16.1. 2.3.x Branch¶
#1602: To improve security, there have been major changes in the configuration of query servers, SSL support, and HTTP global handlers:
- Query servers
Query servers are NO LONGER DEFINED in the .ini files, and can no longer be altered at run-time.
couchdb.cmdstart scripts respectively.
Additional query servers can now be configured using environment variables:
export COUCHDB_QUERY_SERVER_PYTHON="/path/to/python/query/server.py with args" couchdb
where the last segment in the environment variable (
_PYTHON) matches the usual lowercase(!) query language in the design doc
Multiple query servers can be configured by using more environment variables.
You can also override the default servers if you need to set command- line options (such as
- Native Query Servers
The mango query server continues to be enabled by default. The Erlang query server continues to be disabled by default. This change adds a
[native_query_servers] enable_erlang_query_server = BOOLsetting (defaults to
false) to enable the Erlang query server.
If the legacy configuration for enabling the query server is detected, that is counted as a
truesetting as well, so existing configurations continue to work just fine.
- SSL Support
Enabling SSL support in the ini file is now easier:
[ssl] enable = true
If the legacy httpsd configuration is found in your ini file, this will still enable SSL support, so existing configurations do not need to be changed.
- HTTP global handlers
These are no longer defined in the default.ini file, but have been moved to the couch.app context. If you need to customize your handlers, you can modify the app context using a couchdb.config file as usual.
#1602: Also to improve security, the deprecated
couch_httpd_proxyfunctionality has been completely removed ahead of the planned CouchDB 3.0 release. We recommend the use of OS-level daemons such as runit, sysvinit, systemd, upstart, etc. to launch and maintain OS daemons instead, and the use of a reverse proxy server in front of CouchDB (such as haproxy) to proxy access to other services or domains alongside CouchDB.
#1543: The node-local (default port 5986)
/_restartendpoint has been replaced by the clustered (default port 5984) endpoint
/_node/_local/_restartendpoints. The node-local endpoint has been removed.
#1764: All python scripts shipped with CouchDB, including
dev/rundevelopment cluster script, now specify and require Python 3.x.
#1396: CouchDB is now compatible with Erlang 21.x.
#1680: The embedded version of
rebarused to build CouchDB has been updated to the last version of
rebar2available. This assists in building on non-x86 platforms.
(Multiple) Clustered purge is now available. This feature restores the CouchDB 1.x ability to completely remove any record of a document from a database. Conditions apply; to use the feature safely, and for full details, read the complete Clustered Purge documentation.
#1658: A new config setting is available, allowing an administrator to configure an initial list of nodes that should be contacted when a node boots up. Nodes in the
seedlistthat are successfully reached will be added to that node’s
_nodesdatabase automatically, triggering a distributed Erlang connection and replication of the internal system databases to the new node. This can be used instead of manual config or the cluster setup wizard to bootstrap a cluster. The progress of the initial seeding of new nodes is exposed at the
Replication supports ipv6-only peers after updating ibrowse dependency.
#1708: The UUID of the server/cluster is once again exposed in the
GET /response. This was a regression from CouchDB 1.x.
#1722: Stats counts between job runs of the replicator are no longer reset on job restart.
#1409: CouchDB no longer forces the TCP receive buffer to a fixed size of 256KB, allowing the operating system to dynamically adjust the buffer size. This can lead to siginificantly improved network performance when transferring large attachments.
#1423: Mango selector matching now occurs at the shard level, reducing the network traffic within a cluster for a mango query.
#1423: Long running operations at the node level could exceed the inter-node timeout, leading to a fabric timeout error in the logfile and a cancellation of the task. Nodes can now ping to stop that from happening.
#1560: An optimization to how external data sizes of attachments were recorded was made.
#1586: When cleaning up outdated secondary index files, the search is limited to the index directory of a specific database.
couch_serverETS table now has the
read_concurrencyoption set, improving access to the global list of open database handles.
#1593: Messages to update the least-recently used (LRU) cache are not sent when the
[couchdb] update_lru_on_readsetting is disabled.
#1625: All nodes in a cluster now run their own
_statsnow correctly handles the case where a map function emits an array of integers. This bug was introduced in 2.2.0.
#1544: Certain list functions could return a
_sessionsupport was incompatible with CouchDB installations using the
require_valid_user = truesetting.
#1571: Under very heavy load, it was possible that
rexi_servercould die in such a way that it’s never restarted, leaving a cluster without the ability to issue RPC calls - effectively rendering the cluster useless.
#1574: The built-in
_sumreduce function has been improved to check if the objects being summed are not overflowing the view storage. Previously, there was no protection for
#1582: Database creation parameters now have improved validation, giving a more readable error on invalid input.
#1588: A missing security check has been restored for the noop
/db/_ensure_full_commitcall to restore database validation checks.
#1591: CouchDB now creates missing shard files when accessing a database if necessary. This handles the situation when, on database creation, no nodes were capable of creating any of the shard files required for that database.
#1568: CouchDB now logs a warning if a changes feed is rewound to 0. This can help diagnose problems in busy or malfunctioning clusters.
#1596: It is no longer possible that a busy
couch_server, under a specific ordering and timing of events, will incorrectly track
open_asyncmessages in its mailbox.
#1601, #1654: CouchDB now logs better when an error causes it to read past the EOF of a database shard. The check for whether CouchDB is trying to read too many bytes has been correctly separated out from the error indicating it has attempted to read past the EOF.
#1613: Local nodes are now filtered out during read repair operations.
#1636: A memory leak when replicating over HTTPS and a problem occurs has been squashed.
/_replicatejobs are no longer restarted if parameters haven’t changed.
#1631: The replicator no longer crashes if the user has placed an invalid VDU function into one of the
_bulk_getis once again operational for system databases such as
#1652: Access to
/_active_tasksis once again restricted to server admins only.
couch_logapplication no longer crashes when new, additional information is supplied by a crashing application, or when any of its own children are restarted.
#1666: Mango could return an error that would crash the
couch_query_serversapplication. This is no longer the case.
#1655: Configuration of
chttpdnow performs proper error checking of the specified config value.
snappydependency has been updated to fix a memory allocation error.
#1683: Attempting to create a local document with an invalid revision no longer throws a
badargexception. Also, when setting
falseand performing a bulk write operation, local documents are no longer written into the wrong btree. Finally, it is no longer possible to create a document with an empty ID during a bulk operation with
couchupconvenience script for upgrading from CouchDB 1.x now also copies a database’s
_securityobject on migration.
#1672: When checking the status of a view compaction immediately after starting it, the
changes_donefields are now immediately populated with valid values.
#1717: If the
.iniconfig file is read only, an attempt to update the config through the HTTP API will now result in a proper
#1603: CouchDB now returns the correct
total_rowsresult when querying
#1629: Internal load validation functions no longer incorrectly hold open a deleted database or its host process.
#1746: Server admins defined in the ini file accessing via HTTP API no longer result in the auth cache logging the access as a miss in the statistics.
#1607: The replicator no longer fails to re-authenticate to open a remote database when its session cookie times out due to a VDU function forbidding writes or a non-standard cookie expiration duration.
#1579: The compaction daemon no longer incorrectly only compacts a single view shard for databases with a
qvalue greater than 1.
#1737: CouchDB 2.x now performs as well as 1.x when using a
_design_docsfilter on a changes feed.
The 2.3.0 release also includes the following minor improvements:
Improved test cases:
- Many racy test cases improved for reliable CI runs.
- The Makefile targets for
list-eunit-*now work correctly on macOS.
- #1732, #1733, #1736: All of the test suites run and pass on the Windows platform once again.
#1597: Off-heap messages, a new feature in Erlang 19+, can now be disabled per module if desired.
#1682: A new
[feature_flags]config section exists for the purpose of enabling or disabling experimental features by CouchDB developers.
A narwhal! OK, no, not really. If you got this far…thank you for reading.