Changelog

Highlights

Introducing Input Validation for GraphQL Mutations [Beta]

Hasura now offers a new permission layer called "Input Validations." This feature secures mutations by using pre-execution HTTP webhooks to validate data inputs. It enhances security, provides fine-grained control, and improves data integrity.

You can configure input validations via the Console through the table permissions section! 🚀

Support for native Postgres arrays

Adds support for using native GraphQL arrays with Postgres array fields. Also filtering using _contains and _contained_in operators on array fields is now supported. (fixes #348, #7187)

Note that while the earlier format for input to Postgres array fields (ie. "{dog,cat,bat}") is still supported, the output type of array fields have changed, for instance, text[] used to have the type _text, but will now have [String!].

edit: An experimental feature flag disable_postgres_arrays has been added in v2.29.1 to preserve the earlier behavior.

Behaviour changes

• Remove Data-connector backed databases from the Raw SQL tab in Console as the feature is not supported for them as yet.

• Remove feature flag for the new permissions UI on Postgres. Use the existing UI for Postgres DBs.

• Removing a tracked source from the Console will now cascade delete any dependant metadata objects on other sources.

• The output type of Postgres array fields has changed, for example, for text[] fields from _text to [String!]. See highlight for "Support for native Postgres arrays" above for more details.

• The cumulative header size limit for HTTP requests is set to 1MB. (Cloud only)

Bug fixes and improvements

Server

• Restore function of the optimize_permission_filters experimental feature.
• Add support for {{}} style templates for headers in Actions, Remote Schemas and Event Triggers. You can specify the template as the header value. e.g. bearer {{TOKEN_ENV_VAR}}
• Check for, and disallow, conflicting array and object relationships on the same Native Query.
• Properly handle MS SQL Server inserts with an empty array of values (resolves #8959).
• Add support for setting a default isolation level for MS SQL Server sources and set the default behaviour to read-committed.
• Fix a bug with the Schema Registry where we sent older Metadata resource versions and inconsistent schemas. (Cloud only)
• Add a new environment variable HASURA_GRAPHQL_MAX_TOTAL_HEADER_LENGTH, to configure the cumulative header size limit (in bytes) for HTTP requests, with a default value of 1MB. (Community / Enterprise edition only)

Console

• Fix navigation when a data source is removed.
• The table header for the browse row UI is now sticky.
• Improve table tracking UI for Postgres/MS SQL Server. This is an experimental feature and can be enabled from Settings > Feature Flags > Enable new Table Tracking UI for Postgres & SQL Server
• Add missing common operators in permissions for types: geography and geometry
• Fix array relationship details not showing and allow untracking which was not working in certain edge conditions in new relationships UI. (resolves #9713, #9595)
• Add a Logical Models Details view.
• Allows nesting of Logical Models on creation. Logical Models can also now be marked as arrays in order to have one-to-many relationships defined.
• Enable browse rows and relationship tabs for MongoDB. (Cloud / Enterprise edition only)
• Improves error handling for the database latency check when Hasura cannot connect to the project's connected data source. (Cloud only)

Data Connectors

• Add support for SQL contains comparisons (case-sensitive) for Strings. (Cloud / Enterprise edition only)

Build

• Update ubuntu jammy base image to get the latest security updates.