Changelog
Highlights
Introducing Input Validation for GraphQL Mutations [Beta]
Hasura now offers a new permission layer called "Input Validations." This feature secures mutations by using pre-execution HTTP webhooks to validate data inputs. It enhances security, provides fine-grained control, and improves data integrity.
You can use the environment variable HASURA_GRAPHQL_EXPERIMENTAL_FEATURES = input_validations to enable this on the Server and you can configure input validations via the Console through the table permissions section! 🚀
Behaviour changes
-
Remove Data-connector backed databases from the Raw SQL tab in Console as the feature is not supported for them as yet.
-
Remove feature flag for the new permissions UI on Postgres. Use the existing UI for Postgres DBs.
-
Removing a tracked source from the Console will now cascade delete any dependant metadata objects on other sources.
-
The cumulative header size limit for HTTP requests is set to 1MB. (Cloud only)
Bug fixes and improvements
Server
- Implements support for using native GraphQL arrays with Postgres arrays, including filtering with
_containsand_contained_in. - Restore function of the
optimize_permission_filtersexperimental feature. - Add support for
{{}}style templates for headers in Actions, Remote Schemas and Event Triggers. You can specify the template as the header value. e.g.bearer {{TOKEN_ENV_VAR}} - Check for, and disallow, conflicting array and object relationships on the same Native Query.
- Properly handle MS SQL Server inserts with an empty array of values (resolves #8959)
- Adds support for setting a default isolation level for MS SQL Server sources and set the default behaviour to
read-committed. - Adds a new environment variable
HASURA_GRAPHQL_MAX_TOTAL_HEADER_LENGTH, to configure the cumulative header size limit (in bytes) for HTTP requests, with a default value of 1MB. (Community / Enterprise edition only) - Fixes a bug with the Schema Registry where we sent older Metadata resource versions and inconsistent schemas. (Cloud only)
Console
- Fix navigation when a data source is removed.
- The table header for the browse row UI is now sticky.
- Improve table tracking UI for Postgres/MS SQL Server. This is an experimental feature and can be enabled from
Settings > Feature Flags > Enable new Table Tracking UI for Postgres & SQL Server - Add missing common operators in permissions for types:
geographyandgeometry - Fix array relationship details not showing and allow untracking which was not working in certain edge conditions in new relationships UI. (resolves #9713, #9595)
- Enable browse rows and relationship tabs for MongoDB. (Cloud / Enterprise edition only)
- Allows nesting of Logical Models on creation. Logical Models can also now be marked as arrays in order to have one-to-many relationships defined. (Cloud / Enterprise edition only)
- Adds a Logical Models Details view. (Cloud / Enterprise edition only)
- Improves error handling for the database latency check when Hasura cannot connect to the project's connected data source. (Cloud only)
Build
- Upgrades our Docker images to Ubuntu 22.04 to benefit from the latest security patches and improvements.