v6.1.5
Notable new features⚓︎
Per-route Traefik IP allowlist⚓︎
Hydrolix now supports per-route IP allowlists in the Traefik proxy. Set the traefik_ip_allowlist tunable to a list of CIDR ranges to restrict cluster access, and use traefik_ip_allowlist_exempt_routes to exempt specific entrypoints or path prefixes. ACME challenge routes are always exempt to allow Let's Encrypt certificate issuance. The load balancer must preserve client IPs for the allowlist to take effect. See the Traefik IP allowlisting guide for configuration details.
Federated authentication for the Config API⚓︎
The Config API now accepts Bearer tokens signed by external JWT issuers, enabling integration with customer-managed identity providers. Configure trusted issuers in the new turbine_api_trusted_token_issuers operator tunable. Existing Keycloak and service account authentication paths are unchanged.
JSON datatype enabled by default⚓︎
Hydrolix now enables JSON datatype support in transforms by default. The json_datatype_enabled tunable defaults to true in v6.1, where earlier versions defaulted to false. JSON columns store schema-flexible objects in a single column, including arrays of scalar values and arrays of JSON objects, and Hydrolix indexes their fields at ingest.
Introduction of parallel hierarchy for Orgs⚓︎
In the future, Hydrolix will support multiple Orgs to offer better support for multi-tenant clusters.
The Config API introduces the Customer in v6.1 as the first step in the transition. See Organizations for a description of the benefits, to be realized in a later release. Read Org transition planning to understand the changes over this and upcoming releases.
- Single-tenant cluster administrators don't need to do anything.
- For multi-tenant clusters, set tunable
turbine_api_feature_migrate_projects_to_orgs=true.
A continuously running background job creates Customer objects according to the setting. In a future release, the parallel hierarchy becomes Orgs, replacing the sole existing Org.
Upgrade instructions⚓︎
Don't skip minor versions when upgrading or downgrading
Skipping versions when upgrading or downgrading Hydrolix can result in database schema inconsistencies and cluster instability. Always upgrade or downgrade sequentially through each minor version.
Example:
Upgrade from 5.10.10 → 5.11.9 → 6.0.8, not 5.10.10 → 6.0.8.
Step 1: Set tunable⚓︎
Set the tunable turbine_api_feature_migrate_projects_to_orgs to true if you want each of the projects in the cluster to be elevated to its own organization, or skip this step and accept the default.
Default behavior: For a single-tenant cluster, after upgrading to v6.1, three Customer objects are created. One Customer object each is created for the projects hydro and sample_project. All other projects are associated with a third Customer object.
This is an example of explicit declaration of the default setting.
Set this for multi-tenant clusters. This tunable must be explicitly set in the Hydrolix cluster spec before upgrading to v6.1.
A distinct Customer object is created for every existing project.
The tunable setting controls a background job that creates the parallel hierarchy and runs for the lifetime of Hydrolix v6.1.
Step 2: Apply the new Hydrolix operator⚓︎
If you have a self-managed installation, apply the new operator directly with the kubectl command examples below. If you're using Hydrolix-supplied tools to manage your installation, follow the procedure prescribed by those tools.
GKE⚓︎
EKS⚓︎
LKE and AKS⚓︎
Step 3: Monitor the upgrade process⚓︎
Kubernetes jobs named init-cluster and init-turbine-api will automatically run to upgrade your entire installation to match the new operator's version number. This will take a few minutes, during which time you can observe your pods' restarts with your Kubernetes monitor tool.
Ensure both the init-cluster and init-turbine-api jobs have completed successfully and that the turbine-api pod has restarted without errors. After that, view the UI and use the API of your new installation as a final check.
If the turbine-api pod doesn't restart successfully, or other functionality is missing, check the logs of the init-cluster and init-turbine-api jobs for details about failures. This can be done using the k9s utility or with the kubectl command:
If you still need help, contact Hydrolix support.
Downgrade instructions⚓︎
Use these instructions when downgrading from v6.1 to v6.0.
- Connect to the Kubernetes cluster using k9s and select the namespace holding the Hydrolix cluster.
- Select the
turbine-apipod andturbine-apicontainer. - Invoke a shell by entering s.
-
Execute each of the following commands, which will produce STDERR to terminal. Each must exit cleanly.
-
Exit the
k9sutility by pressing Ctrl-C. - Follow the upgrade instructions for the latest Hydrolix v6.0 release.
Changelog⚓︎
Updates⚓︎
Intake updates⚓︎
-
Upgraded the operator-managed
hydrolix_otelCollector image fromhdx-collector:1.0.1tohdx-collector:v1.2.1. Clusters that sethydrolix_otel.enabled: truepick up the new image and batch settings on upgrade. -
Updated the Go toolchain to
1.26.3across the intake codebase to address end-of-life concerns. -
Upgraded
jackc/pgx/v5from5.5.5to5.9.2in intake. Resolves critical CVE-2026-41889 (SQL injection in the simple protocol with dollar-quoted strings). -
Upgraded
amazon-kinesis-clientfrom2.7.1to2.7.2to address an HTTP request smuggling vulnerability in dependent library Netty. Resolves critical CVE-2026-42581.
Cluster operations updates⚓︎
-
Updated software packages across control-plane services per Aikido security scan findings:
gunicorn23.0.0 → 26.0.0, addresses AIKIDO-2026-10742openssl0.10.78 → 0.10.80urllib32.6.3 → 2.7.0rustls-webpki0.102.8 → 0.103.13idna3.10 → 3.15yarl1.18.3 → 1.24.2http1.4.0 → 1.4.1
-
Updated Go dependencies in the
hdx-scaler-goandacmeservices to patch a gRPC authorization vulnerability. Satisfies CVE-2026-33186.google.golang.org/grpcv1.78.0 → v1.79.3goccy/go-yamlv1.9.8 → v1.15.2go.opentelemetry.io/otelv1.38.0 → v1.39.0
-
Updated Go dependencies in the
acmeservice to patch a path traversal vulnerability. Satisfies CVE-2026-40611.github.com/go-acme/legov4.31.0 → v4.34.0golang.org/x/expv0.0.0-20241210194714-1829a127f884 → v0.0.0-20260410095643-746e56fc9e2f
-
Upgraded flagged dependencies across the operator components (acme,
hdx-scaler-go, tulugaq, version-service) to resolve security advisories.golang.org/x/cryptov0.50.0 → v0.52.0golang.org/x/net→ v0.55.0h11v0.14.0 → v0.16.0
-
Updated Rust and Python dependencies in
hdx-node-rsandhdx-pod-metricscontrol plane services.Updates for
hdx-node-rsUpdated once_cell 1.20.2 → 1.21.4 Updated openssl 0.10.72 → 0.10.78 Updated openssl-sys 0.9.107 → 0.9.114 Updated rand 0.8.5 → 0.8.6
updates for
hdx-pod-metricsUpdated once_cell 1.21.3 → 1.21.4
updates for
hdx-pod-metrics/validationUpdated matplotlib 3.10.6 → 3.10.9 Updated pillow 11.3.0 → 12.2.0 Updated pygments 2.19.2 → 2.20.0 Updated pytest 8.4.2 → 9.0.3 Removed importlib-resources 6.5.2 Removed zipp 3.23.0
-
Updated
hdx-node-rssoftware dependencies as part of routine maintenance.control/hdx-node-rs/Cargo.lock
Updated darling 0.20.10 → 0.21.3 Updated darling_core 0.20.10 → 0.21.3 Updated darling_macro 0.20.10 → 0.21.3 Updated getrandom 0.2.15 → 0.3.4 Updated hyper 1.5.2 → 1.9.0 Updated hyper-util 0.1.10 → 0.1.20 Updated js-sys 0.3.76 → 0.3.97 Updated json-patch 3.0.1 → 4.2.0 Updated jsonptr 0.6.3 → 0.7.1 Updated k8s-openapi 0.24.0 → 0.26.1 Updated kube 0.98.0 → 2.0.1 Updated kube-client 0.98.0 → 2.0.1 Updated kube-coordinate 0.2.1 → 2.0.0-rc.0 Updated kube-core 0.98.0 → 2.0.1 Updated kube-derive 0.98.0 → 2.0.1 Updated kube-runtime 0.98.0 → 2.0.1 Updated libc 0.2.169 → 0.2.186 Updated rand 0.8.6 → 0.9.4 Updated rand_chacha 0.3.1 → 0.9.0 Updated rand_core 0.6.4 → 0.9.5 Updated reqwest 0.12.9 → 0.12.28 Updated schemars 0.8.21 → 1.2.1 Updated schemars_derive 0.8.21 → 1.2.1 Updated socket2 0.5.8 → 0.6.3 Updated system-configuration 0.6.1 → 0.7.0 Updated tower-http 0.6.2 → 0.6.8 Updated wasm-bindgen 0.2.99 → 0.2.120 Updated wasm-bindgen-futures 0.4.49 → 0.4.70 Updated wasm-bindgen-macro 0.2.99 → 0.2.120 Updated wasm-bindgen-macro-support 0.2.99 → 0.2.120 Updated wasm-bindgen-shared 0.2.99 → 0.2.120 Updated web-sys 0.3.76 → 0.3.97 Updated windows-registry 0.2.0 → 0.6.1 Updated windows-result 0.2.0 → 0.4.1 Updated windows-strings 0.1.0 → 0.5.1 Updated windows-sys 0.59.0 → 0.61.2 Added backon 1.6.0 Added derive_more 2.1.1 Added derive_more-impl 2.1.1 Added gloo-timers 0.3.0 Added iri-string 0.7.12 Added r-efi 5.3.0 Added ref-cast 1.0.25 Added ref-cast-impl 1.0.25 Added rustc_version 0.4.1 Added semver 1.0.28 Added wasip2 1.0.3+wasi-0.2.9 Added windows-link 0.2.1 Added wit-bindgen 0.57.1 Removed backoff 0.4.0 Removed headers 0.4.0 Removed headers-core 0.3.0 Removed hyper-http-proxy 1.0.0 Removed instant 0.1.13 Removed rustls-pemfile 2.2.0 Removed sha1 0.10.6 Removed
wasm-bindgen-backend0.2.99 -
Published a CloudNativePG-based CatalogDB image with PostgreSQL upgraded from 15.2 to 18.3 to the Hydrolix registry, and bumped the
pg_dumpandpg_repackclient tooling. No running CatalogDB changes version; the built-in PostgreSQL image stays at 15.2. -
Bumped the operator-bundled Hydrolix Grafana datasource plugin from 0.6.0 to 0.10.1, picking up:
- Per-query Hydrolix options in the Grafana UI (GRAP-59)
- Regex patterns for ad-hoc filtering (GRAP-77)
- Exposure of datasource errors to Grafana variables (GRAP-155)
See the plugin's GitHub releases for full per-version changelogs.
-
Upgraded the operator-bundled Hydrolix MCP server from 0.2.3 to 0.3.1, which supports ability to disable truststore OS certificate store integration.
-
Upgraded the
janus-proxydefault version from 0.2.2 to 0.2.3. This fixes a schema validation error when interacting with the Config API by dropping the requirement for theis_superuserattribute. -
Updated
turbine-apidependencies for security fixes:djangorestframework3.16.1 → 3.17.1,pyjwt2.11.0 → 2.12.0, andrequests2.32.0 → 2.33.0. -
Applied a further round of Aikido security remediations across operator components, including an
aiohttpbump to 3.13.4,pyasn1to 0.6.3,urllib3updates, non-root Dockerfiles, SHA-512 checksum validation for pulled artifacts, and a SQL-injection hardening fix in the tulugaq transformer command-line interface. -
Removed the internal Redpanda dependency and the legacy stream-head and stream-peer resources from the
init-turbinejob. Redpanda is no longer deployed as a cluster component.
Core updates⚓︎
- Upgraded the ClickHouse query engine from 24.8.6.70-lts to 25.8.16.34-lts.
- JSON query results no longer quote 64-bit integers as strings;
Int64andUInt64values now serialize as JSON numbers. Clients that parse query output may need to adjust their handling. - Ordering by a value extracted from a JSON column now requires an explicit cast to a concrete type, because the dynamically typed
VariantandDynamictypes are no longer allowed inORDER BYkeys.
- JSON query results no longer quote 64-bit integers as strings;
Improvements⚓︎
Config API⚓︎
-
Added Config API support for the
http-headservice. Operators can now create and managehttp-headresources through the Config API. -
Added Config API support for the
hdx_query_batch_sizequery setting. -
Enabled JSON datatype support in transforms by default. The
json_datatype_enabledtunable now defaults totruein v6.1. In earlier versions, it defaulted tofalse. -
Added a new
turbine_api_trusted_token_issuersoperator tunable that lets the Config API accept Bearer tokens signed by external JWT issuers. Each issuer entry takes anissvalue, a JWKS URI, optional signing algorithms, and an optional audience. The engine-sideAccessStoragehonors token TTL by reading the JWTexpclaim intoCredentials.token_expiration_time. Existing Keycloak and service account authentication paths are unchanged. -
Refactored and simplified HTTP application proxy logic supporting the Hydrolix console's interaction with Semantix through the Config API. These changes improve separation between HTTP plumbing logic and business logic. These changes also provide comprehensive support and corrections for HTTP 400 and 500 status codes.
-
Added
POST /config/v1/usersto create users linked to an external identity (issuer + external_id), bypassing the invite flow; tokens from that issuer authorize as the linked user. A newsearch_external_usersparameter onGET /config/v1/userslists them, opt-in now, default after a short deprecation cycle. -
Added
GET /config/v1/orgs/{org_id}/dictionaries/to list every dictionary in an org in a single RBAC-scoped request, instead of one call per project. The endpoint is list-only; create, update, and delete remain on the project-nested dictionaries endpoint. -
Tightened request validation to require an exact match on
hdx_deployment_idbefore a request is rejected. Earlier, looser matching could reject requests intended for the current deployment. -
The Columns API now returns column descriptions and the transforms that reference each column. Descriptions populate from the associated transforms when available.
-
Disabled implicit SQL validation by default. The
HDXAPI_QUERY_VALIDATION_DISABLEDsetting now defaults totrue, which avoids false-positive rejections from thehdx_verify_sqlpath on transforms, merge SQL, and function bodies. The explicit/parse-sqlendpoint is unaffected.
Cluster operations⚓︎
-
Added a
thanos_initial_delayoperator tunable for controlling startup delay on Prometheus Thanos containers. Earlier, theinitial_delaysetting was taken incorrectly from query application settings. -
Added a liveness probe to the Hydrolix operator. The probe improves resilience by allowing Kubernetes to restart the operator pod if it becomes unresponsive.
-
Improved the
o6r_hdx_readymetric and cluster readiness report with more accurate and granular readiness signals. -
Decoupled
query_head_pooling_enabledfrom default-pool HTTP routing. The default-pool catch-all route is now controlled byall_clickhouse_http_via_chproxy_enabledandhttp_proxy.enabledindependently.query_head_pooling_enabledretains its pooling-only role: gating per-pool routing and pool-aware HTTP proxy configuration. -
Added optional and experimental
jsonoutput format to the tulugaq metrics ingestion transform, controlled by the newtulugaq.formattunable. Scraped metrics nest under a singlemJSON column. -
Added
traefik_ip_allowlistandtraefik_ip_allowlist_exempt_routesoperator tunables for per-route IP allowlists in the Traefik proxy. -
Bumped default image versions for the opt-in Hydrolix Innovation Lab services Janus and Anomaly RCA (root cause analysis). Clusters that haven't opted in are unaffected; clusters that have opted in pick up the new images on upgrade unless the
versionfield is pinned.- Janus v0.3.0 → v0.3.1: LiteLLM upstream version bump, RBAC for the Janus Proxy admin API, keys list pagination, security and dependency fixes.
- Anomaly RCA to v0.2.0 (the v6.0 default
v1.0.0was a placeholder tag that was never published): unified Traefik/Keycloak authentication, SQL-injection hardening, migration of the LLM client to use Janus Proxy, RCA privilege-escalation fix, urllib3 upgrade, and accumulated bug fixes.
-
Added new services
semantix-agent,semantix-llm, andsemantix-peeras valid and known to the Hydrolix custom resource definition. -
Introduced optional support to export OpenTelemetry data from
anomaly_rca,janus, and embedded LiteLLM. To enable, set cluster tunablehydrolix_otelorotel_endpoint. -
Introduced liveness and readiness probes for different versions of the MCP Hydrolix service. This is an implementation of the familiar pattern, which improves resilience and controllability for applications in a Kubernetes cluster. Versions of
mcp_hydrolixolder than v0.3.1 use only a TCP probe liveness check. Newer versions use both, as HTTP checks. -
Replaced user and password credentials when configuring services for Kibana Gateway by matching its new support for service account tokens. Since version 2.0, the Kibana Gateway
serviceAccountTokenvariables can hold tokens. -
The HDX Scaler VPA now caps scale-up targets to the per-node free capacity for the scaled resource. Workloads that can't fit on any available node now return
CappedorUnfitNotSchedulabledecisions instead of being stuck in Pending. -
Added
spec.scheduler.apply_to_allandspec.scheduler.apply_to_all_excludeoperator tunables for opting all operator-managed workloads intohdx-binpack-schedulerglobally. Whenapply_to_allistrue, the scheduler is set as the defaultschedulerNameon every operator-created workload, except those inapply_to_all_exclude(default["descheduler"]). Per-servicescale.<svc>.scheduler_nameoverrides and explicit targeting still take precedence. -
Hardened the descheduler's eviction policy. The descheduler and operator pods are now protected via the
DefaultEvictorlabelSelector instead ofmaxUnavailable: 0PDBs, so their nodes no longer blockkubectl drainor cluster-autoscaler scale-down. A newdescheduler.min_replicastunable (default2) stops the descheduler from evicting pods in workloads with fewer replicas; set it to0to disable the guard. -
Bumped the operator-managed Grafana from
grafana/grafana-enterprise:12.4.2to13.0.3, with several quality-of-life improvements. Authentication is now required for Grafana image rendering, custom Grafana URLs are recognized by Keycloak and consolidated in Traefik routing, and the provisioned Prometheus datasource is removed when it's disabled. -
Added a cluster-wide
enginefield tohdx-scaler-goas an alternative to setting the scaler engine per service. -
Added a per-service
engine: python | shadow | gofield and adryRunoption tohdx-scaler-go, allowing shadow validation of the Go scaler against the Python scaler before migrating a service. -
Added a
grpc.health.v1.Healthservice and Kubernetes startup and liveness probes tointake-router, matching the health-probe pattern used by other cluster services.
Core⚓︎
-
Reduced memory allocation when reading JSON partitions: blocks where a path has no data now skip column allocation entirely.
-
Added per-pool Prometheus metrics for the
PeerCoordinatorlifecycle: partition queue depth, peer counts, connection failures, and batch processing duration. -
Added pod-level Prometheus gauges
hdx_cache_capacity_bytes(the configured cache quota for the pod) andhdx_cache_used_bytes(bytes currently occupied by the local file cache). Both gauges always emit, reporting0when the cache is disabled, so cache sizing stays observable. -
Added on-disk caching of partition byte-range data, enabled by default. The new
disable_data_cacheoperator tunable (defaultfalse) turns it off, anddata_cache_max_partition_age_secondslimits caching to partitions under a given age. Caching reduces repeated object-storage reads on query-heavy workloads at the cost of local disk.
Bug fixes⚓︎
Cluster operations fixes⚓︎
-
Fixed CORS preflight (
OPTIONS) requests returning 401 on routes that useunified-authmiddleware (for example,/version,/validator,/ingest). Moving theclobber-headersmiddleware before auth ensures the browser receives CORS response headers before the auth check intercepts the request. Non-preflight requests are unaffected. -
Fixed the operator so it now restarts the
periodic-serviceautomatically when thegeneralconfigmap or secret changes (for example, onDEPLOYMENT_IDrotation or Argus credential changes). Earlier, those values were silently picked up only on manual restart. -
Fixed PodDisruptionBudgets to be emitted for all services regardless of whether the descheduler is enabled. Previously, PDBs were gated on
descheduler.enabled, which allowed the cluster autoscaler to drain nodes and reduce service replicas to zero. -
Fixed pgbouncer userlist creation to occur only when pgbouncer is enabled. Previously, the userlist was created unconditionally, causing spurious errors on clusters where pgbouncer is disabled.
-
Fixed the
traefik-cfgdaemon's routing allowlist, which was using substring matching instead of set membership. -
Fixed missing Kubernetes permissions for the binpacking scheduler so it can read the
extension-apiserver-authenticationConfigMap. -
Fixed four bugs in
hkt render-specso its output respects per-Kubernetes scale, doesn't crash on partial-patch pools, and round-trips cleanly throughhkt get-resources:kubernetes_profileis respected when looking up per-Kubernetes scale values forquery-peer,query-head, andpostgres.render-spec --include-poolsno longer crashes withKeyError: 'cpu'on partial-patch pools that omit a service or cpu override.- Rendered specs round-trip cleanly through
get-resources. - Phantom
merge-i,merge-ii,merge-iiipool entries no longer appear in rendered specs.
-
Fixed
hdx-traefik-authso authorization lookups strip query parameters fromX-Forwarded-Uri. Endpoints like/version?component=operatorno longer return 403 whenenable_traefik_authorizationis on. -
Fixed Traefik OpenTelemetry tracing flag ordering so the rendered container command is deterministic across operator restarts. Earlier, hash-randomized iteration produced a different command on each restart, changed the Deployment's pod template hash, rolled a new ReplicaSet, and exposed Traefik's brief readiness gap as a burst of 503s on every operator deploy.
-
Fixed the
acmeservice to retry failed certificate checks after 15 minutes instead of waiting until the next daily tick. A transient issuance failure on a freshly provisioned cluster previously left Traefik on its self-signed default cert for up to 24 hours. -
Fixed the operator mutating cached resource state when applying an
hdx-operator-configpatch, which caused reconcile loops to drift and index convergence to fail. The operator now deep-copies resources before patching, keeping the desired state stable across reconcile loops. -
Added the deployment ID and cluster manifest version to the OpenTelemetry collector service.
-
Improved efficiency and error handling in transform management for Tulugaq metrics collection. Since output columns are dynamically discovered and added, performance and resilience are important.
-
Collected metrics from
keycloakservices. Earlier, Prometheus wasn't scraping metrics from Keycloak. -
Fixed token authentication on the
query-head-apicontainer by mounting the missing service tokens volume. Earlier, the container couldn't read its service account token.
Config API fixes⚓︎
-
Enabled PostgreSQL connection health checks in
turbine-apiandturbine-worker. When persistent database connections are turned on (turbine_api_database_connection_max_agegreater than 0), the application detects and recycles unhealthy connections before use, reducing API errors from stale connections. The default configuration closes each connection after its request, so clusters that keep the default see no change. -
Added the
GET /config/v1/logout/endpoint to the published OpenAPI schema under theAuthtag. -
Corrected several bugs in management of custom views.
- Addressed several autoview lifecycle problems. Earlier, the autoview didn't become default view after all other views were deleted. Additionally, the autoview was unmodifiable. Accounts with sufficient permission can now set
is_defaulton the autoview. - Fixed a buggy order of operations when creating the autoview and setting it as the default.
- Relaxed the requirement for a
descriptionon columns created in views.
- Addressed several autoview lifecycle problems. Earlier, the autoview didn't become default view after all other views were deleted. Additionally, the autoview was unmodifiable. Accounts with sufficient permission can now set
-
GCP-deployed clusters can now PATCH Kinesis sources (including for credential rotation). Fixed the Config API's Kinesis source validator to accept
https://datastore.googleapis.com/...URLs as valid checkpointer names alongside AWS ARNs. -
Fixed the Config API to allow primary columns to be marked as
virtual: true. Earlier, the API silently setvirtual: falseon all primary columns and rejected explicitvirtual: trueon them.
Intake fixes⚓︎
-
Fixed two storage interaction failures in the reaper system that repeatedly enqueued impossible deletion work. Earlier, when the reaper handled deleted storage paths or missing storage locations, it didn't remove the orphaned catalog entries. Subsequent runs would then enqueue the orphans again leading to deep queues, starving other RabbitMQ operations.
-
Fixed intake configuration parsing that aborted when
token_listin stream settings wasnullrather than absent or an empty list.
Core fixes⚓︎
-
Fixed a
LOGICAL_ERROR: Chunk info was not seterror inMergingAggregatedTransformthat occurred on heavyGROUP BYqueries with many groups. -
Fixed an intermittent hang in
FileLruCachethat could stall query execution on clusters with data caching enabled. -
Fixed a data-caching crash (
SIGSEGV) when zero-size iocbs were present in thecreate_io_stripes/remove_ifpath. Aligned stripes are now rebuilt to handle the zero-size case. -
Fixed range filters using
>or<on primaryDateTime64columns to return correct results. Earlier, comparisons onDateTime64primary keys could produce incorrect filter behaviour. -
Fixed a crash (
SIGSEGV) caused by a column-index shift inremove_ifon partial cache hits where one or more requested columns were absent from the cached partition. -
Fixed a query-head crash (
SIGSEGV) when querying columns that contain arrays of JSON values, caused by the new analyzer's handling of those types in the query transformer. This path is exercised more often in v6.1 because JSON datatype support is enabled by default. -
Fixed access to JSON fields in summary tables. Earlier, querying or writing JSON subcolumns through summary storages could fail or skip data; summary peers schemas now register JSON subcolumns and the read path is bounds-checked.
-
Fixed queries like
SELECT json.records[].fieldreturning empty arrays when the field was missing from the first row's array elements. The query now returns the correct values regardless of row order. -
Fixed JSON ingest to accept unsigned integers in the
(INT64_MAX, UINT64_MAX]range, storing them asdoubleinstead of raisingHdxJsonError. -
Improved debugging diagnostics by logging the full path when encountering errors during requests to block storage services. Earlier, only the path was logged, limiting visibility. For security reasons, HTTP query parameters are stripped before logging.
-
Silenced a duplicate console debugging log stream from the ClickHouse engine. Turbine already logs to its logging stream.
-
Fixed summary-table queries failing with
Illegal type String of argument for aggregate function with Merge suffixwhenhdx_query_batch_sizeis set. The batched-dispatch path was using the wrong table function (turbineinstead ofturbine_summary). -
Fixed a memory leak in the engine's access storage that grew unbounded as users and row policies were reloaded. Long-running clusters with active user or RBAC churn no longer accumulate memory from each reload cycle.
-
Fixed query cache settings not applying as expected. Picked up as part of the ClickHouse 25.8 upgrade.
-
Removed spurious MySQL-interface log entries from query peers. Picked up as part of the ClickHouse 25.8 upgrade.
-
Fixed
INandORfilters with multiple values onUInt128columns (such as IP and UUID types) silently dropping rows in multi-partition tables. Affected queries now return all matching rows. -
Fixed a bug where a storage filesystem was never rebuilt when its credential arrived late in the config.
-
Fixed request-signing failures on GET requests that don't contain a body.
-
Removed ZooKeeper I/O from the query execution path. A background poller now refreshes the ZooKeeper peer list so the query path reads a cached snapshot instead of blocking on ZooKeeper. These changes addressed a query-peer connection reset, a ZooKeeper async-handler context leak, segfaults, and a race condition bug.
-
Fixed point queries with an exact-match timestamp on a primary key (equal minimum and maximum) silently dropping the time filter, which could bypass
hdx_query_timerange_requiredenforcement.