Skip to content

Releases: nitrite/nitrite-java

v4.4.1

Choose a tag to compare

@anidotnet anidotnet released this 02 Jul 18:21

Security Fixes

  • Fix unfiltered Java deserialization in the legacy v1 database migration path (CWE-502, GHSA-9297-g93h-86gg, CVSS 9.8)
    • Opening a file-based store runs MVStoreUtils.testForMigration(), which for a legacy v1-format file deserialized stored values through ObjectInputStream.readObject() with no class restriction. Any Serializable class on the embedding application's classpath could be instantiated, so a suitable gadget chain (e.g. from commons-collections) made a malicious .db file a remote-code-execution vector.
    • The v1-compat deserializer now enforces a JEP 290 allowlist filter that only permits Nitrite's own types and standard JDK types; any other class is rejected before its readObject/readResolve callbacks can run. Applications that open Nitrite database files from untrusted sources (e.g. "import"/"restore backup" features) should upgrade.

Issue Fixes

  • Fix intermittent ConcurrentModificationException and spurious UniqueConstraintException from unique and full-text indexes on the MVStore backend (regression introduced by the #1260 index rework in 4.4.0)
    • Unique and full-text indexes still store a List<NitriteId> value per key. 4.4.0 switched that list from CopyOnWriteArrayList to a plain ArrayList, which is mutated in place after being written to the map. MVStore serializes dirty page values on a background thread, so that in-place mutation races with the serializer and threw ConcurrentModificationException (and could corrupt the id list, surfacing later as a false unique-key violation) — even under single-threaded use.
    • These index value lists are CopyOnWriteArrayList again, so each mutation swaps the backing array atomically and the background serializer always sees a stable snapshot. The composite-key layout for non-unique indexes (the actual #1260 optimization) is unchanged.

v4.4.0

Choose a tag to compare

@anidotnet anidotnet released this 02 Jul 05:28

Upgrade Notes

  • Non-unique single-field indexes now use a composite-key on-disk layout (one (value, id) row per entry) instead of a single growing id list per value #1260
    • The public API is unchanged. Existing databases are upgraded automatically: a legacy array-format non-unique index is rebuilt into the new layout the first time it is opened, and the old index map is dropped.
    • The storage format change is forward-only — once a database has been opened by this version, it can no longer be read by an earlier version of Nitrite. Back up before upgrading if you may need to roll back.

Performance Improvements

  • Fixed performance degradation when inserting thousands of documents that share the same non-unique index key #1260
    • The old layout re-wrote (and, on persistent stores, re-serialized) an ever-growing id list on every insert, making bulk inserts O(n²). The composite-key layout makes each insert and removal an O(log n) point operation across all backends (in-memory, MVStore and RocksDB).
    • RocksDB orders keys by their serialized bytes, so the composite key uses an order-preserving encoding (correct ranges over negative numbers, variable-length strings, dates and booleans).
  • Made in filter index scans look up each value directly instead of scanning every index entry, so in queries on large indexed collections are now as fast as eq instead of degrading to a full index walk #1258

Issue Fixes

  • Fix DocumentSorter violating the Comparator contract when two documents both have a null sort key, which caused intermittent IllegalArgumentException: Comparison method violates its general contract! from orderBy on fields with multiple null values #1261
  • Fix indexed lt/lte filters returning an empty result when the indexed field contains any null value; the forward index scan now starts from the first non-null key #1262
  • Fix descending indexed lt/lte filters leaking null-valued documents into the result on reopened persistent stores (MVStore and RocksDB); stored null index keys are now normalized to the DBNull sentinel in every index navigation
  • Fix the RocksDB adapter failing to round-trip the null index key through Kryo, and decoding scanned keys with the wrong type when a range scan probe and the stored key have different classes
  • Fix in/notIn filters on the _id field not matching legacy String ids written by pre-4.4 databases, while eq/getById on the same rows matched #1263
  • Fix eq/notEq filters on the _id field for legacy String ids: eq('_id', "3") or eq('_id', 3) threw ClassCastException in the byId fast path, and notEq/negated eq failed to exclude legacy rows during collection scans

v4.3.3

Choose a tag to compare

@anidotnet anidotnet released this 26 Jun 06:15

New Changes

  • Support for interface entity types with EntityDecorator #1183
  • Fixed NearFilter to support geodesic distance for geographic coordinates #1185
    • Added GeoPoint class for explicit geographic coordinate support
    • Created GeoNearFilter for geodesic distance queries
    • Implements two-pass query execution to eliminate false positives from bounding box approximation
    • Added comprehensive test suite for geographic coordinate support
  • Upgraded Jackson to version 3 #1221
  • Build now targets JUnit 6 and requires Java 17 to build/test, while keeping Java 11 bytecode compatibility for the published artifacts #1179

Performance Improvements

  • Optimized index scans for multi-bound range queries (e.g. gt combined with lt on the same field)
  • Added covered-count optimization so size()/count() is answered directly from index scans and plain full scans without fetching and deserializing every matching document

Issue Fixes

  • Fix in/notIn filters not using the index while querying a collection #1258
  • Fix record ID match for legacy string keys in OR clause #1246
  • Fix OR filters returning duplicate documents when using multiple indexes #1184
  • Fix inconsistent numeric filtering across types with indexes #1175
  • Fix elemMatch queries to use array field indexes #1174
  • Fix native-image build: initialize JUnit MethodSegmentResolver at runtime #1189

Maintenance

  • Bumped production and development dependencies across the project (grouped Dependabot updates)

Release 4.3.2

Choose a tag to compare

@anidotnet anidotnet released this 27 Sep 14:07

Issue Fixes

  • Fix for small safety/cleanup in Nitrite interface (map lookups, closed check, name trim) #1161
  • Fix for updating to 4.3.1 causes existing databases to not open correctly #1162

Release 4.3.1

Choose a tag to compare

@anidotnet anidotnet released this 23 Sep 06:19

Release 4.3.1

New Changes

  • GraalVM support for nitrite-mvstore-adapter #995
  • Event subscription api changes

Issue Fixes

  • Fix for Document.getFields() not returning iterable fields
  • Fix for failing tests on systems with non-ENGLISH locale #994
  • Fix for NPE in DefaultTransactionalRepository #1032
  • Fix for JPMS issue #1035
  • Fix for RocksDB adapter issue #1093

Release 4.3.0

Choose a tag to compare

@anidotnet anidotnet released this 01 Jul 05:25

New Changes

  • Nitrite now supports JPMS. It is now modular and can be used in Java 9 or above.
  • Version upgrade for several dependencies
  • Repository type validation can be disabled in NitriteBuilder as a fix for #966

Issue Fixes

Release 4.2.1

Choose a tag to compare

@anidotnet anidotnet released this 20 Feb 01:34

What's Changed

  • Fix for #901
  • Fix for #902
  • Version upgrade for several dependencies

Release 4.2.0

Choose a tag to compare

@anidotnet anidotnet released this 06 Jan 12:15

New Changes

  • Nitrite API has been re-written from ground up. It is now more stable and performant. But there are breaking changes. Please read the guide for more details.
  • Nitrite now requires Java 11 or above.
  • Nitrite is now modular. It has been now divided into several modules. You can use only the modules you need.
  • Modular storage adapters are now available. You can use only the storage adapter you need.
  • MVStore version upgraded to 2.2.224
  • RocksDB has been introduced as a new storage adapter.
  • Nitrite now supports transaction.
  • Nitrite now supports schema migration.
  • Nitrite now supports spatial indexing and search
  • Nitrite now supports compound indexes.
  • Nitrite now support import/export of data in JSON format.
  • Build system has been migrated to Maven.
  • Nitrite DataGate has been deprecated.
  • Nitrite Explorer has been deprecated.

Release 3.4.4

Choose a tag to compare

@anidotnet anidotnet released this 23 Mar 07:25

Fixes

  • Emergency fix for #697

Full Changelog

v3.4.3...v3.4.4

Release 3.4.3

Choose a tag to compare

@anidotnet anidotnet released this 12 Dec 07:35

Fixes

  • Random crashes with exception "Fatal Exception: java.lang.IllegalStateException: Chunk 55267 not found" #386
  • Null pointer on updating full text index #366
  • Breton list is actually Brazilian Portuguese #251