UPDATE: Oct. 7, 2023, ver. 1.7.29 – Security HOT FIX
This is a hot fix release covering 3 potential security vulnerabilities of which one is relatively benign, one a medium and one can lead to unauthorized access to the application. Please upgrade your SlashDB instance as soon as possible.
We have proactively contacted our clients on Oct. 2nd, 2023 when the security issue were first discovered. We will post more details here at a later date, but we at the moment we want to give our clients time to upgrade. If you have any questions at this time, please contact our technical support team.
In addition to that, this release contains a fix for a client discovered issue where relationships that were renamed using the relationship_pattern feature would raise an exception.
UPDATE: Aug. 25, 2023, ver. 1.7.25
This is a maintenance release with improvements to performance and user experience.
Performance and Core
- SQL Pass-thru requests can now be serviced even when database model discovery is in progress
- Requests which reach worker not in ready state get rerouted to available worker
- JSON encoder will now use faster C implementation in more cases (faster output)
- Improved performance and compatibility with MS SQL Server using Microsoft’s native driver, if installed
- Ability to switch system-level database drivers
- Fixes connection issues to MS SQL when using pymssql driver
- Fixes bad relationship links for tables, which do not have a primary key
- Fixes incorrect use of Content-Type and Accept headers in certain cases for better compliance with HTTP protocol
- Adds missing href query parameter for XML schema output (XSD)
- Fixes TDS version/TrustServerCertificate connection parameters, which were ignored when using the Test Connection button
User Experience
- Adds meaningful browser tab titles to indicate user’s location in the app
- Missing Databases are now hidden for Database Mapping on the User Defintion screen
- When license invalid license key is installed do not allow login for non-admin users
Security
- Fixes displaying password in error message when user entered new password that was too long
Dev/Ops and SDK
- Update SlashDB JavaScript SDK with enhancements available in SlashDB version 1.7
- Log driver version and database server details on connection with Microsoft SQL Server
- Automated testing of installation from RPM and DEB packages on various Linux distros and versions
Documentation
- Document parameters for connection retry
- Update documentation on MS ODBC driver
- Updates to installation instructions for supported distributions
- Limit/offset should be used with sort parameter
- Fix duplicated content in the documentation on the slashdb.ini settings
What’s new in version 1.7?
Filtering with multiple range segments
Range filtering is SlashDB’s querying capability for quantifiable column types such as numbers and dates, which allows to select values falling within a given range. Up until now we have not supported logical OR for such queries (other than to define a SQL Pass-thru query). With this release this becomes possible in the Data Discovery mode. For example, to select Invoice rows where values in column Total fall in ranges between 3 and 5 or between 10 and 15:
https://demo.slashdb.com/db/Chinook/Invoice/Total/3..5,10..15.html
Filtering for NULL values
Although some data formats such as comma-separated text file often make no distinction between an empty string or a NULL, those values carry distinctive meaning in databases. It is now possible to explicitly search for either. To build on the the above example, suppose we wanted to only find records, for which the BillingPostalCode column is not a NULL:
https://demo.slashdb.com/db/Chinook/Invoice/Total/3..5,10..15/~BillingPostalCode/<null>.html
The special marker <null> is configurable both in the slashdb.ini file for the default as well on each URL using the ?nullStr modifier.
Using NULL for parameters to SQL Pass-thru queries is also possible.
Update license via API
Updating license keys is now possible using the API, as described in our documentation. This can help clients with multiple servers to automate license key update in bulk.
What’s improved?
Security
As with every release we had penetration testing performed for this release by a reputable specialist vendor. No major issues were found. The following are enhancements and fixes related to security:
- Added capability to automatically configure OpenID Connect, if so supported by identity provider
- Enhanced SAML 2.0 auto-configuration with the ability to send metadata from SlashDB (SP) to identity provider
- Added defensive code against a SAML 2.0 replay attack
- Fixed an issue where optional SAML property NameId Policy was always included in SSO handshake requests
- Fixed an issue where authenticated user could see certain properties associated with his/her account without being granted administrative privileges
- Fixed an issue where user with administrative privileges was able to perform actions in the UI that could reveal presence or absence of certain files (enumeration)
Performance and Core Functionality
Of note are:
- Significant performance improvement for limit/offset queries in SQL Pass-thru achieved by wrapping defined statement as a sub-query where possible instead for cursor iteration
- Dramatic performance improvements with PostgreSQL (and derivatives) by using server-side cursors by default for requests in streaming mode
- Where possible updated third party dependencies to latest versions
- Fixed condition where a change to a SQL Pass-thru statement would not propagate to all workers under multi-process concurrency
- Avoid errors on incorrectly encoded strings in plain character types in Oracle by using a character replace mode; possible to disable
- Fixed field missing from the SQL Pass-thru query definition API response
- Fixed ambiguous behavior when searching for an empty string is in the last segment of the URL
- Include NULL values in wildcard “*” filter
User Experience
Various fixes and feature improvements including:
- Making certain error messages clearer
- Clickable database names in the list of connected databases
- Fixed button placement in Query Studio on narrow screens
- Fixed button for XML in the SQL Pass-thru query execution screen
- Fixed URL generated for filtering on string “*” explicitly
- Fixed URL generated for fields that a primary key and contain special characters such as an asterisk or a comma
- Fixed display issues and error messages with the connection string override feature
Dev/Ops and Administration
These changes improve configuration, administration and troubleshooting:
- Added support for Python 3.10, dropped support for version 3.7 and below
- Formatting of log messages in all components is now uniform, which allows for concatenating log files and easier troubleshooting
- Product version is now output to log files on application start
- Fixed misleading log message on table relationship naming
- Ability to configure advanced connection settings in the slashdb.ini per database type in addition to per database name
- Use TDS protocol version 7.4 by default for compatibility with wider range of newer versions of the MS SQL Server
- Separated support for Oracle into its own package, which is optional to install and can be updated separately from the main application
Documentation and Testing
- Added chapter on upgrading
- Updated outdated screenshots
- Automated about 75% of UI tests
Connect with us
We invite you to get in touch with us. You can reach us via:
- Gitter.im (chat room)
- StackOverflow (use tag “slashdb” to post questions)
- Contact form
Image attribution
The image is “a realistic green meadow and blue sky with a black cat hiding in the grass” as generated by the Microsoft Bing powered by DALL-E.