We are pleased to announce the official interim release of EventStoreDB OSS & Commercial version 23.6.0.
This is an interim release, which will be supported until 23.10.0 is released in October 2023.
Read more about our versioning strategy here.
The complete changelog can be found here. If you need help planning your upgrade or want to discuss support, please contact us here.
EventStoreDB 23.6.0 is available for the following operating systems:
Additionally, you can find docker images including the preview ARM64 image on Dockerhub.
We are publishing official Ubuntu 22.04 packages for EventStore version 23.6.0.
23.6.0 is an interim release and is supported until the release of 23.10.0 later this year.
If you want to try out any of the new features in 23.6.0, or get prepared for upgrading to 23.10.0 later on, we recommend that you upgrade to this version.
If you are already running version 22.10.x and would prefer to stay on an LTS version of EventStore, then we recommend that you wait until the 23.10.0 release before upgrading. In the meantime, make sure that you are running the latest version of 22.10 which is 22.10.2 at the time of this release.
If you are running EventStoreDB version 22.6.x or lower, then we recommend that you upgrade to at least 22.10.2.
EventStore 21.10 reaches its end of life in October this year. There is a 3 month grace period after a version reaches its end of life where we will support it with major fixes or security patches to allow for upgrades to a later version.
We recommend planning your upgrade to either 22.10 or 23.10 before the end of the year.
An online upgrade can be done between 21.10 and 22.10 using the standard upgrade procedure.
To upgrade a cluster from 21.10.x or 22.10.x, a usual rolling upgrade can be done:
Downloads are available on our website.
The packages can also be installed using the following instructions.
curl -s https://packagecloud.io/install/repositories/EventStore/EventStore-OSS/script.deb.sh | sudo bash
sudo apt-get install eventstore-oss=23.6.0choco install eventstore-oss -version 23.6.0docker pull eventstore/eventstore:23.6.0-bionic
docker pull eventstore/eventstore:23.6.0-buster-slimThe interim release gives you a way to try out new features on a supported version ahead of the coming LTS release. Register for our webinar to see a demo of some of these key changes.
The main features available in 23.6.0 are:
The database now collects more helpful and usable metrics, making it easier to understand what is happening in the database, and to make better decisions about how to operate it.
These new metrics are collected in Prometheus format and exposed on the /metrics endpoint. You can configure Prometheus to scrape this endpoint directly, allowing you to build dashboards or alert on the metrics that you collect.
For example, a cluster state timeline:
Or Node state timeline:
You can find a full list of the new metrics, how to configure them, and what the outputs of each looks like in the documentation.
Some of the notable new metrics are:
We want to eventually remove the default password “changeit” because having a known default password can leave EventStore vulnerable if the admin and ops passwords aren’t updated.
As such we have added new options to set the default admin and ops passwords on the first run of EventStore. You can do this by setting the EVENTSTORE_DEFAULT_ADMIN_PASSWORD and EVENTSTORE_DEFAULT_OPS_PASSWORD environment variables.
These settings won’t affect a database that has already been created.
In a future version we will be removing the “changeit” default password and require a default password to be configured at startup.
Note: These new options can only be set by environment variable so that the passwords aren’t saved in plaintext to config files
Historically, anonymous users with network access have been allowed to read/write streams that do not have access control lists. Anonymous access has also been available to the /stats, /info, and other HTTP endpoints.
Anonymous access is now disabled by default, except for the /info and /ping endpoints.
Gossip is also still anonymous by default while we update our supported clients to use authenticated gossip.
If you need to re-enable anonymous access, you can do this with the new AllowAnonymousEndpointAccess and AllowAnonymousStreamAccess options.
There is now a commercial plugin to allow EventStoreDB to run on a FIPS-compliant system. You can find instructions on how to download and use this plugin on the commercial downloads site.
We will also be updating our certificate generation tools to create certificates that work on FIPS systems to make testing easier.
We want to make configuration of EventStoreDB easier, whether it’s through more informative logs or through better and more streamlined options.
This release has some quality-of-life improvements around configuring certificates as well as some helpful logs to identify misconfigurations in the cluster.
A number of the configuration improvements have been around certificates and identifying issues setting up a secure cluster. Some of the main ones are:
/etc/ssl/certs so this does not need to be configured for most systems.Events are immutable and cannot be changed after the fact. Usually when you have an event with data that needs to be deleted you should take the following steps:
With the new scavenge algorithm introduced in 22.10, you no longer have to worry about data in the current chunk not being scavenged because the new algorithm will close the current chunk before scavenging. You can read more about scavenging in the documentation.
If you cannot do the above steps, then we have added a new tool to allow redacting events as a last resort. This tool needs to be run from the database directory of the node and can blank out all of the data in specific events.
If you want to make use of this tool, please contact us here if you do not have commercial support, or reach out to our support team if you do.
The updates to anonymous access described above have introduced some breaking changes. We have also removed some unused options in EventStoreDB.
The breaking changes are as follows:
We have disabled anonymous access to streams by default in this version. This means that read and write requests from clients need to be authenticated.
If you see authentication errors when connecting to EventStoreDB after upgrading, please ensure that you are either using default credentials on the connection, or are passing user credentials in with the request itself.
If you want to revert back to the old behaviour, you can enable the AllowAnonymousStreamAccess option in EventStoreDB.
Like with anonymous access to streams, anonymous access to the HTTP and gRPC endpoints has been disabled by default. The exceptions are the /gossip, /info, and /ping endpoints.
Any tools or monitoring scripts accessing the HTTP endpoints (e.g. /stats) will need to make authenticated requests to EventStoreDB.
If you want to revert back to the old behaviour, you can enable the AllowAnonymousEndpointAccess option in EventStoreDB.
We have removed the PrepareCount and CommitCount options from EventStoreDB. EventStoreDB will now fail if these options are present in the config on startup.
These options do not have an effect any more and were a holdover from a previous version. You can safely remove them from your configuration file if you have them defined.
There were a number of fixes for projections and configuration handling in this release.
For more detailed information about these fixes, please check the Changelog.
Documentation for EventStoreDB can be found here.
Previous release notes can be found here.
If you encounter any issues, please don’t hesitate to open an issue on GitHub if there isn’t one already.
We also have an official Discord Server and an active Discuss forum for discussions, questions and for giving us feedback.
If you have any questions that aren't covered in these release notes or the docs, please feel free to reach out.