Changelog

This is a patch release for v2.48.

Bug fixes and improvements

Server

• The experimental feature remove_empty_subscription_responses erroneously did not affect streaming subscriptions, only live queries. After this change --experimental-features=remove_empty_subscription_responses will also work on streaming subscription fields, resulting in less data transferred between Hasura and Postgres for highly-multiplexed queries which most of the time return no updated data.
• Add AGGREGATE_FUNCTION to BigQuery rest routine types.

Changelog

This is a patch release for v2.48.

Bug fixes and improvements

Server

• Preserve type and field descriptions from remote schemas in the resulting unified graphql schema.
• Fix an inconsistency in the CockroachDB backend, where descriptions were populated with an empty string from the database, rather than null.

Console

• Fix remote schema modification failing when schema names contain spaces.

Changelog

• Base ubuntu image updated to ubuntu:jammy-20250530 to fix security vulnerabilities
• Base ubi9 image updated to ubi9-minimal:9.6-1751286687 to fix security vulnerabilities

Changelog

This is a patch release for v2.48.

Bug fixes and improvements

Data Connectors

• Fix queries which select self-referential relationships in Snowflake. Previously, queries such as employee.reports_to <-> employee.employee_id would cause errors. (Cloud / Enterprise edition only)

Changelog

Bug fixes and improvements

Server

• Add a new query tag format standard_prepended, which puts the metadata tag comment before the SQL query. This might help when scanning logs, or when log lines might be truncated.
• Add HASURA_GRAPHQL_PRESERVE_401_ERRORS option to propagate 401 (Unauthorized) status codes back to the client. Currently a 200 status is returned for all errors.
• Add HASURA_GRAPHQL_SERVER_TIMEOUT option to configure request timeouts. (Community / Enterprise edition only)

Console

• REST endpoints with GET method now properly handle query parameters in the console.

Data Connectors

• Fix an issue in the SuperConnector Snowflake adapter which caused errors when performing queries that selected the same relationship more than once. (Cloud / Enterprise edition only)

Changelog

Bug fixes and improvements

Server

• Add a new query tag format standard_prepended, which puts the metadata tag comment before the SQL query. This might help when scanning logs, or when log lines might be truncated.
• Add HASURA_GRAPHQL_PRESERVE_401_ERRORS option to propagate 401 (Unauthorized) status codes back to the client. Currently a 200 status is returned for all errors.
• Add HASURA_GRAPHQL_SERVER_TIMEOUT option to configure request timeouts. (Community / Enterprise edition only)

Console

• REST endpoints with GET method now properly handle query parameters in the console.

Data Connectors

• Fix an issue in the SuperConnector Snowflake adapter which caused errors when performing queries that selected the same relationship more than once. (Cloud / Enterprise edition only)

Changelog

Changelog

Bug fixes and improvements

Server

• Don't attempt to CREATE EXTENSION pgcrypto if it already exists, so users on Azure using an unprivileged Postgres user in Hasura can create the extension manually prior to startup.
• Add new HASURA_GRAPHQL_REDIS_NO_FAIL_ON_STARTUP option, allowing the engine to start up normally, but with rate limiting and caching disabled, if there are errors with redis during startup. (Enterprise edition only)

Console

• Fix connection template and Dynamic Routing settings being reset when editing database in Connection Details page. (Cloud / Enterprise edition only)

CLI

• Add a flag --no-transaction to migrate apply command.

Build

• Update libpq version in UBI9 base image.

Security fixes

Server

Fixed Nested Inherited Roles Permission Propagation

Fixed an issue where permissions were not properly propagated through multiple levels of role inheritance. This affects both queries and mutations:

• For Queries: Previously, when Role D inherited from Role C, which inherited from Roles A and B, the row filters and column restrictions from Role A were not properly applied to Role D. This could allow Role D to access data that should have been restricted.

• For Mutations: Mutations using nested inherited roles now correctly enforce permission constraints. For example:

  If Role A restricts "salary" with {"user_id": "X-Hasura-User-Id"}
  Role D (inheriting from Role C, which inherits from Role A)
  now requires X-Hasura-User-Id when filtering on salary:

  mutation {
    delete_employees(where: {salary: {_gt: 100000}}) {
      affected_rows
    }
  }

Note: If you're using nested inherited roles in your application, you may need to update mutations to include the appropriate session variables that were previously bypassed.

For more details on how inherited roles work, see the documentation.

Changelog

This is a patch release for v2.45.

Bug fixes and improvements

Server

• Add optional no_transaction flag (default false) to run_sql API (Postgres) to execute SQL statements outside transaction blocks, with support for splitting multiple statements. Useful for operations like CREATE INDEX CONCURRENTLY.

Console

• Fix connection template and Dynamic Routing settings being reset when editing database in Connection Details page.

Security fixes

Server

Fixed Nested Inherited Roles Permission Propagation

Fixed an issue where permissions were not properly propagated through multiple levels of role inheritance. This affects both queries and mutations:

• For Queries: Previously, when Role D inherited from Role C, which inherited from Roles A and B, the row filters and column restrictions from Role A were not properly applied to Role D. This could allow Role D to access data that should have been restricted.

• For Mutations: Mutations using nested inherited roles now correctly enforce permission constraints. For example:

  If Role A restricts "salary" with {"user_id": "X-Hasura-User-Id"}
  Role D (inheriting from Role C, which inherits from Role A)
  now requires X-Hasura-User-Id when filtering on salary:

  mutation {
    delete_employees(where: {salary: {_gt: 100000}}) {
      affected_rows
    }
  }

Note: If you're using nested inherited roles in your application, you may need to update mutations to include the appropriate session variables that were previously bypassed.

For more details on how inherited roles work, see the documentation.

Changelog

Bug fixes and improvements

Server

• Don't attempt to CREATE EXTENSION pgcrypto if it already exists, so users on Azure using an unprivileged Postgres user in Hasura can create the extension manually prior to startup.
• Add new HASURA_GRAPHQL_REDIS_NO_FAIL_ON_STARTUP option, allowing the engine to start up normally, but with rate limiting and caching disabled, if there are errors with redis during startup. (Enterprise edition only)

Console

• Fix connection template and Dynamic Routing settings being reset when editing database in Connection Details page. (Cloud / Enterprise edition only)

CLI

• Add a flag --no-transaction to migrate apply command.

Build

• Update libpq version in UBI9 base image.