Skip to content

Releases: hasura/graphql-engine

v2.48.1

23 May 07:32
@hasura-bot hasura-bot
v2.48.1
63cd2dc
Compare
Choose a tag to compare
v2.48.1 Latest
Latest

Changelog

This is a patch release for v2.48.

Bug fixes and improvements

Data Connectors

  • Fix queries which select self-referential relationships in Snowflake. Previously, queries such as employee.reports_to <-> employee.employee_id would cause errors. (Cloud / Enterprise edition only)
Assets 7
Loading

v2.48.0

20 May 07:32
@hasura-bot hasura-bot
v2.48.0
6991901
Compare
Choose a tag to compare
v2.48.0

Changelog

Bug fixes and improvements

Server

  • Add a new query tag format standard_prepended, which puts the metadata tag comment before the SQL query. This might help when scanning logs, or when log lines might be truncated.
  • Add HASURA_GRAPHQL_PRESERVE_401_ERRORS option to propagate 401 (Unauthorized) status codes back to the client. Currently a 200 status is returned for all errors.
  • Add HASURA_GRAPHQL_SERVER_TIMEOUT option to configure request timeouts. (Community / Enterprise edition only)

Console

  • REST endpoints with GET method now properly handle query parameters in the console.

Data Connectors

  • Fix an issue in the SuperConnector Snowflake adapter which caused errors when performing queries that selected the same relationship more than once. (Cloud / Enterprise edition only)
Loading

v2.48.0-beta.1

07 May 08:18
@hasura-bot hasura-bot
v2.48.0-beta.1
1826447
Compare
Choose a tag to compare
v2.48.0-beta.1

Changelog

Bug fixes and improvements

Server

  • Add a new query tag format standard_prepended, which puts the metadata tag comment before the SQL query. This might help when scanning logs, or when log lines might be truncated.
  • Add HASURA_GRAPHQL_PRESERVE_401_ERRORS option to propagate 401 (Unauthorized) status codes back to the client. Currently a 200 status is returned for all errors.
  • Add HASURA_GRAPHQL_SERVER_TIMEOUT option to configure request timeouts. (Community / Enterprise edition only)

Console

  • REST endpoints with GET method now properly handle query parameters in the console.

Data Connectors

  • Fix an issue in the SuperConnector Snowflake adapter which caused errors when performing queries that selected the same relationship more than once. (Cloud / Enterprise edition only)
Loading

v2.36.12

30 Apr 07:19
@hasura-bot hasura-bot
v2.36.12
f0b07c1
Compare
Choose a tag to compare
v2.36.12

Changelog

Loading

v2.47.0

15 Apr 14:24
@hasura-bot hasura-bot
v2.47.0
c11e071
Compare
Choose a tag to compare
v2.47.0

Changelog

Bug fixes and improvements

Server

  • Don't attempt to CREATE EXTENSION pgcrypto if it already exists, so users on Azure using an unprivileged Postgres user in Hasura can create the extension manually prior to startup.
  • Add new HASURA_GRAPHQL_REDIS_NO_FAIL_ON_STARTUP option, allowing the engine to start up normally, but with rate limiting and caching disabled, if there are errors with redis during startup. (Enterprise edition only)

Console

  • Fix connection template and Dynamic Routing settings being reset when editing database in Connection Details page. (Cloud / Enterprise edition only)

CLI

  • Add a flag --no-transaction to migrate apply command.

Build

  • Update libpq version in UBI9 base image.

Security fixes

Server

Fixed Nested Inherited Roles Permission Propagation

Fixed an issue where permissions were not properly propagated through multiple levels of role inheritance. This affects both queries and mutations:

  • For Queries: Previously, when Role D inherited from Role C, which inherited from Roles A and B, the row filters and column restrictions from Role A were not properly applied to Role D. This could allow Role D to access data that should have been restricted.

  • For Mutations: Mutations using nested inherited roles now correctly enforce permission constraints. For example:

    If Role A restricts "salary" with {"user_id": "X-Hasura-User-Id"}
    Role D (inheriting from Role C, which inherits from Role A)
    now requires X-Hasura-User-Id when filtering on salary:

    mutation {
  delete_employees(where: {salary: {_gt: 100000}}) {
    affected_rows
  }
}

Note: If you're using nested inherited roles in your application, you may need to update mutations to include the appropriate session variables that were previously bypassed.

For more details on how inherited roles work, see the documentation.

Loading

v2.47.0-beta.1

25 Mar 08:45
@hasura-bot hasura-bot
v2.47.0-beta.1
8897a39
Compare
Choose a tag to compare
v2.47.0-beta.1 Pre-release
Pre-release

Changelog

Bug fixes and improvements

Server

  • Don't attempt to CREATE EXTENSION pgcrypto if it already exists, so users on Azure using an unprivileged Postgres user in Hasura can create the extension manually prior to startup.
  • Add new HASURA_GRAPHQL_REDIS_NO_FAIL_ON_STARTUP option, allowing the engine to start up normally, but with rate limiting and caching disabled, if there are errors with redis during startup. (Enterprise edition only)

Console

  • Fix connection template and Dynamic Routing settings being reset when editing database in Connection Details page. (Cloud / Enterprise edition only)

CLI

  • Add a flag --no-transaction to migrate apply command.

Build

  • Update libpq version in UBI9 base image.
Loading

v2.36.10

11 Mar 15:39
@hasura-bot hasura-bot
v2.36.10
e3b9f93
Compare
Choose a tag to compare
v2.36.10

Changelog

This is a patch release for v2.36

Bug fixes and improvements

Build

  • Update Ubuntu Jammy base image and RH image to get the latest security updates.
Loading

v2.46.0

05 Mar 07:35
@hasura-bot hasura-bot
v2.46.0
9333360
Compare
Choose a tag to compare
v2.46.0

Changelog

Bug fixes and improvements

Server

  • Fix an issue where Postgres reset JSON parameters to empty strings after a transaction, causing event trigger failures when executing mutations outside Hasura. The insert_event_log trigger function now correctly handles empty strings.
  • Attempt to set Haskell runtime threads based on cgroup CPU limits, when present, for better automatic sizing in Docker and Kubernetes environments. Users with small CPU limits on servers with many cores should expect to see somewhat lower memory usage and possibly improved performance.
  • Add optional no_transaction flag (default false) to run_sql API (Postgres) to execute SQL statements outside transaction blocks, with support for splitting multiple statements. Useful for operations like CREATE INDEX CONCURRENTLY.
  • Fix the hasura_active_subscriptions metric becoming inconsistent (e.g. showing a negative value).
  • Fix an issue where a source's metadata would be erased if the source was inconsistent and then a source update was performed.
  • Mark remote schemas as inconsistent when type conflicts occur with the existing schema.
  • Only show internal actions errors in logs if HASURA_GRAPHQL_DEV_MODE or HASURA_GRAPHQL_ADMIN_INTERNAL_ERRORS are switched on.
  • Increase upper bound of execution time metrics to 100s. (Cloud / Enterprise edition only)
  • Add metrics hasura_events_fetch_query_time and hasura_events_fetched_total. (Cloud / Enterprise edition only)
  • Fix metrics label for DB with non-standard URI. (Cloud / Enterprise edition only)
Loading

v2.46.0-beta.1

27 Feb 07:46
@hasura-bot hasura-bot
v2.46.0-beta.1
6f48478
Compare
Choose a tag to compare
v2.46.0-beta.1 Pre-release
Pre-release

Changelog

Bug fixes and improvements

Server

  • Fix an issue where Postgres reset JSON parameters to empty strings after a transaction, causing event trigger failures when executing mutations outside Hasura. The insert_event_log trigger function now correctly handles empty strings.
  • Attempt to set Haskell runtime threads based on cgroup CPU limits, when present, for better automatic sizing in Docker and Kubernetes environments. Users with small CPU limits on servers with many cores should expect to see somewhat lower memory usage and possibly improved performance.
  • Add optional no_transaction flag (default false) to run_sql API (Postgres) to execute SQL statements outside transaction blocks, with support for splitting multiple statements. Useful for operations like CREATE INDEX CONCURRENTLY.
  • Fix an issue where a source's metadata would be erased if the source was inconsistent and then a source update was performed.
  • Mark remote schemas as inconsistent when type conflicts occur with the existing schema.
  • Only show internal actions errors in logs if HASURA_GRAPHQL_DEV_MODE or HASURA_GRAPHQL_ADMIN_INTERNAL_ERRORS are switched on.
  • Fix the hasura_active_subscriptions metric becoming inconsistent (e.g. showing a negative value). (Cloud / Enterprise edition only)
  • Increase upper bound of execution time metrics to 100s. (Cloud / Enterprise edition only)
  • Add metrics hasura_events_fetch_query_time and hasura_events_fetched_total. (Cloud / Enterprise edition only)
  • Fix metrics label for DB with non-standard URI. (Cloud / Enterprise edition only)
Loading

v2.45.2

21 Feb 10:36
@hasura-bot hasura-bot
v2.45.2
0a75a61
Compare
Choose a tag to compare
v2.45.2

Changelog

This is a patch release for v2.45.

Bug fixes and improvements

Server

  • Fix ConnectionClosed error during metadata apply, and silence some other websockets related messages incorrectly logged as errors and report-as-bugs.

Console

  • Fix Model Summary for MongoDB databases in the data tab.
  • Fix email alerts modal crash in Schema Registry. (Cloud only)

Build

  • Update RH, Quarkus, Kotlin and Snowflake to get the latest security updates.
  • Update Ubuntu Jammy base image and ubi9 image to get the latest security updates.
Loading