# Release 3.28.5 (2020-05-11) Changes since 3.28.4: ### Enhancements * None ### Fixed * When trace logging was enabled, the request and response body was logged, which may have included sensitive information for login calls. The request and response bodies for `/auth` requests are no longer logged. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/server/installation#version-compatibility-table). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/server/manage/upgrading) for installation, upgrade and rollback instructions. ### Internals * Using Sync 4.9.4, and thereby Core 5.23.8 # Release 3.28.4 (2020-01-28) Changes since 3.28.3: ### Enhancements * None ### Fixed * Fixed an issue that would cause the old schema of a Realm to be recreated by the GraphQL service after the Realm has been deleted. (HELP-12274) ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/server/installation#version-compatibility-table). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/server/manage/upgrading) for installation, upgrade and rollback instructions. ### Internals * Using Sync 4.9.4, and thereby Core 5.23.8 * Added support for `historyCompactionIgnoreClients` option in SyncService. # Release 3.28.3 (2020-01-21) Changes since 3.28.2: ### Enhancements * None ### Fixed * None ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/server/installation#version-compatibility-table). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/server/manage/upgrading) for installation, upgrade and rollback instructions. ### Internals * Using Sync 4.9.4, and thereby Core 5.23.8 * Sync Server: New configuration option for enabling the 'ignore clients' mode of in-place history compaction. * Improve the message returned by std::error_code::message() for the SecureTransport error code category. * Uses new JS binding, realm-3.6.3. # Release 3.28.2 (2020-01-07) Changes since : ### Enhancements * None ### Fixed * Fixed an issue which could lead to messages like `Error: Invalid credentials - failed to parse token data at SyncProxyService` in the logs while ROS is shutting down. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/server/installation#version-compatibility-table). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/server/manage/upgrading) for installation, upgrade and rollback instructions. ### Internals * Using Sync ???, and thereby Core ??? OR * Updated Sync from ??? to ???, and thereby Core from ??? to ??? * # Release 3.28.1 (2019-12-13) Changes since 3.28.0: ### Enhancements * In-place history compaction can now be invoked in a mode where it ignores recorded last access times for clients, and instead looks at the apparent age of history entries. This is not something that should be done except in situations of emergency, as it should be expected to force some (especially new) clients to go through a reset operation regardless of how recently they have been active. In-place history compaction can be invoked only by use of the command line tool `realm-vacuum`, and only by specifying the `--ignore-clients` option. When using `realm-vacuum` for the purpose of invoking in-place history compaction, be sure to specify an appropriate "time to live" value (`--server-history-ttl`). ### Fixed * Under special circumstances, the server or client could become unresponsive during automatic conflict resolution. In most cases, the server would be more severely affected than the client. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/server/installation#version-compatibility-table). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/server/manage/upgrading) for installation, upgrade and rollback instructions. ### Internals * Updated Sync from 4.9.0 to 4.9.2, and thereby Core from 5.23.6 to 5.23.7 # Release 3.28.0 (2019-11-27) **WARNING** This version performs irreversible migration to the server Realm files, so you can not revert back to an earlier version of ROS (3.27.x or lower). It is backwards compatible with existing clients, but previous versions of ROS will not be able to manipulate the migrated files. It is recommended that you backup your data in case you need to perform a rollback. Changes since 3.27.3: ### Enhancements * [Sync Server] Improvements to in-place history compaction. Compaction in a reference file is no longer artificially held back by clients of partial views. The improvement will take immediate effect for new reference files. For preexisting reference files, time will need to pass before the change becomes fully effective. The amount of time that needs to pass, corresponds to the "time to live" configuration parameter setting for the in-place history compaction feature. ### Fixed * None ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/server/installation#version-compatibility-table). * The synchronization protocol version has been bumped. The server side remains compatible with all SDK versions that ROS 3.27.x was compatible with. * Server: Server-side history schema has changed. Transparent forward migration is provided, but, as usual, there is no provision for migration in the reverse direction, so it is effectively irreversible. * Server: Backup protocol version bumped from 3 to 4. All nodes in a backup cluster must run the same backup protocol version. ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/server/manage/upgrading) for installation, upgrade and rollback instructions. ### Internals * Updated Sync from 3.8.4 to 3.9.0 # Release 3.27.3 (2019-11-25) Changes since 3.27.2: ### Enhancements * Added the ability to set the disk usage stats polling interval. Set `DISK_STATS_INTERVAL` to the number of seconds between polls. ### Fixed * Client: Resume sync with correct server version after failure to integrate. Since Sync 2.3.1 (star topology). RSYNC-48. * [Sync] Server no longer returns error code 214 when clients perform state requests on partial realms. It now returns an empty state, which allows the client to resync. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/server/installation#version-compatibility-table). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/server/manage/upgrading) for installation, upgrade and rollback instructions. ### Internals * Updated Sync from 4.8.2 to 4.8.4, and thereby Core 5.23.6 # Release 3.27.2 (2019-11-12) Changes since 3.27.1: ### Enhancements * None ### Fixed * Fixed an issue where the server did not return the correct error code when the request contains an expired refresh token. * Fixed an issue with custom refresh tokens where the `userIdFieldName` option was not respected. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/server/installation#version-compatibility-table). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/server/manage/upgrading) for installation, upgrade and rollback instructions. ### Internals * Updated Sync from 4.8.1 to 4.8.2 * Updated realm-js from 3.3.0 to 3.4.1 # Release 3.27.1 (2019-11-07) Changes since 3.27.0: ### Enhancements * None ### Fixed * Fixed bug in newly introduced migration of history schema from version 8 to 9 (incorrect initialization of column accessors). Since 3.27.0 ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/server/installation#version-compatibility-table). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/server/manage/upgrading) for installation, upgrade and rollback instructions. ### Internals * Updated Sync from 4.8.0 to 4.8.1, and thereby Core to 5.23.6 # Release 3.27.0 (2019-11-05) Changes since 3.26.12: ### Enhancements * None ### Fixed * Fixed a bug when deleting the Realm file when state Realms are disabled. (Since 3.21.0) ### Compatibility * This release upgrades the file format of the files on the server. A transparent forward migration is provided, but reverse migration **is not**, which means that reverting back to 3.26.x or lower requires restoring files from backup. * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/server/installation#version-compatibility-table). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/server/manage/upgrading) for installation, upgrade and rollback instructions. ### Internals * Updated Sync from 4.7.10 to 4.8.0 and thereby Core to 5.23.6 # Release 3.26.12 (2019-10-25) Changes since 3.26.11: ### Enhancements * None ### Fixed * Fixed structured error logging when an error occurs when starting the permission service. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/server/installation#version-compatibility-table). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/server/manage/upgrading) for installation, upgrade and rollback instructions. ### Internals * Using Sync 4.7.10, and thereby Core 5.23.3 # Release 3.26.11 (2019-10-24) Changes since 3.26.10: ### Enhancements * None ### Fixed * Fixed an issue that would prevent the server from starting with messages similar to `warn: Failed to setup listeners. Retry #2`. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/server/installation#version-compatibility-table). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/server/manage/upgrading) for installation, upgrade and rollback instructions. ### Internals * Using Sync 4.7.10, and thereby Core 5.23.3 # Release 3.26.10 (2019-10-24) Changes since 3.26.9 ### Enhancements * Added `requiredClaims` field to `JwtAuthProviderConfig` and `CustomTokenValidatorConfig` - it allows defining a set of JSONPath expressions that a JWT payload will be validated against. This new field deprecates and replaces `requiredAttributes` on `JwtAuthProviderConfig`, which will be removed in a future version. * Added `isAdminQuery` field to `JwtAuthProviderConfig` and `CustomTokenValidatorConfig` - it allows defining a JSONPath expression that will be evaluated against a JWT payload to determine whether the user has admin privileges. This new field deprecates and replaces `isAdminFieldName` and `isAdminValue` on `JwtAuthProviderConfig`, which will be removed in a future version. * Added `userIdFieldName` field to `CustomTokenValidatorConfig` - it allows specifying which field in the JWT payload denotes the logical user id. The default value is `sub`. * `KubernetesCoreServices` now understands the `TokenValidators` service configuration key which enables configuring custom refresh token validators. ### Fixed * Fixed an issue that would cause the server to crash with `Detected an unhandled promise rejection at: [object Promise] reason: undefined` when the sync worker is unreachable. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/server/installation#version-compatibility-table). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/server/manage/upgrading) for installation, upgrade and rollback instructions. ### Internals * Using Sync 4.7.10, and thereby Core 5.23.3 * Upgraded realm-js to 3.3.0. * Added support for the TokenValidator to accept JWT access tokens containing the path, sync label, and access levels in an embedded object called stitch_data instead of at the top level, in anticipation of future support for Stitch-backed authentication flow. # Release 3.26.9 (2019-10-17) Changes since 3.26.8: ### Enhancements * Added an optional `appId` config parameter to the Azure Auth provider. ### Fixed * None ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/server/installation#version-compatibility-table). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/server/manage/upgrading) for installation, upgrade and rollback instructions. ### Internals * Using Sync 4.7.10, and thereby Core 5.23.3 # Release 3.26.8 (2019-10-16) Changes since 3.26.7: ### Enhancements * Exposes a few extra config options to the AzureAD provider. * `audience`: optional - validates the audience of the token (that will be applicationID). * `allowConsumerLogins`: optional, default `false` - enables logins from regular microsoft accounts. * `userIdField`: optional, default `sub` - controls which field in the JWT will be used as unique identifier for the user. Main difference between `sub` and `oid` is that the former is app-unique, while the latter is tenant-unique. ### Fixed * Log a warning as opposed to throwing an exception when a user tries to authenticate an admin user via nickname auth. The logged in user will **NOT** be an admin - they'll get logged in as a regular user. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/server/installation#version-compatibility-table). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/server/manage/upgrading) for installation, upgrade and rollback instructions. ### Internals * Using Sync 4.7.10, and thereby Core 5.23.3 # Release 3.26.7 (2019-10-14) Changes since : ### Enhancements * Updated realm-js to 3.3.0-rc.1 * Updated sync to 4.7.10 * [SyncService] Adds an option to disable state realm generation, `disableStateRealms`. Defaults to `false`. ### Fixed * None ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/server/installation#version-compatibility-table). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/server/manage/upgrading) for installation, upgrade and rollback instructions. ### Internals * Using Sync 4.7.10, and thereby Core 5.23.3 # Release 3.26.6 (2019-10-10) Changes since 3.26.5: ### Enhancements * None ### Fixed * None ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/server/installation#version-compatibility-table). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/server/manage/upgrading) for installation, upgrade and rollback instructions. ### Internals * Changed the upload location for the hotfix publish job to avoid conflicting with release jobs. # Release 3.26.5 (2019-10-10) Changes since 3.26.4: ### Enhancements * Exposed a config option to disable state realm generation for `KubernetesSyncWorker`. ### Fixed * None ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Using Sync 4.7.5 # Release 3.26.4 (2019-09-20) Changes since 3.26.3: ### Enhancements * None ### Fixed * Fixed an issue where using the GraphQL service to open a partial Realm could cause it to crash under certain conditions. ([SYNC-32](https://jira.mongodb.org/browse/SYNC-32)) ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/server/installation#version-compatibility-table). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/server/manage/upgrading) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. ### Internals * Using Sync 4.7.5, realm-js 3.1.0, and core 5.23.3 * Updated realm-js from 3.0.0 to 3.1.0 # Release 3.26.3 (2019-09-16) Changes since : ### Enhancements * Added more logs in code paths where "Invalid Credentials" or "Token is Revoked" errors are returned. ### Fixed * Fixed an issue where the GraphQL service could crash when creating a subscription for a partial Realm that has more than 10 subscriptions. ([SYNC-32](https://jira.mongodb.org/browse/SYNC-32)) ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. ### Internals * Using Sync 4.7.5, realm-js 3.0.0, and core 5.23.3 * Updated realm-js from 2.29.2 to 3.0.0 # Release 3.26.0 (2019-09-03) Changes since 3.25.1: ### Enhancements * [AuthService] Exposed the `clockTolerance` configuration option on the JWT auth provider. This can be used to work around small clock differences between ROS and the server issuing the JWT token that cause an otherwise valid token to be rejected. The default value for this new configuration option is 15 seconds.(Issue ROS-89) * [Query-based Sync] Performance improved for queries comparing a constant value to a property over unary link path (eg: "someLink.Id == 42"). ### Fixed * [Sync] Fixed a bug where clients using protocol versions 25 through 28 would receive Bad server version errors, with log messages on the server such as "Upload progress (x, y) is mutually inconsistent with threshold (a, b)". (Issue SYNC-14, since 3.25.0). * [AuthService] Fixed a bug where a malformed auth provider configuration prevented startup of ROS. * [AuthService, GraphQLService, PermissionsService] Changed the behavior of the runtime config of these services to merge with the build time config as opposed to completely override it. * [PermissionsService] Added ability to configure the permissions service at runtime via the __configuration Realm. * [GraphQLService] Fixed a bug where failing to open a Realm would cache the result and keep failing to open the Realm on subsequent requests. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. ### Internals * Using Sync 4.7.5, realm-js 2.29.2, and core 5.23.3 # Release 3.25.1 (2019-08-07) Changes since 3.25.0: ### Enhancements * None ### Fixed * Throw an error when trying to login as an admin via nickname auth. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. ### Internals * Using Sync 4.7.0, and thereby Core 5.23.1 # Release 3.25.0 (2019-08-06) Changes since 3.24.1: ### Enhancements * Added an option to specify custom `refreshTokenValidators`. It can be used if your app generates/receives signed refresh tokens from external provider and would like to use them instead of the Realm-provided ones. You need to specify at least an `issuer` and `publicKey` and when an access token is requested, ROS will parse the JWT and validate it against the token validator config with the matching issuer. Since the `Realm` token validator is always enabled, you cannot add a token validator with the `realm` issuer. (Issue [ROS-65](https://jira.mongodb.org/browse/ROS-65)) ### Fixed * Fixed a bug that would demote an admin nickname user next time they login, even if they had admin permissions. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. ### Internals * Using Sync 4.7.0, and thereby Core 5.23.1 # Release 3.24.1 (2019-08-02) Changes since 3.23.6: **WARNING** This version performs irreversible migration to Realm files, so you can not revert back to an earlier version of ROS (3.23.x or lower). It is backwards compatible with existing clients, but previous versions of ROS will not be able to manipulate the migrated files. It is recommended that you backup your data in case you need to perform a rollback. ### Enhancements * [sync] New options --server-history-ttl and --log-level added to commandline tool realm-vacuum. ### Fixed * [sync] Pinned snapshot exposed history corruption after client reset. History is now trimmed during client reset to avoid the problem. * [sync] Eliminated a race condition that could cause a request for "state size recomputation" to be ignored. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). * [sync] A change was needed in the history schema on the client side. This bumps the client-side history schema version from 1 to 2. Transparent forward migration is provided, but, as usual, there is no provision for the reverse migration, so it is effectively irreversible. * [sync] A change was needed in the history schema on the server side. This bumps the server-side history schema version from 7 to 8. Transparent forward migration is provided, but, as usual, there is no provision for the reverse migration, so it is effectively irreversible. ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. ### Internals * Using Sync 4.7.0, and thereby Core 5.23.1 * Changed the format of the returned refresh tokens to use JWT ([PR #1557](https://github.com/realm/realm-object-server-private/pull/1557)) # Release 3.23.6 (2019-08-01) Changes since 3.23.5: ### Enhancements * Added more detailed error message when a user creation is rejected due to the userId requiring url encoding (only when logging in via JWT). The new message will return both the encoded and non-encoded userId to make it easier to spot the invalid characters. ### Fixed * Fixed an issue that would cause the JWT provider to not replace all invalid characters in a userId. For example, a user with the Id `foo|bar|email` would result in an error being thrown even if the `|` character is marked for escaping. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. ### Internals * Using Sync 4.6.3, and thereby Core 5.23.1 * Changed the format of the returned refresh tokens to use JWT ([PR #1557](https://github.com/realm/realm-object-server-private/pull/1557)) # Release 3.23.5 (2019-07-23) Changes since 3.23.4: ### Enhancements * None ### Fixed * Fixed an issue that could cause GraphQL mutations not to update `int?` values when `updatePolicy` was set to `MODIFIED`. ([Issue HELP-10578](https://jira.mongodb.org/browse/HELP-10578)) * Updated vulnerable dependencies to patched versions. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. ### Internals * Updated realm-js from 2.27.0 to 2.29.1. # Release 3.23.4 (2019-07-17) Changes since 3.23.1: ### Enhancements * Added `@` to the list of characters escaped by default by the JWT provider. (Issue [#1140](https://github.com/realm/realm-object-server-private/issues/1140)) ### Fixed * None ### Breaking changes * Removed the ability to specify `is_admin` for logins with the nickname provider (Issue [#1554]) ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. ### Internals * Using Sync 4.6.3, and thereby Core 5.23.1 * New metrics for query and transaction performance have been exposed. # Release 3.23.1 (2019-06-07) Changes since 3.23.0: ### Enhancements * None ### Fixed * [GraphQL Service]: Fixed an issue when using Query-based Sync that would result in `JS value must be of type 'object', got (undefined)` when creating a subscription without a name. ([Issue #1544](https://github.com/realm/realm-object-server-private/issues/1544)) ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. ### Internals * Using Sync ???, and thereby Core ??? OR * Updated Sync from ??? to ???, and thereby Core from ??? to ??? # Release 3.23.0 (2019-06-04) Changes since 3.21.1: ### Enhancements * [GraphQL Service]: Added new properties to the `NamedSubscription` object to align it with realm-js version 2.26.0. Particularly, these relate to the expiration of subscriptions. * [GraphQL Service]: Added an ability to specify `timeToLive` (in ms) for a query-based subscription. This only works for named subscriptions. * [GraphQL Service]: Added the ability to update an existing query-based subscription. To do so, pass in `update: true` and the name of the subscription to the `createXXXSubscription` mutation. * [Permissions Service]: Added two config options (`enablePermissionRealmReflection` and `enableManagementRealmReflection`) to the permissions service constructor to allow disabling permission reflection and observing the management Realms. If you're upgrading an existing server, running in production, it is advised to leave these enabled to avoid breaking permission functionality of your existing deployments. If you don't use the path-level permission system in your app (i.e. you're not granting or reading path-level permissions), you can set them to `false` to improve the performance of the server. * [Sync Server]: Improved the performance of query-based sync with many readers. ([PR #1541](https://github.com/realm/realm-object-server-private/pull/1541)) * Decreased the size of the npm module. ([PR #1541](https://github.com/realm/realm-object-server-private/pull/1541)) * [Permissions Service]: Exposed an HTTP interface for manipulating path-level permissions. This is more scalable and performant than the existing Realm-based interface and all client SDKs will be gradually updated to use that. It's enabled by default, but requires an update to the client SDKs to take advantage of it. Pay attention to the SDK's changelog for more details on upgrading your app. ([PR #1539](https://github.com/realm/realm-object-server-private/pull/1539)) ### Fixed * Fixed a bug that could cause ROS to attempt to write to a socket that has been closed, resulting in `Error [ERR_STREAM_DESTROYED]: Cannot call write after a stream was destroyed` being output in the log and the process terminating. (Issue [#1524](https://github.com/realm/realm-object-server-private/issues/1524)) * Fixed a race condition that could result in ROS consuming 100% CPU after a user has been deleted. ([PR #1541](https://github.com/realm/realm-object-server-private/pull/1541)) ### Breaking Changes * Removed the following API because they no longer have any effect on the server ([PR #1541](https://github.com/realm/realm-object-server-private/pull/1541)): * The `shouldCompactRealmsAtStart` and `shouldPerformPartialSyncAtStart` properties from `BasicServer`'s config. * The `sync.realm.io/enable-debug-mode`, `sync.realm.io/should-perform-partial-sync-at-start`, `sync.realm.io/disable-precheck-in-child-proc`, and `sync.realm.io/skip-verify-realms-at-start` annotations from KubernetesSyncWorker. * The `shouldCompactRealmsAtStart`, `shouldPerformPartialSyncAtStart`, `skipVerifyRealmsAtStart`, `disablePrecheckInChildProc`, `verifyRealmsAtStart`, and `runPrecheckInChildProcess` properties from the SyncService config object. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. ### Internals * Updated realm-js from 2.25.0 to 2.27.0. * Updated realm-sync-server from 4.4.4 to 4.5.1 # Release 3.21.1 (2019-04-26) Changes since 3.21.0: ### Enhancements * None ### Fixed * A regression was introduced in version 3.21.0 that could cause the server to decide to perform full history compaction on every upload, causing severe performance degradation. (Issue [#2962](https://github.com/realm/realm-sync/issues/2962), since 3.21.0) ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. ### Internals * Updated Sync from 4.4.2 to 4.4.4. Core remains 5.19.1. # Release 3.21.0 (2019-04-10) Changes since 3.20.1: ### Enhancements * Added support for a new way to quickly download a Full Realm file and to automatically resolve client-reset type errors. Client SDKs need to be updated to take advantage of this feature. Keep an eye on the SDK's changelog for more information. * Added support for including user specified backlinks in a query based subscription. Client SDKs need to be updated to take advantage of this feature. Keep an eye on the SDK's changelog for more information. ### Fixed * None ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. ### Internals * Updated Sync from 4.2.3 to 4.4.2. Core is remains 5.19.1. # Release 3.20.1 (2019-04-04) Changes since ROS 3.19.0: **IMPORTANT: This version will perform an automatic file-format upgrade of certain files used for Query Based Sync. The server cannot be downgraded without restoring those files from backup. So it's recommended to do a full backup before the server is upgraded.** ### Enhancements * Reduced the performance impact of authenticating users with invalid credentials when using the username/password provider. * A new argument for the Sync Service has been added. `numAuxPsyncThreads` enables multithreading during query-based sync fan-out operations. Specify the number of additional worker threads desired in addition to the main worker thread. Defaults to `0` (disabled). * The GraphQL service has two new mutations added: `create**type**(input: **type**, updatePolicy)` and `create**type**s(input: [**type**], updatePolicy)` where `updatePolicy` is optional and may be `NEVER`, `ALL`, and `MODIFIED`. These correspond to the now deprecated mutations `add**type**`, `update**type**` and `diffUpdate**type**`. If `updatePolicy` is not specified, `NEVER` will be used. (Issue [#1496](https://github.com/realm/realm-object-server-private/issues/1496)) * The server no longer rejects subscriptions based on queries with distinct and/or limit clauses. * Realm files used for query based sync have had all non-essential state removed, to reduce the file size on disk and improve query based sync performance. In some scenarios, this improves the latency of query-based sync by up to 25%, depending on the user's schema. * Various performance improvements for queries results in faster query based sync performance. * Memory usage has been decreased when using encryption. * Performance when using encryption has been significantly improved. * Commit performance is improved for realms with a long lifetime and many changes due to better handling of the free space in the file. * Added a warning when the nickname auth provider is started to more prominently alert developers of the fact it's not a secure provider. ### Fixed * Fixed an issue that could cause the GraphQL service to end up always throwing an Internal Server Error for a particular Realm. This could happen when a reference Realm is deleted, then an access token, issued before the deletion, is used to connect to it via query-based sync. (PR [#1504](https://github.com/realm/realm-object-server-private/pull/1504) Since v3.16.6) * A Realm file deletion (including deletion of partial files as a result of history compaction) could cause various kinds of crashes, and even corruption within the server. (since v3.0.0). * A bug was fixed where if a user had `canCreate` but not `canUpdate` privileges on a class, the user would be able to create the object, but not actually set any meaningful values on that object, despite the rule that objects created within the same transaction can always be modified. (Issue #2574, since v3.0.0). * A segfault could occur under certain circumtances when queries compared two integer fields. * Fixed an issue that could prevent the server from starting with a message like `Cannot read property 'findIndex' of undefined`. This was caused when explicitly specifying the auth providers as opposed to using the runtime configuration API. (Issue [#1506](https://github.com/realm/realm-object-server-private/issues/1506), Since 3.19.0) ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. NOTE: This version will perform an automatic file-format upgrade of certain files used for Query Based Sync. The server cannot be downgraded without restoring those files from backup. So it's highly recommended to do a full backup before the server is upgraded. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. ### Internals * Updated Sync from 3.15.2 to 4.2.3 (all relevant changes included above) * Via above sync update, indirectly updated Core from 5.14.0 to 5.19.1 * Removed logic to reflect permissions in `__perm` Realms as those were unused. A migration to remove the existing `__perm` Realm is **not** provided and they will linger around until we decide it's okay to delete them. # Release 3.19.0 (2019-03-14) ### Enhancements * Updated some services to inherit from event emitter to emit events when processing some requests. The updated services are: * AuthService * `userCreated` emitted with argument `{ user: User, totalUsers: number }` when a user is created. * SyncProxyService * `socketConnected` emitted with argument `{ path: string, socketId: number, userAgent: string }` when a socket connection is established with the sync service. * `socketDisconnected` emitted with argument `{ path: string, socketId: number, userAgent: string }` when a socket connection is terminated. * RealmDirectoryService * `realmCreated` emitted with argument `{ type: RealmType, path: string, syncLabel: string }` when a new Realm is created. * Added 2 more buckets for changeset_integrated histogram. * Added an option to `AuthService` called `allowAnyUserToRetrieveUserInfo` that enables any registered user to call the `GET /auth/users/:user_id` and `GET /auth/users/:provider/:provider_id` HTTP APIs, either directly or with SDK methods such as the JavaScript SDK's `Realm.Sync.User.retrieveAccount` method. * Reduced the performance impact of authenticating users with invalid credentials when using the username/password provider. ### Fixed * Fixed a bug that would prevent the GraphQL Service's `diffUpdate` method from working with lists of primitive values. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Add metrics in the GraphQL service. * Added support for more arguments to the `copyfile` Kubernetes operation: * `pause` will stop the server before copying the files. It can be useful when trying to obtain a reference and a partial Realm without the possibility for intermediate changes. * `files` replaces `file` and allows you to specify multiple files that will be copied to the archive. * Fixed a case where the `copyfile` operation would retry infinitely in the case of a non-existent file. * Performance of invalid credentials auth: [PR#1475](https://github.com/realm/realm-object-server-private/pull/1475) * Removed `yarn` in favor of `npm`. [PR#1481](https://github.com/realm/realm-object-server-private/pull/1481) * Updated buckets, name and help for change propagation metric in sync. [PR#1491](https://github.com/realm/realm-object-server-private/pull/1491) * Verify that the user identified by a refresh token is still currently an admin when the token is tagged as admin. [PR#1387](https://github.com/realm/realm-object-server-private/pull/1387) # Release 3.18.5 (2019-02-20) ### Enhancements * None ### Fixed * Fixed a TypeScript build error in `ros init`-created applications. (Issue [#413](https://github.com/realm/realm-object-server/issues/413)) ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Adjusted the bucket sizes for all histograms converted from statsd timings coming from the sync server. The defaults for these buckets are suited for measuring request times based on a 1-second unit. Since sync reports changeset integration times, et al, in milliseconds, the defaults are not suitable. # Release 3.18.4 (2019-02-14) ### Breaking * Node 6 support has been deprecated and we'll drop it completely in a future version. We recommend upgrading to node 10 LTS. ### Enhancements * None ### Fixed * None ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Stopped testing against Node 6 as support will be dropped. * Fixed a bug that would remove the Github release notes when publishing a public release. * Refactored some event handlers in SyncProxyService in order to provide better log messages. * Updated kubernetes-client dependency to 6.8.3 # Release 3.18.3 (2019-02-11) ### Enhancements * None ### Fixed * Fixed an issue where metric names would be incorrectly decoded and the following message would be printed in the logs: Failed processing a metric: URI is not defined. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * None # Release 3.18.2 (2019-02-11) ### Enhancements * Added a new operation to the Kubernetes Sync Worker - `copyfile` with operation arguments `{ "file": "sync-worker-file-path" }`. Executing it will copy a sync worker file while the server is running and ensure that the original and the copy have matching md5 checksums. Additionally, if `fileUploadFunction` is provided in the config, the file will be compressed using `gzip` and the function will be invoked with the archive as argument. ([PR #1447](https://github.com/realm/realm-object-server-private/pull/1447)) * Added a new operation to the Kubernetes Sync Worker - `quarantine` with operation arguments `{ "file": "sync-worker-file-path" }`. Executing it will stop the server, move the file to a `quarantine` folder within the sync worker's data directory, then start the server again. Generally, it should be used if the server is failing to start due to a corrupt file. Should be used with great care as quarantining the file will result in client resets. ([PR #1453](https://github.com/realm/realm-object-server-private/pull/1453)) * Cleaned up some log messages in the sync proxy service and added a connection counter metric, `ros_sync_proxy_connections_total`. ### Fixed * Fixed the url of the errors thrown by ROS to point to a valid docs page. ([Issue #1394](https://github.com/realm/realm-object-server-private/issues/1394)) ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Adds support for an environment variable, `DISABLE_ACCOUNT_ENUMERATION_MITIGATION`. When set to `"true"`, ROS will not hash passwords for logins where the user is not found. * Kubernetes-based servers now use the globally-defined prom-client registry. This enhances compatibility when adding 3rd-party exporters. * Uses sync 3.15.2 * Server: Detailed memory allocation metrics are now counted separately for each tenant in multi-tenancy deployments. (Since 3.13.0) * The server's check of the client specified protocol version (`Sec-WebSocket-Protocol`) was unintentionally lenient. This has now been fixed (https://github.com/realm/realm-sync/issues/2803). * Introduce new metric `.user_sessions,identity=` measuring the number of currently established sessions on behalf of a particular user, where `` is the user identity specified during establishment of the session with all nonalphanumeric characters having been percent encoded. * Detailed memory metrics have been added for the server's work queue, emitted as `.memory,subsystem=worker_queue`. Issue [#2778](https://github.com/realm/realm-sync/issues/2778). * The sync server now shrinks internal scratch memory buffers after performing partial sync. This should reduce sustained high memory usage in multi-tenancy scenarios, but will incur a very slight performance penalty for certain memory allocations. * Statsd metrics receiver will now url-decode label values. * Added a way to disable waiting for realms to synchonize with the server. To disable, set the `DISABLE_SYNCHRONOUS_REQUESTS` env variable to `true`. # Release 3.18.1 (2019-02-04) ### Enhancements * None ### Fixed * Downgrades kubernetes-client dependency to 4.0.1, which will fix startup errors when deploying to kubernetes environments. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * None # Release 3.18.0 (2019-02-04) ### Enhancements * Added support for inverse relationships in the GraphQL service. * Reduced the base memory/CPU usage per active connection. This significantly reduces the resource usage when there are many concurrent connections to the server. * When log compaction expires a client due to that client being offline longer than the server's `historyTtl` setting, the server now also discards metadata(reciprocal history) for that client, further reducing the size of the file. * Log compaction effectiveness has been improved slightly. * Added the ability to use extra worker threads to speed up outward partial sync. This enhancement targets the use case where a few clients do smaller updates, which are then distributed to a large number of listening clients. The number of additional threads are controlled by the configuration parameter `num_aux_psync_threads` (or `numAuxPsyncThreads` via Node.js). * The GraphQL service will now serialize date values in ISO-8601 compatible way. * A new GraphQL configuration parameter is added - `dateModelName` - that allows you to override the default model name used to express date properties. The default value is `Date`, but you can override that if you already have a class called `Date` in your Realm schema. * The GraphQL service now supports runtime configuration changes via the `/__configuration` Realm. Changing the `ServiceConfig.config` value will update the configuration of the GraphQL service with the json deserialized value. In the future, there will be administrative UI to configure that. ### Fixed * None ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Bumped Core dependency to 5.14.0. * Uses sync 3.15.0. * Upgrades to realm-js 2.22.0. * ([Less memory/CPU - Issue #1414](https://github.com/realm/realm-object-server-private/pull/1414)) * ([GrapQL inverse relationships - #1427](https://github.com/realm/realm-object-server-private/pull/1427)) * Clear out the old contents of the download cache before generating new contents. This can make a big difference because the size of that body can be very large (10GiB has been seen in a real-world case). * New boolean server configuration parameter `sync::Configuration::log_to_file`. When the server is launched via Node.js and when `log_to_file` is set to true, log messages will be also written to `/var/server.log` in the local filesystem of the server. * On the server, the beginning and end of the processing of a work unit by the worker thread is now clearly parentherized in the log by `debug`-level messages `Work unit execution started` and `Work unit execution completed`. * Enabled session multiplexing in realmjs binding, cutting down on the number of connections from global notifier. * ([GraphQL ISO-8601 dates - #1435](https://github.com/realm/realm-object-server-private/pull/1435)) * Created a base class - `ConfigurableServiceBase` that can be implemented to enable service configuration changes via the `/__configuration` Realm. Currently only the GraphQL service implements it. ([#1436]https://github.com/realm/realm-object-server-private/pull/1436) # Release 3.17.1 (2019-01-15) ### Enhancements * Reduced the base memory/CPU usage per active connection. This significantly reduces the resource usage when there are many concurrent connections to the server. ([Issue #1414](https://github.com/realm/realm-object-server-private/pull/1414)) * When log compaction expires a client due to that client being offline longer than the server's `historyTtl` setting, the server now also discards metadata (reciprocal history) for that client, further reducing the size of the file. * Log compaction effectiveness has been improved slightly by ensuring that changesets that no longer contain any substantial instructions also do not leave any strings behind. (Issue [#2725](https://github.com/realm/realm-sync/issues/2725)) ### Fixed * Fixes an issue where the GraphQL service would not handle deleting a Realm gracefully and would get "stuck" where no requests would be handled until the server was restarted. On Realm Cloud this would manifest itself in receiving an error 502 after a minute period. ([RaaS#1373](https://github.com/realm/raas/issues/1373), since v3.11.7) ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Bumped Core dependency to 5.13.0. # Release 3.17.0 (2019-01-10) ### Enhancements * Added option for `enable-log-compaction` in Kubernetes environments. ### Fixed * None ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Continuation of: Make `_impl::ServerHistory::verify()` ignore corruptions relating to `history_byte_size`. This is a temporary work-around for a known common source of corruption in server-side files. See [https://github.com/realm/realm-sync/issues/2695](https://github.com/realm/realm-sync/issues/2695). # Release 3.16.6 (2019-01-09) ### Enhancements * The [GraphQL service](https://github.com/realm/realm-graphql-service) has been integrated into ROS and is now part of the built-in services. If you were using the [npm package](https://www.npmjs.com/package/realm-graphql-service) to add it to your deployment, you can remove that from your package.json. If you're using `BasicServer` with the default set of services, the GraphQL service will be added automatically and you can modify the config by providing a `graphQLServiceConfigOverride` to the `server.start` params. If you're using the lower-level `Server` class, you can just update your import statements. ([#1406](https://github.com/realm/realm-object-server-private/pull/1406)) ### Fixed * In very rare scenarios, a client reconnecting to a deleted and recreated server realm could potentially corrupt the realm. This could be observed with an assertion similar to `Assertion failed: !(elem.ref & 7) with (elem.ref) = [5827176170]` or `Assertion failed: m_cf_last_seen_timestamps.size() == m_num_client_files`. (since 3.4.0) * In general, the server reports the total byte size of changesets waiting to be integrated. In the case where a client uploaded bad changesets, all changesets from the client in the work queue are discarded. These discarded changesets were not properly accounted for in the byte size calculation. * Fix a race condition when stopping the sync node server multiple times asynchronously which could produce a segfault or a system error. * Fixes uncaught exception `realm::util::File::PermissionDenied: remove_dir() failed: Directory not empty`. * Sync server's working directory is now protected with a file lock. This prevents accidental overlapping launch of multiple servers for the same working directory, which could otherwise cause corruption. * Fixed an issue where errors from vacuum operations were too verbose. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Updated Sync to 3.14.12 (and thereby Core 5.12.7) * The issues realted to the potential corruption errors fixed are: https://github.com/realm/realm-sync/issues/2654 and potentially https://github.com/realm/realm-sync/issues/2678 * Race condition fix: Issue [#2692](https://github.com/realm/realm-sync/issues/2692) * Uncought exception fix: Issue [#2699](https://github.com/realm/realm-sync/issues/2699, (since sync 3.14.3) * New command line tool `realm-server-precheck`. This command runs the same prechecking process as can be enabled as part of server bootstrapping. # Release 3.16.5 (2018-12-20) Due to a critical bugfix, we recommend upgrading to this version. ### Enhancements * None ### Fixed * A critical bug in the server could lead to wrong conflict resolutions, assertion failures, corrupted intermediate files and potentially lead to a unresponsive server. This bug would particularly manifest itself if two clients are trying to upload incompatible schema changes, but could also occur in other scenarios. (Issue [#2650](https://github.com/realm/realm-sync/issues/2650), since 1.0.0) * Fixed a bug that would cause the server to accept multiple Realms that differ only in casing. These have all pointed to the same physical file on disk, but have caused duplicate entries to be created in the `/__admin` Realm and Studio. (Issue [#1385](https://github.com/realm/realm-object-server-private/issues/1385)) ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Reworked k8s sync worker implementation to inherit the `SyncServiceConfig` to ensure we don't have to add new sync server properties to many different places. Also exposed a function `createSyncServerConfig` that converts `SyncServiceConfig` to `IRealmSyncServerConfiguration`. This function should be used by all sync service implementations to avoid code duplication or inconsistent behavior. ([PR #1386](https://github.com/realm/realm-object-server-private/pull/1386)) * Updated to Sync 3.14.9. * Implemented sync protocol version blacklisting at the sync proxy level. It's configured by the new undocumented `minimumSupportedSyncProtocolVersion` property on the `Server.start` params object. # Release 3.16.4 (2018-12-18) ### Enhancements * None ### Fixed * Deletion of reference Realm file by way of HTTP request no longer leaves any associated partial file behind. Previously, some partial files were left behind, which could easily lead to server crashes with uncaught exception of type _impl::CorruptedPartialFileAssoc. (Issue #2669). * A crash bug was fixed that could be triggered by creating tables and establishing link columns between them without having sufficient permissions to do so. It manifested itself as an uncaught exception of type CrossTableLinkTarget. (Issue #2662, since 3.0.0) * A crash bug could be triggered in some situations by creating, deleting, then recreating tables with primary keys. This could be seen observed as a crash with the message realm::LogicError: Row index out of range. (Issue #2651, since 2.0.0). ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Further enhance command line tool realm-stat. It now reveals additional information from the server-side history compartment: Current sync version, whether file has upstream status, and whether file is initiated as partial view. * Various problems relating to unanticipated fallout from introduction of empty UPLOAD messages. For example, a received empty UPLOAD message was causing too many invocations of outward partial sync for other concurrently connected clients. # Release 3.16.3 (2018-12-17) ### Enhancements * None ### Fixed * Erasing elements in an array of primitives in a Realm being accessed through query-based sync could crash the server with a segmentation fault. (since ROS 3.16.0) ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * None # Release 3.16.2 (2018-12-14) ### Enhancements * None ### Fixed * Fixed an issue in logging where hi-res timestamps were visible, e.g., `log message ... 0=123456 1=789012345`. * Fix of a bug that made the server crash with message: "Assertion failed: m_unblocked_changesets_from_downstream_byte_size == 0". ([#2658](https://github.com/realm/realm-sync/pull/2658)) ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Bumped Sync dependency to 3.14.6. * Bumped Core dependency to 5.12.6. # Release 3.16.1 (2018-12-12) ### Enhancements * None ### Fixed * A segfault related to state size calculation could cause frequent restarts of the server. (Issue [#1374](https://github.com/realm/realm-object-server-private/issues/1374)) * When deleting a reference Realm, partial views associated with it will now be removed. (Issue [#1021](https://github.com/realm/realm-object-server-private/issues/1021)) * Fixed a bug that would prevent a user from logging in with two different authentication providers. This could be observed if two JWT providers were setup and produced identical user ids (e.g. a `user` and `admin` JWT providers where an admin user can login with both) or when users were manually created by calling the `AuthService.createOrUpdateUser` API. (Issue [#1372](https://github.com/realm/realm-object-server-private/issues/1372)) * Fixed several log messages printing not providing contextual variable information. For example, the message "Permissions: The user with ID '%1' is not a member of any roles that have Class-level permissions. This is usually an error." will now print the the user id instead of "%1". * Fixed a an issue that caused the server crash with message: "Assertion failed: m_unblocked_changesets_from_downstream_byte_size == 0". (Issue [#2641](https://github.com/realm/realm-sync/issues/2641)). ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Updated the procedure for releasing hotfix releases. * Updated Realm Sync Server dependency to 3.14.3, using Core 5.12.5. # Release 3.16.0 (2018-12-04) ### Enhancements * The server will now periodically "vacuum" random Realms by freeing unused reserved space and likely reduce the file size on disk. By default, this will happen every 120 seconds, but that can be configured by providing a value for `vacuumIntervalInSeconds` in `server.start()`. If you want to disable the feature, specify a negative value. ([realm-sync/#2497](https://github.com/realm/realm-sync/issues/2497)) * Exposed an endpoint to update the status of users. Currently, only two statuses are supported - `active` and `suspended`. When a user is `suspended`, they won't be able to authenticate against ROS or obtain new access tokens. Their existing access tokens **will not** be revoked, so they will still be able to synchronize until the access tokens expire (typically 6 minutes). ([realm-sync/#2578](https://github.com/realm/realm-sync/issues/2578)) * The log compaction algorithm has been improved, and should produce better results. It should also consume less memory while running. * The error message emitted when trying to open a Realm with an invalid path has been enhanced to provide more relevant information. Previously, the message was a static text, describing all scenarios which could produce invalid Realm paths (it used to start with `path is invalid. It should start with a slash, consist of Latin letters...`) and now it will specify what exactly is wrong with the path, for example: `The path '/~/cæt' (decoded: '/f52bcb1b8dc752ece60db5fe283820df/cæt') is invalid: encountered an invalid segment: 'cæt'. Error: segment is not composed of alphanumeric characters`. ([#1287](https://github.com/realm/realm-object-server-private/issues/1287)) ### Fixed * URL for documentation in the servers home page has been fixed to point to the correct Platform doc page. ([#1153](https://github.com/realm/realm-object-server-private/issues/1153)) * An index out of range error in query based sync is fixed. The bug would manifest itself with a "list ndx out of range" error. * The `LIMIT` predicate was previously run before object level permissions were applied, which could result in less results being returned than were actually available. * If encryption was enabled, decrypted pages were not released until the file was closed, causing excessive usage of memory. Pages are now reclaimed periodically, ensuring that memory usage stays low. * The server will now notify clients that a client reset has occurred, even if the Realm is opened at the time. Previously clients would not be notified until the Realm was closed and reopened. * Fixed an issue that could result in a shutdown of the sync-worker with the message "...PartialSync: Violation of no-merge invariant...". ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * ROS services will now synchronize any data before returning a response to make sure that it has reached the sync workers. This is step 1 of the larger task of enabling high availability and scalability for Core Services. ([#1250](https://github.com/realm/realm-object-server-private/pull/1250)) * Properly handles timestamps in log messages from the sync server. Existing logging implementations do not use the timestamp yet, but will be useful in cloud, where we use a Fluentd-based logger. * Upgraded to Sync 3.14.1 * The SyncService is now instrumented to listen for StatsD metrics of state and file size being emitted by the sync server and writing these to a `/__metrics` Realm. * Permissions corrections would sometimes not be applied to partial views, which could lead to crashes and failure to recover from a crash. * Bump Core dependency to 5.12.3. This version includes improved detection of file corruption. # Release 3.15.0 (2018-11-21) ### Enhancements * Added support for the latest Node.js 10 LTS. * In cases of very high load the server could run out of memory. It's now possible to configure the maximum size of the backlog of changes that the server will accept before it starts rejecting connections. Clients will wait 5 min after a rejection before connecting again. The `SyncServiceConfig.maxUploadBacklog` should therefore be configured so high that the server will be busy handling the queued work for at least 5 min. ### Fixed * Fixed an issue that could cause ROS to unnecessarily delete its entire cache folder when a user is deleted rather than just the files associated with that user. ([#1348](https://github.com/realm/realm-object-server-private/pull/1348), since v3.1.3) * Fixed an issue that would prevent the proxy from connecting to the sync service if a request arrives before the sync service has started. This would have resulted in log messages, similar to `HTTP upgrade failed (service did not respond properly) ... "detail":"Timeout occured upgrading websocket request"`. ([#1349](https://github.com/realm/realm-object-server-private/pull/1349), since v2.0.7) ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Refactored the Jenkinsfile to run tests in parallel. * Use realm-js 2.19.1. * Use realm-sync 3.13.5. * Node 10 support PR [#1347](https://github.com/realm/realm-object-server-private/pull/1347) * Max upload PR [#1345](https://github.com/realm/realm-object-server-private/pull/1345) # Release 3.14.0 (2018-11-16) ### Enhancements * Added two new config parameters - `verifyRealmsAtStart` and `runPrecheckInChildProcess` to replace the now deprecated `skipVerifyRealmsAtStart` and `disablePrecheckInChildProc` in the `SyncService` configuration object. The defaults for the new parameters are `false`, so unless explicitly configured, consistency checks of the partial Realms will **not** be run on startup. The old parameters will continue to be respected but will be removed in a future version. ([#1338](https://github.com/realm/realm-object-server-private/pull/1338)) * Expose `SyncServiceConfig.maxFilesInCache` to control the max number of files that will be kept in the sync server cache. ([#1340](https://github.com/realm/realm-object-server-private/issues/1340)) ### Fixed * Clarified the wording around an error that was occasionally being logged at a `warn` level with a message starting with `Internal sync error`. The error message now starts with `Unable to connect to a Realm` and there's a clarification that this is a transient error that the server will recover automatically from. Also, reduced the log level to `detail` to properly reflect the ephemeral nature of the error. ([#1291](https://github.com/realm/realm-object-server-private/issues/1291)) ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Upgraded to Sync 3.13.4 * Fixed linking problem with Node.js 10 on Linux, where internal calls in our statically linked OpenSSL would collide with (newer) OpenSSL symbols from Node.js 10. Node.js 10 upgraded their dependency on OpenSSL to 1.1.x, but we are still using OpenSSL 1.0.2k, and they are not ABI-compatible. The problem was fixed by statically linking with an OpenSSL that was built with -fvisibility=hidden. # Release 3.13.1 (2018-11-12) ### Enhancements * None ### Fixed * When using query-based sync, fatal error messages in the server log containing `name=realm::_impl::CorruptedPartialFileAssoc, message=Expired reference version` could be seen. This situation could be experienced if a reference file was accessed both through query-based sync and regular sync (i.e., through Realm Studio), and the server decided to perform log compaction on the reference file. This has now been fixed. * A set of bugs that could lead to bad changesets were fixed. An example of an assertion, caused by these bugs, is: `[realm-core-5.10.0] Assertion failed: ndx < size() with (ndx, size()) = [742, 742]`. An example of an error in a log file, caused by these bugs, is: `ERROR: Client[1]: Connection[1]: Session[14]: Failed to parse, or apply received changeset: ndx out of range`. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Added handling of the `realm.memory` metric emitted by sync. * Bumped sync to 3.13.3 (and core to 5.12.1) * Bumped JS to 2.19.0 # Release 3.13.0 (2018-11-06) ### Enhancements * None ### Fixed * Fix some cases where a ROS cluster on top of Consul will return `503 Service Unavailable` responses even though there was nothing wrong. Additionally, we've added more information when returning 503 responses, so it's easier to diagnose which service is causing problems. * The Realm Object Server will now store all Realms it opens under the `data/realms` folder. Previously it stored some of the files under the documents folder of the currently logged in user or in the `Realm Object Server` folder where ROS is running from. The Realms in the old location (`Documents/Realm Object Server` and `ROS-install-folder/Realm Object Server`) can be safely deleted to reclaim some space. ### Breaking changes * None ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * AT&T 503 errors - https://github.com/realm/ros-enterprise/issues/138 * Fixed handling of a "Status" event from Kubernetes API when watching a resource. * Added metric for tracking authentication requests by identity and provider * Added an endpoint to trigger manual Realm file/state size computation by the sync server: `/realms/calculate-size/:realmPath`. ([#1309](https://github.com/realm/realm-object-server-private/pull/1309)) # Release 3.12.4 (2018-10-25) ### Enhancements * Reduced verbosity of some log messages. ### Fixed * A bug in log compaction of link lists was fixed. This bug would lead to errors of the type "index out of range" or "ndx < size()". ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Upgraded to realm-sync 3.12.10 (including core 5.11.3) * Added support to the server for blacklisting of client files. Client file blacklists are loaded from `/client_file_blacklists` when the server is started. See [Client file blacklisting](https://github.com/realm/realm-sync/blob/develop/doc/blacklisting.md) for further details. * Allow for the triggering of Realm state size reporting in the server to be specified as a time of day (number of milliseconds after midnight UTC). * When the server is launched via the Node.js API, the default action during Realm state size recomputation and reporting is to skip files that are not already open in the LRU file access cache of the worker thread. * The synchronization server now logs client information for every initiated session, including the user agent description. # Release 3.12.3 (2018-10-18) ### Enhancements * Added annotation to pause the sync server in a Kubernetes environment. To pause the server, add an annotation to the endpoints resource: `sync.realm.io/pause: "true"`. ### Fixed * None ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * None # Release 3.12.2 (2018-10-18) ### Enhancements * Added `syncServiceConfigOverride` callback to `BasicServer`'s start params to allow customizing the default values for the sync service config properties without having to add all services manually. ([#1303](https://github.com/realm/realm-object-server-private/pull/1303)) ### Fixed * Added ability to override `enableRealmStateSizeReporting` setting to `false` using an endpoints annotation. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Added `skipVerifyRealmsAtStart` and `disablePrecheckInChildProc` properties to the `SyncServiceConfig`. These are currently undocumented because modifying the default values is discouraged. ([#1303](https://github.com/realm/realm-object-server-private/pull/1303)) # Release 3.12.1 (2018-10-17) ### Enhancements * The vacuum command is enhanced to take options history-type and bump-realm-version. ### Fixed * Avoid crashing the server when compaction is requested for a file whose history type is not yet set to server (https://github.com/realm/realm-sync/pull/2492). ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Use sync 3.12.9: * Avoid conflation of release and debug-mode builds of command line tools as they are included in the server NPM package. Now, command line tools that are built in debug mode have a -dbg suffix. Before they did not, which meant that one would clobber the other as they were placed in the server NPM package. * New StatsD metric .realms.all (gauge) reports the total number of server-side Realm files in the servers working directory. It is emitted when the server starts, and thereafter, whenever it changes. * Improve the logging for the exception for 'bump realm version' for plain and client Realms. * Command-line tool realm-stat improved in several ways. * The Vacuum options get a new property "history_type" that can be used to force a specific Realm history type instead of auto detection. The sync server uses this option. * Auto detection of history type is disallowed in compact for Realms with history type None and version = 1. # Release 3.12.0 (2018-10-17) ### Enhancements * Enabled user impersonation when opening Realms on the server. You can now open a Realm with a particular user rather than the admin user. This can be useful when opening partial Realms as object-level permissions are not applied to admin users. ([#1295](https://github.com/realm/realm-object-server-private/pull/1295)) ### Fixed * None ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * REMEMBER TO COPY FROM PREVIOUS RELEASE! ### Internals * None # Release 3.11.9 (2018-10-16) ### Enhancements * Various log messages, that are emitted by the server when the access token has expired, are now emitted at detail level, rather than at error level. Since it is impossible to avoid all such cases, they should not be considered as errors (https://github.com/realm/realm-sync/issues/2455). * Extended typescript definition for IRealmSyncServerConfiguration to accept the skipVerifyRealmsAtStart option, which defaults to false when omitted. ### Fixed * Metric .authentication.failed was sometimes incremented twice where it should only have been incremented once (https://github.com/realm/realm-sync/issues/2455). ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Include command-line tools realm-stat and realm-verify-server-file in sync server NPM package. # Release 3.11.8 (2018-10-15) ### Enhancements * Added a counter named `ros_sync_proxy_backend_connection_errors`, which indicates the number of accumulated backend connection errors in the SyncProxyService. ### Fixed * None ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * The sync server command gets an option to include time stamps in log messages. * The node.js server gets an option called `logIncludeTimestamp` to include time stamps in messages. * New command line options --precheck-in-child-proc and --precheck-command-path added to Realm server command (realm-sync-worker). * Significant speed-up of prechecking many partial files associated with the same reference file, but only in the case where "precheck in child process" is not enabled (https://github.com/realm/realm-sync/pull/2465). * New command line tool realm-verify-server-file, which opens the specified file with server-type history plug-in, and then calls realm::Group::verify() in a read transaction. * Make it possible to request compaction of individual files through HTTP. The request path is /api/compact. If is the empty string, then the request is for all Realm files to be compacted (consistent with prior behavior). Otherwise, the request initiates compaction of the Realm file specified by . In any case, the server will respond with 200 "OK" when the requested compaction process is complete. Please note, due to limitations at the core level in the conditions under which compaction can be performed, compaction takes place on the network event loop thread of the server. For that reason, the server becomes completely unresponsive while compaction is in progress. This was true, and remains true for now. * Core updated to 5.11.3 (includes new assertions in release mode) # Release 3.11.7 (2018-10-10) ### Enhancements * Some adjustments were made in the configuration of Prometheus Metrics: * Ensure that recently-added metrics are named with `ros_sync_` prefix * Adjusted bucket intervals for `ros_sync_precheck_time_ms` to more appropriate values, ranging from 1s to 16m * The sync server logs the maximum number of open files on start-up. * The sync server node wrapper logs an error message on catching a fatal error and sleeps for two seconds to increase the chance that the log message is emitted before the process aborts. * Added maxOpenFiles to the typescript sync server configuration. ### Fixed * The server is now able to handle recreating users with the same id (e.g. by using the JWT provider). This was previously not supported and would have resulted in receiving a message like `Client reset occurred for Realm at path ***. Shutting down preemptively` followed by a server shutdown. (Issue [#1255](https://github.com/realm/realm-object-server-private/issues/1255), since v2.0) * The default action of the sync server node wrapper on an uncaught exception is to abort instead of exit(1). ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Prevented realm-js metrics collection by defining `REALM_DISABLE_ANALYTICS = 1` in `realmUtil.ts`. * Updated to realm-js 2.19.0-rc.1. * Updatd Sync to 3.12.5 # Release 3.11.6 (2018-10-05) ### Enhancements * The implementation of the merge algorithm has been made more efficient. * New StatsD metric .precheck_time (timing) emitted on completion of the server file prechecking process. It is the time taken, in milliseconds, by that prechecking process. ### Fixed * None ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * If too many server files fail the prechecking step, the server will not start. The limit on the number of files has been raised from 10 to 50 to accommodate a case where 17 files failed the precheck step. * Prechecking with partial sync enabled is now much more efficient in the case where nothing has changed in the partial file since the previous prechecking round. * The time taken by the server file prechecking process is now logged. * During server file prechecking, a progress message is logged once every 5 minutes. * Bumped Sync dependency to 3.12.4 (with new Core 5.10.3). # Release 3.11.5 (2018-10-04) ### Enhancements * Performance improved when merging changes on the server. * Reduced file size of server side realms. ### Fixed * A bug was fixed where load-balanced installations would not properly place partial Realms on the same sync worker as its reference realm. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Sync 3.12.3: A "dirty" flag was added to the Changeset class. When the merge algorithm modifies a changeset, it is marked as dirty. Non-dirty changesets are not persisted in the reciprocal history. This should reduce write-load when integrating remote changesets, and in turn reduce Realm file sizes, especially on the server. # Release 3.11.4 (2018-10-03) ### Enhancements * Improved performance of the sync server partial sync precheck. ### Fixed * None ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Outward partial synchronization is no longer performed during prechecking of server files (boot-up consistency checker), only inward partial synchronization. This is expected to drastically reduce the prechecking time in cases where partial sync is enabled as part of the prechecking step. # Release 3.11.3 (2018-10-03) ### Enhancements * None ### Fixed * Fixed an issue were statsd metrics from the syncWorker were not being picked up by ROS. The issue could be observed when the hostname of the system was fully-qualified, e.g., "sync.example.com". ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * None # Release 3.11.2 (2018-10-02) ### Enhancements * Added debouncing of warning messages for unexpected metric types. Previously, emitting statsd metrics that ROS isn't configured to handle would result in a flood of warnings of the type `Unexpected counter named "some-name"`. Now we'll emit those at most once every minute to make sure they don't drown other important information in the logs. (Issue [#1249](https://github.com/realm/realm-object-server-private/issues/1249), since v3.1.4). * At start, the sync server logs at info level whether encryption is enabled. In case encryption is enabled, a fingerprint of the key is logged. * The sync server stores an encryption key fingerprint in a file with path root_dir/encryption_key_fingerprint. The server will only start if the configured encryption key matches the fingerprint. This change makes the server robust against a situation where a misconfigured encryption key, in combination with the consistency checker could lead to data loss. * The sync server keeps track of the size of pending uploaded changesets. The server logs and emits metrics every time the size of pending changesets change. The metric is a gauge with key "upload.pending.bytes". * The sync server reports the total time from receiving an uploaded changeset until it has been processed. If multiple changesets are pending simultaneously, the longest time is reported. The times are logged and emitted to metrics. The metric is a timer with key "upload.processing". * If configured, the server performs a consistency check of its Realms at start up. The consistency check is now done using multiple operating system processes in order to increase the robustness of the check; if a consistency check crashes in a worker process, the surviving main process will continue the check. ### Fixed * A bug has been fixed in the OT merge algorithm that could lead to errors such as BadChangesetError, particularly on clients using query-based sync. ### Compatibility * Server API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the ROS 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Uses sync server 3.12.0 # Release 3.11.1 (2018-09-20) ### Enhancements * None ### Fixed * Fixed a bug that could result in `PartialSync: Violation of no-merge invariant: ...` errors on the server (uncaught exception). (Since v3.10.0). * The consistency checker now correctly handles partial realms when realm encryption is enabled. (Since 3.10.3). ### Compatibility * API's are backwards compatible with all previous ROS releases in the 3.x series. * The server is compatible with all previous [SDKs supporting the server 3.x series](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see https://docs.realm.io/platform/self-hosted/installation for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Updated to Sync 3.10.1 # Release 3.11.0 (2018-09-17) ### Fixed * Fixed a bug with query-based sync where when performing a query that would return a very large (>4 GB) resultset the server could crash with `std::runtime_error("Compression error")`. This issue has been present since Realm Object Server 3.0. * Crashes related to changeset processing when using query-based sync have been fixed. ### Enhancements * Clients using protocol version >=25 now always report download progress to the server, not only when they make writes. This allows the server to do history compaction much more aggressively, especially when there are many clients that rarely or never make writes. The server considers doing history compaction when an actual change is uploaded to the server. (Issue [#127](https://github.com/realm/realm-object-server/issues/127) ### Breaking changes * None ### Compatibility **NOTE:** While the server is backwards-compatible with clients using protocol version 24 or below, clients at version 25 are not backwards-compatible with a server at protocol version 24. So the server must be upgraded to this version before any clients are upgraded. See more about which SDK version supports sync protocol 25 here: [Version Compatibility for ROS 3.x](https://docs.realm.io/platform/using-synced-realms/troubleshoot/version-compatibilities). ### Installation & rollback instructions Please see the [Realm Docs](https://docs.realm.io/platform/self-hosted/installation) for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Upgraded to Sync 3.10.0. # Release 3.10.7 (2018-09-11) ### Breaking changes * None ### Bugs fixed * Removed some redundant retry logic in the internal HTTP clients that could cause up to 6 seconds delay in responding to some HTTP requests. * Fixed a bug that could cause the server to preemptively terminate when a user (and their Realms) is deleted. This may have been experienced by observing messages like: `Client reset occurred for Realm at path /some-path/__perm. Shutting down preemptively` in the server logs. Issue reference: https://github.com/realm/realm-object-server-private/issues/1199. The issue has been present since version 2.0. ### Enhancements * None ### Installation & rollback instructions Please see https://docs.realm.io/platform/self-hosted/installation for installation, upgrade and rollback instructions. ### Notable known issues * Clients that never write to a Realm but connect to it often (e.g. a scenario where a single producer publishes updates to many read-only clients) will prevent the history compaction algorithm from ever compacting this Realm's history. A workaround is to have them write a dummy update every once in a while with frequency of a magnitude similar to the history time to live value. For example, if the history time to live is set to 30 days, read-only clients can be modified to write a dummy value every day. Then you'll have at most 31 days of uncompacted history. A fix will be released soon. * If a single transaction is larger than 4 GB, the server can crash. * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * None # Release 3.10.6 (2018-09-10) ### Breaking changes * The function `loadFeatureToken` has been removed. It has had no effect and has been deprecated since version 3.0. ### Bugs fixed * 3.10.0 introduced a change that forced ROS components to communicate over HTTPS when ROS itself was configured for HTTPS. However, on single-node deployments this caused communication to fail with hostname validation errors when the used SSL certificate was not valid over the loopback interface or `listenAddress` did not match the DNS name in the certificate. The fix is to not enable HTTPS communication between components by default. This feature is now enabled by setting the `httpsForInternalComponents` configuration option to `true` instead. * Fixed a crash with sync client HTTP requests with a malformed `Content-Length` header. Such will now correctly result in responses with status code 400. ### Enhancements * None ### Installation & rollback instructions Please see https://docs.realm.io/platform/self-hosted/installation for installation, upgrade and rollback instructions. ### Notable known issues * Clients that never write to a Realm but connect to it often (e.g. a scenario where a single producer publishes updates to many read-only clients) will prevent the history compaction algorithm from ever compacting this Realm's history. A workaround is to have them write a dummy update every once in a while with frequency of a magnitude similar to the history time to live value. For example, if the history time to live is set to 30 days, read-only clients can be modified to write a dummy value every day. Then you'll have at most 31 days of uncompacted history. A fix will be released soon. * If a single transaction is larger than 4 GB, the server can crash. * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. * Server side Realm files do not compact automatically. The standalone commandline tool "realm-vacuum" can be manually executed to compress free space and old history (See https://docs.realm.io/platform/self-hosted/manage/server-side-file-growth#vacuum-utility). ### Internals * Removed the exposed /stats/report-realm-state-size endpoint from the StatsService that triggered recomputation of Realm state sizes, this was never announced as a public API and Studio (which was the only consumer) is no longer using it. * Update to Sync 3.9.9 # Release 3.10.3 (2018-09-03) ### Breaking changes * None ### Bugs fixed * None ### Enhancements * The server can now encrypt its realms with an encryption key passed in the `realmsEncryptionKey` configuration property. ### Installation & rollback instructions **WARNING**: A server with encrypted realms cannot be rolled back to an older version! Please see https://docs.realm.io/platform/self-hosted/installation for installation, upgrade and rollback instructions. ### Notable known issues * Encrypting existing realm files is not possible. Only fresh deployments with zero state can use realms encryption. We're working on a migration path for existing deployments. ### Internals * `KubernetesCoreServices` and `KubernetesSyncWorkerGroup` understand the `REALMS_ENCRYPTION_KEY` environment variable. When set, it must be a base64-encoded 64 bytes long byte array. # Release 3.10.2 (2018-08-31) ### Breaking changes * None ### Bugs fixed * Fixed the consistency checker such that it does not crash on empty partial Realms. ### Enhancements * None ### Installation & rollback instructions Please see https://docs.realm.io/platform/self-hosted/installation for installation, upgrade and rollback instructions. ### Notable known issues * None ### Internals * Updated to sync 3.9.4 # Release 3.10.1 (2018-08-29) ### Breaking changes * None ### Bugs fixed * Adding a table and creating a subscription for it without having permissions to create the table could result in a `CrossTableLinkTarget` exception being thrown by Core. * Outward partial sync was fixed to handle the case where temporary link targets have been previously deleted in the reference Realm. This bug could lead to crashes and error messages of type `index out of range` or an assertion of the form `ndx < m_size`. This bug could explain many of the `index out of range` crashes that have been seen. This bug has not led to bad changesets being generated, which means that there should be no remnants of the bug in existing Realms. ### Enhancements * None ### Installation & rollback instructions Please see https://docs.realm.io/platform/self-hosted/installation for installation, upgrade and rollback instructions. ### Notable known issues * None ### Internals * Updated to Sync 3.9.2. # Release 3.10.0 (2018-08-27) ### Breaking changes * None ### Bugs fixed * None ### Enhancements * The sync worker has been upgraded to a multithreaded architecture. It now has two major internal threads, a networking event loop thread, and one worker thread for performing potentially long-running tasks. This improves the responsiveness of the server while executing larger queries. * The sync worker now uses an adaptive scheme for caching and reusing query results, which improves query time and decreases load on the server. ### Installation & rollback instructions Please see https://docs.realm.io/platform/self-hosted/installation for installation, upgrade and rollback instructions. ### Notable known issues * None ### Internals * Refactored the internals of `KubernetesSyncWorker` to be a bit more straightforward. Each evaluation of the endpoints object will result in a new sync server configuration. This configuration is compared to the current one in order to determine if the server should be restarted. * Configuration options can be read from the endpoints object's annotations when they are not overridden by the constructor. These options are: * `sync.realm.io/log-level` (string) * `sync.realm.io/enable-download-log-compaction` (boolean) * `sync.realm.io/max-download-size` (integer) * `sync.realm.io/enable-debug-mode` (boolean) * `sync.realm.io/history-ttl` (integer) * `sync.realm.io/history-compaction-interval` (integer) * When the server is configured for HTTPS, its internal components will communicate over HTTPS in both single-node and multi-node deployments. # Release 3.9.17 (2018-08-24) ### Bugs fixed * Fixed a bug that could occasionally cause the PermissionService to take longer than 30 seconds to start, resulting in the server terminating with a timeout error. * Fixed a bug that would prevent the error details to be logged when a permission-related error occurs. Previously, we would log just `An error occurred while executing GN callback`, whereas now the full error details will be logged as well. ### Internals * Added docs for BasicServer. # Release 3.9.13 ### Bugs fixed * None ### Enhancements * Added `enableDebugMode` option to KubernetesSyncWorker ### Internals * Upgraded sync server to 3.8.13 * [3.8.10] Fixed distinct queries with partial sync (broken in 3.6.0). * [3.8.10] Exposed SSL-related configuration options in the Node.js API. * [3.8.11] Improved `realm-stat` command line tool. Extra robustness, and now also revealing history type and history schema version. * [3.8.12] Fix not flowing endpoint and SSL settings from the CLI to the runtime configuration in the Node.js server binding. * [3.8.13] NodeJS package now allows catching fatal errors from the sync server binding, using the `errorCallback` configuration option. * [3.8.13] NodeJS binding is now bundled with both release and debug builds. The build can be chosen at runtime using the new `enableDebugMode` option to RealmSyncServer. # Release 3.9.12 ### Bugs fixed * None ### Enhancements * Added `startedAt` property to KubernetesSyncWorker * Improved logging around fatal sync worker errors. ### Internals * None # Release 3.9.11 ### Bugs fixed * [Sync] Fixed a bug with with the server bootup consistency checker. ### Enhancements * None ### Internals * None # Release 3.9.10 ### Bugs fixed * Fixed a failure in the `PrometheusStatsStorage` where url creation threw an error when running on Node.js v6. ### Enhancements * The server can now be started with a `StatsdStatsSink` as `StatsSink`. When doing this any statistics captured by the server and its sync workers will be send as UDP packets to a predefined UDP socket. This enables a better integration into environments where statistics are aggregated via StatsD. * [Sync] Added more logging around the detection of invalid partial realms about to be renamed as "inconsistent". The error causing the inconsistency was previously swallowed. * [Sync] Fixed a bug which could result in memory corruption and crashes. ### Internals * None # Release 3.9.9 ### Bugs fixed * None ### Enhancements * None ### Internals * Enables the StatsService to be extended to filter for certain additional labels on a per-request basis. # Release 3.9.8 ### Bugs fixed * The StandaloneStats (used when running ROS in the single-process mode) was not checking label names correctly. * ROS would crash if receiving a stat with an unexpected "path" label for the newly added realm_state_size metric. ### Enhancements * None ### Internals * None # Release 3.9.7 ### Bugs fixed * None ### Enhancements * None ### Internals * Exposing a way to configure the sync worker with Realm size reporting enabled by default. # Release 3.9.6 ### Bugs fixed * None ### Enhancements * None ### Internals * `PrometheusStatsStorage` implements the `StatsStorage` interface and allows admin users to query instant values statistics through the `/stats/instant` endpoint, when ROS is running with the `PrometheusStatsSink`. # Release 3.9.5 ### Bugs fixed * Updated to Sync 3.8.5 * Fixed a bug that would result in the server crashing with `std::bad_alloc` in the error message. ### Enhancements * None ### Internals * None # Release 3.9.4 ### Bugs fixed * None ### Enhancements * ROS can now be started with an option (--realm-size-reporting when started on the CLI and `enableRealmSizeReporting` when starting the server programmatically) to periodically (currently every 30 minutes) emit stats about the size of the data of realms stored on the server. These can be read by admin users via a new `/stats/instant/{metricName}` HTTP endpoint. * Update to Sync 3.8.4. * Improved the average memory usage during merge. * Fixed another memory bug related to stray iterators while iterating in the merge algorithm, which could lead to memory corruption, changeset corruption, and crash the server/client. * Optimized ChangesetIndex when merging changesets that mention a large number of objects. ### Internals * None # Release 3.9.3 ### Bugs fixed * ROS will no longer initialize new projects with the latest version of ROS by default. Instead, it will use the version of the globally installed package. If you want to initialize a project with the latest version of ROS, you can use `ros init my-project --latest`. ### Enhancements * Allow `ros init` to be run without an argument from an empty folder. In this case, it will initialize the project in the current folder. ### Internals * Accept sync server metric `connection.term.superseded_session`. * Add `ros_sync_conn_term_superseded_session` graph to `helm/realm-object-server/grafana/dashboards/realm-object-server-stats.json`. * Further improve CPU and memory utilization graphs in `helm/realm-object-server/grafana/dashboards/realm-object-server-stats.json`. * Updated sync to version 3.8.1: * Updated Core dependency to 5.7.2. * Several bugs have been fixed in the merge algorithm that could lead to memory corruption and crash the server with errors like "bad changeset" and "unreachable code". * It is made possible to start a new HTTP request in the completion handler for the previous HTTP response. * A client session could get enlisted to send while it was already enlisted to send (request REFRESH message before reception of IDENT message). * Make it possible to use util::make_thread_exec_guard() without a stoppable parent. * Sync server now logs a message at info level when it is shut down gracefully. The message is Realm sync server stopped. * Detect violations of the "no merge during partial synchronization" invariant. * When integration of an uploaded changeset fails, log enough information about the failure to allow the failure to be reproduced using a copy of the target Realm file plus the realm-merge-changeset-into-realm command line tool. # Release 3.9.2 ### Bugs fixed * None ### Enhancements * Added two parameters - `shouldCompactRealmsAtStart` and `shouldPerformPartialSyncAtStart` that control whether the server will compact the Realms and do a complete partial sync during initialization. Compacting the Realms may reduce the disk space they use, while performing partial sync will detect inconsistencies in the partial Realms and correct them at the cost of incurring a client reset for the clients that used to synchronize against an inconsistent Realm. It is recommended that they are set to `false` (or left undefined) unless you are experiencing Bad Changeset errors or excessive disk usage. ### Internals * Updated dependencies to non-deprecated versions. * Updated to Sync 3.8.0. # Release 3.9.1 ### Bugs fixed * None ### Enhancements * None ### Internals * Upgrade to realm-sync 3.7.0. * Improved performance of creating objects with string primary keys. * After performing partial synchronization, activate backup after any change in a Realm file, not just when a new history entry is added. * Query-based sync has been greatly optimized, and should be faster under almost all workloads. * Improved the performance of setting a link to its current value. * Improved the performance of very large transactions, e.g. ones created by the SQL loaders. # Release 3.9.0 ### Enhancements * Added an optional `allowAnonymous` argument to route decorators. If not specified on the route level, the service-level value will be used. To specify it for individual route, use the following syntax: ```ts @Get("/some-path", /* allowAnonymous */ true) public unauthorizedFunction() {} ``` The route-level value, if specified, will override the service-level value. To specify it at the service level, use the following syntax: ```ts @BaseRoute("/my-service", /* allowAnonymous */ false) export class MyUnauthorizedService {} ``` The default value for the service decorator is `true`, meaning ROS will not enforce authorization requirements by default. ### Internals * Expose a config option in the HealthService to allow it to mark its traffic as ignored. * Don't automatically add `__admin` to internal identities. ### Breaking changes * When an authorization header is not specified, the HTTP response will now be `401 Unauthorized` rather than `403 Forbidden`. # Release 3.8.1 ### Bugs fixed * The PermissionsService will wait for the wildcard permissions Realms to be created. ### Enhancements * Exclude internal traffic (e.g. ROS-to-ROS or health checks on Cloud) from traffic metrics. ### Internals * None # Release 3.8.0 ### Bugs fixed * None ### Enhancements * None ### Internals * None # Release 3.7.0 ### Bugs fixed * None ### Enhancements * Added `historyTtl` and `historyCompactionInterval` options to KubernetesSyncWorker * An endpoint for compacting all Realms on the sync server. A POST request to "/realms/compact" with an admin user token will make ROS connect to all backend sync servers and send them a "/api/compact" HTTP request that instructs them to compact all Realms. ### Internals * Updated to realm-sync 3.5.8. # Release 3.6.12 ### Bugs fixed * Fixed a bug that could result in a crash with the message "bad changeset error". ### Enhancements * None ### Internals * Updated to realm-js 2.8.5 and realm-sync 3.5.5. # Release 3.6.11 ### Bugs fixed * Fixes an unhandled promise rejection in kubernetes/ResourceWatcher * Adds delay to reconnection attempts in kubernetes/ResourceWatcher ### Enhancements * None ### Internals * Update to realm-js 2.8.4 and sync 3.5.4. * Upgraded Core dependency to 5.6.2, including the fix for very large freelists. # Release 3.6.10 ### Bugs fixed * The server will now proactively crash on client reset rather than go into a non-deterministic state. ### Enhancements * None ### Internals * None # Release 3.6.9 ### Bugs fixed * Fix `404 Not Found: realm-sync-server` errors when installing. ### Enhancements * None ### Internals * Removed the mechanism to bundle `realm-sync-server`. It's installed as a regular URL dependency now. # Release 3.6.8 ### Bugs fixed * Not supplying `baseUrl` in the `BasicEmailHandlerConfig` will no longer result in an exception being thrown. * Fixed a problem which would sometimes cause `bad permission object` and `bad changeset errors`. ### Enhancements * None ### Internals * None # Release 3.6.7 ### Bugs fixed * Fixed an issue that would cause the `@Next` annotation to pass in an invalid argument. ### Enhancements * None ### Internals * None # Release 3.6.6 ### Bugs fixed * None ### Enhancements * Exposed history log compaction configuration options. The BasicServer config object now has `historyTtl` property to configure the time after which history entries will expire and be eligible for compaction (default is infinite). The `SyncService` configuration object has that as well as `historyCompactionInterval` (to control at what intervals the compaction algorithm will be run, default 3600) and `enableLogCompaction` (to disable the algorithm altogether, default is enabled). ### Internals * None # Release 3.6.5 ### Bugs fixed * `RealmDirectoryService` will initialize the Default Realm only once. This prevents extensively long ROS startup times when the default Realm contains a lot of data. ### Enhancements * None ### Internals * None # Release 3.6.4 ### Bugs fixed * KubernetesSyncWorker: add delay between endpoints updates to work around an issue in kube-router ### Enhancements * None ### Internals * None # Release 3.6.3 ### Bugs fixed * None ### Enhancements * None ### Internals * None # Release 3.6.2 ### Bugs fixed * None ### Enhancements * None ### Internals * Add TestServer to the package.json files glob again. # Release 3.6.1 ### Bugs fixed * None ### Enhancements * None ### Internals * Update dependency versions to fix npm security audit warnings. * Bring back 'TestServer' as a named export of this package. Rework the way tests receive the feature token so that it does not leak with 'TestServer'. # Release 3.6.0 ### Bugs fixed * Don't keep the default Realm open for the duration of running the server. ### Enhancements * The SyncService will always emit sync worker stats to the server's stats sink now. * Expose `PrometheusStatsSink` on the `stats` export for easier importing. * If `BasicServer` doesn't finish starting in a set time crash the process. ### Internals * Update to realm-js 2.7.0. # Release 3.5.2 ### Bugs fixed * Fixes an error being reported about WildcardPermissionsRealm missing on bootup. * Fixes an issue that could make the server unresponsive after deleting Realms or users. ### Enhancements * Added option for enableDownloadLogCompaction in KubernetesSyncWorker ### Internals * Updated to realm-js 2.6.0. * Change the log level of open files to debug. * Let BasicServer use SYNC_WORKER_FEATURE_TOKEN environment variable. # Release 3.5.1 ### Bugs fixed * Exposed API for setting the feature token. ### Enhancements * None ### Internals * None # Release 3.5.0 ### Bugs fixed * None ### Enhancements * The developer edition has been disabled. A feature token must be supplied to use the server. * Backup has been enabled for partial sync. ### Internals * Uses realm sync server 3.5.0 # Release 3.4.5 ### Bugs fixed * Ensures that all system realms use the "default" sync label in order to avoid race conditions on startup ### Enhancements * None ### Internals * None # Release 3.4.4 ### Bugs fixed * KubernetesSyncWorker: Adds a workaround for a bug in kube-router, which can cause intermittent connection failures to sync workers. ### Enhancements * None ### Internals * None # Release 3.4.3 ### Bugs fixed * Fixed a bug that caused Realm files created with legacy ROS versions to be inaccessible for non-admin users. * Kubernetes API requests will be retried when they receive HTTP status code 429 (Too many requests) ### Enhancements * None ### Internals * None # Release 3.4.2 ### Bugs fixed * None ### Enhancements * KubernetesSyncWorker can now operate without synchronous backup when run with a single replica ### Internals * None # Release 3.4.1 ### Bugs fixed * None ### Enhancements * None ### Internals * Changed the working dir of the public docker image so that it works with our helm charts * Fixed a couple of typos in the helm chart README # Release 3.4.0 ### Bugs fixed * Make sure node.js server addresses have type AddressInfo. ### Enhancements * None ### Internals * Uses realm sync server 3.4.0 # Release 3.3.0 ### Bugs fixed * None ### Enhancements * Expose API to enable admin users to convert between Realm types (`PATCH realms/files/:path`). * Throw a more meaningful error when attempting to open a Realm with the incorrect type. * Include the ROS version in the `/health` response. * Uses realm-sync-server 3.3.0 ### Internals * Accept and transform StatsD metrics for connection termination reason breakdown. ### Breaking Changes * Removed the ability to migrate data from ROS 1.x instances. If you need to migrate such an instance, install ROS 3.1.8 first, execute the migrations, then upgrade to the latest ROS version. # Release 3.1.8 ### Bugs fixed * Uses realm-sync-server 3.2.2, which should fix statsd ### Enhancements * None ### Internals * Additional fixes for race conditions in kubernetes sync failover # Release 3.1.7 ### Bugs fixed * None ### Enhancements * None ### Internals * Updated Sync to 3.2.1 # Release 3.1.6 ### Bugs fixed * Uses realm-sync 3.1.1, which fixes statsd output ### Enhancements * None ### Internals * Fixes required for using kubernetes-native servers in cloud # Release 3.1.5 ### Bugs fixed * None ### Enhancements * None ### Internals * Backported kubernetes-native classes to this repo # Release 3.1.4 ### Bugs fixed * None ### Enhancements * None ### Internals * None # Release 3.1.3 ### Bugs fixed * RealmFactory will now force close Realms on user deletion. ### Enhancements * Drastic performance improvements in certain worse case schema merge computations. ### Internals * Updated Sync to 3.1.0. # Release 3.1.2 ### Bugs fixed * None ### Enhancements * None ### Internals * None # Release 3.1.2-beta.1 ### Bugs fixed * Fixed a bug that caused an invalid provider configuration to prevent ROS from initializing. ### Enhancements * None ### Internals * None # Release 3.1.1 ### Bugs fixed * None ### Enhancements * None ### Internals * None # Release 3.1.0 ### Bugs fixed * None ### Enhancements * None ### Internals * None # Release 3.1.0-rc.1 ### Bugs fixed * Proper HTTP responses after Upgrade failures. * npm will no longer try to download dependencies that are already bundled when installing `realm-object-server`. ### Enhancements * Improvements to Winston-based loggers: * `WinstonLogger` now exposes its internal winston logger instance, allowing for customization such as adding more transports. * `ConsoleLogger`, `FileLogger`, and `FileConsoleLogger` gained new parameters on their constructors for the winston transport options. * Each incoming request gets a UUID for tracking. * Trace level logging of HTTP requests and responses. * Added `forceCodeConfig` on the `IAuthProviderConfig` interface to allow marking certain providers as protected, ensuring that their configuration is reset upon ROS restart. * `ros init`-created apps get file logging enabled by default. * The `%BASE_URL%` template variable will no longer contain trailing slashes. ### Internals * `ServiceClientBase` will now retry requests only on 404 and 502-504 responses. * HTTP Response header changed to "Server: Realm-Object-Server/VERSION" * Removed X-Powered-By: Express # Release 3.0.0 ### Breaking Changes * Using realm-sync 3.0 with protocol breaking changes. This release is protocol backwards compatible with existing SDKs when syncing "full-realm" Realms, but requires the following versions when using partial sync: - Java: 5.0.0 - Cocoa: 3.2.0 - Javascript: 2.3.0 - .NET: 2.2.0 - will be released soon. * `SyncService`'s `dataPath` configuration property is now deprecated and will be removed in a future version. The current default value of './sync' (relative to the server's `dataPath`) will be used after the removal. * A new default realm is created by the server and given the sync path "/default". The default Realm only contains a schema version right now. Later it will contain the data currently in the admin Realm and other internal Realms. * Server Realms are grouped into three types: "full-realm", "reference-realm", and "partial-realm". The realm type is stored in a new column in the admin Realm. "full-realm" realms can be used for full sync. "reference-realm" realms are used for partial sync. Queries are made in "reference-realm" realms. "partial-realm" realms are used by clients that connect to partial sync and have urls containing "__partial". * A permission system is made for the three types of Realms. * Full realms have the standard permission system and a non-admin user only has access to its own Realms or Reams with explicit permissions. * Reference Realms are freely accessible by everybody. Object level permissions will take care of restricting access. * Partial Realms are individual and can only be used by the owner. * A Reference Realm is made automatically when partial sync is started with a new url. A user can only create a new reference Realm in its own directory. An admin user can create arbitrary reference Realms. * A realm can never switch type. It is not allowed to perform partial sync with a "full-realm" Realm. It is allowed for an admin user to perform full sync with a reference realm. * The default Realm has type "reference-realm" and can be used for partial sync by everybody out of the box. ### Bugs fixed * The JWT auth provider error messages will now correctly serialize the rejection reason. ### Enhancements * Added `emailHandlerConfig` to the `PasswordAuthProviderConfig` to use a nodemailer to send password reset and email confirmation emails. * Added UI for email confirmation and password reset on /confirm-email and /reset-password respectively. * A new default realm is created by the server and given the sync path "/default". The default Realm only contains a schema version right now. Later it will contain the data currently in the admin Realm and other internal Realms. ### Internals * None # Release 2.8.2 ### Bugs fixed * None ### Enhancements * The server periodically logs the number of open files and their file type. * The proxy logs the number of open connections to the sync server. * Added the ability to specify a custom Authorization header name for incoming HTTP requests. * Add retry logic when internally accessing services in case some services are behind a proprietary HTTP proxy that doesn't start proxying incoming requests right away. * Added an overwrite option for the backup to specify that the destination directory may be overwritten ### Internals * The terms of service agreement is only shown when the ROS command line program is used to start the server, and not for init, backup, and migration. ### Internals * None # Release 2.8.1 ### Bugs fixed * None ### Enhancements * Added the ability to specify a custom Authorization header name for incoming HTTP requests. * Add retry logic when internally accessing services in case some services are behind a proprietary HTTP proxy that doesn't start proxying incoming requests right away. ### Internals * None # Release 2.8.0 ### Bugs fixed * None ### Enhancements * None ### Internals * Update to realm-js 2.2.10 and realm-sync 2.2.12. # Release 2.7.5 ### Bugs fixed * Fixing signatures and comments for index.ts and index.js files ### Enhancements * None ### Internals * None # Release 2.7.4 ### Bugs fixed * None ### Enhancements * In order not to be opinionated. The package-lock.json will not be generated with `ros init` commands ### Internals * None # Release 2.7.3 ### Bugs fixed * The /health endpoint now responds correctly to an OPTIONS / CORS-preflight request ### Enhancements * None ### Internals * None # Release 2.7.2 ### Breaking changes * None ### Bugs fixed * `Discovery.prototype.waitForService` now unsubscribes from the service watch when it resolves. Not unsubscribing could cause some service discovery implementations to leak. ### Enhancements * None ### Internals * None # Release 2.7.1 ### Breaking changes * None ### Bugs fixed * Moved the dependency on @types/cors from dev to actual dependency. This fixes issues when using ROS in a TypeScript project. ### Enhancements * None ### Internals * None # Release 2.7.0 ### Breaking changes * None ### Bugs fixed * None ### Enhancements * Added `emailHandler` property on the `PasswordAuthProvider` config object. Set that to receive callbacks whenever a user requests a password reset. * A new token, called UserToken, that will be used by partial sync. The user token has this form { "app_id":"io.realm.Auth", "identity":"ecd6649d80c7ad8d0e2d29fa94268d06", "salt":"bb4522fa", "expires":1516373219, "is_admin":false } A user token is obtained by sending a refresh token to /auth without "path" in the body of the request. * A new API has been exposed to enable, disable, and configure authentication providers at runtime. It is currently limited to the built-in providers. ### Internals * None # Release 2.6.2 ### Breaking changes * None ### Bugs fixed * None ### Enhancements * Added `charactersToEscape` to the JwtAuthProvider config. If the user ids, generated by your custom provider contain characters that need to be url encoded, use this to replace invalid characters with `_` and generate a `userId` that is valid for ROS purposes. ### Internals * None # Release 2.6.1 ### Breaking changes * None ### Bugs fixed * Fixed an issue with `ros init` not installing the typescript dependency and subsequently, `npm start` failing. ### Enhancements * None ### Internals * None # Release 2.6.0 ### Breaking changes * The `DELETE auth/user/:userId` endpoint is now deprecated and will be removed at a later version. Instead use `DELETE auth/users/:userId` (`user` is now plural - `users` to align with the other endpoints mounted on `auth`). ### Bugs fixed * In clustered scenarios, `/health` should report the overall health of the cluster. If interested in the health of a single instance, pass `?thisInstance=true` as query string. ### Enhancements * Expose configuration options for the JWT Auth Provider to allow customizing the names of the `userId` and `isAdmin` fields. * Adds an optional `requiredAttributes` option to the JWT Auth Provider, allowing filtering of JWT tokens. * Adds an optional `providerName` option to the JWT Auth Provider, allowing the provider to be enabled under different names. * Added Anonymous and Nickname auth providers. ### Internals * None # Release 2.5.1 ### Breaking changes * None ### Bugs fixed * Fixed an issue in Server when using PrometheusStatsSink where the metrics were bring created on each connection. ### Enhancements * None ### Internals * Re-enabled https tests in realmjs-integration * Added new lint rule: no-trailing-whitespace # Release 2.5.0 ### Breaking changes * Some methods and properties that are considered internal API have been marked private. This will show up as compilation errors for typescript projects where they are accessed. While their usage is discouraged, you can temporarily silence the errors by using the bracket notation. For example, `server.realmFactory.open` can now be invoked by replacing it with `server['realmFactory'].open()`. Ultimately, you should move your project to use only the public API. * The following classes have been renamed: * `Console` -> `ConsoleLogger` * `File` -> `FileLogger` * `FileConsole` -> `FileConsoleLogger` * `AzureAuthServiceConfig` -> `AzureAuthProviderConfig` * `CloudkitAuthProviderParams` -> `CloudkitAuthProviderConfig` * `GoogleAuthServiceConfig` -> `GoogleAuthProviderConfig` * `PasswordAuthParams` -> `PasswordAuthProviderConfig` * `Mute` -> `MuteLogger` * `ServerStartParams` -> `ServerConfig` ### Bugs fixed * Tokens without expiration date can now be revoked. * Admin.json will now correctly be written, even if you provide custom private and public keys. ### Enhancements * Expected HTTP access log entries are now logged on the "debug" level to avoid flooding the "info" log level. HTTP responses with status code 400 or above are now logged on "detail" level. This silence the verbose "GET /healthz HTTP/1.1 200" entries. * Expose a configuration option - `writeAdminTokenToJson` on `ServerConfig` that controls whether the admin token will be written to `data/keys/admin.json`. * Expose `jsonBodyLimit` in the `ServerConfig` interface to allow increasing the maximum request size. ### Internals * Added basic performance tests for the password provider. * Added tests that fails if fatals, errors or warnings are logged during startup and shutdown. * Added a `test:watch` script that allows watching for file changes and running the tests with coverage. * RealmFactory.ts now warns if all realms open was not closed before closing the factory. * Added Typescript interfaces for service types * Added Histogram StatsSink metric type * Now tracking sync proxy connection durations with StatsSink # Release 2.4.2 ### Breaking changes * None ### Bugs fixed * Sometimes (and usuallly when starting ROS), an unnecessary warning was logged: 'warn: TokenValidator couldn't check if token was revoked: The TokenRevocationRealm wasn't opened.' It no longer is. * Fixed a bug in RealmFactory where nonfatal errors would reject opening a Realm. ### Enhancements * None ### Internals * Admin tokens used internally are now irrevocable. # Release 2.4.1 ### Breaking changes * None ### Bugs fixed * 'ros start' now works again. (Regression was introduced in 2.4.0) ### Enhancements * None ### Internals * Avoiding recursive imports from './index' in Server.ts. # Release 2.4.0 ### Breaking changes * None ### Bugs fixed * Fixed an issue that allowed non-admin users to create Realms in other users' home folders. * Fixed a bug causing the failover logic in SyncProxyService to trigger for no good reason. This would manifest itself in "End of input" error messages on the client in enterprise/cloud deployments. ### Enhancements * Added `server.ensureRealmExists` API to create a Realm if it doesn't exist already. ### Internals * None # Release 2.3.0 ### Breaking changes * None ### Bugs fixed * None ### Enhancements * Indicate the version of ROS using `X-Powered-By` Header. * Added `Server.applyPermissions` method to allow changing permissions without having to log in with an admin user. ### Internals * Refactored and renamed the PermissionsService. * Temporarily disabled the deletion tests. * Added a linter rule to force access modifiers. * Upgraded realmJS to 2.1.1 and realm-sync to 2.1.10 # Release 2.2.0 ### Breaking changes * None ### Bugs fixed * Export the JWT provider ### Enhancements * Export stats classes and interfaces ### Internals * Require labelNames in StatsSink metrics, which is needed for a downstream feature * Allow configuring of a server's statsSink and statsStorage components. * Changes the publish process to save a release notes file for later use (making a github release). * Enabled module name case checks in tsconfig to prevent from hidden errors caused by case-sensitivity. * Use && to chain commands in the build command line. This allows it to report failure on any step, not just the last one. # Release 2.1.1 ### Breaking changes * None ### Bugs fixed * Fixed an import statement to make it work on case-sensitive file systems (Linux). * Fixed a bug rendering `ros backup` useless because of incomplete path resolution for `realm-backup`. ### Enhancements * None ### Internals * Added a new start parameter for the server to enable tweaking the generated crypto key length. Reduced the crypto key length in tests to avoid timing out. # Release 2.1.0 ### Breaking changes * None ### Bugs fixed * The LogService will now respect token revocations (#735) * Revoked tokens will now never be assigned to the req.authToken. ### Enhancements * TypeScript and JavaScript templates now have .gitignore. * The manual backup command is now available as `ros backup`. ### Internals * None # Release 2.0.23 ### Breaking changes * None ### Bugs fixed * Fixes MixpanelService issue for Enterprise where some stats might not be available until the sync proxy is fully running. ### Enhancements * Added JWT authentication provider. It allows you to create a custom authentication service that issues signed Json Web Tokens that contain a `userId` and optional `isAdmin` fields. The app then transmits the token to ROS which verifies the signature and authenticates a user with the provided `userId`. ### Internals * Deleting a Realm that is required for ROS to function is now rejected (#737 fixing #734). * Fixed a race condition in permission tests causing it to fail consistently on slow machines. * Discovery tags for sync now use a descriptor, e.g., role=master or label=default. # Release 2.0.22 ### Breaking changes * None ### Bugs fixed * The health service no longer responds with 200 OK unless the server has fully started. It is 503 in case the server is still loading. * The admin token user can now apply permission changes successfully. * The early log messages do not get skipped in Studio any more. * Users now have read-write access to their `/~/__permission` realms (again). The recent switch to read-only was an unintended breaking change. * Fixed a potential race in the permission service. It reported itself started before setting up all the listeners and granting default permissions. * [Object Server] Fixed a bug where deleted-then-recreated objects with identical primary keys become empty. * [Object Server] Fixed a bug in outward partial sync to ensure convergence of partial sync in the case where the client creates a primary key object, that is already present on the server, and subscribes to it in the same transaction. * Added error handling to the internal requests to the load balancer. This should fix some unhandled promise rejections. ### Enhancements * TypeScript and JavaScript templates now have .gitignore ### Internals * The logger will now accumulate early log messages until a listener (i.e. the LogService) is attached. Or it will explicitly say that they had to be skipped, in case the listener didn't attach for a very long time. * ROS will grant read-write permissions on `/~/__permission` to all users upon startup. * Updated realm-js to 2.0.11 ans Sync to 2.1.7 # Release 2.0.21 ### Breaking changes * None ### Bugs fixed * Close all Permission Realm files used to avoid running out of file handles. ### Enhancements * None ### Internals * None # Release 2.0.20 ### Breaking changes * None ### Bugs fixed * Welcome static files are now served with `ros init` ### Enhancements * Spinner is included during dependencies installation of `ros init` ### Internals * None # Release 2.0.18 ### Breaking changes * None ### Bugs fixed * Realms with invalid paths are now rejected. Previously ROS would just create unsyncable realms. * Realms with invalid paths are now skipped during 1-to-2 migration. This is required because ROS-1 has the same behavior creating unsyncable realms, which we are not going to fix. * Non-existent data files are not copied during 1-to-2 migration. * The default port for BasicServer's https is now properly set to 9443 * HTTPS key and cert are now validated before attempting to start * server.shutdown() is now more forgiving in failed state scenarios ### Enhancements * Server now has a simple method called `openRealm` that takes a remote path, like `/__admin` for example. This is always opened up with the internal server admin user. The schema is optional. ### Internals * Release process now removes the internal release notes from public releases. If it works, this line will not show up on https://github.com/realm/realm-object-server/blob/master/CHANGELOG.md # Release 2.0.17 ### Breaking changes * None ### Bugs fixed * The migration tool now also migrates global realms. * The default port for BasicServer's https is now properly set to 9443 ### Enhancements * There are two new special realms where permissions are reflected. `//__perm` contains user-specific permissions and `/__perm` contains wildcard permissions. The old special realms are still available and reflect the same permissions, but they might contain duplicates. They are only there for compatibility and will be removed in the future. * `ros migrate` will copy realm files by default. Specify `--norealms` to disable that. * Added notice to users about the long time 'ros init' can take. * Updated realm-js to version 2.0.5 ### Internals * The user-specific permissions are now also reflected into `//__perm`. The difference from `//__permission` is that `__perm` has a primary key, which allows the merge algorithm to eliminate duplicates. The same changes were made to wildcard permission realm: the new version with primary key is `/__perm`. The old paths are still accessible and will contain duplicates as before. This was also a chance to name those realms consistently, which we did. So, the mapping from old to new is: `//__permission` -> `//__perm` `/__wildcardpermissions` -> `/__perm` * Assert in Realm deletion unit test. * Expose maxDownloadSize as a parameter to the server. # Release 2.0.16 ### Breaking changes * None ### Bugs fixed * Fixed a problem in the install script where nvm is installed by homebrew. * Added note to install script reminding the user to use the correct Node.js version. * Fixed an issue with exporting all custom realm symbols * Added support Visual Studio Code debugging and running when generating a server setup with `ros init` * Opening a partially synced Realm before the master Realm was created now works correctly * Terms of service is now persisted under the user's home directory. Fixes \#550 ### Enhancements * None ### Internals * Updated the TS and JS templates to be easier to modify. * Terms of service now generates a distinctId as a UUID and uses that in all mixpanel events. Fixes \#600 * Adding Mixpanel Usage Stats with Incremental timer * Adds simple stats collection interfaces, loosely matching that of prom-client, a Prometheus stats emitter. In developer edition, metrics are stored in-memory, allowing mixpanel to access them. * Adds ROS usage by emitting to mixpanel data about the connections that go through the SyncProxyService * Exposes mix panel interface by gating it behind setting a distinctId. This is typically loaded from the agreement file. * Created a MixpanelService which handles emitting stats periodically to mixpanel. # Release 2.0.15 ### Breaking changes * None ### Bugs fixed * Fixed a bug preventing from migrating from ROS1 when `cluster_node_id` is * Fixed a bug in SingleProcessDiscovery where find by tag returned unexpected results * Fixed a bug in PermissionService where the listeners could potentially operate on missing or invalidated objects * Return a proper error when using the admin token to make permission changes where the userId might not exist. * Made sure that all symbols in `./realms/**/*.ts` are now exported ### Enhancements * None ### Internals * Extended RealmDirectoryService unit tests * Created exception class for ServiceUnavailable # Release 2.0.14 ### Breaking changes * None ### Bugs fixed * None ### Enhancements * Update Node in the Docker image to 6.11.5 ### Internals * None # Release 2.0.13 ### Breaking changes * None ### Bugs fixed * None ### Enhancements * The 1-to-2 migration now checks that the source directory is a valid root dir and makes some suggestions if it is not. * THe 1-to-2 migration now checks that the destination directory is empty and fails with a message about that if it is not an empty dir. * Expose the ROS port on the Docker container, to work with `docker run -P` for exposing on a random port. ### Internals * None # Release 2.0.12 ### Breaking changes * None ### Bugs fixed * The LogService WebSocket endpoints now needs an authentication message with a valid access or refresh token, within the first second of connecting to them. Realm Studio sends this message starting from v1.3.0. ### Enhancements * Added comments to the `ros init` template files to describe available configs * A welcome page is now available to the user when visiting http://localhost:9080/ in a web-browser. * Added install script ### Internals * Added acceptance testing against the install script for multiple platforms. # Release 2.0.11 ### Breaking changes * None ### Bugs fixed * Fix installation issue (ursa) on various platforms * Fix's middlewares not being registered to services ### Enhancements * None ### Internals * Use node-rsa in favor of ursa. # Release 2.0.10 ### Breaking changes * None ### Bugs fixed * Fixes a circular dependency in built package ### Enhancements * None ### Internals * None # Release 2.0.9 ### Breaking changes * None ### Bugs fixed * Removes "del" as a dependency, fixing startup * Exports RealmFactory and RealmDefinition classes ### Enhancements * None ### Internals * Publishing releases now automatically makes a release in the public reposutory * CHANGELOG.md is now maintained automatically from RELEASENOTES.md * Release notes should now be updated in RELEASENOTES.md # Release 2.0.8 ### Breaking changes * None ### Bugs fixed * Make sync client logs less verbose (Fixes \#433) * Render the service metadata into the message (Fixes \#233, \#250) ### Enhancements * Information about the feature token is now logged upon startup. ### Internals * Silences migration tests (Fixes #486) * Fixed bug in CloudKit auth provider: https://github.com/realm/realm-object-server/issues/282 * Make releases on public repo * Update private repository name * New changelog workflow ## 2.0.7 ### Breaking changes * None ### Bugs fixed * Fixed several possible race conditions during server start and stop. ### Enhancements * None ### Internals * Introduces a timeout function which will race a regular promise. This is crucial for avoiding deadlocks in service requests. * SyncProxyService now uses a shared cache of backend promises, creating less work when multiple connections for the same realm happen at the same time. Also avoids race conditions in this case. * Introduced a RealmFactory class which can provide access to Realms on backend sync workers. This is now separated from the Server class. * Introduced ServerState, which is used to prohibit request processing when a service is not completely ready. This avoids some race conditions, mostly during shutdown. Possible fix for #327. * discovery.watchService will now fire an available event if the service is available when called. This simplifies a lot of situations where this is done by the caller. ## 2.0.6 ### Breaking changes * None ### Bugs fixed * Switch to `realm-sync-2.1.0`, which fixes a "use-after-free" crash in realm-sync-server node package. ### Enhancements * None ### Internals * Switch to `realm-2.0.1`. ## 2.0.5 ### Breaking changes * None ### Bugs fixed * Check Node version and present error message if not up-to-date * Fixed an issue where revoking a user's permissions to a realm was not reflected back to the owner's permission realm. * Fixed an issue that causes a refresh token query to fail when the token has already expired [\#583](https://github.com/realm/ros/issues/583) ### Enhancements * None ### Internals * None ## 2.0.4 ### Breaking changes * None ### Bugs fixed * None ### Enhancements * None ### Internals * Skip prompt with `ROS_SKIP_PROMPTS` environment variable ## 2.0.3 ### Breaking changes * None ### Bugs fixed * None ### Enhancements * None ### Internals * The default IP when starting ROS is now 0.0.0.0 instead of 127.0.0.1. ## 2.0.2 ### Breaking changes * None ### Bugs fixed * Generating a template with `ros init --template ts` will now have the correct `@types/*` because they have been moved out of `devDependencies` and into `dependencies` ### Enhancements * None ### Internals * `@types/*` for core runtime modules have been moved out of `devDependencies` and into `dependencies` ## 2.0.1 ### Breaking changes * None ### Bugs fixed * Fixed `ros init` failing due to missing template files ### Enhancements * None ### Internals * None ## 2.0.0 ### Breaking changes * `realm-object-server-agreement.json` now requires 3 keys: `email`, `terms` and `agreeToLearnAboutUpdatesAndFixes` ### Bugs fixed * Fixed Terms of Service agreement for Docker image ### Enhancements * Added ROS init with a typescript and javascript flag ### Internals * Publishes docker image to `realm/realm-object-server` (new location). * Update to realm-2.0.0 ## 2.0.0-rc.12 ### Breaking changes * None ### Bugs fixed * Addressed a race condition where Realm.open can be called twice for the same Synced Realm * Addressed an undefined object error where a Realm is open (but there is no sync session) and discovery issues a service handle change. ### Enhancements * None ### Internals * Fix the flaky permission tests ## 2.0.0-rc.11 ### Fixed Bugs * Log level from command line is propagated to sync server. * Public and private key from the command line are used by the server. ## 2.0.0-rc.10 ### Enhancements * Added register argument to server.getSyncedRealm. This ensures that the SyncedRealm is not persisted in the cache. ### Fixed Bugs * Ensure that services that require SyncedRealms have all required data before serving requests ## 2.0.0.rc9 ### Breaking changes ### Fixed bugs * Fixed a situation where getting a userId could be null in updateOrCreateUserPermissionWithAdminPermission in PermissionsService ## 2.0.0.rc8 ### Breaking changes ### Enhancements * Also skip Email prompts if ROS_SKIP_PROMPTS environment var is set. ### Fixed bugs * Fixed OnDemand Permissions from Admin Realm now handles wildcard permissions appropriately * Mocha Test now run with compilers, however will need to remove in future. ### Internals ## 2.0.0.rc7 ### Breaking changes * Access tokens now have `sync_label` instead of `syncLabel` when in serialized form. ### Enhancements * Added the agreement to license email step for the BasicServer ### Fixed bugs * SyncProxyService: Fixed an issue when using sharded sync workers * Fixed the issue when a synced realm used internally would be undefined or invalidated because of sync worker unavailability. ### Internals * Changed the SyncedRealm class to return a Promise. Once it resolves, the Realm is there, with valid syncSession which does not get destroyed when the sync worker fails over. It utilizes the new override_server() API to make the session reconnect to the new sync worker. * Fixed all the other parts of ROS which use SyncedRealm. Some functions become async because of that. * Changed the way the server starts and stops. Now there is no barrier between starting services and registering them. This is required, because now some services, in order to start, wait for the Sync service to register. * Update JS to RC22 and Sync to 2.0.2 * Updated the schema for `/__wildcardpermissions` to match the `/~/__permission` Realms, using `userId = *` for these `Permission` objects. ## 2.0.0-rc.6 ### Fixed bugs * Fixed a bug in HTTPS support (sync proxy) [\#512](https://github.com/realm/ros/issues/512) ## 2.0.0-rc5 ### Breaking changes * Changed the password provider and PasswordRealm schema. The PasswordRealm now stores iterations, key length, and digest for each row. * Changed the default digest from sha256 to sha512 in the password provider. ### Enhancements * Add deleteUser to the AuthProvider API as an optional method. * Implemented deleteUser for the password provider. * Added provider User deletions to the AuthService. ### Fixed bugs * "--loglevel all" was rejected. [\#500](https://github.com/realm/ros/issues/500) * loglevel passed via CLI was ignored. [\#509](https://github.com/realm/ros/issues/509) * Permission change by email now is processed correctly [\#508](https://github.com/realm/ros/issues/508) [\#426](https://github.com/realm/ros/issues/426) ### Internals * Changed the default size of the salt length from 10,000 to 32 bytes. * New unit tests for the password provider. * Upgraded the migration script to take the new PasswordRealm schema into account. * Adding name and reason when throwing InvalidParameters. * Update JS to RC-20 ## 2.0.0-rc4 ### Breaking changes ### Enhancements * Added support for HTTPS. ### Fixed bugs ### Internals ## 2.0.0-rc3 ### Breaking changes ### Enhancements * Documentation for manual backup. ### Fixed bugs * Permission changes now work properly when reducing privileges [\#438](https://github.com/realm/ros/issues/438) * Changed the name of `__starpermissions` Realm to `__wildcardpermissions`. The object class name in it is now just `Permission` instead of `StarSpecificPermission`. * All users now have read-only access to `__wildcardpermissions` on startup [\#431](https://github.com/realm/ros/issues/431) * Grantor permission are reflected [\#491](https://github.com/realm/ros/issues/491) and [\#427](https://github.com/realm/ros/issues/427) * If attempting to change permissions with a metadata value matching no users, an error is thrown instead of stalling forever. ### Internals * Integration tests for Realm deletion. * Integration tests for user deletion. * Lint clean up. * Moved CLI functionality to BasicServer ## 2.0.0-rc2 ### Enhancements * There is now a migration tool integrated into ros cli. * The API for user and realm deletion has been added.