Addressed an issue with stuck rebalance email alerts in Couchbase Server.

A problem was introduced in 7.6.2 where the presence of a Cloud Native Gateway in the cluster would cause issues for services connecting to the cluster manager.

The upgrade to Erlang version 26 introduced a change in behavior which requires peer certification when TLS is being used for Alert emails. The peer certification introduced with the changes for this ticket uses the trusted CA certificates provided by the operating system.

Prior to this fix, the ro_security_admin role user did not have read access to security related groups via a GET of /settings/rbac/groups. After this fix, ro_security_admin will be able to see all groups including the security ones

RBAC groups containing security_admin_local, security_admin_external, or ro_admin roles are not handled correctly on upgrade to 8.0. The upgrade handling should replace:

To retrieve a document’s expiration, the user had to specify the sub-path explicitly, i.e., META().expiration. A call to the META() function without the sub-path would return the default expiration value 0 always which was incorrect.

Problem:

CYCLE was added as a KEYWORD for RECURSIVE WITH’s CYCLE subclause.

When a prepared request is made with the auto_execute request parameter set as true, the request would incorrectly error out with error: Unrecognizable prepared statement - cause: JSON unmarshalling error: auto_execute did not produce a prepared statement

In version 8.0, a security vulnerability was identified in the Cluster Manager when node-to-node encryption is enabled and client certificate authentication is configured as Hybrid or Mandatory. This issue, which is not present in releases prior to 8.0, could be exposed via the Eventing service, potentially allowing a user to select and interact with scopes or collections beyond their assigned RBAC permissions. This release (8.0.1) resolves the underlying issue in the Cluster Manager to ensure that RBAC enforcement is strictly maintained for services across all mutual TLS (mTLS) configurations.

Updated chronology for certain storage API calls to avoid rare corner cases of shard metadata mismatch.

Fixed an issue where we did not set docvalues for geopoint fields internally, causing it to be computed on demand for every query

Added support for Debian 13 (Trixie).

In 8.0.0 restoring to a 7.6 and below cluster with --auto-create-buckets did not work as we were sending a new setting. We now omit the setting depending on the version.

Addressed a bug where buckets with cross-cluster versioning enabled (XDCR enable cross-cluster versioning) would cause a merge to fail.

In extremely rare scenarios, document deletions may not be consistently reflected in the index. As a result, a small number of documents that have been successfully deleted from the KV layer may continue to persist in the index as stale entries.

Couchbase Server now supports locking/unlocking users.

Couchbase Server now supports giving users a temporary password.

We have enhanced the security of node-to-node (N2N) communication. Previously, N2N traffic was authenticated using basic authentication. With this release, when N2N encryption is enabled, communication between nodes now uses mutual TLS (mTLS) instead of basic authentication.

Now you can add or remove non-Data Services dynamically on existing nodes in a cluster, without adding or removing nodes. Rebalancing is automatically triggered to distribute service workloads and complete the modification. These are the services that can be modified:

The following data service settings are now supported in the /pools/default/buckets REST api

The Cluster Manager now supports tracking a latest time of use for users.

The bucket statistics REST API GET /pools/default/buckets/[bucket-name]/stats is deprecated and replaced with GET /pools/default/stats/range/[metric_name]/[function-expression]. Similarly, to retrieve statistics for multiple metrics, Couchbase supports the REST API POST /pools/default/stats/range. For retrieving the XDCR statistics details, instead of the REST API GET /pools/default/buckets/[source_bucket]/stats/[destination_endpoint], Couchbase now supports the REST API GET /pools/default/stats/range/[statistics_name].

Metric Rename – Cache Miss Ratio → Get Miss Ratio The Cache Miss Ratio metric name suggested it measured memory or disk caching performance. In reality, as of version 7.6.2, it was redefined to measure the proportion of read (get) operations that fail because the requested key is not present in the bucket at all. To eliminate this confusion, the metric has been renamed to Get Miss Ratio.

Configurable Warmup Behavior (Background Warmup):

The metric kv_vb_ht_memory_bytes is deprecated as it measured the overhead per-hashtable vs the total memory used by the hashtable. The metric is replaced with kv_vb_ht_memory_overhead, which reflects what is being measured.

SET and DELETE with Meta operations could distort the vbucket max_cas if a faulty CAS value is provided in the operation, setting the vbuckets max_cas to an unusually high or inconsistent value. Inadvertently affecting the Hybrid Logical Clock (HLC) and Last Write Wins (LLW) conflict resolution via XDCR. In certain cases, this resulted in legitimate mutations being skipped or ignored during replication. For this reason, the system now fails front-end operations with a CAS value that exceeds the hlc_max_future_threshold, default value of 65 minutes, to prevent a vbucket’s max_cas from getting distorted.

Previously audit would log to a file named audit.log and as part of rotation the file was renamed to a different name. In this release, this is replaced by audit.log being a symbolic link to the file currently being written to.

kv_ep_mem_low_wat_percent_ratio and kv_ep_mem_high_wat_percent_ratio used to report values 0 - 0.01, instead of 0 - 1.

Resolved an issue where TTL-driven deletions via VBucket::deleteItem could generate invalid tombstones containing a document body. This issue occurred when TTL was triggered during the second phase of a 2-phase delete operation. The fix ensures that when TTL triggers at CMD_DEL, the document body is correctly removed and a valid tombstone is generated.

The support for the following Data Service settings are removed from cbepctl:

It is no longer possible to run commands such as mcstat [options] statgroup1 statgroup2 to fetch multiple stat groups. In 8.0 this no longer supported to make it easier to pass arguments to the various stat groups.

Metric Rename – Cache Miss Ratio → Get Miss Ratio The Cache Miss Ratio metric name suggested it measured memory or disk caching performance. In reality, as of version 7.6.2, it was redefined to measure the proportion of read (get) operations that fail because the requested key is not present in the bucket at all. To eliminate this confusion, the metric has been renamed to Get Miss Ratio.

Couchbase Server now supports locking/unlocking users.

Couchbase Server now supports giving users a temporary password.

Couchbase Server now allows users to specify the network type when adding a self-managed target.

Metric Rename – Cache Miss Ratio → Get Miss Ratio The Cache Miss Ratio metric name suggested it measured memory or disk caching performance. In reality, as of version 7.6.2, it was redefined to measure the proportion of read (get) operations that fail because the requested key is not present in the bucket at all. To eliminate this confusion, the metric has been renamed to Get Miss Ratio.

Change to Bucket Priority Settings

XDCR now supports the identification of Incoming Replications on a cluster. The Incoming Replications can be viewed on the XDCR tab of the UI or retrieved by using the REST API

In this release, XDCR introduces the new Conflict Logging feature. It detects and logs concurrent conflicts that occur in different clusters but on the same document version due to independent modifications by locally connected applications during Active-Active replication.

Before this fix, various loggers all share the same logging level. Setting the logger to Debug, for example, would cause all components to print debug messages that clogs the log files. This fix now introduces the ability to set more granular levels of logging for each component as needed.

This release introduces bundling with xdcrDiffer, which is a diagnostic utility. This utility verifies data consistency between XDCR clusters. It identifies missing or mismatched documents by comparing metadata and content hashes across source and target clusters.

In some scenarios, due to race conditions, changing the filter expression or explicit/migration mapping may cause the replication to fail streaming from the beginning. As a consequence, some Source bucket documents may get missed from being replicated to the Target bucket. This has been fixed in 8.0. It is advised to avoid changing these three replication settings:

The original limit of one XATTR per KV op was relaxed to a maximum of 16 in KV server version 7.6; this ticket explores extending that relaxation to queries.

New to this release is the ability to manipulate document extended attributes (xattrs) via common SQL++ statements.

Added a plan version to prepared statements and logic to trigger reprepare when outdated plans are detected. This avoids duplicate OFFSET execution in mixedmode clusters due to changes in ORDER BY and LIMIT/OFFSET handling.

The recent builds of Couchbase Server versions 7.2.7 through 8.1.0 and Enterprise Analytics 2.1.0 include updates from the go_json library to address int64 overflow issues reported under MB-67849. The updates involve implementing proper checks for int64 overflow to properly represent large numbers (greater than 2⁶³ or less than -2⁶³).

When shard affinity is enabled, the indexer internally maps all replicas of an index to an alternateID. If such an alternateID exists on a node outside the list of nodes, instead of preventing replica creation, the system creates a new replica with the same alternateID on different nodes. This leads to rebalance failures on the affected nodes.

Introduced a new decoded_sort field in query responses. This provides human-readable sort values by decoding geo distances (in meters) and numeric fields, while returning strings as-is. This is only done when the type field is specified in the sort definition of the query.

When using the Backup Service, you can now configure a retention period for a repository, automating the deletion of old backups if desired. You can choose a default retention period for a repository, and you can choose to override this default for particular individual backups if desired.

Previously, it was possible to remove backups which would cause dependent incremental backups to become invalid if they depended on those deleted backups. With this release, such deletes are prevented by default, but can be overridden with the new --disable-safe-remove-check flag.

This release introduces bundling with xdcrDiffer, which is a diagnostic utility. This utility verifies data consistency between XDCR clusters. It identifies missing or mismatched documents by comparing metadata and content hashes across source and target clusters.

The new Query AWR (Automatic Workload Repository) Report Generator tool allows customers to generate reports on query performance statistics. This tool requires AWR to be enabled on the cluster.

Memcached bucket removal – Memcached buckets, deprecated in 6.5.1, have been fully removed in 8.0.0. Cluster upgrades from earlier versions will fail if Memcached buckets are present. Remove all Memcached buckets before upgrading.

Automated the process of resolving name conflicts between collections or scopes in the backup and those in the target cluster, during a restore. For this purpose, we have added a new flag, --auto-resolve-conflicts to the cbbackupmgr restore parameter.

We have introduced the ability to support both client certificate authentication and n2n encryption at the same time.

Magma with 128 vBuckets Now Default Storage Engine

Configurable Warmup Behavior (Background Warmup): The new warmup_behavior setting, configured using warmupBehavior in the REST API, controls when a persistent bucket becomes fully available for read and write operations after a bucket restart. This setting replaces multiple warmup threshold parameters with a single configuration point:

It is no longer possible to run commands such as mcstat [options] statgroup1 statgroup2 to fetch multiple stat groups. In 8.0 this no longer supported to make it easier to pass arguments to the various stat groups.

When using mcstat it is no longer possible to use --json=pretty.

Couchbase Server 8.0 has removed support for Memcached buckets. They were deprecated in version 6.5.1.

Change to Bucket Priority Settings

The latest updates introduce a new shard assignment algorithm, impacting both vector and non-vector indexes by offering more aggressive sharing of plasma shards in version 8.0 compared to 7.6. This adjustment might affect performance when comparing upgrades from earlier versions like 7.2 to 8.0 or 7.6 to 8.0. Shard assignment logic should be functionally tested in these scenarios. The algorithm is behind a feature flag and can be toggled off to revert to older behaviors if needed. For Capella upgrades, it’s possible all shards might already exist, potentially requiring additional shards for vector indexes depending on resource availability. On-prem clusters keep file-based rebalance off by default. Performance testing, as noted in ongoing evaluations, indicates a 7% regression during initial index builds at CPU saturation, but no impact on incremental builds. The benefits include improved memory control, suggesting the changes are acceptable at this stage.

Previously, it was possible to remove backups which would cause dependent incremental backups to become invalid if they depended on those deleted backups. With this release, such deletes are prevented by default, but can be overridden with the new --disable-safe-remove-check flag.

Memcached bucket removal – Memcached buckets, deprecated in 6.5.1, have been fully removed in 8.0.0. Cluster upgrades from earlier versions will fail if Memcached buckets are present. Remove all Memcached buckets before upgrading.

Vector Index Batch Build Memory Consumption