v2.49.4
Breaking Changes📦 hasura-authView on GitHub →
⚠ 1 breaking✨ 5 features🐛 1 fixes🔧 6 symbols
Summary
This patch release introduces idempotency for server migrations, adds queue size limiting and monitoring for WebSockets, and introduces stricter JWT validation options. It also removes support for the deprecated X-Hasura-Access-Key header.
⚠️ Breaking Changes
- The handling of the long-deprecated `X-Hasura-Access-Key` header has been removed. Clients must switch to using the `X-Hasura-Admin-Secret` header.
Migration Steps
- Clients relying on the `X-Hasura-Access-Key` header must update their requests to use the `X-Hasura-Admin-Secret` header instead.
- Users concerned about slow clients piling up websocket messages can set `HASURA_GRAPHQL_WEBSOCKET_QUEUE_SIZE` to a desired limit (e.g., 1 for freshest value pulling).
- Users with self-hosted identity systems should review their JWT configuration and consider enabling the 'extra_required_claims' option if they rely on issuer/audience validation.
✨ New Features
- Server migrations for catalog and PG sources are now idempotent by using `IF NOT EXISTS` in `ADD COLUMN` statements.
- A new option `HASURA_GRAPHQL_WEBSOCKET_QUEUE_SIZE` is introduced to bound the internal websocket send queue (default 100).
- New metrics `hasura_websocket_messages_queued_total` and `hasura_websocket_messages_evicted_total` are added to monitor websocket queueing and eviction.
- The JWT configuration now supports an 'extra_required_claims' option for stricter validation of 'issuer' and/or 'audience' fields in supplied JWTs.
- A new CLI command `hasura metadata apply-data-sources` (config v3) was added to apply only data source connection configurations idempotently without affecting other metadata.
🐛 Bug Fixes
- Server catalog and PG source migrations no longer fail on re-application if the migration was applied but version recording failed, due to the use of `IF NOT EXISTS`.