23.6.0 Release Notes

We are pleased to announce the official interim release of EventStoreDB OSS & Commercial version 23.6.0.

This is an interim release, which will be supported until 23.10.0 is released in October 2023.

Read more about our versioning strategy here.

The complete changelog can be found here. If you need help planning your upgrade or want to discuss support, please contact us here.

EventStoreDB 23.6.0 is available for the following operating systems:

Windows
Ubuntu 18.04
Ubuntu 20.04
Ubuntu 22.04
CentOS 7 (Commercial version)
Amazon Linux 2 (Commercial version)
Oracle Linux 7 (Commercial version)

Additionally, you can find docker images including the preview ARM64 image on Dockerhub.

Ubuntu 22.04 is officially supported

We are publishing official Ubuntu 22.04 packages for EventStore version 23.6.0.

Should I upgrade?

23.6.0 is an interim release and is supported until the release of 23.10.0 later this year.

If you want to try out any of the new features in 23.6.0, or get prepared for upgrading to 23.10.0 later on, we recommend that you upgrade to this version.

If you are already running version 22.10.x and would prefer to stay on an LTS version of EventStore, then we recommend that you wait until the 23.10.0 release before upgrading. In the meantime, make sure that you are running the latest version of 22.10 which is 22.10.2 at the time of this release.

If you are running EventStoreDB version 22.6.x or lower, then we recommend that you upgrade to at least 22.10.2.

21.10 reaches end of life this year

EventStore 21.10 reaches its end of life in October this year. There is a 3 month grace period after a version reaches its end of life where we will support it with major fixes or security patches to allow for upgrades to a later version.

We recommend planning your upgrade to either 22.10 or 23.10 before the end of the year.

An online upgrade can be done between 21.10 and 22.10 using the standard upgrade procedure.

Upgrade Procedure

To upgrade a cluster from 21.10.x or 22.10.x, a usual rolling upgrade can be done:

Pick a node (start with the follower nodes first, then choose the leader last).
Stop the node, upgrade it and start it.

Where Can I Get the Packages?

Downloads are available on our website.

The packages can also be installed using the following instructions.

Ubuntu 18.04/20.04/22.04 (via packagecloud)

curl -s https://packagecloud.io/install/repositories/EventStore/EventStore-OSS/script.deb.sh | sudo bash
sudo apt-get install eventstore-oss=23.6.0

Windows (via Chocolatey)

choco install eventstore-oss -version 23.6.0

Docker (via docker hub)

docker pull eventstore/eventstore:23.6.0-bionic
docker pull eventstore/eventstore:23.6.0-buster-slim

Main Features in the Release

The interim release gives you a way to try out new features on a supported version ahead of the coming LTS release. Register for our webinar to see a demo of some of these key changes.

The main features available in 23.6.0 are:

Prometheus Metrics

The database now collects more helpful and usable metrics, making it easier to understand what is happening in the database, and to make better decisions about how to operate it.

These new metrics are collected in Prometheus format and exposed on the /metrics endpoint. You can configure Prometheus to scrape this endpoint directly, allowing you to build dashboards or alert on the metrics that you collect.

For example, a cluster state timeline:

Or Node state timeline:

You can find a full list of the new metrics, how to configure them, and what the outputs of each looks like in the documentation.

Some of the notable new metrics are:

The state of the node - whether the node is a Leader, a Follower, Catching Up or Read Only Replica
The state of index operations such as rebuilding the index or index merges
The state of the scavenge operation
Reads and appends from gRPC clients
Queue processing duration by message type

Security Improvements

Default Admin and Ops passwords

We want to eventually remove the default password “changeit” because having a known default password can leave EventStore vulnerable if the admin and ops passwords aren’t updated.

As such we have added new options to set the default admin and ops passwords on the first run of EventStore. You can do this by setting the EVENTSTORE_DEFAULT_ADMIN_PASSWORD and EVENTSTORE_DEFAULT_OPS_PASSWORD environment variables.

These settings won’t affect a database that has already been created.

In a future version we will be removing the “changeit” default password and require a default password to be configured at startup.

Note: These new options can only be set by environment variable so that the passwords aren’t saved in plaintext to config files

Disable Anonymous Access by Default

Historically, anonymous users with network access have been allowed to read/write streams that do not have access control lists. Anonymous access has also been available to the /stats, /info, and other HTTP endpoints.

Anonymous access is now disabled by default, except for the /info and /ping endpoints.
Gossip is also still anonymous by default while we update our supported clients to use authenticated gossip.

If you need to re-enable anonymous access, you can do this with the new AllowAnonymousEndpointAccess and AllowAnonymousStreamAccess options.

EventStoreDB Commercial version is now FIPS compliant

There is now a commercial plugin to allow EventStoreDB to run on a FIPS-compliant system. You can find instructions on how to download and use this plugin on the commercial downloads site.

We will also be updating our certificate generation tools to create certificates that work on FIPS systems to make testing easier.

Configuration improvements

We want to make configuration of EventStoreDB easier, whether it’s through more informative logs or through better and more streamlined options.

This release has some quality-of-life improvements around configuring certificates as well as some helpful logs to identify misconfigurations in the cluster.

Certificate and Secure Cluster Configuration

A number of the configuration improvements have been around certificates and identifying issues setting up a secure cluster. Some of the main ones are:

Add support for encrypted and unencrypted PKCS8 private key files
Set the default trusted root certificate path on Linux to /etc/ssl/certs so this does not need to be configured for most systems.
Include more detailed errors and warnings about certificate mismatches, and other issues preventing a cluster from running correctly.
Periodically log a warning when the certificate is nearing expiry.

Configuration Quality of Life

Suggest the closest available option when a configuration option is unrecognised
Log a warning when the versions between nodes are mismatched
Log a warning when the connection between nodes is blocked - for example because of a firewall

Redaction (Commercial version)

Events are immutable and cannot be changed after the fact. Usually when you have an event with data that needs to be deleted you should take the following steps:

Rewrite the stream to a new stream without the offending data
Delete the old stream
Run a scavenge to remove the data from disk on each node in turn

With the new scavenge algorithm introduced in 22.10, you no longer have to worry about data in the current chunk not being scavenged because the new algorithm will close the current chunk before scavenging. You can read more about scavenging in the documentation.

If you cannot do the above steps, then we have added a new tool to allow redacting events as a last resort. This tool needs to be run from the database directory of the node and can blank out all of the data in specific events.

If you want to make use of this tool, please contact us here if you do not have commercial support, or reach out to our support team if you do.

Breaking Changes

The updates to anonymous access described above have introduced some breaking changes. We have also removed some unused options in EventStoreDB.

The breaking changes are as follows:

Clients must be authenticated by default

We have disabled anonymous access to streams by default in this version. This means that read and write requests from clients need to be authenticated.

If you see authentication errors when connecting to EventStoreDB after upgrading, please ensure that you are either using default credentials on the connection, or are passing user credentials in with the request itself.

If you want to revert back to the old behaviour, you can enable the AllowAnonymousStreamAccess option in EventStoreDB.

Requests to the HTTP API must be authenticated by default

Like with anonymous access to streams, anonymous access to the HTTP and gRPC endpoints has been disabled by default. The exceptions are the /gossip, /info, and /ping endpoints.

Any tools or monitoring scripts accessing the HTTP endpoints (e.g. /stats) will need to make authenticated requests to EventStoreDB.

If you want to revert back to the old behaviour, you can enable the AllowAnonymousEndpointAccess option in EventStoreDB.

PrepareCount and CommitCount Options have been removed

We have removed the PrepareCount and CommitCount options from EventStoreDB. EventStoreDB will now fail if these options are present in the config on startup.

These options do not have an effect any more and were a holdover from a previous version. You can safely remove them from your configuration file if you have them defined.

Fixes in this release

There were a number of fixes for projections and configuration handling in this release.

For more detailed information about these fixes, please check the Changelog.

Documentation and previous releases notes

Documentation for EventStoreDB can be found here.

Previous release notes can be found here.

Providing Feedback

If you encounter any issues, please don’t hesitate to open an issue on GitHub if there isn’t one already.

We also have an official Discord Server and an active Discuss forum for discussions, questions and for giving us feedback.

If you have any questions that aren't covered in these release notes or the docs, please feel free to reach out.