongoService monitoring that will be removed in v8.0.

Full Changelog: 7.4.6...7.5.0

7.4.6

Release 7.4.6

Minor security patches.

New commits

• 28e4c5a - (tag: 7.4.6) Release version 7.4.6
• cd01e11 - Fix catchingInterruptedExceptionWithoutInterrupt
• c65dc73 - Ignore the master branch when there are tags [skip ci]
• 41e3da3 - pull all required images before building
• dc97c53 - Upgrade actions to docker/build-push-action@v4
• a617583 - Upgrade dependencies to patch possibile security vulnerabilities
• f4dc45a - Update README.md [skip ci]

Full Changelog: 7.4.5...7.4.6

7.4.5

Release 7.4.5

Improve handling of GraphQL json bad requests. An example follows:
request

POST /graphql/foo
Content-Type: application/json
{
  “query”:  { this { is { invalid { json } } } }
}

response

{
	“http status code”: 400,
	“http status description”: “Bad Request”,
	“message”: “query field must be a string”
}

Before 7.4.5 this was returning the generic 500 error status code.

Full Changelog: 7.4.3...7.4.5

7.4.3

Release 7.4.3

Minor security patch release.

Updated dependencies for known vulnerabilities:

• graalvm.version to 22.3.3
• guava to 32.1.2-jre
• undertow-core to 2.3.7.Final

Full Changelog: 7.4.2...7.4.3

7.4.2

Release 7.4.2

d9907c4 🔧 audience claim configuration for JwtAuthenticationMechanism is optional
b60a12d 🐛 Fix boolean type not supported in interpolation of acl permission
912925d Set log level to warning when a Replica Set is not present

Full Changelog: 7.4.1...7.4.2

7.4.1

Release 7.4.1

Upgrade undertow-core to 2.3.6.Final

fix: pom.xml to reduce vulnerabilities (#460)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-IOUNDERTOW-3358786

Full Changelog: 7.4.0...7.4.1

7.4.0

Release 7.4.0

This release adds the following new features:

• MongoService supports application/x-www-form-urlencoded and multipart/form-data content types for write requests
• jwtTokenManager can be configured to add properties from account document to the JWT

It also updates all dependencies to latest versions.

Notable commits since the previous release

9f0f5fe 🥅 Improve response error for GraphQL app with missing db or collection in mapping
23ae157 ✨ jwtTokenManager can be configured to add properties from account document to the JWT
d859462 Upgrade all tests to JUnit 5
bb0c919 ✅ Add test for MongoService support of application/x-www-form-urlencoded and multipart/form-data content types
3d1bbe7 ♻️ Improve MongoService handling of multipart/form requests
27037c1 ✨ MongoService handles multipart/form write requests to collections building BSONdocument from parts/fields
fdaa6a4 🥅 Avoid closing request channel in AuthenticationCallHandler when Transfer-Encoding=chunked
321cea4 ✨ MongoService accepts Content-Type application/x-www-form-urlencoded or multipart/form-data for write requests

Full Changelog: https://github.com/SoftInstigate/restheart/compare/7.3.5..7.4.0