projectnessie/nessie (org.projectnessie.nessie:nessie-bom)
### [`v0.96.0`](https://redirect.github.com/projectnessie/nessie/blob/HEAD/CHANGELOG.md#0960-Release-2024-09-11)
##### Upgrade notes
- Support for Java 8 has been removed, even for Nessie clients. Minimum runtime requirement for clients
is Java 11.
- Nessie Docker images now all execute as user `nessie` (UID 10000 and GID 10001). They would
previously execute as user `default` (UID 185 and GID 0). This is a security improvement, as the
Nessie images no longer run with a UID within the privileged range, and the GID is no longer 0
(root). If you have any custom configurations, especially Kubernetes manifests containing security
contexts, that rely on the previous user `default` (UID 185 and GID 0), you will need to adjust
them to reference the new user `nessie` (UID 10000 and GID 10001) from now on.
- Helm chart: the chart now comes with sane defaults for both pod and container security contexts.
If you have customized these settings, you don't need to do anything. If you have not customized these
settings, you may need to check if the new defaults are compatible with your environment.
##### Breaking changes
- The deprecated JDBC configuration properties for `catalog` and `schema` have been removed.
- Catalog/Object store secrets: Secrets are now referenced via a URN as requirement to introduce support
for secret managers like Vault or those offered by cloud vendors. All secret reference URNs use the
pattern `urn:nessie-secret::`.
The currently supported provider is `quarkus`, the `` is the name of the Quarkus
configuration entry, which can also be an environment variable name.
Make sure to use the new helm chart.
See [Nessie Docs](https://projectnessie.org/nessie-latest/configuration/#secrets-manager-settings).
- Catalog/Object store secrets: secrets are now handled as immutable composites, which is important
to support secrets rotation with external secrets managers.
See [Nessie Docs](https://projectnessie.org/nessie-latest/configuration/#secrets-manager-settings).
##### New Features
- Catalog/ADLS: Added **experimental** support for short-lived SAS tokens passed down to clients. Those
tokens still have read/write access to the whole file system and are **not** scoped down.
- Catalog/GCS: Added **experimental** support for short-lived and scoped down access tokens passed down
to clients, providing a similar functionality as vended-credentials for S3, including object-storage
file layout.
- Client-configs: Commit authors, signed-off-by, message can be customized per REST/HTTP request. Those
can be configured for both the [Nessie client API](https://projectnessie.org/nessie-latest/client_config/)
and for [Iceberg REST catalog clients](https://projectnessie.org/guides/iceberg-rest/).
- Support for Servlet Spec v6 w/ strict URI path validation has been added and will be transparently
used by Nessie REST API v2 clients since this version. This steps is a preparation for when Quarkus
introduces that Servlet Spec. Content keys in URL paths may look different than before. More information
[here](https://redirect.github.com/projectnessie/nessie/blob/main/api/NESSIE-SPEC-2-0.md#content-key-and-namespace-string-representation-in-uri-paths).
- The Swagger UI and OpenAPI generation by Quarkus has been disabled, because the contents/results were
wrong. Instead, refer to [SwaggerHub](https://app.swaggerhub.com/apis/projectnessie/nessie). You can
also fetch the Nessie REST OpenAPI yaml from Nessie `/nessie-openapi/openapi.yaml` (for example via
`curl http://127.0.0.1:19120//nessie-openapi/openapi.yaml`)
- Nessie commit author(s) and "signed off by" can now be configured for both Nessie clients and Iceberg
REST clients. More info on
[projectnessie.org](https://projectnessie.org/guides/iceberg-rest/#customizing-nessie-commit-author-et-al).
- Enable authentication for the Nessie Web UI
- Introduce new `JDBC2` version store type, which is has the same functionality as the `JDBC` version
store type, but uses way less columns, which reduces storage overhead for example in PostgreSQL a lot.
- Introduce new `CASSANDRA2` version store type, which is has the same functionality as the `CASSANDRA` version
store type, but uses way less attributes, which reduces storage overhead.
- Introduce new `DYNAMODB2` version store type, which is has the same functionality as the `DYNAMODB` version
store type, but uses way less attributes, which reduces storage overhead.
- Introduce new `MONGODB2` version store type, which is has the same functionality as the `MONGODB` version
store type, but uses way less attributes, which reduces storage overhead.
- Added functionality to optionally validate that referenced secrets can be resolved, opt-in.
##### Deprecations
- The current version store type `JDBC` is deprecated, please migrate to the new `JDBC2` version store
type. Please use the [Nessie Server Admin Tool](https://projectnessie.org/nessie-latest/export_import)
to migrate from the `JDBC` version store type to `JDBC2`.
- The current version store type `CASSANDRA` is deprecated, please migrate to the new `CASSANDRA2` version store
type. Please use the [Nessie Server Admin Tool](https://projectnessie.org/nessie-latest/export_import)
to migrate from the `CASSANDRA` version store type to `CASSANDRA2`.
- The current version store type `MONGODB` is deprecated, please migrate to the new `MONGODB2` version store
type. Please use the [Nessie Server Admin Tool](https://projectnessie.org/nessie-latest/export_import)
to migrate from the `MONGODB` version store type to `MONGODB2`.
##### Fixes
- CLI: fixed a bug that was preventing the tool from running properly when history is disabled.
Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Enabled.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
0.95.0->0.96.0Release Notes
projectnessie/nessie (org.projectnessie.nessie:nessie-bom)
### [`v0.96.0`](https://redirect.github.com/projectnessie/nessie/blob/HEAD/CHANGELOG.md#0960-Release-2024-09-11) ##### Upgrade notes - Support for Java 8 has been removed, even for Nessie clients. Minimum runtime requirement for clients is Java 11. - Nessie Docker images now all execute as user `nessie` (UID 10000 and GID 10001). They would previously execute as user `default` (UID 185 and GID 0). This is a security improvement, as the Nessie images no longer run with a UID within the privileged range, and the GID is no longer 0 (root). If you have any custom configurations, especially Kubernetes manifests containing security contexts, that rely on the previous user `default` (UID 185 and GID 0), you will need to adjust them to reference the new user `nessie` (UID 10000 and GID 10001) from now on. - Helm chart: the chart now comes with sane defaults for both pod and container security contexts. If you have customized these settings, you don't need to do anything. If you have not customized these settings, you may need to check if the new defaults are compatible with your environment. ##### Breaking changes - The deprecated JDBC configuration properties for `catalog` and `schema` have been removed. - Catalog/Object store secrets: Secrets are now referenced via a URN as requirement to introduce support for secret managers like Vault or those offered by cloud vendors. All secret reference URNs use the pattern `urn:nessie-secret:Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Enabled.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.