Tags give the ability to mark specific points in history as being important
-
25.4.4
protected3553ab14 · ·[25.4.4] - 2025-11-12 Fixes - Fixed a bug where the raft snapshot would sometimes contain incorrect term which would result in an unrecoverable failure of the receiving instance. - Resolve hang when using TLS (hang in `ssl_iostream_destroy` when fiber is cancelled). - Resolve hang when using TLS (fix infinite loop in coio_writev_timeout on SSL_ERROR_ZERO_RETURN). - DML to global tables no longer will fail with errors such as "Compacted" (See also https://git.picodata.io/core/picodata/-/issues/2273). - Fix trigger execution and privilege initialization for scram-sha256 auth in pgproto. SQL - Add IF NOT EXISTS support for ALTER TABLE ADD COLUMN. Observability - Added metrics `pico_sql_global_dml_query` and `pico_sql_global_dml_query_retries` which report respectively the total number of SQL DML operations on global tables and number of times these operations had to be retried due to CAS conflicts.
-
25.3.8
protected1b8c0700 · ·[25.3.8] - 2025-10-23 Fixes - Fixed an out-of-memory crash when using Response::encode_rmp with large collections in plugin API (see also https://git.picodata.io/core/picodata/-/issues/2028). - Fixed a bug where the raft snapshot would sometimes contain incorrect term which would result in an unrecoverable failure of the receiving instance.
-
25.3.7
protected86f6fc1c · ·[25.3.7] - 2025-10-16 Fixes - Fix Service::on_leader_change callbacks not being called after master goes Offline due to sentinel auto-offline policy (See also https://git.picodata.io/core/picodata/-/issues/2303). SQL - Add IF NOT EXISTS support for ALTER TABLE ADD COLUMN.
-
25.4.3
protected6bc41a51 · ·[25.4.3] - 2025-10-15 Fixes - Fix possible crash when using TLS for iproto communication within cluster. - Specifying `instance.iproto_tls.enable` parameter via configuration file. - Prevent conflicts when creating tables with renamed table names. - Fix CREATE TABLE hanging on index conflict. - Fix Service::on_leader_change callbacks not being called after master goes Offline due to sentinel auto-offline policy (See also https://git.picodata.io/core/picodata/-/issues/2303). Pgproto - Add support for configuring pgproto TLS certificates via: - `instance.pg.ssl` (enable/disable TLS) - `instance.pg.cert_file` (client certificate path) - `instance.pg.key_file` (private key path) - `instance.pg.ca_file` (CA certificate path).
-
25.4.2
protectedabc7b7b5 · ·[25.4.2] - 2025-10-09 Fixes - Fix compilation error on ARM architecture. - Fix eliminate erroneous ER_READONLY message in logs when executing TRUNCATE on global tables sometimes. WebUI - Add a login form and JWT-based session management. The JWT secret is stored in the `_pico_db_config` table as `jwt_secret`. Set `jwt_secret` to an empty string ("") to disable authentication. On upgrade, Picodata leaves the existing `jwt_secret` unchanged. To enable web authentication on existing clusters, reset `jwt_secret` via the `ALTER SYSTEM` API. -
25.3.5
protected9e518b6b · ·[25.3.5] - 2025-10-03 Features - Instance's which loose ability to apply raft log updates will automatically become Offline. (See also https://git.picodata.io/core/picodata/-/issues/2238). - New ALTER SYSTEM parameter `plugin_check_migration_hash` (default: true) allows disabling plugin migration file checksum validation. This allows plugin authors to more easily fix mistakes in migration files. Fixes - Fixed bizarre row order produced by ORDER BY <uuid>. - Fixed a possible state corruption in case picodata crashes after receiving a raft snapshot with a stale schema version. - Fixed TRUNCATE operation for global tables.
-
25.4.1
protectede4612aa8 · ·[25.4.1] - 2025-10-02 Features - Support unique indexes with non-sharded columns on sharded tables, with sharding key prefix provided - Introduce the governor script to add `is_default` column to the `_pico_tier` table - Pgproto now reports more verbose TLS error messages - Validate cluster UUID during IPROTO handshake and propagate `cluster_uuid` via IPROTO_ID. Connections with a mismatching `cluster_uuid` are rejected, ensuring cross-cluster isolation. - Instance's which loose ability to apply raft log updates will automatically become Offline. (See also https://git.picodata.io/core/picodata/-/issues/2238). - Support TLS in IPROTO for intra-cluster communication and CLI. - Configure via new config section: `instance.iproto_tls`; - Run CLI with new arguments: `--tls-cert`, `--tls-key`, `--tls-ca`. - Support TLS certificate authentication - Use the certificate's Common Name (CN) field as the username; - For example, use `CN=dbuser@company.com` or `CN=dbuser` in the certificate to authenticate the user "dbuser"; - This method takes precedence over other authentication mechanisms. - New ALTER SYSTEM parameter `plugin_check_migration_hash` (default: true) allows disabling plugin migration file checksum validation. This allows plugin authors to more easily fix mistakes in migration files. - It is now possible to use `scram-sha256` auth method for old and new users. Currently, the method is only compatible with pgproto, which means it won't be available for picodata plugins or iproto connections. Observability - `instance_name` is now the primary label for Prometheus metrics. - Added the metric `pico_info_uptime{instance_name, instance_dir_name, replicaset, tier, cluster_name}`. - Updated Grafana dashboard: legends now use `{{instance_name}}`. SQL - SQL supports scalar function `abs()`. - Multiple `OPTIONS` specified in an SQL query no longer result in an error. Instead, the rightmost option takes precedence. - SQL now supports the `AUDIT POLICY` operation to enable or disable audit logging of DML operations for specific users. - Use cases: - `AUDIT POLICY dml_default BY dbuser` - enables audit logging of DML operations for user "dbuser" - `AUDIT POLICY dml_default EXCEPT dbuser` - disables audit logging of DML operations for user "dbuser" - Currently, only one policy named `dml_default` is supported. - Maximum value for `Integer` and `Unsigned` type is ***9223372036854775807***. Fixes - Fixed "instance is already joined" error if picodata crashes during reboostrap (see also https://git.picodata.io/core/picodata/-/issues/2077). - Supported detecting and fixing broken replication. - Remove unnecessary timeout on local Unix domain sockets in `picodata admin` command. Unlike network sockets, local sockets don't silently hang - a server crash immediately breaks the connection, making timeouts redundant. This fixes an issue where long-running plugin commands could be incorrectly aborted due to the artificial timeout. - Supported backoff strategies when configuring vshard from the governor. - Fixed restart the whole cluster at once taking too long. - Fixed an issue where `cluster.shredding` option does not get applied on instance restart. - `EXPLAIN` queries now support `OPTION` (e.g. `EXPLAIN SELECT 1 OPTION (SQL_VDBE_OPCODE_MAX = 6)`) - Fixed joining a replica after expel with the same instance name as the expelled one (see also https://git.picodata.io/core/picodata/-/issues/2173). - Fixed an out-of-memory crash when using Response::encode_rmp with large collections in plugin API (see also https://git.picodata.io/core/picodata/-/issues/2028). - Upgraded luajit to fix several issues. See https://git.picodata.io/core/tarantool/-/merge_requests/282 for details. - Fixed bizarre row order produced by ORDER BY <uuid>. - Fixed restarting the cluster without some of the voters (see also https://git.picodata.io/core/picodata/-/issues/2202). - Fixed potential undefined behavior in plugin RPC handler arguments. - Picodata now loads all certificates from `ca.crt`, not just the first one. - Fixed a possible state corruption in case picodata crashes after receiving a raft snapshot with a stale schema version. - Fixed TRUNCATE operation for global tables. CLI - Authentication method flags now use automatic recognition system, instead of relying on default values, delivering less error-prone and complex user experience. See <https://git.picodata.io/core/picodata/-/issues/1973>. - `picodata status` and `picodata plugin configure` now support execution with custom user, determining authentication method automatically on it's own. WARNING: If you do not specify an authentication method, it will be found out by brute force, which may lead to the user being blocked if the number of authorization attempts exceeds the limits. See <https://git.picodata.io/core/picodata/issues/1734>. - `picodata plugin configure` now prints a message on success for better UX. See <https://git.picodata.io/core/picodata/-/issues/1904>. - `picodata plugin configure` now returns a success code, instead of non-zero when trying to change plugin service parameters with the same values. See <https://git.picodata.io/core/picodata/-/issues/2222>. Plugin API - `internal::authenticate` is now deprecated, and is a re-export of the same auth function in a separate module `authentication::authenticate`. See <https://git.picodata.io/core/picodata/-/issues/2007>. WebUI - display expelled state -
25.3.3
protected98d12962 · ·[25.3.3] - 2025-09-10 CLI - Authentication method flags now use automatic recognition system, instead of relying on default values, delivering less error-prone and complex user experience. See <https://git.picodata.io/core/picodata/-/issues/1973>. - `picodata status` and `picodata plugin configure` now support execution with custom user, determining authentication method automatically on it's own. WARNING: If you do not specify an authentication method, it will be found out by brute force, which may lead to the user being blocked if the number of authorization attempts exceeds the limits. See <https://git.picodata.io/core/picodata/issues/1734>. - `picodata plugin configure` now prints a message on success for better UX. See <https://git.picodata.io/core/picodata/-/issues/1904>. Features - Pgproto now reports more verbose TLS error messages Fixes - Record `pico_sql_query_errors_total`, `pico_sql_query_duration` and `pico_sql_query_errors_total` metrics for queries executed through pgproto - Fixed joining a replica after expel with the same instance name as the expelled one (see also https://git.picodata.io/core/picodata/-/issues/2173).
-
25.3.2
protectedfc7c1e53 · ·[25.3.2] - 2025-08-04 Fixes - Fixed "instance is already joined" error if picodata crashes during reboostrap (see also https://git.picodata.io/core/picodata/-/issues/2077). - Remove unnecessary timeout on local Unix domain sockets in `picodata admin` command. Unlike network sockets, local sockets don't silently hang - a server crash immediately breaks the connection, making timeouts redundant. This fixes an issue where long-running plugin commands could be incorrectly aborted due to the artificial timeout.
-
25.3.1
protected475eec9a · ·[25.3.1] - 2025-07-25 Features - Introduce automatic system catalog schema upgrade on new releases (automatically executing DDL/DML and creating internal functions). ACL - The maximum number of users and roles that can be created has been increased from 32 to 128. SQL - SQL supports `ORDER BY ... NULLS FIRST/LAST` operation. - SQL supports `INSERT INTO ... ON CONFLICT DO FAIL/REPLACE/NOTHING` operation for globally distributed tables. - SQL supports modulo operator `%` for integers. - SQL supports window function `last_value()`. - SQL supports new volatile scalar functions `pico_raft_leader_id()` and `pico_raft_leader_uuid()`. - SQL scalar function `instance_uuid` is now marked as deprecated, consider using `pico_instance_uuid`. - SQL supports new stable scalar function `version()`, that returns version of the current instance. Pgproto - Support LDAP with TLS (StartTLS) for LDAP authentication menthod - use TT_LDAP_ENABLE_TLS=true environment variable to turn on - More metrics: - pico_pgproto_connections_closed_total - pico_pgproto_connections_opened_total - pico_pgproto_portals_closed_total - pico_pgproto_portals_opened_total - pico_pgproto_statements_closed_total - pico_pgproto_statements_opened_total Config - Config supports `instance.pg.advertise` option for pgproto server advertise address, which defaults to `instance.pg.listen`. It also can be set in the CLI via `--pg-advertise` option. WebUI - Display cluster ID and instance PG address - Cluster info and other data refreshes automatically every 10 seconds if the window is focused Fixes - Fixed numerous panics when setting invalid values for alter system parameters - Fixed the modification of `_pico_service_route`; it is now retriable. - Fixed a performance issue with global table DML which resulted in an up to 95x performance increase! - Fixed sorting in WebUI - it's now consistent across reloads - Fixed WebUI dependency on internet access for displaying fonts - Fixed a bug which broke intra-replicaset replication when upgrading from 25.1.* to 25.2.*. Note that clusters broken by this bug require some manual actions in addition to this fix, but newer version should upgrade fine. Note also that this fix does not include the actual schema upgrade procedure, so the cluster will still have a schema of the older version of picodata. For details see https://git.picodata.io/core/picodata/-/issues/1946#note_157146 - Preserve parameter types provided by client. Previously, we'd completely replace parameter types array with the one derived by the Sbroad's type system. As a result, sometimes the type could implicitly change from VARCHAR to TEXT, causing various problems to client drivers. - Fixed a bug when parsing RFC 3339 timestamps with a date-time delimiter other than `T` resulted in an error. - Fixes unnecessary vshard router and storage config updates. - Fixed a bug which could sometimes lead to unconstrained stream of requests from a failed instance (implemented expontential backoff for sentinel requests). - Fixed a bug where cluster-wide settings for options `sql_vdbe_opcode_max` and `sql_motion_row_max` were not applied to queries made through pgproto. - Fixed a panic in sentinel loop because of integer overflow when multiplying. - Fixed a bug where picodata would sometimes indefinitely block when applying DDL operations which could result in full replicaset failure. - Fixed a bug where picodata would sometimes indefinitely block after a restart and/or network failure when receiving a raft snapshot. Lua API - Remove `pico.exit` function as it is no longer used. Plugin API - Allowed to use different patch level versions of SDK (ex. allow to run plugin built with 25.3.1 to run on Picodata 25.3.2) - Added `cluster_uuid()` API and corresponding `pico_ffi_cluster_uuid` FFI binding to retrieve the cluster UUID of the current instance.
-
25.2.4
protected64e15f9c · ·[25.2.4] - 2025-07-16 Fixes - In the case where an instance joining a cluster was unable to process the response (for example, an abnormal termination after sending a request to join the cluster), then this instance didn't have an ability to rejoin, since the cluster has already remembered its UUID and will consider it correctly joined. Now, instance UUID is generated on the instance side and persisted automatically, preventing such bug from happenning again.
-
25.2.3
protected45e17dd1 · ·[25.2.3] - 2025-07-07 Fixes - Fixed a bug which broke intra-replicaset replication when upgrading from 25.1.* to 25.2.*. Note that clusters broken by this bug require some manual actions in addition to this fix, but newer version should upgrade fine. Note also that this fix does not include the actual schema upgrade procedure, so the cluster will still have a schema of the older version of picodata. - Fixed incorrect validation check for max number of users. - Preserve parameter types provided by client. Previously, we'd completely replace parameter types array with the one derived by the Sbroad's type system. As a result, sometimes the type could implicitly change from VARCHAR to TEXT, causing various problems to client drivers. - Fixed a bug which could sometimes lead to unconstrained stream of requests from a failed instance (implemented expontential backoff for sentinel requests). - Fixes unnecessary vshard router and storage config updates. - Fixed a bug when parsing RFC 3339 timestamps with a date-time delimiter other than `T` resulted in an error.
-
25.2.2
protected21478cea · ·[25.2.2] - 2025-06-24 Features - Increase max number of users to 128 - Support LDAP with TLS (StartTLS) Fixes - Fixed a performance issue with global table DML which resulted in an up to 95x performance increase! - Used to fail to start when raft election was in progress - row_number marked as non-deterministic function - Re-enable basic auth for credentials in URL Plugin API - The `authentication` function has been introduced, which determines the authentication method automatically.
-
25.2.1
protected3fd3259a · ·[25.2.1] - 2025-05-27 CLI - `picodata admin` in \lua mode no longer requires a delimiter for executing commands. - allow only the full format for address command-line arguments - allow `HOST:PORT`, - disallow `HOST` or `:PORT`, - this is technically a breaking change. - provide a more detailed message for address binding errors - set permissions of admin socket file to 0660 by default. - `picodata expel` no longer requires the `--cluster-name` parameter; it is now marked as deprecated and will be removed in the future major release (version 26). Pgproto - Do not allow connections without ssl when ssl is enabled on the server. - In previous versions `pg.ssl = true` meant "allow clients to connect either plaintext or via SSL", - Now it more strict: "only allow clients to connect via SSL". - This is technically a breaking change. - The WAIT APPLIED GLOBALLY option now waits for all instances rather than just replicaset masters. Plugin API - Plugin RPC requests will now be executed locally whenever possible. Previously the behavior was inverted - we preferred remote execution, which was counter productive. - Plugin RPC context has new named field "call_was_local" which is set to `true` when the call is made locally (without network access). Note that in the opposite case "call_was_local" may be unset, so the absence of this fields should be interpreted as a non local call. ACL - For all users with role `public` the privileges to `read` system tables `_pico_instance` and `_pico_peer_address` are now granted. - Forbid the granting of DROP privileges on system tables. Type system - Improved type checking now catches more errors earlier with clearer error messages. Valid queries should note no difference. Example with `SELECT 1 = false`: Old behavior: ```sql picodata> select 1 = false; --- - null - 'sbroad: failed to create tarantool: Tarantool(BoxError { code: 171, message: Some("Type mismatch: can not convert boolean(FALSE) to number"), error_type: Some("ClientError"), errno: None, file: Some("./src/box/sql/mem.c"), line: Some(2784), fields: {}, cause: None })' ... ``` New behavior: ```sql picodata> select 1 = false; --- - null - 'sbroad: could not resolve operator overload for =(usigned, bool)' ... ``` Some queries with parameters or subqueries that previously worked might now require explicit type casts. For instance, `select 1 + (select $1)` now leads to "could not resolve operator overload for +(unsigned, unknown)" error, that can be fixed with explicit type cast: `select 1 + (select $1)::int` - Sbroad now infers parameter types from query context, allowing to prepare statements in pgproto without explicit type specification, which is a quite common case. For iproto nothing actually changes, because parameter types are inferred from the actual parameter values. For example, query `SELECT * FROM t WHERE a = $1` used to fail in pgproto with "could not determine datatype for parameter $1" error, if parameter type wasn't specified by the client. Now the parameter type is inferred from the context to the type of column `a`. In addition, parameter types can be inferred from the column types when inserting values. For instance, in `INSERT INTO t (int_col) VALUES ($1)` or `UPDATE t SET int_col = $1` query, parameter type will be inferred to the type of the column (int). Note that there are 2 methods to fix inference errors: 1) Explicitly provide parameter type on protocol level. 2) Explicitly provide parameter type by using CAST. Limitations: - `SELECT $1` Works in PostgreSQL, fails in sbroad, because there is no context for type inference. Such queries require parameter type defaulting rules. - `SELECT 1 UNION SELECT $1` Parameter type could be inferred from the left select statement, like PostgreSQL does, but this is not implemented yet. - SQL type system supports parameter type defaulting to text, allowing to handle parameterized queries with context for parameter types inference. For instance, `SELECT $1` used to result in "could not infer data type of parameter $1" error. Now the parameter type will be defaulted to text, making the query valid. - SQL now can coerce string literals to more suitable type according to the context where they are used. For instance, string literal will be automatically coerced to a datetime value when it's being inserted in a column of type datetime. If a string doesn't represent a valid value of the inferred type, the result will be a parsing error. Query examples: - `SELECT 1 + '1'` is the same as `SELECT 1 + 1` - `INSERT INTO t (datetime_col) VALUES ('2023-07-07T12:34:56Z')` is the same as `INSERT INTO t (datetime_col) VALUES ('2023-07-07T12:34:56Z'::datetime)` Observability - Added picodata metrics in prometheus format to the `/metrics` endpoint. Metrics allow to monitor SQL, RPC, CAS, Raft, instance and governor states. List of metrics: - pico_governor_changes_total - pico_sql_query_total - pico_sql_query_errors_total - pico_sql_query_duration - pico_rpc_request_total - pico_rpc_request_errors_total - pico_rpc_request_duration - pico_cas_records_total - pico_cas_errors_total - pico_cas_ops_duration - pico_instance_state - pico_raft_applied_index - pico_raft_commit_index - pico_raft_term - pico_raft_state - pico_raft_leader_id Fixes - Display correct value for "can_vote" property in webUI - Disallow DDL creation operations in a heterogeneous cluster. A cluster is considered heterogeneous if any instance differs from another by major or minor version. - Changed `picodata status` output format to more minimalistic and unix-stylished. - Fixed panic when dropping system user pico_service. - PostgreSQL protocol initialization now happens at the stage of instance becoming online, preventing possible problems in UX. - User creation or altering in SQL with a password and LDAP authentication method has been forbidden. - `.proc_before_online`'s PostgreSQL protocol initialization stage will be skipped if it was already initialized before, making this RPC idempotent. - `--pg-listen` parameter is now checked at bootstrap (`postjoin`) stage, so it is not possible anymore to bind a busy port when instance is offline. - Provide the client with a detailed error message when using LDAP for authentication and the LDAP server is unavailable. - Fixed secondary indexes not working after raft log compaction. - Fixed a bug where replication master switchover would sometimes fail. - No longer dumps backtrace files by default. Logs error if dump failed. - compare_and_swap in plugins now implicitly calls wait_index and validates term of the applied record to exclude situations when election caused different entry to become applied at expected index. With new behavior users of the API do not need to take that into account. - Fixed an issue where an instance cannot join after we expelled another instance. - `ALTER PLUGIN MIGRATE TO` command's timeout option is now handled more accurately. - Fixed a bug where a timeout during `ALTER PLUGIN MIGRATE` command would make it impossible to run migrations on the current instance. - Fixed a bug where _pico_service_route was incorrectly loaded into the topology cache. RPC API - `.proc_before_online` is a successor to `.proc_enable_all_plugins` due to added step of initialization of a PostgreSQL protocol at it's call: see "deprecation". Deprecation - `.proc_enable_all_plugins` will be deprecated in the next major release. - `cluster_name` parameter from `.proc_expel` RPC call will be deprecated in the next major release. SQL - SQL supports `TRUNCATE` operation. - SQL supports `ALTER TABLE t ADD COLUMN` operation. - SQL supports `ALTER TABLE old_table_name RENAME TO new_table_name` operation. - SQL supports volatile scalar functions: `instance_uuid`. Configuration - Minimal supported Rust version has been bumped from `1.76.0` to `1.85`. - Allow to configure `boot_timeout` parameter per-instance in config file (7200 sec by default) for auto-shutdown. -
25.1.2
protected568d6e96 · ·- vshard is bumped to 0.1.30. This fixes a bug lead to out of lua memory - remove requirement for a delimiter in console when in lua mode - `picodata status` output is tuned for better readability - Fixed a bug where _pico_service_route was incorrectly loaded into the topology cache.