v1.54.0

Security

• Prevent cache poisoning. The dispatch Check cache key now incorporates check hints. See GHSA-4vrg-r928-h5vv

Added

• Query Planner: fast serialize/deserialize for query plans (#3122)

Changed

• Cache: switch to otter as the primary cache implementation (#3112)
• Server handles: GRPCDialContext as a handle on the server used deprecated gRPC methods. We modernized it and renamed it to NewClient (#3147)

Fixed

• The watching schema cache (--enable-experimental-watchable-schema-cache) no longer enters permanent fallback on transient watch errors. A new supervisor restarts the watch cycle with bounded exponential backoff and only treats caller-driven cancellation or unsupported-watch as terminal (#3134)
• Watch consumers that request WatchCheckpoints now eventually observe every revision returned by WriteRelationships as a checkpoint. MemDB regressed this in #2578 for no-op writes and MySQL never emitted checkpoints at all prior to now. Both now emit a checkpoint at the new revision. (#3114)
• When Query Planner evaluates a union, short-circuit if one of the branches yields a positive un-caveated result (#3120)
• DispatchQueryPlan previously did not try to use the singleflight middleware for check calls. (#3119)
• Fixed regression introduced in 1.53.0. Postgres HeadRevision no longer allocates a new transaction ID on every call (#3127)
• Fixed regression introduced in 1.53.0 for MySQL migration scripts (#3129)
• Query Planner: LookupSubjects no longer returns a subject excluded from a wildcard (e.g. viewer:* - banned) when the exclusion feeds an intersection (experimental --experimental-query-plan ls) (#3136)
• Tracing: When server is shutting down, flush traces. Also, elide the need for setting OTEL_EXPORTER_OTLP_ENDPOINT. (#3108)
• Fixed a LookupSubjects issue in the query planner around the handling of wildcards in compound permissions (#3140)
• MySQL: identifiers (object/subject IDs and relationship counter names) are now stored with a case-sensitive (binary) collation, matching the Postgres, CockroachDB, and Spanner datastores. Previously, identifiers differing only in letter case (e.g. Foo and foo) incorrectly collided in unique indexes and lookups. ⚠️ The migration rebuilds the relation_tuple table in place via ALTER TABLE, which can hold a metadata/table lock for a long time on large datasets — run the upgrade in a low-traffic window, or apply it with an online schema-change tool (e.g. gh-ost). (#3161)
• server.NewConfigWithOptionsAndDefaults now populates Config and its embedded structs with the same defaults as the CLI flags, fixing zero-value behavior when embedding SpiceDB as a library. (#3156)

What's Changed

• feat: add prometheus metrics for DispatchQueryPlan by @barakmich in #3109
• chore: bump grpc-health-probe by @miparnisari in #3111
• docs: fix changelog by @miparnisari in #3113
• fix: Watch checkpointing in memdb and mysql by @miparnisari in #3114
• chore: use otter as the primary cache implementation and get rid of alternative implementations by @tstirrat15 in #3112
• fix(QP): short-circuit unions where applicable by @miparnisari in #3121
• feat: registry for the iterators by @barakmich in #3118
• testing: add benchmarking to compare LocalExecutor vs DispatchExecutor by @barakmich in #3117
• fix: route query plan dispatch checks through singleflight by @barakmich in #3119
• chore: clarify --termination-log-path flag description by @ivanauth in #3126
• fix: postgres implementation of HeadRevision by @miparnisari in #3127
• feat: introduce a hand-written serialize/deserialize for iterators by @barakmich in #3122
• test: include migration scripts for coverage by @miparnisari in #3128
• fix: mysql migrations by @miparnisari in #3129
• refactor: carry schema hash inside ZedTokens by @josephschorr in #3125
• chore: bump go packages for cve by @miparnisari in #3132
• test: Improve code coverage of tests by @josephschorr in #3063
• fix(schemacache): supervisor recovers from transient watch errors by @vroldanbet in #3134
• otel: replace cobraotel with native lifecycle management by @Jdepp007004 in #3108
• refactor(schemacache): post-#3134 cleanup and race fix by @vroldanbet in #3138
• fix(query): respect wildcard ExcludedSubjects in LookupSubjects intersection by @matte1782 in #3136
• feat: use serialized plans in dispatch by @barakmich in #3130
• fix: three correctness bugs surfaced by GRPC consistency cross-check by @barakmich in #3140
• chore: use StopAllGoroutines for otter by @tstirrat15 in #3145
• chore(deps): bump github.com/quic-go/quic-go from 0.59.0 to 0.59.1 in /magefiles by @dependabot[bot] in #3153
• refactor: schema watching cache by @miparnisari in #3144
• chore: more spans in datastore proxies by @miparnisari in #3154
• chore: rework handles for gRPC tests by @tstirrat15 in #3147
• fix(mysql): store identifiers with a case-sensitive (binary) collation by @josephschorr in #3161
• docs(cache): clarify Cache interface semantics by @ivanauth in #3152
• refactor: remove global caches object by @miparnisari in #3167
• fix: set library-friendly defaults on server Config by @ivanauth in #3156
• chore: add buffnet authority to connection by @tstirrat15 in #3168
• test: flaky TestLookupResources by @miparnisari in #3171
• test: address flake in HeadRevisionDoesNotConsumeXID by @tstirrat15 in #3163
• test: add more goleak checks by @miparnisari in #3175
• test(certtest): make TestCertRotation actually verify hot cert reload by @ivanauth in #3169
• chore: Changed AuthZed Cloud Link in readme by @sohanmaheshwar in #3177
• feat(datalayer): schema caching for write transactions by @ecordell in #3160
• chore: make crdb.Pool code unit-testable by @miparnisari in #3180
• fix: #3179 by @miparnisari in #3181
• fix(lsp): resolve hover on the right side of arrow expressions by @ivanauth in #3157
• refactor: create a new prometheus registry for every server by @miparnisari in #3170

New Contributors

• @Jdepp007004 made their first contribution in #3108
• @matte1782 made their first contribution in #3136

Docker Images

This release is available at authzed/spicedb:v1.54.0, quay.io/authzed/spicedb:v1.54.0, ghcr.io/authzed/spicedb:v1.54.0

v1.53.0

Added

• Add DispatchExecutor, a query plan executor that is Dispatch-aware and sends subproblems on Alias boundaries (#3074)

• Implement Dispatch caching for query plan execution (#3079)

• Add new optimizer to query planner based on set theory laws for simplifications (#3051)

• Experimental: Add unified schema storage with ReadStoredSchema/WriteStoredSchema APIs for improved schema read performance (#2924)

  This feature stores the entire schema as a single serialized proto rather than reading individual namespace and caveat definitions separately, significantly improving schema read performance.

  Migration to unified schema storage is controlled by the --experimental-schema-mode flag, which supports a 4-phase rolling migration:

  1. read-legacy-write-legacy (default) - No change; reads and writes use legacy per-definition storage.
  2. read-legacy-write-both - Reads from legacy storage, writes to both legacy and unified storage. This is the first migration step and backfills the unified schema table.
  3. read-new-write-both - Reads from unified storage, writes to both. Validates the new read path while maintaining backward compatibility.
  4. read-new-write-new - Reads and writes only unified storage. This is the final migration target.

  Deployment:

  • Progress through the stages manually by updating the --experimental-schema-mode flag and performing a rolling restart at each stage. You can also take the system down briefly and move directly from stage 1 to stage 4, which runs the full migration in one step.

Changed

• Build: strip quarantine attribute for MacOS (#3082)

Fixed

• Query plan contexts are written to during recursive calls -- for now, disable dispatch inside recursive calls (#3078)

What's Changed

• chore: roll changelog by @tstirrat15 in #3080
• feat: add a DispatchExecutor for query plans to the dispatch package by @barakmich in #3074
• test: prevent flaky TestCertWatcher by @miparnisari in #3083
• fix: do not dispatch within a recursive context by @barakmich in #3078
• build: strip quarantine attribute for macos by @miparnisari in #3082
• chore(deps): bump github.com/jackc/pgx/v5 from 5.9.1 to 5.9.2 by @dependabot[bot] in #3068
• feat: implement handling of dispatch and caching for DispatchQueryPlan by @barakmich in #3079
• feat: add unified schema storage with ReadStoredSchema/WriteStoredSchema by @josephschorr in #2924
• chore: remove errant comment by @tstirrat15 in #3090
• fix: add benchmark fixes after schema cache, applying optimizations by @barakmich in #3091
• fix: wire DispatchExecutor into the GRPC path properly and fix correctness by @barakmich in #3093
• chore: bump go version to 1.26.3 by @barakmich in #3098
• ci: save benchmarks to cache on main by @miparnisari in #3103
• chore(deps): bump the github-actions group across 1 directory with 18 updates by @dependabot[bot] in #3104
• refactor: wire QueryPlanMetadata through dispatch as well by @barakmich in #3096
• feat(queryopt): set simplification optimizer by @jzelinskie in #3051

Full Changelog: v1.52.0...v1.53.0

Docker Images

This release is available at authzed/spicedb:v1.53.0, quay.io/authzed/spicedb:v1.53.0, ghcr.io/authzed/spicedb:v1.53.0

v1.52.0

What's changed

Added

• Added support for YAML-based validation files in DevContext (#3024)
• Added support for YAML-based validation files in the Language Server (#3024)
• Enable statistics-based optimizations when --experimental-query-plan is enabled. (#3052)
• Added missing implementations of cursoring for LookupResource, LookupSubjects and ReadRelationships calls in FDW (#3016)
• Add new gRPC Dispatch API and messages for dispatching query plans (#3072)
• Support new withDebug flag in LookupResources calls to identify cycles (#3070)

Changed

• Removed MySQL metrics prefixed with go_sql_stats_connections_* in favor of those prefixed with go_sql_* (#2980)
• Removed support for Spanner flag value --datastore-spanner-metrics=deprecated-prometheus; please use values otel or native (#2980)
• Reduced binary size (#3005)
• Reduce memory consumption of Watch API (#2578)

Fixed

• Improved error message when expiration is written before caveat in a relationship (#3071)
• On a Postgres setup with read replicas, some requests may silently swallow errors of sort "revision not found in replica" (#2979)
• Use cgroup-aware memory detection for cache and watch buffer sizing in containerized environments (#3000)
• Upgraded the spanner client, which changed the internal implementation to not use a session pool. This means that the --datastore-spanner-max-sessions and --datastore-spanner-min-sessions flags are now deprecated and no-op. We also strongly recommend using Application Default Credentials in favor of a credentials file. (#3038)
• Query Planner: error "ERROR: index \"pk_relation_tuple\" cannot be used for this query (SQLSTATE 42809)" returned when using wildcards (#3039)
• Providing one of (--grpc-tls-cert-path, --grpc-tls-key-path) but not the other is now considered an error state, as both are necessary if you want to use TLS.
• In a caveat context that uses nested lists of lists, the hashes generated for cache keys could collide because of an issue with the serialization logic. The serialization now uses deterministic protobuf serialization which avoids this issue (#3065)

v1.51.1

Fixed

• Moderate severity CVE-2026-40091

Full Changelog: v1.51.0...v1.51.1

Docker Images

This release is available at authzed/spicedb:v1.51.1, quay.io/authzed/spicedb:v1.51.1, ghcr.io/authzed/spicedb:v1.51.1

v1.51.0

⚠️ Warning: Due to CVE-2026-40091, please use v1.51.1.

Changed

• Updated DevContext and LSP to support composable schemas (#2965)

Fixed

• Fix increase in memory usage brought in v1.50.0 due to replacing protoc-gen-validate with protovalidate (#2984)
• Fix duplicate diagnostics in LSP server when VS Code pulls diagnostics (#2977)
• In DevContext's schema position mapper, only the first occurrence of a caveat parameter could be found (#2972)

What's Changed

• chore: release 1.50.0 by @miparnisari in #2974
• chore: bump grpc for CVE by @miparnisari in #2976
• Fix duplicate diagnostics in LSP server by @ivanauth in #2977
• test(*): remove all t.Parallel() calls in the tests by @barakmich in #2955
• fix(devContext): only the first occurrence of a caveat parameter coul… by @miparnisari in #2972
• chore: better tracing (generator.GenerateSchema, WriteSchema) by @miparnisari in #2981
• fix: pin trivy while they figure things out by @barakmich in #2983
• fix(memory): use global protovalidate instance and bump version by @miparnisari in #2984
• feat: update DevContext and LSP to support composable schemas by @tstirrat15 in #2965

Full Changelog: v1.50.0...v1.51.0

Docker Images

This release is available at authzed/spicedb:v1.51.0, quay.io/authzed/spicedb:v1.51.0, ghcr.io/authzed/spicedb:v1.51.0

v1.50.0

⚠️ Warning: Due to an increase in memory usage and CVE-2026-40091, please use v1.51.1.

Added

• Query Planner: New pkg/query/queryopt package for building optimizations (#2970)
• Added tracing to request validation (#2950)

Changed

• Updated CI so that Postgres tests run against v18 which is GA and not against v13 which is EOL (#2926)
• Use protovalidate instead of protoc-gen-validate for request validation (#2863, #2596, #2959)
• Query Planner optimization: in Check requests, prune branches that cannot lead to the subject type specified (#2968)
• Added lr and ls to --experimental-query-plan for those endpoints, as well as in-memory statistics for optimizing the plans (#2929)

Fixed

• Regression introduced in 1.49.2: missing spans in ReadSchema calls (#2947)
• Long standing bug in the way postgres revisions were being compared. Sometimes revisions that were actually overlapping were erroneously being ordered. (#2958)
• Prevent panics in schema compiler, which can reproduce if using the VSCode extension or zed (#2971)

What's Changed

• chore: release 1.49.2 by @miparnisari in #2935
• chore: use correct logger in import logic by @tstirrat15 in #2937
• chore: walk postgres versions by @tstirrat15 in #2926
• chore: update versions in datastore support tags by @tstirrat15 in #2938
• chore: update grafana dashboards by @miparnisari in #2940
• refactor: remove metrics that are not useful or not written to by @miparnisari in #2941
• test(query): Add a new benchmark for wide arrows by @barakmich in #2927
• fix(query): fix arrow reversal tagging the subrelation incorrectly by @barakmich in #2943
• chore: use protovalidate interceptor instead of protoc-gen-validate interceptor by @tstirrat15 in #2863
• ci: add concurrency settings to workflows by @tstirrat15 in #2945
• chore: fix regression from #2912 - tracing in ReadSchema calls by @miparnisari in #2947
• chore: use dockerhub instead of gcr by @tstirrat15 in #2949
• chore: bump memory available to integration tests by @tstirrat15 in #2951
• feat(query): add a PlanAdvisor framework in place of StatisticsSource by @barakmich in #2928
• chore: add ctx to RevisionedReader.ReadSchema() by @miparnisari in #2952
• test: prevent duplicate metrics collector registration attempted by @miparnisari in #2957
• chore(datastore): expose GC interfaces, errors, and context proxy by @ecordell in #2942
• Update buf and use protovalidate by @tstirrat15 in #2596
• test: update test ObservableProxy so it runs faster by @miparnisari in #2960
• test: add tests for migrate command by @ivanauth in #2822
• test: add unit tests for consistency/forcefull.go by @ivanauth in #2916
• chore(deps): bump the github-actions group across 1 directory with 5 updates by @dependabot[bot] in #2939
• feat: add tracing to proto validation by @miparnisari in #2950
• chore: clean up all unused parameters by @mishto in #2931
• chore: pre-warm validator caches by @tstirrat15 in #2959
• fix: postgres revision compare for semi-disjoint overlapping transactions by @jakedt in #2958
• chore: add singleflightcheck analyzer to enforce context-aware singleflight by @josephschorr in #2954
• fix: bump to golang v1.25.8 by @barakmich in #2969
• refactor(query): add QueryDatastoreReader to act as an implementation shim for datastores by @barakmich in #2956
• chore: remove unused counting proxy by @miparnisari in #2967
• refactor: create new queryopt package to target query plan optimizations by @barakmich in #2970
• feat(qp): prune branches that cannot lead to the subject type of the … by @miparnisari in #2968
• chore(services): store observed counts in permissionsServer, add LR/LS flags by @barakmich in #2929
• fix: prevent panics in case of nils by @miparnisari in #2971

New Contributors

• @mishto made their first contribution in #2931

Full Changelog: v1.49.2...v1.50.0

Docker Images

This release is available at authzed/spicedb:v1.50.0, quay.io/authzed/spicedb:v1.50.0, ghcr.io/authzed/spicedb:v1.50.0

v1.49.2

⚠️ Warning: Due to CVE-2026-40091, please use v1.51.1.

Added

• feat(query planner): add recursive direction strategies, and fix IS BFS (#2891)
• feat(query planner): introduce query plan outlines and canonicalization (#2901)
• Schema v2: introduces support for PostOrder traversal in walk.go (#2761) and improve PostOrder walker cycle detection (#2902)

Changed

• Begin deprecation of library "github.com/dlmiddlecote/sqlstats" (#2904).
  NOTE: in a future release, MySQL metrics will change.
• Add support for imports and partials to the schemadsl package that drives the LSP and development server (#2919).
• Added support for CRDB 26.1 by fixing how version information is read from the cluster

Fixed

• enforce graceful shutdown on serve and serve-testing (#2888)
• Spanner metrics regression (#2329)
• improve streaming dispatch logging and observability (#2915)

What's Changed

• fix: enforce graceful shutdown on serve and serve-testing by @miparnisari in #2888
• feat: add recursive direction strategies, and fix IS BFS by @barakmich in #2891
• chore: rename all iterators to a consistent pattern by @barakmich in #2896
• chore: fix flake in parser tests by @tstirrat15 in #2897
• chore: remove addSubIterator and make iterators less mutable by @barakmich in #2898
• test: use synctest in some CRDB pool retry tests by @ivanauth in #2754
• test: fix race condition in TestRecursiveCheckStrategies by @vroldanbet in #2893
• feat: introduce support for schema PostOrder traversal by @vroldanbet in #2761
• fix(schemav2): improve PostOrder walker cycle detection by @vroldanbet in #2902
• chore: update grafana dashboard and docker-compose setup by @miparnisari in #2899
• test: add tests for health check service by @ecordell in #2468
• chore: add postgres docker-compose setup by @miparnisari in #2903
• chore: add partial support to schemadsl by @tstirrat15 in #2895
• style: run new go fix with modernizers by @jzelinskie in #2906
• chore(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 by @dependabot[bot] in #2908
• chore(breaking): refactor typesystem by @miparnisari in #2876
• chore: add docker-compose for mysql and begin deprecating go_sql_* by @miparnisari in #2904
• chore: more lint fixes by @tstirrat15 in #2909
• chore: lint PR titles by @tstirrat15 in #2911
• chore: bump otel for CVE fix by @barakmich in #2913
• fix: spanner metrics regression by @vroldanbet in #2329
• test: fixup synctest usage in crdbpool by @tstirrat15 in #2910
• refactor: introduce datalayer abstraction, remove intermediate interfaces by @josephschorr in #2912
• fix(cluster): improve streaming dispatch logging and observability by @vroldanbet in #2915
• feat: introduce query plan outlines and canonicalization by @barakmich in #2901
• ci: enforce changelog by @miparnisari in #2764
• ci: unpin github actions related to go by @miparnisari in #2448
• refactor: remove dead code by @miparnisari in #2922
• chore: followup for canonical outlines by @barakmich in #2920
• test: reduce flakiness of RegisterRelationshipCountersInParallelTest by @tstirrat15 in #2820
• chore(query): replace UUIDs with canonical keys and add observers by @barakmich in #2923
• feat: Implement use import by @tstirrat15 in #2919
• chore(datastore): Change the DatastoreTester interface to take a testing.TB by @jakedt in #2925
• chore: add cockroachdb 26.1 to the matrix and modify version parsing by @tstirrat15 in #2907

Full Changelog: v1.49.1...v1.49.2

Docker Images

This release is available at authzed/spicedb:v1.49.2, quay.io/authzed/spicedb:v1.49.2, ghcr.io/authzed/spicedb:v1.49.2

v1.49.1

⚠️ Warning: Due to CVE-2026-40091, please use v1.51.1.

Highlights

• A fix for a low-severity GHSA in #2878

What's Changed

• fix: update IterSubjects for wildcards and Alias iterators for confomance by @barakmich in #2864
• ci: use arm runners in integration tests by @tstirrat15 in #2877
• fix: prevent panic on malformed cursor by @tstirrat15 in #2878
• fix: improve LR consistency and support multiple resourcetypes by @barakmich in #2875
• chore: add metrics and tests to all cache implementations by @miparnisari in #2874
• fix: query both subrelation and ellipses on arrows for IterResources by @barakmich in #2879
• chore(deps): bump the github-actions group with 5 updates by @dependabot[bot] in #2870
• feat: finish LR consistency tests with the fix to the recursive iterator by @barakmich in #2881
• fix: handle self keyword in warnings checks, and check these warnings are error-free in consistency by @barakmich in #2884
• fix: make sure that use self comes out of formatter when self is used by @tstirrat15 in #2885
• build: add new mustcallcheck analyzer and fix instances by @tstirrat15 in #2886
• chore: implement self in schemav2 by @tstirrat15 in #2887

Full Changelog: v1.49.0...v1.49.1

Docker Images

This release is available at authzed/spicedb:v1.49.1, quay.io/authzed/spicedb:v1.49.1, ghcr.io/authzed/spicedb:v1.49.1

v1.49.0

⚠️ Warning: Due to CVE-2026-40091, please use v1.51.1.

Highlights

Support for self keyword added to permissions

Previously, if you wanted to represent something like "a user should be able to view themselves," this required adding a relation to the schema and then writing a relation from the user to itself. We've added support for a self keyword in permissions that represents this directly, which reduces storage requirements, removes the need for a trip to the database, and removes a relationship that needs to be synced.
For more information, see the Docs and the PR: #2785

Experimental

Postgres Foreign Data Wrapper

In #2806, we added a new experimental command to SpiceDB that serves a Postgres Foreign Data Wrapper: spicedb postgres-fdw [flags].
If you configure your Postgres instance accordingly, it can speak to SpiceDB through the FDW as a proxy, allowing you to write queries like:

-- Check if user:alice has permission to view document:readme
SELECT has_permission
FROM permissions
WHERE resource_type = 'document'
  AND resource_id = 'readme'
  AND permission = 'view'
  AND subject_type = 'user'
  AND subject_id = 'alice';

You can now express checks and lookups as SELECTs and JOINs in your main application code, and you can read, write, and delete relationships using Postgres as the client.
For more information, see the documentation in the repo.

Warnings

• This feature is experimental. We'd welcome you trying it out and providing feedback, but it will likely change before its final GA'd form.
• This feature DOES NOT solve the Dual-Write Problem. You can make updates in the context of a Postgres transaction, but Postgres's FDW protocol doesn't support a two-phase commit semantic, which means there are still failure modes where a transactional write will land in SpiceDB but not Postgres or vice-versa.

Query Planner

This release includes the first experimental handle on our new Query Planner. If you run SpiceDB with the new --experimental-query-plan flag, SpiceDB will use the query planner to resolve queries.
This is mostly provided for the curious; there's still work to do on statistics sources and optimizations before we expect that it will provide performance benefits across most workloads.
We don't yet recommend turning on this flag in your system outside of experiments in your local or development environments. We'll continue work and let you know when it's ready for production.

Smaller Things

• A fix for cockroach's connection pooler where the pooler won't report itself as ready until all connections are ready to be used: #2766
• A fix for a segfault when providing datastore bootstrap files with caveats in them: #2784
• Touching an existing relationship and providing an empty expiration field will now clear an existing expiration value in CRDB and MySQL: #2796
• A fix for lexing Unicode characters in string literals in schemas: #2836
• We've deprecated datastore hedging, as it didn't provide performance gains and led to a less stable system: #2819
• There's a new --datastore-watch-change-buffer-maximum-size flag for the Watch API that determines how many changes SpiceDB will buffer in memory before it emits an error. This protects against OOMkills when the backing datastore fails to produce a checkpoint: #2859

What's Changed

• quic CVE fix in magefiles by @tstirrat15 in #2762
• ci: fix when benchmarks run by @miparnisari in #2759
• test: refactor GC and GC tests to be more reliable using synctest by @tstirrat15 in #2645
• chore: fix some testifylint issues by @tstirrat15 in #2768
• fix: Translate and preserve metadata in schema/v2 by @barakmich in #2767
• Reenable testifylint by @tstirrat15 in #2770
• fix: change crdb ready check to measure idle conns by @tstirrat15 in #2766
• chore: add context to test failure by @tstirrat15 in #2773
• fix(metrics): inverted values for pgxpool_max_conns{read} and pgxpool… by @miparnisari in #2772
• test: fix flaky TestExecuteRepair by @miparnisari in #2750
• Fixes for schema v2 conversion by @josephschorr in #2777
• Fix composable schema interactions with expiration feature by @tstirrat15 in #2780
• chore: improve error message when WriteRelationships has too many upd… by @miparnisari in #2781
• fix: segfault with datastore bootstrap files by @tstirrat15 in #2784
• fix: incorrect validation on WriteRelationships when using wildcard, … by @miparnisari in #2792
• chore: update datastore link in README by @cduruk in #2795
• fix(mysql,crdb): touch without expiration should remove the expiration by @miparnisari in #2796
• test: assert delete caveat by @miparnisari in #2797
• ci: fix docs update workflow by @miparnisari in #2798
• fix (migrate): Improve UX of error msg by @Meyazhagan in #2756
• chore(deps): bump the github-actions group across 1 directory with 10 updates by @dependabot[bot] in #2800
• ci: add more entries to codecov ignores by @miparnisari in #2799
• chore(deps): bump golang from 2611181 to ac09a5f in the docker group by @dependabot[bot] in #2789
• fix: issue with multiple imports leading to empty output by @tstirrat15 in #2804
• test: Set up integration testing to finish implementation of the iterator tree functionality by @barakmich in #2787
• feat: introduce evaluation analysis for query plans by @barakmich in #2774
• Support reading Composable Schemas from fs.FS by @drew-richardson in #2808
• feat: finish initial implementation of IterSubjects by @barakmich in #2809
• chore: use EmptyPathSeq() everywhere and NewLocalContext() for tests by @barakmich in #2811
• chore: improve metrics middleware test by @tstirrat15 in #2812
• chore: fix prealloc lints by @tstirrat15 in #2813
• chore: give more resources to wasm tests by @tstirrat15 in #2818
• chore: intersection lr implementation by @tstirrat15 in #2816
• chore: add exclusion lr operation by @tstirrat15 in #2815
• chore: add datastore LR implementation by @tstirrat15 in #2814
• chore: query arrow LR implementation by @tstirrat15 in #2817
• feat: add arrow reversal optimization by @barakmich in #2821
• chore: intersection arrow LR implementation by @tstirrat15 in #2823
• chore: add LR implementation for Relation iterator by @tstirrat15 in #2824
• chore: fix the combine operation for Expiration and Integrity paths by @barakmich in #2825
• chore: fix query plan alias iterator LR behavior by @tstirrat15 in #2826
• chore: fix query plan intersection arrow LR behavior by @tstirrat15 in #2827
• chore: fix wildcard subject agreement in datastore LR by @tstirrat15 in #2831
• feat: Initial implementation of the PostgresFDW by @josephschorr in #2806
• chore: fix datastore query behavior for LR by @tstirrat15 in #2830
• chore: remove datastore hedging by @tstirrat15 in #2819
• makes clearer pg timestamps should not be used for ordering txs by @vroldanbet in #2832
• fix: lexing utf-8 characters by @tstirrat15 in #2836
• Prepare for single stored schema by @josephschorr in #2805
• chore: update glibc by @tstirrat15 in #2839
• chore: fix gosec issues by @tstirrat15 in #2840
• chore: bump optgen to v0.2.3 by @ecordell in #2837
• feat: implement a proper BFS when doing IterSubjects/IterResources for recursive nodes by @barakmich in #2838
• chore: unhide the --experimental-query-plan flag by @barakmich in #2842
• feat: Add support for self keyword in schema for referencing a resource as a subject by @tstirrat15 in https:...

v1.48.0

Added

• feat: add Memory Protection Middleware (enabled by default, use --enable-memory-protection-middleware=false to disable) by @miparnisari in #2691.
  ⚠️ Now, if your server's memory usage is too high, incoming requests may be rejected with code "ResourceExhausted" (HTTP 429).

Changed

• use FAILED_PRECONDITION for recursion depth errors by @tstirrat15 in #2729
• docs: improve description of some flags by @miparnisari in #2692
• Updated Go to 1.25.5 by @tstirrat15 in #2740

Fixed

• expose x-request-id header in HTTP Gateway responses by @Verolop in #2712
• error message when cannot run 'datastore gc' or 'datastore repair' by @miparnisari in #2609
• Postgres:
  • wire up missing revision timestamp on PG ReadWriteTx by @vroldanbet in #2725
• Spanner:
  • Watch API by @miparnisari in #2560
  • statistics by @miparnisari in #2745

Full Changelog: v1.47.1...v1.48.0

Docker Images

This release is available at authzed/spicedb:v1.48.0, quay.io/authzed/spicedb:v1.48.0, ghcr.io/authzed/spicedb:v1.48.0