v1.1.7: deep security & reliability audit — 33 bugs fixed
CI / test (push) Has been cancelled
CI / verify (push) Has been cancelled
Clients CI / build-server (push) Has been cancelled
Clients CI / test-python (push) Has been cancelled
Clients CI / test-javascript (push) Has been cancelled
Clients CI / test-nim (push) Has been cancelled
Clients CI / test-rust (push) Has been cancelled
CI / test (push) Has been cancelled
CI / verify (push) Has been cancelled
Clients CI / build-server (push) Has been cancelled
Clients CI / test-python (push) Has been cancelled
Clients CI / test-javascript (push) Has been cancelled
Clients CI / test-nim (push) Has been cancelled
Clients CI / test-rust (push) Has been cancelled
Critical (5): - Reject empty JWT secret when authEnabled (server.nim) - Fix 2PC marking uncontacted participants as prepared/committed (disttxn.nim) - Fix Raft commit index calculation for even-sized clusters (raft.nim) - Fix REP/DISTTXN protocol auth bypass (server.nim) - Fix HTTP backup/restore path traversal (httpserver.nim) High (11): - Fix WAL write race with flush (lsm.nim) - Fix MVCC savepoint/rollback deep-copy writeSet (mvcc.nim) - Fix table mutation during deadlock iteration (mvcc.nim) - Fix LIMIT 0 returning all rows (executor.nim) - Fix COUNT(col) counting NULL values — 3 locations (executor.nim) - Fix EXISTS subquery lowering missing subqueryPlan (executor.nim) - Fix Raft appendEntries/applyCommitted array vs logical index (raft.nim) - Fix timing attacks on constantTimeCompare and SCRAM (auth.nim, scram.nim) - Fix B-tree leaf merge phantom separator key (btree.nim) - Fix SSL verifyPeer not applied to newContext (ssl.nim) - Fix sharding connectWithTimeout missing SO_ERROR check (sharding.nim) - Fix sync replication returning success on partial ack (replication.nim) - Fix WebSocket JWT expiration not validated (websocket.nim) Medium (13): - Fix writeSSTable partial file → tmp + atomic rename (lsm.nim) - Fix multi-CTE table loss (executor.nim) - Fix nl_to_sql DML restricted to superuser (executor.nim) - Fix unbounded plan cache — max 10000 (adaptive.nim) - Fix migration lock crash persistence — timestamp + stale detection (executor.nim) - Fix admin panel auth (httpserver.nim) - Fix MVCC unbounded txn tracking — prune in compactVersions (mvcc.nim) - Fix connection pool maxLifetime check (pool.nim) - Fix JWT JSON parser backslash escapes (auth.nim) - Fix substr(s, start) returning single char (udf.nim) - Fix loadSSTable minimum file-size check (lsm.nim) - Fix compaction mmap leak (compaction.nim) - Fix JSON injection in hybrid_search_filtered (executor.nim) Low (4): - Raft loadState logs error instead of silent discard - Replication healthCheck double-close fixed - Lexer readIdent double column counting fixed - WebSocket frame 32-bit overflow guard All 448 tests passing, 0 failures. Bump version to 1.1.7.
This commit is contained in:
@@ -0,0 +1,85 @@
|
||||
# Changelog
|
||||
|
||||
All notable changes to BaraDB are documented in this file.
|
||||
|
||||
## [1.1.7] — 2026-05-29
|
||||
|
||||
### Security (5 critical + 5 high)
|
||||
|
||||
- **Fix REP/DISTTXN protocol auth bypass** (`server.nim`) — unauthenticated TCP clients could write data or manipulate distributed transactions
|
||||
- **Fix HTTP backup/restore path traversal** (`httpserver.nim`) — `..` and absolute paths rejected
|
||||
- **Fix empty JWT secret when auth enabled** (`server.nim`) — server now refuses to start with `authEnabled: true` and no `jwtSecret`
|
||||
- **Fix HTTP admin panel served without auth** (`httpserver.nim`) — admin UI now requires authentication when `authEnabled`
|
||||
- **Fix timing attacks on HMAC/SCRAM comparison** (`auth.nim`, `scram.nim`) — constant-time comparison
|
||||
- **Fix WebSocket JWT expiration not validated** (`websocket.nim`) — `exp` claim now checked
|
||||
- **Fix sync replication returning success on partial ack** (`replication.nim`) — returns 0 when not all replicas acknowledge
|
||||
- **Fix SSL verifyPeer not applied** (`ssl.nim`) — `verifyMode` now passed to `newContext()`
|
||||
- **Fix JWT JSON parser missing escape handling** (`auth.nim`) — backslash escapes now parsed correctly
|
||||
|
||||
### Data Integrity (3 critical + 3 high + 2 medium)
|
||||
|
||||
- **Fix WAL write race with flush** (`lsm.nim`) — WAL write now under `db.lock`, preventing data loss after crash
|
||||
- **Fix 2PC marking uncontacted participants as prepared/committed** (`disttxn.nim`) — only contacted nodes are marked
|
||||
- **Fix Raft commit index for even-sized clusters** (`raft.nim`) — correct majority calculation
|
||||
- **Fix MVCC savepoint/rollback no-op** (`mvcc.nim`) — deep copy writeSet at savepoint time
|
||||
- **Fix table mutation during iteration** (`mvcc.nim`) — collect stale txns before deleting
|
||||
- **Fix B-tree leaf merge phantom separator key** (`btree.nim`) — no longer inserts empty-valued separator at leaf level
|
||||
- **Fix writeSSTable partial file on crash** (`lsm.nim`) — write to `.tmp` then atomic rename
|
||||
- **Fix compaction mmap leak** (`compaction.nim`) — close SSTables after reading
|
||||
|
||||
### Query Correctness (1 high + 2 medium)
|
||||
|
||||
- **Fix LIMIT 0 returning all rows** (`executor.nim`) — now returns empty result
|
||||
- **Fix COUNT(col) counting NULL values** (`executor.nim`) — 3 locations fixed to check `v.kind != vkNull`
|
||||
- **Fix EXISTS subquery always false** (`executor.nim`) — lowering now sets `existsSubquery` plan
|
||||
- **Fix multi-CTE queries losing earlier CTE tables** (`executor.nim`) — save/restore `cteTables` around inner execution
|
||||
- **Fix JSON injection in hybrid_search_filtered** (`executor.nim`) — escape quotes/backslashes in ID
|
||||
|
||||
### Raft Consensus (3 high + 1 low)
|
||||
|
||||
- **Fix Raft appendEntries using array index instead of log-index** (`raft.nim`) — uses `findLogEntryByIndex`
|
||||
- **Fix Raft applyCommitted using logical index as array position** (`raft.nim`) — uses `findLogEntryByIndex`
|
||||
- **Fix Raft loadState silently swallowing errors** (`raft.nim`) — now logs warning
|
||||
|
||||
### Storage Engine (2 medium)
|
||||
|
||||
- **Fix loadSSTable missing minimum file-size check** (`lsm.nim`) — rejects files < 40 bytes
|
||||
- **Fix substr(s, start) returning single char** (`udf.nim`) — now returns rest-of-string
|
||||
|
||||
### Distributed Systems (2 high + 1 medium)
|
||||
|
||||
- **Fix sharding connectWithTimeout missing SO_ERROR check** (`sharding.nim`) — verifies connection actually succeeded
|
||||
- **Fix replication healthCheck double-close socket** (`replication.nim`) — safe close with try/except
|
||||
|
||||
### Resource Management (3 medium)
|
||||
|
||||
- **Fix unbounded plan cache** (`adaptive.nim`) — max 10000 entries, auto-evict
|
||||
- **Fix MVCC unbounded committedTxns/abortedTxns** (`mvcc.nim`) — prune entries older than oldest active snapshot
|
||||
- **Fix connection pool not checking maxLifetime** (`pool.nim`) — lifetime check added to `acquire`
|
||||
|
||||
### Operations (1 medium)
|
||||
|
||||
- **Fix migration lock persisting after crash** (`executor.nim`) — stores timestamp, auto-releases after 1 hour
|
||||
|
||||
### Other
|
||||
|
||||
- **Fix nl_to_sql DML validation** (`executor.nim`) — requires `is_superuser` session variable for DML
|
||||
- **Fix lexer readIdent double column counting** (`lexer.nim`) — removed manual `inc l.col`
|
||||
- **Fix WebSocket frame 32-bit overflow** (`websocket.nim`) — guard against `len > high(int)`
|
||||
- **Fix admin panel auth** (`httpserver.nim`) — check auth when `authEnabled`
|
||||
- **Fix unused imports** (`backup.nim`, `repair.nim`, `raft.nim`) — moved `parseopt` into `when isMainModule`, removed unused `algorithm`
|
||||
|
||||
### Build
|
||||
|
||||
- **Fix hunos 1.3.1 compatibility with Nim 2.2.x** — patched `getRandomBytes` → `urandom` in `hunos/sessions.nim` and `hunos/csrf.nim` (see `HUNOS_ISSUE.md`)
|
||||
- Updated `baradadb.nimble` version to `1.1.7`
|
||||
|
||||
### Tests
|
||||
|
||||
- All 448 tests passing, 0 failures
|
||||
|
||||
---
|
||||
|
||||
## [1.1.6] — previous
|
||||
|
||||
See git log for changes prior to this release.
|
||||
Reference in New Issue
Block a user