graphql-engine

Changelog

Behaviour changes

• In certain circumstances, all HTTP headers were included in the set of session variables. This has now been reduced to only the session variables. This change affects a number of areas, including the HTTP logs, query validation, JWT claims, rate limiting, and accessing session variables in Kriti code.

• When update_*_many is given an empty list of updates, the result will now be an empty list, rather than an object. Previously, this meant that an empty list of updates would result in a result of the wrong type.

• In rare cases, sensitive headers were written to the GraphQL Engine logs. These cases are now handled correctly to avoid logging sensitive information.

Bug fixes and improvements

Server

• Add field ignored_client_headers to Action definition to specify an explicit list of client headers to ignore when forwarding headers to the webhook handler.

• Add an experimental feature flag remove_empty_subscription_responses to filter empty responses in subscription queries for Postgres data sources. This should reduce Hasura-to-database and Hasura-to-client network overhead for users with many streaming subscriptions seeing empty results.

• Add an experimental feature flag no_null_unbound_variable_default to remove unbound nullable variables with no defaults from the query, as per the spec.

  For example, if $unbound: String is not given a variable assignment, the query update_table({ _set: { column: $unbound }}) will not update any columns.

• Quote Postgres custom scalar types in SQL. This enables using custom type names that are not just lowercase identifiers.

Changelog

This is a patch release for v2.36

Behaviour changes

• In certain circumstances, all HTTP headers were included in the set of session variables. This has now been reduced to only the session variables. This change affects a number of areas, including the HTTP logs, query validation, JWT claims, rate limiting, and accessing session variables in Kriti code.
• In rare cases, sensitive headers were written to the GraphQL Engine logs. These cases are now handled correctly to avoid logging sensitive information.

Build

• Updates ubuntu jammy base image to get the latest security updates.

Changelog

This is a patch release for v2.40

Bug fixes and improvements

Data Connectors

• Update RedHat base image to get the latest security updates.

Changelog

Bug fixes and improvements

Server

• For JWT key servers that do not implement caching, keys will now refresh every 60 seconds instead of every second.
• Gracefully handle and log certain unexpected internal exceptions.
• Fix an intermittent bug triggered when clearing the cache, which results in an internal error. (Cloud / Enterprise edition only)
• Add session_variables attribute to GraphQL spans in OpenTelemetry traces. (Cloud / Enterprise edition only)
• Add a new OpenTelemetry span for the auth webhook. (Cloud / Enterprise edition only)
• Enhance SpanKind for server and client spans according to the OpenTelemetry specification (Cloud / Enterprise edition only)

Console

• Add VPC collaborators feature for Cloud Enterprise users. (Cloud only)

Build

• Updates ubuntu jammy base image to get the latest security updates.

Changelog

Bug fixes and improvements

Server

• For JWT key servers that do not implement caching, only refresh keys every 60 seconds rather than ever single second.
• Gracefully handle and log certain unexpected internal exceptions.

Build

• Updates ubuntu jammy base image to get the latest security updates

Changelog

This is a patch release for v2.40.

Bug fixes and improvements

Server

• Add HASURA_GRAPHQL_DISABLE_NATIVE_QUERY_VALIDATION env var / --disable-native-query-validation flag to disable validation of Native Queries against the database.

Changelog

This is a patch release for v2.40

Bug fixes and improvements

Data Connectors

• Update Redshift JDBC driver to latest version

Changelog

This is a patch release for v2.36

Server

• Add operation_name and parameterized_query_hash labels to the hasura_graphql_requests_total Prometheus metric.
• Add GraphQL queries to the OTLP traces.

Changelog

This is a patch release for v2.36

Server

• Add HASURA_GRAPHQL_ENABLE_QUERY_TRACING config option to enable adding Postgres SQL queries to the OTLP traces.

Build

• Update the Ubuntu base image to receive the latest security updates.

Changelog

Changelog

Bug fixes and improvements

Server

• Explicitly close database connection after a Native Query validation step finishes.
• Fix bug in streaming subscriptions that causes some database pollers to be left open after the relevant users unsubscribe from the subscription.
• Fix a few bugs in the admin-only cache management endpoints, /pro/cache/clear and /pro/cache/metrics: (Cloud / Enterprise edition only)
  • The underlying management queries would sometimes miss keys. This has been remedied.
  • They now return the internal error details when one occurs.
• The type of the clearedItemCount field in the /pro/cache/clear endpoint response has been changed from a string to a number. (Cloud / Enterprise edition only)
• Add config HASURA_GRAPHQL_REDIS_TIMEOUT to set a timeout for Redis queries (Enterprise edition only)

Changelog

Bug fixes and improvements

Server

• Explicitly close database connection after a Native Query validation step finishes.
• Fix bug in streaming subscriptions that causes some database pollers to be left open after the relevant users unsubscribe from the subscription.
• Fix a few bugs in the admin-only cache management endpoints, /pro/cache/clear and /pro/cache/metrics: (Cloud / Enterprise edition only)
  • The underlying management queries would sometimes miss keys. This has been remedied.
  • They now return the internal error details when one occurs.
• The type of the clearedItemCount field in the /pro/cache/clear endpoint response has been changed from a string to a number. (Cloud / Enterprise edition only)
• Add config HASURA_GRAPHQL_REDIS_TIMEOUT to set a timeout for Redis queries (Enterprise edition only)

Changelog

This is a patch release for v2.39

Bug fixes and improvements

Server

• Run setup for scheduled events off the main thread so as not to slow startup

Changelog

This is a patch release for v2.36

Bug fixes and improvements

Server

• Explicitly close database connection after a Native Query validation step finishes.

Build

• Update the Ubuntu and Red Hat UBI base images to receive the latest security updates.

Changelog

This is a patch release for v2.39

Bug fixes and improvements

Build

• Fix bug where connections to read replicas would persist even after they were removed from the data source config. (Cloud / Enterprise edition only)

Changelog

Bug fixes and improvements

Server

• The server now logs timing information on error when possible, e.g. when an SQL query fails.
• Generate an info message instead of a warning when the GC is forced to run.
• Add operation_name and parameterized_query_hash labels to the hasura_graphql_requests_total Prometheus metric. (Cloud / Enterprise edition only)
• Support env variable template to set the OpenTelemetry status (fix #10177) (Cloud / Enterprise edition only)
• Fix bug causing unstable connections for projects with multiple sources using the same SSL certificates. (Enterprise edition only)

Console

• Fix values not being suggested in dropdowns of the permissions builder if only 1 option exists

Changelog

Bug fixes and improvements

Server

• The server now logs timing information on error when possible, e.g. when an SQL query fails.
• Generate an info message instead of a warning when the GC is forced to run.
• Add operation_name and parameterized_query_hash labels to the hasura_graphql_requests_total Prometheus metric. (Cloud / Enterprise edition only)
• Support env variable template to set the OpenTelemetry status (fix #10177) (Cloud / Enterprise edition only)

Console

• Fix values not being suggested in dropdowns of the permissions builder if only 1 option exists

Changelog

This is a patch release for v2.38

Bug fixes and improvements

Build

• Update the Red Hat UBI base images to receive latest security updates

Changelog

Behaviour changes

• Add automatic quoting to Native Query parameters for Snowflake. (Cloud / Enterprise edition only)

  Note that this may affect existing Native Queries in contexts where query authors have manually added quotes around parameter injection sites; removing the manual quotes should resolve this issue.

Bug fixes and improvements

Server

• Add the ability to force refresh of dynamic db connection strings. (Cloud / Enterprise edition only)

  When the HASURA_SECRETS_BLOCKING_FORCE_REFRESH_URL env var is defined, then on retry Hasura will post this payload to the URL:

  {"filename": <path>}
  

  Crucially it is assumed that the Hasura server only returns after the referenced secret file has been updated.

• Ignore dynamic headers x-real-ip, x-forwarded-for, true-client-ip while generating cache keys. (Cloud / Enterprise edition only)

Console

• Fix console crash when using Native Queries in an array relationship.
• Add ClickHouse and Trino database logos. Fix an issue where some logos may not have been displaying correctly for data-connector backed databases.

Data Connectors

• In the JVM connection pool, validate connections when borrowing them. This prevents the issue where, for example, the DB server is terminated and the pool is unaware that the connection is in an invalid state, leading to errors.
• Inline query parameters in output generated by the GraphiQL Analyze button (i.e. the Explain API). Also, use dialect-specific SQL based on the current connector rather than a default/generic dialect.

Changelog

Bug fixes and improvements

Server

• Ignore dynamic headers x-real-ip, x-forwarded-for, true-client-ip while generating cache keys. (Cloud / Enterprise edition only)

Console

• Fix console crash when using Native Queries in an array relationship.
• Add ClickHouse and Trino database logos. Fix an issue where some logos may not have been displaying correctly for data-connector backed databases.

Data Connectors

• Inline query parameters in output generated by the GraphiQL Analyze button (i.e. the Explain API). Also, use dialect-specific SQL based on the current connector rather than a default/generic dialect.

Changelog

This is a patch release for v2.37

Bug fixes and improvements

Server

• Fix output of error field for asynchronous actions with 2xx response status.

Data connectors

• Remove explicit NULL ordering when generating ORDER BY statements.
  Some dialects such as MySQL do not support ORDER BY ... NULLS FIRST/LAST
  The translation to ORDER BY CASE WHEN causes the optimizer to be unable to use indices.