gitlab postgres-ai/database-lab v4.1.0
on GitLab

7 hours ago

## New Features
  • Teleport integration: new dblab teleport serve CLI command and hostssl cert in default pg_hba (!1105)
  • RDS/Aurora logical refresh component (!1070)
  • Built-in databaseRename option for snapshot jobs (!1096)
  • Protection lease concept for time-limited clone protection (!1088, #669)
  • Prometheus exporter for DBLab metrics (!1087, #668)
  • Sync WAL lag Prometheus metric for physical mode (!1093, #673)
  • ARM64/Colima support and UI API proxying fixes (!1077)
  • Redesigned Disks section in UI to group datasets under a shared pool header (!1103, #682)
  • RDS IAM instance identifier added to config projection (!1106)

## Improvements and Fixes

  • Fixed UI config page crash on undefined databases and customOptions in formatConfig (!1126, #697)
  • Fixed UI 404 on page refresh at /instance (!1120, #693)
  • Fixed pool name in the snapshot API (!1117)
  • Fixed projection.Store overwriting existing YAML slices and maps (!1111, #687)
  • Added timeout to retrieval activity endpoint to prevent hanging (!1109, #686)
  • Stabilized branch metadata verification and protected branch heads during cleanup (!1097)
  • Fixed tab-delimited ZFS output parsing in branch functions (!1102)
  • Fixed misleading disk space indicator for shared ZFS pools (!1095, #674)
  • Use --snapshot-id instead of branch in CLI clone command snippet (!1094, #657)
  • Set default branch to main for clone creation (!1075, #662)
  • Fixed test errors after PostgreSQL 9.6 removal (!1116, #683)

## Security

  • Removed unused crypto/stream polyfills — CVE-2025-14505 (!1124, #270)
  • Resolved CVE-2026-1615 (jsonpath/bfj) and CVE-2024-11831 (serialize-javascript) (!1100, #680)
  • Addressed 3 additional security vulnerabilities in UI npm dependencies (!1099, #680)
  • Fixed CVE-2024-41110: updated Docker base image to 27.5.1 (!1098, #679)
  • Dropped PostgreSQL 9.6 support (EOL since November 2021) (!1115, #683)

## Internal

  • Migrated UI to Vite and ESLint 9, fixed npm CVEs (!1122, #320, #315, #288, #287, #236, #235, #229)
  • Bumped backend dependencies, added upgrades and CVE fixes implementation plan (!1121)
  • Bumped Node from 22-alpine to 24-alpine and closed remaining Dependabot PRs (!1123)
  • Batch patch-level Go and UI dependency bumps (!1128)
  • Bumped all dependencies (Dependabot consolidation) (!1118, #691)
  • Limited Dependabot to security-only updates (!1127)
  • Ignored major version bumps in Dependabot config (!1125)
  • Updated Dependabot configuration for weekly updates (!1072)
  • Improved unit test coverage from 19% to 26% (!1113)
  • DCF-5: added CI peer review gate (SOC2) (!1108)
  • Enabled GitLab SAST scanning — DCF-712 (!1104)
  • Fixed semgrep-sast job broken by global CI settings — DCF-712
  • Added gitleaks pre-commit hook (!1112)
  • CI: added interruptible jobs, auto-cancel, and reduced MR test matrix (!1091, #670, #671)
  • Added missing artifacts to build-binary-client-master (!1092, #670)
  • Added pre-push testing requirement to CLAUDE.md (!1101)

### Full diff
Diff between versions 4.0.4 and 4.1.0

Check out latest releases or
releases around postgres-ai/database-lab v4.1.0

Don't miss a new database-lab release

NewReleases is sending notifications on new releases.

Get notifications