v1.37.0

What's Changed

• Bump to most recent version of goreleaser by @tstirrat15 in #2067
• Add support for secondary dispatching on LR2 by @josephschorr in #2069
• README: rework sections: zanzibar, contrib, users by @jzelinskie in #2060
• Stop using yaml anchors in release action configuration by @tstirrat15 in #2071
• make bulk export service functions use read-only datastore by @vroldanbet in #2072
• Fix serve-devtools command and flags by @tstirrat15 in #2073
• Register common flags with helper by @tstirrat15 in #2074
• fixes memory leak via HTTP Gateway by @vroldanbet in #2075
• Enable LRv2 by default and update the steelthread tests by @josephschorr in #2079
• Remove duplicate and redundant code by @cuishuang in #2080

New Contributors

• @cuishuang made their first contribution in #2080

Full Changelog: v1.36.3...v1.37.0

v1.36.2

This fixes a small issue with the spicedb datastore head command but is otherwise the same as https://github.com/authzed/spicedb/releases/tag/v1.36.0

Full Changelog: v1.36.0...v1.36.2

Docker Images

This release is available at authzed/spicedb:v1.36.2, quay.io/authzed/spicedb:v1.36.2, ghcr.io/authzed/spicedb:v1.36.2

v1.36.0

Highlights

🔐  Added relationship integrity: protects authorization data in an underlying SpiceDB datastore from inadvertent modification.
📋 Reorganized spicedb serve flags into logically-related flagsets
🚤 Ensure cursored LRv2 calls are dispatched to LRv2

Features

• Relationship integrity by @josephschorr in #1980
• Implement non-experimental bulk import and export by @tstirrat15 in #2065

Enhancements

• Ensure cursored LRv2 calls are dispatched to LRv2 by @josephschorr in #2040
• Ensure the validationfile loader passes the full caveats to the typesystem by @josephschorr in #2042
• Check data structure improvements by @josephschorr in #2037
• Reorganize serve flags into flagsets by @tstirrat15 in #2023
• Add a default connect timeout for watch in CRDB driver by @josephschorr in #2041
• Have diffexpr handle the case of adding to a single child expression by @josephschorr in #2038
• Add configurable max buffer size for watch change tracker by @josephschorr in #2044
• Add continuous checkpointing to Datastore Features by @vroldanbet in #2064
• Add analyzer to enforce usage of VT versions of marshalling and unmarshalling by @tstirrat15 in #2043
• Make the max size exceeded error public by @josephschorr in #2049
• Add goreleaser configuration to push Windows package to Chocolatey by @josephschorr in #1879

Fixes

• Cleanup handling of internal errors in Check dispatch by @josephschorr in #2029
• Only add the finalizer on iterators when CI testing by @josephschorr in #2034
• Ensure the validationfile loader passes the full caveats to the typesystem by @josephschorr in #2042
• Fix data type for pg_class relcount by @josephschorr in #2046
• Remove unnecessary branch from limit logic by @tstirrat15 in #2030
• Remove duplicate update test by @josephschorr in #2051
• Remove warning for an arrow referencing a relation in its own namespace by @josephschorr in #2062
• Fix security errors in lint steps by @tstirrat15 in #2061

Updated dependencies

• Integrate updates to cobrautil by @tstirrat15 in #2031
• Bump golang from 1.22.5-alpine3.20 to 1.23.0-alpine3.20 in the docker group by @dependabot in #2050
• Bump the go-mod group with 32 updates by @dependabot in #2052
• Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 in the go_modules group by @dependabot in #2054

What's Changed

Full Changelog: v1.35.3...v1.36.0

Docker Images

This release is available at authzed/spicedb:v1.36.0, quay.io/authzed/spicedb:v1.36.0, ghcr.io/authzed/spicedb:v1.36.0

v1.35.3

What's Changed

• Ensure debug information is returned for recursive checks that dispatch by @josephschorr in #2017
• Add expression diffing library for schema by @josephschorr in #2016
• Change the filter count check to a debug assertions by @josephschorr in #2014
• Fix logging behavior around setting goproc limits by @tstirrat15 in #2018
• Add nicer error if the Postgres primary node has gone readonly by @josephschorr in #2025
• Ensure all resources are returned for relation check when caveats are specified by @josephschorr in #2027
• bump cobrautil for automaxprocs fix by @ecordell in #2028

Full Changelog: v1.35.2...v1.35.3

Docker Images

This release is available at authzed/spicedb:v1.35.3, quay.io/authzed/spicedb:v1.35.3, ghcr.io/authzed/spicedb:v1.35.3

v1.35.2

What's Changed

• Add an extra source_code field to developer warnings by @josephschorr in #2007
• Add ability to get warnings from the WASM dev interface by @josephschorr in #2008
• Handle functioned arrows in warnings system by @josephschorr in #2009
• Bump the go-mod group with 21 updates by @dependabot in #2011
• Add server version middleware to serve-testing by @josephschorr in #2006
• Fix experimental LookupResources2 to shear the tree earlier on indirect permissions by @josephschorr in #2005

Full Changelog: v1.35.1...v1.35.2

Docker Images

This release is available at authzed/spicedb:v1.35.2, quay.io/authzed/spicedb:v1.35.2, ghcr.io/authzed/spicedb:v1.35.2

v1.35.1

What's Changed

• Switch caching package's interface to be generic and add experimental flag to try different caches by @josephschorr in #1990
• Fix conversion of caveat debug context by @josephschorr in #2000
• bump Docker to address security scanners surfacing CVE by @vroldanbet in #2004

Full Changelog: v1.35.0...v1.35.1

Docker Images

This release is available at authzed/spicedb:v1.35.1, quay.io/authzed/spicedb:v1.35.1, ghcr.io/authzed/spicedb:v1.35.1

v1.35.0

Warning

1.35.0 introduces a bug in the debug information for caveats that make use of time or other custom values, causing an error to be returned when requesting debug information. This will be fixed in 1.35.1

Highlights

💘 Initial support for intersection arrows in SpiceDB schema
📖 Read replica support for Postgres and MySQL
💪 New Experimental implementation of LookupResources: better, faster, stronger
🔍 New Dispatch Chunk Size parameter. Users can tune this parameter to boost performance with wide relations.

Features

• Read replica support for Postgres and MySQL datastores by @josephschorr in #1878
• Initial support for Intersection arrow by @josephschorr in #1937
• Implement a new, experimental variant of LookupResources as LookupResources2 by @josephschorr in #1905
  • LookupResources2 follow-ups by @vroldanbet in #1994
• Start on a steelthread test framework by @josephschorr in #1949
  • Have steelthread tests run in parallel and against all datastores by @josephschorr in #1957
  • Add a steelthread test for intersection arrows by @josephschorr in #1959
  • Add a steelthread test for an indirect permission for LR by @josephschorr in #1960
  • Add additional steelthread tests and fix a memdb bug by @josephschorr in #1956

Enhancements

• Enriches postgres revisions with txID and timestamp by @vroldanbet in #1951
• Adjust pg revision timestamps by @vroldanbet in #1972
• Add ability to toggle off specific warnings via magic comments by @josephschorr in #1984
• Additional dispatch chunk safeguards by @vroldanbet in #1997

Fixes

• Workaround to snapcraft regression by @vroldanbet in #1958
• Move integration test file into the correct directory by @josephschorr in #1961
• Fixed lsp panicing on formatting malformed content by @sabify in #1971
• Ensure that the bootstrap overwrite flag actually fully overwrites by @josephschorr in #1983
• Remove apparently unneeded COALESCE call by @josephschorr in #1991
• Fix debug traces when caveats use the same param name by @josephschorr in #1987

Updated dependencies

• Bump goreleaser/goreleaser-action from 5 to 6 in the github-actions group by @dependabot in #1962
• Move to go 1.22.5 for a reporting go lang vuln by @josephschorr in #1968
• Bump github.com/rs/cors from 1.10.1 to 1.11.0 in /magefiles in the go_modules group across 1 directory by @dependabot in #1977
• Bump the go-mod group with 22 updates by @dependabot in #1963
• Update gRPC to v1.65.0 to fix reported gRPC vuln by @josephschorr in #1978

New Contributors

• @sabify made their first contribution in #1971

Full Changelog: v1.34.0...v1.35.0

v1.34.0

Note

All datastores have a migration to add a new table for the count relationships API

Highlights

🧮 New experimental count relationships API
⏩ Better performance for minimize_latency calls on multi-region Spanner
🚩Better error messages for attempting to write invalid subjects on relationships

What's Changed

• makes it possible to compare datastore-specific revisions with datastore.NoRevision by @vroldanbet in #1907
• Add Experimental Relationship Counter API by @josephschorr in #1901
• goreleaser: refactor brew formula by @jzelinskie in #1912
• Make sure to escape underscores in resource ID prefix matches in filters by @josephschorr in #1911
• goreleaser: use build.head? in install by @jzelinskie in #1913
• Ensure stability of exclusions in validation package by @josephschorr in #1916
• Bump the go-mod group with 21 updates by @dependabot in #1919
• adds automaxprocs and automemlimit by @vroldanbet in #1921
• Update CLA link in CONTRIBUTING.md to point to v2 by @coderbydesign in #1918
• Return a proper error code if a wildcard subject is specified by @josephschorr in #1928
• Bump github.com/mostynb/go-grpc-compression from 1.2.2 to 1.2.3 in the go_modules group by @dependabot in #1932
• spanner: use stale reads for current_timestamp for optimized revision by @ecordell in #1935
• README: fix discord badge by @jzelinskie in #1936
• Add the debug trace to the details of the recursion error by @josephschorr in #1930
• Ensure the object type prefix is used for caveat refs as well by @josephschorr in #1940
• Support credential JSON for Spanner by @lexcao in #1942
• Add a custom linter to find any recursive error marshaling for zerolog by @josephschorr in #1944
• Add better subject error messages on write/delete validation by @josephschorr in #1943
• Export Spanner credential JSON for datastore by @lexcao in #1946
• Fix/bulk loader nullstring by @heissa83 in #1945
• Small optimized revision handling improvements by @josephschorr in #1947
• Move to go 1.22.4 for a reported go vuln by @josephschorr in #1950
• Fix empty value on optional credentialsJSON for Spanner by @lexcao in #1948
• .github: bump to snapcraft 8.x by @jzelinskie in #1952

New Contributors

• @coderbydesign made their first contribution in #1918
• @lexcao made their first contribution in #1942
• @heissa83 made their first contribution in #1945

Full Changelog: v1.33.0...v1.34.0

Docker Images

This release is available at authzed/spicedb:v1.34.0, quay.io/authzed/spicedb:v1.34.0, ghcr.io/authzed/spicedb:v1.34.0

v1.33.1

⚠️ This release has a security fix: GHSA-grjv-gjgr-66g2

Full Changelog: v1.33.0...v1.33.1

Docker Images

This release is available at authzed/spicedb:v1.33.1, quay.io/authzed/spicedb:v1.33.1, ghcr.io/authzed/spicedb:v1.33.1

v1.33.0

Highlights

🪞 Added experimental reflection APIs for reflecting information from SpiceDB schemas
⏩ Improvements in CEL performance

What's Changed

• Bump the go-mod group with 21 updates by @dependabot in #1882
• Improvements around usage of CEL by @josephschorr in #1883
• refactor bulk export relationships logic by @vroldanbet in #1886
• fetch git tags so that trivy sees the right binary version by @vroldanbet in #1887
• expose BulkExportRelationships service controller logic by @vroldanbet in #1888
• .github: pass snap store creds to goreleaser by @jzelinskie in #1889
• Start on experimental reflection apis by @josephschorr in #1885
• pkg/cmd: auto complete otel, log flags by @jzelinskie in #1890
• Update grpc health probe for reported vuln in Go by @josephschorr in #1893
• Add ExperimentalDependentRelations reflection API by @josephschorr in #1891
• Add ExperimentalComputablePermissions API by @josephschorr in #1894
• Switch spanner datastore to use the built-in stats table for estimating rel count by @josephschorr in #1892
• Remove unused datastore config by @josephschorr in #1898
• ROADMAP: init by @jzelinskie in #1902

Full Changelog: v1.32.0...v1.33.0

Docker Images

This release is available at authzed/spicedb:v1.33.0, quay.io/authzed/spicedb:v1.33.0, ghcr.io/authzed/spicedb:v1.33.0