20 Releases 584 Tags

RSS Feed

• v1.46.0 fcc8f3e4a6

  Compare

  Stable

  aronwk released this 2025-01-15 13:37:14 -06:00 | 3256 commits to main since this release

  Backwards incompatible changes in this release:

  • The default root superuser is now persisted to the privileges database and is scoped to localhost, instead of %. Previously, the root superuser only existed when no other accounts had been created. Creating accounts, then restarting the sql-server would cause the root superuser to disappear. The root@localhost superuser is now created the first time a sql-server is started, as the privileges database is initialized.
  • For Docker customers – note that the default root superuser is now scoped to localhost, instead of any host. This change is made for security and to better match MySQL's default security posture. To connect to a Dolt sql-server from outside the container the sql-server is running on, you need to supply the -e DOLT_ROOT_HOST=<host> argument. For more details and examples, see the dolthub/sql-server Docker readme, our Docker documentation, or our blog post covering this change.

  Per Dolt’s versioning policy, this is a minor version bump because these changes may impact existing applications. Please reach out to us on GitHub or Discord if you have questions or need help with any of these changes.

  Merged PRs

  dolt

  • 8746: Allow dolt sql to always log in as the root superuser
    From the command line, when a sql-server is not running, dolt sql implicitly uses the root account to log, but if the root account exists with a password, dolt sql will fail to log in. Since the user has access to the host and the database data directory, we should allow dolt sql to log into the SQL shell, even if the root user has a password set. This change also makes this behavior match when a sql-server is running, and we allow superuser login through the __dolt_local_user__ account (which only exists while a sql-server is running).
  • 8745: Add --prune option to dolt_pull procedure
    Expose in CLI and test too.
    See: https://github.com/dolthub/dolt/issues/8734
  • 8742: Don't panic when attempting to update workspace table
    Previously a panic was very likely if any update to dolt_workspace_* involved a schema change. This change restricts the updates to the workspace tables only in cases where the schemas have not changed.
  • 8740: /go/libraries/doltcore/sql/dsess: parallelize sql.NewDatabase work
  • 8690: Initialize persisted root superuser on SQL server startup
    Previously, Dolt would only create a root superuser on sql-server startup when no other user accounts had been created. This resulted in a behavior where users would run dolt sql-server, create user accounts, then the next time they restart the sql-server, the root account would no longer be present. This behavior has surprised several customers (see https://github.com/dolthub/dolt/issues/5759) and is different from MySQL's behavior, which creates a persistent root superuser as part of initialization.
    This change modifies this behavior so that a root superuser is created, and persisted, the first time a SQL server is started for a database, unless the --skip-root-user-initialization flag is specified, or if an ephemeral super user is requested with the --user option. Subsequent runs of dolt sql-server do not automatically create the root superuser – only the first time dolt sql-server is started when there is no privileges database yet, will trigger the root user to be created and the privileges database to be initialized
    Internally, this is implemented by detecting the presence of any user account and privilege data stored to disk (by default, in the .doltcfg/privileges.db file). When no user account and privilege data exists, the root superuser initialization logic will run. This means the privileges.db data is now always created on the first run of dolt sql-server, even if the data is empty.
    As part of this change, the root superuser is now scoped to localhost, instead of % (i.e. any host). This improves the default security posture of a Dolt sql-server and better aligns with MySQL's behavior. Customers who rely on using the root account to connect from non-localhost hosts, will need to either log in and alter the root account to allow connections from the hosts they need, or they can specify the DOLT_ROOT_HOST and/or DOLT_ROOT_PASSWORD environment variables to override the default host (localhost) and password ("") for the root account when it is initialized the first time a sql-server is launched.
    One side effect of this change is that dolt sql -u <user> may work differently for some uses. Previously, if there was no user account and privilege data persisted to disk yet (i.e. the .doltcfg/privileges.db file), then users could specify any username and password to dolt sql (e.g. dolt sql -u doesnotexist) and they would still be logged in – user authentication was ignored since no user account and privilege data existed. Now that the user account and privilege data is always initialized when running dolt sql-server, customers may no longer use dolt sql --user <user> to log in with unknown user accounts. The workaround for this is to simply run dolt sql without the --user option, and Dolt will use the default local account.
    Fixes: https://github.com/dolthub/dolt/issues/5759
    Depends on: https://github.com/dolthub/go-mysql-server/pull/2797
    Related to: https://github.com/dolthub/doltgresql/pull/1113
    Documentation updates: https://github.com/dolthub/docs/pull/2460

  go-mysql-server

  • 2814: [rowexec] full outer join rightIter exhaust
    Full join should exhaust right side, not return as soon as we EOF the left iterator.
    fixes: https://github.com/dolthub/dolt/issues/8735
  • 2813: [binder] hoist projections in certain cases where we can combine with top-level projection
    This is a bit unintuitive, but hoisting projections above sorts in the binder seems to uniformly improve projection pruning because we will always combine it with the top-level return projection.
    fixes: https://github.com/dolthub/dolt/issues/8736
  • 2812: Fix cte naming conflict
    fixes: https://github.com/dolthub/dolt/issues/8724
    Distinct CTE references need unique column and table ids.
  • 2811: Reset BytesBuffer after each rowBatch
    Once we spool a batch of rows to client, there's no reason to keep them in memory.
    Fixes https://github.com/dolthub/dolt/issues/8718
  • 2797: Persist and load superusers
    Previously, superusers were persisted to disk, but never loaded back again when the database was restarted. This essentially made all superusers ephemeral, since they only lasted for the duration of a SQL server process.
    This change loads persisted superusers from disk, and also adds a new function to create ephemeral superusers that do not get persisted to disk.
    This also includes a fix for the event scheduler to use a privileged account so that it can load events from all databases.

  vitess

  • 394: parse more partition options in ALTER TABLE statements
    parses more partition options as no-ops
    fixes: https://github.com/dolthub/dolt/issues/8744
  • 393: fix starting by and terminated by order
    the starting by and terminated by clauses in load data statements can appear in any order and any number of times.

  Closed Issues

  • 5759: Dolt's disappearing root user is confusing
  • 8744: Parser support for adding/removing partition

  Downloads

  • dolt-darwin-amd64.tar.gz
    36 MiB

    2025-11-04 18:49:01 -06:00
  • dolt-windows-amd64.7z
    18 MiB

    2025-11-04 18:49:12 -06:00
  • install.sh
    3.2 KiB

    2025-11-04 18:49:17 -06:00
  • Source Code (ZIP)
  • Source Code (TAR.GZ)