v1.80.0

v1.80.0

🆕 What's new:

• Verify link address expiration set to 24h (#10180)
• Normalize file extension case for object previews (#10231)
• Support StringLike condition operator in policy evaluation (#10249)
• webui: redesign Data tab with Objects/Tables toggle (#10271)
• Setup: collect comm prefs during setup and validate email (#10277)

🐛 Bugs Fixed

• Bump otel/sdk to v1.40.0 (fix PATH hijacking CVE) (#10211)
• lakectl fs upload: Multipart upload - generate presigned URL per part (#10291)

v1.79.0

🆕 What's new:

• API: get object handle safe content types as inline content-disposition (#10184)

v1.78.0

Changelog

See changes in the previous release

v1.77.1

Changelog

v1.77.1

🆕 What's new:

• Reduce the KV usage while using branch ownership feature (#10116)
• Improve lakectl actions valdiate by checking required properties (#10144)

🐛 Bugs Fixed

• Delta tables export: skip vacuumed .cdc files (#10140)

v1.77.0

🆕 What's new:

• Delta tables export: support change data feed (#10127)
• Web UI: Responsive collapsible breadcrumb for URI navigation (#10078)
• Web UI: LRU caching for recently accessed refs (#10093)
• Web UI: Improved discoverability of refs (#10090)
• Web UI: Lock commit/merge inputs during API calls (#10103)
• Add tracing regions to KV store operations (#10023)
• Trace all lakeFS API and gateway tasks (#10016)

🐛 Bugs Fixed

• CVE: Path traversal vulnerabilities in local block adapter allow cross-namespace and sibling directory access
• Fix: Replace per-task heartbeat with instance-level heartbeat in cataloger (#10118)
• Fix: Return 400 instead of 500 for DeleteObjects size limit (#10097)
• Fix: Report per-object errors correctly in lakectl recursive rm and batch deletions (#10095)
• Fix: Expired status override on completed cataloger tasks (#10080)
• Fix: Handle special characters in file paths for DuckDB queries in WebUI (#10076)
• Fix: Stuck goroutines in cataloger (#10055)

v1.76.0

🆕 What's new:

• Report pre-signed URL expiry time for Azure (#9986)
• Add external principals management commands to lakectl (#9978)
• Prepare gc commits: Reduce memory usage (#9996)
• Copy logging fields to background task context (#9995)

🐛 Bugs Fixed

• Fix: lakectl gc check-async print a usable URL (#9994)

v1.75.0

Security Fixes

• S3 Gateway: Fixed timestamp validation vulnerability allowing replay attacks. See GHSA-f2ph-gc9m-q55f.

🆕 What's new:

• Report pre-signed URL expiry for GCS (#9927)
• Add --all and --repo flags to kv dump command (#9874)
• Add heartbeat to catalog background tasks (#9868)
• Add lakectl support for prepare GC commits (#9951)
• WebUI: Show tag badges in commit log with paginated tag fetching (#9953)

🐛 Bugs Fixed

• Fix: Return 404 instead of 500 for non-existent API endpoints (#9877)
• Fix: Incorrect date for uncommitted objects in webui (#9939)
• Fix: S3 CreateBucket error response for non-existent repositories (#9945)
• Fix: ObjectCopy for imported objects (#9943)
• Fix: WebUI object list sorting to use lexicographic order (#9955)

v1.74.4

Changelog

🐛 Bugs Fixed

• UI: Branch not found error on tag selection (#9903)
• Improve file handling and concurrency in local metadata cache (#9879)

v1.74.3

Changelog

🏢 Includes only changes for Enterprise.

v1.74.2

This release fixes a panic introduced in v1.74.1 when using new lakectl with older lakeFS servers

Changelog

🐛 Bugs Fixed

• Fix lakectl commit/merge panic (#9888)