v4.9.0
Release date
8th Oct 2024
Important
If you have authentication disabled you can ignore this.
This release introduces RBAC (Role-base Access Control) for DBmarlin users. By default any users you create will have no permissions granted to them unless they are an admin user in which case they can do everything.
If you already created any DBmarlin users, after upgrading to 4.9.0, your existing users will all be regular (non-admin) users and will therefore have access to nothing. You should create one or more admin users using the scripts provided (dbmarlin-add-user.sh and dbmarlin-add-user.bat).
Once logged in as an admin user, you can grant access to any other users through the UI under Settings -> Logins.
Improvements​
- Google Cloud SQL for PostgreSQL: exclude
cloudsqladmindatabase and allow for other databases to be excluded if needed. - Updated infrastructure components with latest security fixes (Nginx, Tomcat, Java, PostgreSQL and TimeScaleDB)
- Updated 3rd-party libraries with latest security fixes.
- Usability improvement for setting tags. Select by dropdown rather than typing.
- CockroachDB transaction contention further improvements.
- Improve visibility of Logout menu item.
- Removed unnecessary console log messages.
- Chrome Extension for Splunk Observability integration.
- Event History now restricted by access control.
- SQL Search now restricted by access control.
Fixes​
- Fixed SQL Injection vulnerability.
- SQL Statistics Executions and Execution_count should be the same could slightly differ.
- Ensure
/loginscannot be selected by url when authentication not enabled. - Prevent creating users with blank passwords.
- Filtering instance list - status shield is incorrect until it refreshes.
- SQL Search - badge count incorrect when results contain an EXPLAIN.
Known Issues​
- If you are monitoring a server which requires TLS v1.0 or v1.1 which are now obsolete you will need to edit
./lib/security/java.securityto changedisabledAlgorithmsand restart the DBmarlin Tomcat. See this FAQ for more details.