What’s New in Version 7.6

      +
      Couchbase is the modern database for enterprise applications. Couchbase Server 7.6 combines the strengths of relational databases with the flexibility, performance, and scale of Couchbase.

      For information about platform support changes, deprecation notifications, notable improvements, and fixed and known issues, refer to the Release Notes.

      New Features and Enhancements

      The following new features are provided in this release.

      Platform Support

      • Couchbase Server 7.6 adds support for the following platforms:

        • Alma Linux 9

        • Debian Linux 12 (Bookworm)

        • Rocky Linux 9

        • macOS 13 "Ventura"

        • macOS 14 "Sonoma"

        See Supported Platforms for a full list of supported platforms.

      • In response to CVE-2023-5363 and CVE-2023-5678, OpenSSL upgraded to version 3.1.4.

        This update changes the available ciphers for TLS connections. If you have not updated your client applications to use recent TLS libraries, you may experience an inability to connect and TLS handshake failures. Before upgrading, we recommend testing compatibility in a separate environment – especially if you are unsure that your platform TLS (OpenSSL, Java Secure Socket Extensions, .NET Security Provider, etc.) has compatible ciphers.

      Cluster Manager

      • A required minimum can be established for the number of replicas configured for a bucket. See Setting a Replica-Minimum.

      • In each user-created or sample bucket, a _system scope is created and maintained by default. This scope contains collections used by Couchbase services, for service-specific data. See _system Scope and its Collections.

      • A rank can be assigned to each bucket on the cluster, whereby each bucket’s handling by the rebalance process is appropriately prioritized. Assignment can be made by means of either the CLI or the REST API. This feature allows the cluster’s most mission-critical data to be rebalanced most quickly. See Creating and Editing Buckets.

      • You can now have Couchbase Server prune rotated audit logs after a period of time. You set how long Couchbase Server should keep audit logs by using the new pruneAge parameter for the /settings/audit endpoint. The default value of 0 means that Couchbase Server does not prune audit logs. See Configure Auditing.

      • You can add one or more arbiter nodes to a cluster. An arbiter node helps your cluster in two ways:

        • It provides fast failover which helps decrease the cluster’s latency when reacting to a failover.

        • It provides quorum arbitration that helps avoid contention issues if the nodes in the cluster become partitioned.

      Backup and Restore

      • The Role-Based Access Control (RBAC) REST API has a new backup endpoint that lets you backup and restore user and user groups. See Backup and Restore Users and Groups.

      • The cbbackupmgr command has a new --enable-users flag that backs up user groups and users including roles and permissions. When you supply the new argument, cbbackupmgr saves user passwords in the backup in a hashed format. When restoring a backup, cbbackupmgr defaults to not overwriting existing users in the database with identically named users in the backup. You can change this default behavior using the new --overwrite-users command-line argument. See cbbackupmgr config and cbbackupmgr restore for more about user backup.

      • The cbbackupmgr encrypted backups feature is now GA for both cbbackupmgr CLI and the Backup Service. See Backup Encryption

      Cross Data Center Replication (XDCR)

      Performance

      • You can now migrate buckets from one storage backend to another. This feature supports migrating buckets from Couchstore to Magma and from Magma to Couchstore. You can migrate buckets while the database continues running. To complete the migration you must trigger a swap rebalance or a graceful failover followed by a full recovery on each node that contains the bucket. See Migrate a Bucket’s Storage Backend.

      Security and Authentication

      • Security settings now provide additional parameters, for the configuration of Couchbase-Server user-password hashing. See Configure On-the-Wire Security.

      • Credentials for Couchbase-Server internal users can now be rotated at any time, by means of the REST API. See Rotate Internal Credentials.

      • LDAP authentication now supports using regular expressions to map users to LDAP users and groups. You can supply multiple regular expressions that Couchbase attempts to match against the user name supplied during an authentication attempt. This feature gives you greater flexibility when authenticating users. For example, you can use a regular expression to map the domain name in an email address to an LDAP organization. See Advanced Query under User Authentication Enablement.

      • The Couchbase Server Web Console now supports using Structured Authentication Markup Language (SAML) for authentication. When you enable SAML authentication, a Sign In Using SSO button appears on the Web Console login screen. This button lets users who have already authenticated with the SAML identity provider (Okta, for example) to skip having to enter credentials. See SAML Authentication for more information.

      • Couchbase Server’s LDAP support now has a setting that turns on and off TLS middlebox compatibility. This setting controls low-level network communication options when Couchbase Server securely connects to an LDAP server through intermediate systems such as proxies and firewalls. See Advanced Settings on the Configure LDAP page for more information about this setting.

      • Couchbase Server now supports using Public-Key Cryptography Standard (PKCS) #12 format certificates for node certificates. This format lets you bundle the node’s private key, public key, and certificate chain into a single file. See PKCS #12 Certificates for Nodes for more information.

      • Couchbase Server now supports the X.509 Elliptic Curve Key cipher suites. Elliptic Curve Key ciphers are less resource-intensive than other cipher suites. They’re useful when communicating with resource-constrained devices such as IoT hardware. See Private Keys for more information.

      • Couchbase Server no longer supports TLS versions 1.0 and 1.1. When upgrading to version 7.6 or later, the upgrade process automatically sets minTLSVersion to tlsv1.2 if it’s set to tlsv1 or tlsv1.1. Before you upgrade, be sure all the clients you use support TLS 1.2 or greater. See On-the-Wire Security for more information.

      • To prevent LUCKY13 attacks, Couchbase Server 7.6 removes the following ciphers from the default cipher list:

        • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

        • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

        • TLS_RSA_WITH_AES_256_CBC_SHA

        • TLS_RSA_WITH_AES_128_CBC_SHAa

      • You can now enable alerts for certificate expiration. When enabled, Couchbase Server alerts you when server, node, or XDCR certificates are within 30 days of expiration. You can change the alert period via the new certExpirationDays alert limit setting. Couchbase Server sends a second alert when certificates expire. See Certificate Expiration for more information.

      Metrics

      • Couchbase Server has a new service discovery endpoint to help you configure the Prometheus event monitoring system. The old endpoint, named /prometheus_sd_config.yaml is now deprecated. The new endpoint is able to produce the same output as the old endpoint and has additional features. See Configure Prometheus to Collect Couchbase Metrics.

      • Disk usage statistics now include transient files in progress, state files, and configuration files.

      Index Service

      • You can choose to have the rebalance process move an index’s files between nodes instead of rebuilding them from scratch. This setting improves rebalance performance as moving the files is faster than rebuilding them. See Index Rebalance Methods

      Search Service

      • Couchbase Server 7.6 introduces Vector Search to enable AI integration, semantic search, and the RAG framework. A developer-friendly vector indexing engine exposes a vector database and search functionality. With Couchbase Vector Search, you can enable fast and highly accurate semantic search, ground LLM responses in relevant data to reduce hallucinations, and enhance or enable use cases like personalized searches in e-commerce and media & entertainment, product recommendations, fraud detection, and reverse image search. You can also enable full access to an AI ecosystem with a Langchain integration, the most popular open-source framework for LLM-driven applications.

        A Vector Search database includes:

        • Standard Couchbase vertical/horizontal scaling

        • Indexing capable of efficient Insert/Update/Removal of Items (or documents)

        • Storage of raw Embedding Vectors in the Data Service in the documents themselves

        • Querying Vector Indexes (REST and UI via a JSON object/fragment, Couchbase SDKs, and SQL++)

        • SQL++/N1QL integration

        • Third-party framework integration: Langchain (later Llamaindex + others)

        • Full support for Replicas Partitions and file-based Rebalance

      For more information on the vector search, see Use Vector Search for AI Applications

      Data Service

      • Two changes in Couchbase Server 7.6 affect the maxTTL setting for collections:

        • In earlier versions, you could only set a collection’s maxTTL setting when creating the collection. You can now change the maxTTL setting on a collection after creation.

        • You can now set a collection’s maxTTL to -1 to prevent a bucket’s non-zero maxTTL setting from causing documents in the collection to expire automatically. This new setting is useful if you want most of the documents in a bucket to automatically expire, but want to prevent the documents in one or more collections from expiring by default.

        See Expiration for more information.

      Query Service

      • SQL++ language additions:

        • OFFSET clause added to the DELETE statement.

        • GROUP AS clause added to the GROUP BY clause.

        • FORMALIZE() function.

        • Multi-byte aware string functions.

        • Support for sequences.

        • EXPLAIN FUNCTION statement.

      • The WITH clause adds support for recursive CTEs.

      • The CREATE COLLECTION statement adds support for maxTTL.

      • The cbq shell adds a -query_context command line option.

      • The cbq shell adds an -advise command line option.

      • The /clusterInit endpoint in the Nodes and Clusters REST API adds support for Query memory quotas.

      • Named and positional parameters can now be prefixed by $ or @ in a query.

      • num_replica configured for each index can now be found through SQL++ statement: system:indexes

      • The Query Service adds cluster-level and node-level parameters to limit the size of explain plans in the completed requests catalog.

      • The Query Service adds support for sequential scans, which enables querying without an index.

      • The node-level and request-level N1QL Feature Control parameters now accept hexadecimal strings or decimal integers.

      • Queries can now read from replica vBuckets when active vBuckets are inaccessible. The Query service adds new cluster-level, node-level, and request-level parameters to configure this feature.

      • The CREATE FUNCTION statement now enables users to create a SQL++ user-defined function and the corresponding external JavaScript code in a single operation, without having to create an external library.

      • When a query executes a user-defined function, profiling information is now available for any queries within the UDF.

      • The Query service collects statistics for the cost-based optimizer automatically when an index is created or built.

      • The SORT BY and GROUP BY operations overspill to disk if they exceed the Query service memory quota.

      Analytics

      Eventing Service

      • The optional parameter { "self_recursion": true } can be used with the INSERT, UPSERT, and REPLACE advanced operations to prevent the suppression of recursive source bucket mutations.

      • The built-in ANALYTICS() function allows the Eventing Service to integrate directly with SQL++ Analytics. This integration simplifies Eventing code logic and lets Eventing benefit from the high availability and load balancing of SQL++ Analytics.

      • The advanced TOUCH operation allows you to modify the expiration time of a document without having to access that document first.

      • The Sub-Document MUTATEIN operation allows you to modify only parts of a document instead of the entire document. This Sub-Document operation is faster and more efficient than a full-document operation like REPLACE or UPSERT.

      Install & Upgrade

      • Due to an Erlang compatibility issue, you cannot directly upgrade to Couchbase Server 7.6 from version 6.5 through 7.0. To upgrade a database running one of these earlier versions to 7.6, first upgrade it to Couchbase Server 7.1 or 7.2. See Upgrade for more information.

      Couchbase Server Community Edition

      • You can no longer set the sendStats to false in Couchbase Server Community Edition clusters. You can still set sendStats to false on Couchbase Server Enterprise Edition clusters.