| .. Licensed under the Apache License, Version 2.0 (the "License"); you may not |
| .. use this file except in compliance with the License. You may obtain a copy of |
| .. the License at |
| .. |
| .. http://www.apache.org/licenses/LICENSE-2.0 |
| .. |
| .. Unless required by applicable law or agreed to in writing, software |
| .. distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| .. WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| .. License for the specific language governing permissions and limitations under |
| .. the License. |
| |
| .. _release/1.2.x: |
| |
| ============ |
| 1.2.x Branch |
| ============ |
| |
| .. contents:: |
| :depth: 1 |
| :local: |
| |
| .. _release/1.2.x/upgrade: |
| |
| Upgrade Notes |
| ============= |
| |
| .. warning:: |
| This version drops support for the database format that was introduced in |
| version 0.9.0. Compact your older databases (that have not been compacted |
| for a long time) before upgrading, or they will become inaccessible. |
| |
| .. warning:: |
| :ref:`release/1.2.1` contains important security fixes. Previous `1.2.x` |
| releases are not recommended for regular usage. |
| |
| Security changes |
| ---------------- |
| |
| The interface to the ``_users`` and ``_replicator`` databases have been |
| changed so that non-administrator users can see less information: |
| |
| * In the ``_users`` database: |
| |
| * User documents can now only be read by the respective users, as well as |
| administrators. Other users cannot read these documents. |
| * Views can only be defined and queried by administrator users. |
| * The ``_changes`` feed can only be queried by administrator users. |
| |
| * In the ``_replicator`` database: |
| |
| * Documents now have a forced ``owner`` field that corresponds to the |
| authenticated user that created them. |
| * Non-owner users will not see confidential information like passwords or |
| OAuth tokens in replication documents; they can still see the other |
| contents of those documents. Administrators can see everything. |
| * Views can only be defined and queried by administrators. |
| |
| Database Compression |
| -------------------- |
| |
| The new optional (but enabled by default) compression of disk files requires |
| an upgrade of the on-disk format (5 -> 6) which occurs on creation for new |
| databases and views, and on compaction for existing files. This format is not |
| supported in previous releases, so rollback would require replication to the |
| previous CouchDB release or restoring from backup. |
| |
| Compression can be disabled by setting ``compression = none`` in your |
| ``local.ini`` ``[couchdb]`` section, but the on-disk format will still be |
| upgraded. |
| |
| .. _release/1.2.2: |
| |
| Version 1.2.2 |
| ============= |
| |
| Build System |
| ------------ |
| |
| * Fixed issue in `couchdb` script where stopped status returns before process |
| exits. |
| |
| HTTP Interface |
| -------------- |
| |
| * Reset rewrite counter on new request, avoiding unnecessary request failures |
| due to bogus rewrite limit reports. |
| |
| .. _release/1.2.1: |
| |
| Version 1.2.1 |
| ============= |
| |
| Build System |
| ------------ |
| |
| * Fix couchdb start script. |
| * Win: fix linker invocations. |
| |
| Futon |
| ----- |
| |
| * Disable buttons that aren't available for the logged-in user. |
| |
| HTTP Interface |
| -------------- |
| |
| * No longer rewrites the ``X-CouchDB-Requested-Path`` during recursive |
| calls to the rewriter. |
| * Limit recursion depth in the URL rewriter. Defaults to a maximum |
| of 100 invocations but is configurable. |
| |
| Security |
| -------- |
| |
| * Fixed :ref:`cve/2012-5641` |
| * Fixed :ref:`cve/2012-5649` |
| * Fixed :ref:`cve/2012-5650` |
| |
| Replication |
| ----------- |
| |
| * Fix potential timeouts. |
| |
| View Server |
| ----------- |
| |
| * Change use of signals to avoid broken view groups. |
| |
| .. _release/1.2.0: |
| |
| Version 1.2.0 |
| ============= |
| |
| Authentication |
| -------------- |
| |
| * Fix use of OAuth with VHosts and URL rewriting. |
| * OAuth secrets can now be stored in the users system database |
| as an alternative to key value pairs in the .ini configuration. |
| By default this is disabled (secrets are stored in the .ini) |
| but can be enabled via the .ini configuration key `use_users_db` |
| in the `couch_httpd_oauth` section. |
| * Documents in the _users database are no longer publicly |
| readable. |
| * Confidential information in the _replication database is no |
| longer publicly readable. |
| * Password hashes are now calculated by CouchDB. Clients are no |
| longer required to do this manually. |
| * Cookies used for authentication can be made persistent by enabling |
| the .ini configuration key `allow_persistent_cookies` in the |
| `couch_httpd_auth` section. |
| |
| Build System |
| ------------ |
| |
| * cURL is no longer required to build CouchDB as it is only |
| used by the command line JS test runner. If cURL is available |
| when building CouchJS you can enable the HTTP bindings by |
| passing -H on the command line. |
| * Temporarily made `make check` pass with R15B. A more thorough |
| fix is in the works (:issue:`1424`). |
| * Fixed --with-js-include and --with-js-lib options. |
| * Added --with-js-lib-name option. |
| |
| Futon |
| ----- |
| |
| * The `Status` screen (active tasks) now displays two new task status |
| fields: `Started on` and `Updated on`. |
| * Futon remembers view code every time it is saved, allowing to save an |
| edit that amounts to a revert. |
| |
| HTTP Interface |
| -------------- |
| |
| * Added a native JSON parser. |
| * The _active_tasks API now offers more granular fields. Each |
| task type is now able to expose different properties. |
| * Added built-in changes feed filter `_view`. |
| * Fixes to the `_changes` feed heartbeat option which caused |
| heartbeats to be missed when used with a filter. This caused |
| timeouts of continuous pull replications with a filter. |
| * Properly restart the SSL socket on configuration changes. |
| |
| OAuth |
| ----- |
| |
| * Updated bundled `erlang_oauth` library to the latest version. |
| |
| Replicator |
| ---------- |
| |
| * A new replicator implementation. It offers more performance and |
| configuration options. |
| * Passing non-string values to query_params is now a 400 bad |
| request. This is to reduce the surprise that all parameters |
| are converted to strings internally. |
| * Added optional field `since_seq` to replication objects/documents. |
| It allows to bootstrap a replication from a specific source sequence |
| number. |
| * Simpler replication cancellation. In addition to the current method, |
| replications can now be canceled by specifying the replication ID |
| instead of the original replication object/document. |
| |
| Storage System |
| -------------- |
| |
| * Added optional database and view index file compression (using Google's |
| snappy or zlib's deflate). This feature is enabled by default, but it |
| can be disabled by adapting local.ini accordingly. The on-disk format |
| is upgraded on compaction and new DB/view creation to support this. |
| * Several performance improvements, most notably regarding database writes |
| and view indexing. |
| * Computation of the size of the latest MVCC snapshot data and all its |
| supporting metadata, both for database and view index files. This |
| information is exposed as the `data_size` attribute in the database and |
| view group information URIs. |
| * The size of the buffers used for database and view compaction is now |
| configurable. |
| * Added support for automatic database and view compaction. This feature |
| is disabled by default, but it can be enabled via the .ini configuration. |
| * Performance improvements for the built-in changes feed filters `_doc_ids` |
| and `_design`. |
| |
| View Server |
| ----------- |
| |
| * Add CoffeeScript (http://coffeescript.org/) as a first class view server |
| language. |
| * Fixed old index file descriptor leaks after a view cleanup. |
| * The requested_path property keeps the pre-rewrite path even when no VHost |
| configuration is matched. |
| * Fixed incorrect reduce query results when using pagination parameters. |
| * Made icu_driver work with Erlang R15B and later. |