v1.48.0

Added

• feat: add Memory Protection Middleware (enabled by default, use --enable-memory-protection-middleware=false to disable) by @miparnisari in #2691.
  ⚠️ Now, if your server's memory usage is too high, incoming requests may be rejected with code "ResourceExhausted" (HTTP 429).

Changed

• use FAILED_PRECONDITION for recursion depth errors by @tstirrat15 in #2729
• docs: improve description of some flags by @miparnisari in #2692
• Updated Go to 1.25.5 by @tstirrat15 in #2740

Fixed

• expose x-request-id header in HTTP Gateway responses by @Verolop in #2712
• error message when cannot run 'datastore gc' or 'datastore repair' by @miparnisari in #2609
• Postgres:
  • wire up missing revision timestamp on PG ReadWriteTx by @vroldanbet in #2725
• Spanner:
  • Watch API by @miparnisari in #2560
  • statistics by @miparnisari in #2745

Full Changelog: v1.47.1...v1.48.0

Docker Images

This release is available at authzed/spicedb:v1.48.0, quay.io/authzed/spicedb:v1.48.0, ghcr.io/authzed/spicedb:v1.48.0

v1.47.1

Highlights

• CVE Fix: Fixed a bug that would result in missing resources in LookupResources when certain permission structures are present (Checks were unaffected)
• Upgrade Go to latest version to fix CVE by @tstirrat15 in ttps://github.com//pull/2671

Fixed

• do not warn if requestid middleware errors due to ErrIllegalHeaderWrite by @miparnisari in #2654
• Spanner: "concurrent write to map error" in Watch API by @miparnisari in #2694
• Postgres: set missing fields in postgresRevision.MarshalBinary by @ostafen in #2708
• Postgres & MySQL: duplicate metrics error with read replicas (#2518) by @miparnisari in #2707

Updated

• Performance improvements for WriteSchema in #2697 and for ReadRelationships in #2632
• add docker compose setup with grafana dashboard by @miparnisari in #2616
• disable tracing of health check requests by @ivanauth in #2614

New Contributors

• @ostafen made their first contribution in #2708
• @ccoVeille made their first contribution in #2685

Full Changelog: v1.47.0...v1.47.1

Docker Images

This release is available at authzed/spicedb:v1.47.1, quay.io/authzed/spicedb:v1.47.1, ghcr.io/authzed/spicedb:v1.47.1

v1.46.2

Added

• relationship expiration is now on by default by @miparnisari in #2605
• add man page generation support by @ivanauth in #2595
• add fgprof wall-clock profiler by @vroldanbet in #2618
• CRDB: add write backpressure when write pool is overloaded by @ecordell in #2642
  • ⚠️ With this change, Write APIs now return ResourceExhausted errors if there are no available connections in the pool

Updated

• perf: significant improvements around LR3 dispatching by @josephschorr in #2587
• CRDB: move off experimental changefeed query by @miparnisari in #2617

Fixed

• properly rewrite errors for watch api by @miparnisari in #2640

New Contributors

• @luyi404 made their first contribution in #2593
• @rodneyosodo made their first contribution in #2601

Full Changelog: v1.46.0...v1.46.2

Docker Images

This release is available at authzed/spicedb:v1.46.2, quay.io/authzed/spicedb:v1.46.2, ghcr.io/authzed/spicedb:v1.46.2

v1.46.0

Fixed

• LR3 Fixes and Improvements by @josephschorr in #2570 and #2574
• propagate cancellation errors in consistency middleware by @tstirrat15 in #2581
• breakage of gRPC retries by @vroldanbet in #2577
  • ⚠️ With this change, if you use the zed CLI, you must update to the latest version (v0.33.0)
• Update README.md by @sohanmaheshwar in #2586
• fix: add flags to configure how to handle zedtokens meant for a different datastore by @josephschorr in #1723

Updated

• update telemetry guide by @emmanuel-ferdman in #2567
• perf: add trait filtering support to read relationships by @josephschorr in #2572
• metrics: register logical checks metric by default by @jzelinskie in #2575

New Contributors

• @emmanuel-ferdman made their first contribution in #2567
• @xlgmokha made their first contribution in #2528
• @sohanmaheshwar made their first contribution in #2586

Full Changelog: v1.45.4...v1.46.0

Docker Images

This release is available at authzed/spicedb:v1.46.0, quay.io/authzed/spicedb:v1.46.0, ghcr.io/authzed/spicedb:v1.46.0

v1.45.4

Added

• LookupResources v3, based on a new cursored iterator library by @josephschorr in #2451 and #2540

Changed

• update Go from 1.24.0 to latest 1.25.0 by @kartikaysaxena in #2539
• docs: revamp readme by @miparnisari in #2474
• remove deprecated OTEL interceptors by @vroldanbet in #2561
• perf: Add support in LookupSubjects for skipping caveats/expiration by @josephschorr in #2564

Fixed

• fix: improve the cluster error message when errors from all dispatchers by @josephschorr in #2543
• fix: handling of multiple metadata for a single revision in Watch by @josephschorr in #2563

Full Changelog: v1.45.3...v1.45.4

Docker Images

This release is available at authzed/spicedb:v1.45.4, quay.io/authzed/spicedb:v1.45.4, ghcr.io/authzed/spicedb:v1.45.4

v1.45.3

What's Changed

• Move Dockerfile builds to Go 1.24.6 by @josephschorr in #2533
• Improve the errors returned from schema changes by @josephschorr in #2532
• Fix issue with schema write validation by @tstirrat15 in #2534

Full Changelog: v1.45.2...v1.45.3

Docker Images

This release is available at authzed/spicedb:v1.45.3, quay.io/authzed/spicedb:v1.45.3, ghcr.io/authzed/spicedb:v1.45.3

v1.45.2

Fixed

• Fix missing rows.Err check that could cause too-large writes to silently fail in PG by @josephschorr in #2526
• Populate empty caveat_name and caveat_context in MySQL with default values by @mazdakb in #2506

Changed

• improve docs of flags by @miparnisari in #2490 and #2519
• Ensure that the proper indexes are used for schema diff operations by @josephschorr in #2520
• Have check debug trace overall result have a finer-grain matching to the results by @josephschorr in #2511
• Parse schema from schemafile property by @noseworthy in #2499

New Contributors

• @davide-baldo made their first contribution in #2495
• @mazdakb made their first contribution in #2501
• @noseworthy made their first contribution in #2499
• @Meyazhagan made their first contribution in #2509

Full Changelog: v1.45.1...v1.45.2

Docker Images

This release is available at authzed/spicedb:v1.45.2, quay.io/authzed/spicedb:v1.45.2, ghcr.io/authzed/spicedb:v1.45.2

v1.45.1

Fixed

• fix #2496 by @miparnisari in #2497

Full Changelog: v1.45.0...v1.45.1

Docker Images

This release is available at authzed/spicedb:v1.45.1, quay.io/authzed/spicedb:v1.45.1, ghcr.io/authzed/spicedb:v1.45.1

v1.45.0

⚠️ Warning: Due to #2496, please use v1.45.1.

Changed

• Postgres: configure migration driver to support PgBouncer by @vroldanbet in #2462
• trim binary by removing dependency to github.com/google/go-github/v43 by @miparnisari in #2449
• default cockroachdb connection jitter to 30m by @ecordell in #2467
• Improve how we select index forcing for CRDB by @josephschorr in #2458

Fixed

• Fix prefix on metric in the TELEMETRY doc by @josephschorr in #2473
• pin fsnotify to prevent panics by @miparnisari in #2485
• reference multi-platform sha256 in Dockerfile and bring back BASE argument in Dockerfile.release by @miparnisari in #2471

Full Changelog: v1.44.4...v1.45.0

Docker Images

This release is available at authzed/spicedb:v1.45.0, quay.io/authzed/spicedb:v1.45.0, ghcr.io/authzed/spicedb:v1.45.0

v1.44.4

Changed

• Add further filtering of forced indexes on CRDB to discount other shapes by @josephschorr in #2437
• Skip selecting caveats and/or expiration in LR2 where applicable by @josephschorr in #2441
• Allow for setting of the same metadata on a CRDB watch transaction by @josephschorr in #2445
• Change the schema for CRDB to have the subjects sort match the index field order by @josephschorr in #2440
  Full Changelog: v1.44.3...v1.44.4

Docker Images

This release is available at authzed/spicedb:v1.44.4, quay.io/authzed/spicedb:v1.44.4, ghcr.io/authzed/spicedb:v1.44.4