Event Store logo

sss https://eventstore.org Menu

Developer Blog

Event Store 5.0.2

  |   Written by: Shaan Nobee   |   Release Notes

Event Store 5.0.2 is out! It is available for the following operating systems:

  • Windows
  • Ubuntu 18.04
  • Ubuntu 16.04
  • Ubuntu 14.04 (EOL reached)
  • macOS 10.9+
  • CentOS 7 (Commercial version)
  • Amazon Linux AMI (Commercial version)

This release comes with some important bug fixes and we highly recommend our users to upgrade as soon as possible. We’re also planning to roll out version 4.1.4 with some of these bug fixes within the next few days.

Please note that Ubuntu 14.04 (Trusty Tahr) has reached its end-of-life and thus we will stop releasing packages for it as from the next version.

Where can I get the packages?

Downloads are available on our website.

The packages can be installed using the following instructions.

Ubuntu 14.04/16.04/18.04 (via packagecloud)

curl -s https://packagecloud.io/install/repositories/EventStore/EventStore-OSS/script.deb.sh | sudo bash
sudo apt-get install eventstore-oss=5.0.2-1

Windows (via Chocolatey)

choco install eventstore-oss -version 5.0.2

Client Packages
EventStore Client

dotnet add package EventStore.Client --version 5.0.2

EventStore Embedded Client

dotnet add package EventStore.Client.Embedded --version 5.0.2

Upgrade Procedure

To upgrade a cluster, a usual rolling upgrade can be done:

  • Pick a node (Start with slave nodes first, then choose the master last)
  • Stop the node, upgrade it and start it

Breaking changes

HTTP Authorization

An authorization layer has been added to the HTTP API. The entire HTTP API surface has been reviewed specifying the minimum authorization level required to access a particular endpoint.

After these changes, the different user roles can be summarized as follows:

  • Users in the $ops group can now do everything that a user in the $admins group can do except user management and reading from system streams.
  • Users who are not part of any groups can browse non-system streams, view projection/persistent subscription stats, execute transient queries, change their own password and do everything that an unauthenticated user can do.
  • Unauthenticated users can now only access the following endpoints: /stats, /stats/*, /info, /ping, /gossip,/elections/*

There are two types of breaking changes:

  • Endpoints that were previously accessible by a particular type of user are now no longer accessible (returning 401 - Unauthorized)
  • Endpoints that were previously not accessible (returning 401 - Unauthorized) by a particular type of user but are now accessible.

If you are affected by the breaking changes and would like to see the legacy behaviour, we have added a config option called DisableFirstLevelHttpAuthorization that can be set to True to disable this layer of authorization.

Previously accessible endpoints but now 401 - Unauthorized

  • Most endpoints falling under this category affect unauthenticated users. Previously, many operations on non-system streams or subscriptions were allowed over the HTTP API without requiring authentication but these permissions have now been enforced.

Previously 401 - Unauthorized but now accessible endpoints

  • All of the endpoints falling under this category affect users in the $ops group. The changes revolve mainly around allowing users in the $ops group to manage persistent subscriptions and projections.

LimitNOFILE=32768

On Centos 7, Ubuntu 16.04 and 18.04, LimitNOFILE has been added to the systemd service file with a default value of 32768. This parameter controls the maximum number of file descriptors (including sockets!) open by the eventstored process. For small and medium-sized databases, 32768 is a reasonable value but the value needs to be increased for large databases with several thousand chunk files or many client connections.

Increasing LimitNOFILE

To increase the value to 65536 for example, we recommend adding a systemd unit file override by following these steps. These settings will survive Event Store upgrades.

$ sudo systemctl edit eventstore.service

Add the following lines and save:

[Service]
LimitNOFILE=65536

Reload systemctl daemon and restart the eventstore service:

sudo systemctl daemon-reload
sudo systemctl restart eventstore.service

Event Store 5.0.2 Changelog

Commercial-only changes

  • Several stability improvements have been brought to the LDAP plugin:
    The authentication logic has been rewritten for Windows using System.DirectoryServices.Protocols which eliminates the dependency on Mono.Security on Windows. On Linux, we now use mono’s in-built Novell.Directory.Ldap library which is more stable.

Important Bug Fixes

  • #1930 - (Core Database) Fix UnbufferedFileStream.SetLength() bug
    This is a critical bug that affects versions 4.1.0 to 5.0.1. It applies only if running EventStore with the Unbuffered configuration option set to True. This option is set to False by default. The following fatal error will be thrown when completing a chunk file and most of the data in the chunk file being completed will be lost:
    EXCEPTION OCCURRED
    System.NotSupportedException: Unable to expand length of this stream beyond its capacity.
     at System.IO.UnmanagedMemoryStream.Write(Byte[] buffer, Int32 offset, Int32 count)
     at EventStore.Core.TransactionLog.Chunks.TFChunk.TFChunk.WriteRawData(WriterWorkItem workItem, Byte[] buf, Int32 len) in TFChunk.cs
    
  • #1936 - (Client) Client subscription partition tolerance
    This fix improves the stability of catch-up subscriptions during reconnections
  • #1962 - (HTTP API) Add an authorization layer to all HTTP endpoints
    #223 - (Web UI) HTTP Authorization UI changes
    An authorization layer has been added to the HTTP API. The entire HTTP API surface has been reviewed specifying the minimum authorization level required to access a particular endpoint. The roles of the different types of users have been reviewed as well:
    • Users in the $ops group can now do everything that a user in the $admins group can do except user management and reading from system streams.
    • Users who are not part of any groups can browse non-system streams, view projection/persistent subscription stats, execute transient queries and change their own password.
    • Unauthenticated users can now only access the following endpoints: /stats, /stats/*, /info, /ping, /gossip,/elections/*

Miscellaneous

  • #222 - (Web UI) User Details page revamped (thanks to shubham3597 for this contribution!)
  • #1932 - (Web UI) Prevent browser from invoking Basic Auth login dialog on Chrome
  • #1933 - (Client) Enable logging of errors when attempting to discover nodes via DNS or gossip seeds
  • #1937 - (Client) Refactoring: DRY ClusterDnsEndPointDiscoverer creation (thanks to @bartelink for this contribution!)
  • Packaging Set LimitNOFILE to a default reasonably high value for all distributions running with systemd

How do I provide feedback?

We appreciate any feedback via either GitHub Issues or Google Groups.


Subscribe to the Event Store blog

Get the latest news and tutorials when they are released

You might also like

    Event Store 6.0.0 Preview 2

      |   Written by: Mat McLoughlin   |   Release Notes

    We are excited to announce the second preview release of Event Store 6.0.0. This release addresses some of the feedback from the first preview. This release is not intended to be used in production and is still rough around the edges, but we welcome your feedback as we prepare a release candidate. If you encounter any issues, please don’t hesitate to open an issue on [GitHub](https://github.com/eventstore/eventstore) if there isn’t one already. You can download the...

    Read article

    Event Store 6.0.0 Preview 1

      |   Written by: Hayley Campbell   |   Release Notes

    We are excited to announce the first preview release of Event Store 6.0.0! With this release we want to show you where we are planning on taking Event Store in the future. This release is not intended to be used in production and is still rough around the edges, but we welcome your feedback as we prepare a release candidate. If you encounter any issues, please don’t hesitate to [open an issue](https://github.com/EventStore/EventStore/issues/new) on GitHub if...

    Read article

    Event Store 5.0.5

      |   Written by: Hayley Campbell   |   Release Notes

    Event Store 5.0.5 is out! This release contains an important bug fix for SSL connections on Event Store versions 5.0.0 and above. The bug can cause exceptions both on the client and server when using secured TCP connections to Event Store. If you are using SSL TCP connections with Event Store, we recommend upgrading both your server and client to this version. It is available for the following operating systems: - Windows - Ubuntu 18.04...

    Read article