- 1.16. 0.11.x Branch
- 1.16.1. Upgrade Notes
- 1.16.2. Version 0.11.2
- 1.16.3. Version 0.11.1
- 1.16.3.1. Build and System Integration
- 1.16.3.2. Configuration System
- 1.16.3.3. Futon
- 1.16.3.4. HTTP Interface
- 1.16.3.5. JavaScript Clients
- 1.16.3.6. Log System
- 1.16.3.7. Replication System
- 1.16.3.8. Security
- 1.16.3.9. Storage System
- 1.16.3.10. Test Suite
- 1.16.3.11. View Server
- 1.16.3.12. URL Rewriter & Vhosts
- 1.16.4. Version 0.11.0
1.16. 0.11.x Branch
1.16.1. Upgrade Notes
Warning
Version 0.11.2 contains important security fixes. Previous 0.11.x releases are not recommended for regular usage.
1.16.1.1. Changes Between 0.11.0 and 0.11.1
_log
and_temp_views
are now admin-only resources._bulk_docs
now requires a valid Content-Type header ofapplication/json
.JSONP is disabled by default. An .ini option was added to selectively enable it.
The
key
,startkey
andendkey
properties of the request object passed to list and show functions now contain JSON objects representing the URL encoded string values in the query string. Previously, these properties contained strings which needed to be converted to JSON before using.
1.16.1.2. Changes Between 0.10.x and 0.11.0
1.16.1.2.1. show, list, update and validation functions
The req
argument to show, list, update and validation functions now contains the member method with the specified HTTP method of the current request. Previously, this member was called verb
. method
is following RFC 2616 (HTTP 1.1) closer.
1.16.1.2.2. _admins -> _security
The /db/_admins handler has been removed and replaced with a /db/_security object. Any existing _admins will be dropped and need to be added to the security object again. The reason for this is that the old system made no distinction between names and roles, while the new one does, so there is no way to automatically upgrade the old admins list.
The security object has 2 special fields, admins
and readers
, which contain lists of names and roles which are admins or readers on that database. Anything else may be stored in other fields on the security object. The entire object is made available to validation functions.
1.16.1.2.3. json2.js
JSON handling in the query server has been upgraded to use json2.js. This allows us to use faster native JSON serialization when it is available.
In previous versions, attempts to serialize undefined would throw an exception, causing the doc that emitted undefined to be dropped from the view index. The new behavior is to serialize undefined as null. Applications depending on the old behavior will need to explicitly check for undefined.
Another change is that E4X’s XML objects will not automatically be stringified. XML users will need to call my_xml_object.toXMLString()
to return a string value. #8d3b7ab3
1.16.1.2.4. WWW-Authenticate
The default configuration has been changed to avoid causing basic-auth popups which result from sending the WWW-Authenticate header. To enable basic-auth popups, uncomment the config option httpd/WWW-Authenticate
line in local.ini.
1.16.1.2.5. Query server line protocol
The query server line protocol has changed for all functions except map, reduce, and rereduce. This allows us to cache the entire design document in the query server process, which results in faster performance for common operations. It also gives more flexibility to query server implementers and shouldn’t require major changes in the future when adding new query server features.
1.16.1.2.6. UTF8 JSON
JSON request bodies are validated for proper UTF-8 before saving, instead of waiting to fail on subsequent read requests.
1.16.1.2.7. _changes line format
Continuous changes are now newline delimited, instead of having each line followed by a comma.
1.16.2. Version 0.11.2
1.16.2.1. Authentication
- User documents can now be deleted by admins or the user.
1.16.2.2. Futon
- Add some Futon files that were missing from the Makefile.
1.16.2.3. HTTP Interface
- Better error messages on invalid URL requests.
1.16.2.4. Replicator
Fix bug when pushing design docs by non-admins, which was hanging the replicator for no good reason.
Fix bug when pulling design documents from a source that requires basic-auth.
1.16.2.5. Security
Avoid potential DOS attack by guarding all creation of atoms.
Fixed CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack
1.16.3. Version 0.11.1
1.16.3.1. Build and System Integration
Output of couchdb –help has been improved.
Fixed compatibility with the Erlang R14 series.
Fixed warnings on Linux builds.
Fixed build error when aclocal needs to be called during the build.
Require ICU 4.3.1.
Fixed compatibility with Solaris.
1.16.3.2. Configuration System
- Fixed timeout with large .ini files.
1.16.3.3. Futon
Use “expando links” for over-long document values in Futon.
Added continuous replication option.
Added option to replicating test results anonymously to a community CouchDB instance.
Allow creation and deletion of config entries.
Fixed display issues with doc ids that have escaped characters.
Fixed various UI issues.
1.16.3.4. HTTP Interface
Mask passwords in active tasks and logging.
Update mochijson2 to allow output of BigNums not in float form.
Added support for X-HTTP-METHOD-OVERRIDE.
Better error message for database names.
Disable jsonp by default.
Accept gzip encoded standalone attachments.
Made max_concurrent_connections configurable.
Made changes API more robust.
Send newly generated document rev to callers of an update function.
1.16.3.5. JavaScript Clients
Added tests for couch.js and jquery.couch.js
Added changes handler to jquery.couch.js.
Added cache busting to jquery.couch.js if the user agent is msie.
Added support for multi-document-fetch (via _all_docs) to jquery.couch.js.
Added attachment versioning to jquery.couch.js.
Added option to control ensure_full_commit to jquery.couch.js.
Added list functionality to jquery.couch.js.
Fixed issues where bulkSave() wasn’t sending a POST body.
1.16.3.6. Log System
Log HEAD requests as HEAD, not GET.
Keep massive JSON blobs out of the error log.
Fixed a timeout issue.
1.16.3.7. Replication System
Refactored various internal APIs related to attachment streaming.
Fixed hanging replication.
Fixed keepalive issue.
1.16.3.8. Security
Added authentication redirect URL to log in clients.
Fixed query parameter encoding issue in oauth.js.
Made authentication timeout configurable.
Temporary views are now admin-only resources.
1.16.3.9. Storage System
Don’t require a revpos for attachment stubs.
Added checking to ensure when a revpos is sent with an attachment stub, it’s correct.
Make file deletions async to avoid pauses during compaction and db deletion.
Fixed for wrong offset when writing headers and converting them to blocks, only triggered when header is larger than 4k.
Preserve _revs_limit and instance_start_time after compaction.
1.16.3.10. Test Suite
- Made the test suite overall more reliable.
1.16.3.11. View Server
Provide a UUID to update functions (and all other functions) that they can use to create new docs.
Upgrade CommonJS modules support to 1.1.1.
Fixed erlang filter funs and normalize filter fun API.
Fixed hang in view shutdown.
1.16.3.12. URL Rewriter & Vhosts
Allow more complex keys in rewriter.
Allow global rewrites so system defaults are available in vhosts.
Allow isolation of databases with vhosts.
Fix issue with passing variables to query parameters.
1.16.4. Version 0.11.0
1.16.4.1. Build and System Integration
Updated and improved source documentation.
Fixed distribution preparation for building on Mac OS X.
Added support for building a Windows installer as part of ‘make dist’.
Bug fix for building couch.app’s module list.
ETap tests are now run during make distcheck. This included a number of updates to the build system to properly support VPATH builds.
Gavin McDonald set up a build-bot instance. More info can be found at http://ci.apache.org/buildbot.html
1.16.4.2. Futon
Added a button for view compaction.
JSON strings are now displayed as-is in the document view, without the escaping of new-lines and quotes. That dramatically improves readability of multi-line strings.
Same goes for editing of JSON string values. When a change to a field value is submitted, and the value is not valid JSON it is assumed to be a string. This improves editing of multi-line strings a lot.
Hitting tab in textareas no longer moves focus to the next form field, but simply inserts a tab character at the current caret position.
Fixed some font declarations.
1.16.4.3. HTTP Interface
Provide Content-MD5 header support for attachments.
Added URL Rewriter handler.
Added virtual host handling.
1.16.4.4. Replication
Added option to implicitly create replication target databases.
Avoid leaking file descriptors on automatic replication restarts.
Added option to replicate a list of documents by id.
Allow continuous replication to be cancelled.
1.16.4.5. Runtime Statistics
Statistics are now calculated for a moving window instead of non-overlapping timeframes.
Fixed a problem with statistics timers and system sleep.
Moved statistic names to a term file in the priv directory.
1.16.4.6. Security
Fixed CVE-2010-0009: Apache CouchDB Timing Attack Vulnerability.
Added default cookie-authentication and users database.
Added Futon user interface for user signup and login.
Added per-database reader access control lists.
Added per-database security object for configuration data in validation functions.
Added proxy authentication handler
1.16.4.7. Storage System
Adds batching of multiple updating requests, to improve throughput with many writers. Removed the now redundant couch_batch_save module.
Adds configurable compression of attachments.
1.16.4.8. View Server
Added optional ‘raw’ binary collation for faster view builds where Unicode collation is not important.
Improved view index build time by reducing ICU collation callouts.
Improved view information objects.
Bug fix for partial updates during view builds.
Move query server to a design-doc based protocol.
Use json2.js for JSON serialization for compatibility with native JSON.
Major refactoring of couchjs to lay the groundwork for disabling cURL support. The new HTTP interaction acts like a synchronous XHR. Example usage of the new system is in the JavaScript CLI test runner.