Releases: nitrite/nitrite-java
Releases · nitrite/nitrite-java
Release list
v4.4.1
Security Fixes
- Fix unfiltered Java deserialization in the legacy v1 database migration path (CWE-502, GHSA-9297-g93h-86gg, CVSS 9.8)
- Opening a file-based store runs
MVStoreUtils.testForMigration(), which for a legacy v1-format file deserialized stored values throughObjectInputStream.readObject()with no class restriction. AnySerializableclass on the embedding application's classpath could be instantiated, so a suitable gadget chain (e.g. from commons-collections) made a malicious.dbfile a remote-code-execution vector. - The v1-compat deserializer now enforces a JEP 290 allowlist filter that only permits Nitrite's own types and standard JDK types; any other class is rejected before its
readObject/readResolvecallbacks can run. Applications that open Nitrite database files from untrusted sources (e.g. "import"/"restore backup" features) should upgrade.
- Opening a file-based store runs
Issue Fixes
- Fix intermittent
ConcurrentModificationExceptionand spuriousUniqueConstraintExceptionfrom unique and full-text indexes on the MVStore backend (regression introduced by the #1260 index rework in 4.4.0)- Unique and full-text indexes still store a
List<NitriteId>value per key. 4.4.0 switched that list fromCopyOnWriteArrayListto a plainArrayList, which is mutated in place after being written to the map. MVStore serializes dirty page values on a background thread, so that in-place mutation races with the serializer and threwConcurrentModificationException(and could corrupt the id list, surfacing later as a false unique-key violation) — even under single-threaded use. - These index value lists are
CopyOnWriteArrayListagain, so each mutation swaps the backing array atomically and the background serializer always sees a stable snapshot. The composite-key layout for non-unique indexes (the actual #1260 optimization) is unchanged.
- Unique and full-text indexes still store a
v4.4.0
Upgrade Notes
- Non-unique single-field indexes now use a composite-key on-disk layout (one
(value, id)row per entry) instead of a single growing id list per value #1260- The public API is unchanged. Existing databases are upgraded automatically: a legacy array-format non-unique index is rebuilt into the new layout the first time it is opened, and the old index map is dropped.
- The storage format change is forward-only — once a database has been opened by this version, it can no longer be read by an earlier version of Nitrite. Back up before upgrading if you may need to roll back.
Performance Improvements
- Fixed performance degradation when inserting thousands of documents that share the same non-unique index key #1260
- The old layout re-wrote (and, on persistent stores, re-serialized) an ever-growing id list on every insert, making bulk inserts O(n²). The composite-key layout makes each insert and removal an O(log n) point operation across all backends (in-memory, MVStore and RocksDB).
- RocksDB orders keys by their serialized bytes, so the composite key uses an order-preserving encoding (correct ranges over negative numbers, variable-length strings, dates and booleans).
- Made
infilter index scans look up each value directly instead of scanning every index entry, soinqueries on large indexed collections are now as fast aseqinstead of degrading to a full index walk #1258
Issue Fixes
- Fix
DocumentSorterviolating theComparatorcontract when two documents both have a null sort key, which caused intermittentIllegalArgumentException: Comparison method violates its general contract!fromorderByon fields with multiple null values #1261 - Fix indexed
lt/ltefilters returning an empty result when the indexed field contains any null value; the forward index scan now starts from the first non-null key #1262 - Fix descending indexed
lt/ltefilters leaking null-valued documents into the result on reopened persistent stores (MVStore and RocksDB); stored null index keys are now normalized to theDBNullsentinel in every index navigation - Fix the RocksDB adapter failing to round-trip the null index key through Kryo, and decoding scanned keys with the wrong type when a range scan probe and the stored key have different classes
- Fix
in/notInfilters on the_idfield not matching legacy String ids written by pre-4.4 databases, whileeq/getByIdon the same rows matched #1263 - Fix
eq/notEqfilters on the_idfield for legacy String ids:eq('_id', "3")oreq('_id', 3)threwClassCastExceptionin the byId fast path, andnotEq/negatedeqfailed to exclude legacy rows during collection scans
v4.3.3
New Changes
- Support for interface entity types with EntityDecorator #1183
- Fixed NearFilter to support geodesic distance for geographic coordinates #1185
- Added GeoPoint class for explicit geographic coordinate support
- Created GeoNearFilter for geodesic distance queries
- Implements two-pass query execution to eliminate false positives from bounding box approximation
- Added comprehensive test suite for geographic coordinate support
- Upgraded Jackson to version 3 #1221
- Build now targets JUnit 6 and requires Java 17 to build/test, while keeping Java 11 bytecode compatibility for the published artifacts #1179
Performance Improvements
- Optimized index scans for multi-bound range queries (e.g.
gtcombined withlton the same field) - Added covered-count optimization so
size()/count()is answered directly from index scans and plain full scans without fetching and deserializing every matching document
Issue Fixes
- Fix
in/notInfilters not using the index while querying a collection #1258 - Fix record ID match for legacy string keys in OR clause #1246
- Fix OR filters returning duplicate documents when using multiple indexes #1184
- Fix inconsistent numeric filtering across types with indexes #1175
- Fix elemMatch queries to use array field indexes #1174
- Fix native-image build: initialize JUnit MethodSegmentResolver at runtime #1189
Maintenance
- Bumped production and development dependencies across the project (grouped Dependabot updates)
Release 4.3.2
Release 4.3.1
Release 4.3.1
New Changes
- GraalVM support for nitrite-mvstore-adapter #995
- Event subscription api changes
Issue Fixes
Release 4.3.0
New Changes
- Nitrite now supports JPMS. It is now modular and can be used in Java 9 or above.
- Version upgrade for several dependencies
- Repository type validation can be disabled in
NitriteBuilderas a fix for #966
Issue Fixes
Release 4.2.1
Release 4.2.0
New Changes
- Nitrite API has been re-written from ground up. It is now more stable and performant. But there are breaking changes. Please read the guide for more details.
- Nitrite now requires Java 11 or above.
- Nitrite is now modular. It has been now divided into several modules. You can use only the modules you need.
- Modular storage adapters are now available. You can use only the storage adapter you need.
- MVStore version upgraded to 2.2.224
- RocksDB has been introduced as a new storage adapter.
- Nitrite now supports transaction.
- Nitrite now supports schema migration.
- Nitrite now supports spatial indexing and search
- Nitrite now supports compound indexes.
- Nitrite now support import/export of data in JSON format.
- Build system has been migrated to Maven.
- Nitrite DataGate has been deprecated.
- Nitrite Explorer has been deprecated.