Dear community,
Apache CouchDB® 3.4.1 has been released and is available for download. It is a
feature and bugfix release, and was originally published on 2024-09-27.
3.4.1? — What happened to 3.4.0?! Great question!
-------------------------------------------------
We had 3.4.0 _almost_ ready to be released and mere hours before making it
official, we realised that a new feature could lead to an unsatisfactory
scenario for some users. Namely: the automatic upgrading of password hashes to a
stronger algorithm could lead to folks upgrading to 3.4.0 and them not being
able to roll back to the previous version without locking out users that have
had their password hashes automatically upgrade.
The CouchDB team aims to make every release _safe to upgrade_, aside from major
releases with well-documented breaking changes. So 3.4.0 would not be safe to
upgrade and we decided to not announce its availability, even though everything
was ready to go.
Instead we immediately fast-tracked version 3.4.1 that disabled the feature by
default and this is instead the release that is safe to upgrade to. Please
note that the new hashing algorithm is still enabled by default. User accounts
created after the upgrade will not be able to downgrade.
The CouchDB team recommends enabling the feature once you are safely running
3.4.1 and have no longer a need to downgrade.
Release Notes highlights:
-------------------------
* Add Nouveau (beta) a modern, from-the-ground-up implementation of
Lucene-based full-text search for CouchDB.
* Add QuickJS as a JavaScript engine option. Advantages over SpiderMonkey:
* Preliminary test results show multiple performance improvements.
* 4x faster than SpiderMonkey 1.8.5.
* 5x faster than SpiderMonkey 91.
* 6x reduced memory usage per `couchjs` process (5MB vs 30MB).
* Optionally replace md5 with xxHash for data integrity checksums. 30% speed
up on larger (128k) docs, no difference for smaller docs.
* Require auth for `_replicate` endpoint. This continues the 3.x
closed-by-default design goal.
* Introduce PBKDF2-SHA256 for password hashing. The existing PBKDF2-SHA1 variant
is now deprecated.
* Many small and medium performance improvements
(https://docs.couchdb.org/en/latest/whatsnew/3.4.html#performance).
* Many, many bug fixes and improvements to our test suite.
See the official release notes document for an exhaustive list of all changes:
https://docs.couchdb.org/en/stable/whatsnew/3.4.html
Pre-built packages for Windows, macOS, Debian/Ubuntu and RHEL/CentOS as well as
Docker images for CouchDB and Nouveau are available alongside the source code
distribution:
https://couchdb.apache.org/#download
Apache CouchDB® lets you access your data where you need it. The Couch
Replication Protocol is implemented in a variety of projects and products that
span every imaginable computing environment from globally distributed
server-clusters, over mobile phones to web browsers.
Store your data safely, on your own servers, or with any leading cloud
provider. Your web- and native applications love CouchDB, because it speaks JSON
natively and supports binary data for all your data storage needs.
The Couch Replication Protocol lets your data flow seamlessly between server
clusters to mobile phones and web browsers, enabling a compelling offline-first
user-experience while maintaining high performance and strong reliability.
CouchDB comes with a developer-friendly query language, and optionally MapReduce
for simple, efficient, and comprehensive data retrieval.
The community would like to thank all contributors for their part in making
this release, from the smallest bug report or patch to major contributions in
code, design, or marketing, we couldn’t have done it without you!
On behalf of the CouchDB PMC,
Jan Lehnardt
—
