What’s New in Version 7.6

Couchbase Server 7.6.2 adds support for the following platforms:

Users with the Read-Only Admin role can now read backup information from the following Backup Service REST API endpoints:

You can now set the number of threads each Backup Service node uses when backing up data. For example, if you find backups cause performance issues on your cluster, you can reduce the number of threads the Backup Service uses. Reducing the number of threads also reduces the number of concurrent client connections the Backup Service makes to retrieve data. See Thread Usage for more information.

The Analytics Service REST API has two new endpoints that let you get information about active and completed requests. See Active Requests and Completed Requests in the Analytics Administration REST APIs page

Version 7.6.2 adds Cluster Manager metrics to help you monitor failovers and rebalances:

In Couchbase Server version 7.6.2 and later, language constructs that may allow for code injection, speculative execution attacks, or side channel attacks have been removed from JavaScript user-defined functions in the Query service. For details, see JavaScript Functions for Query.

From version 7.6.2, you can specify that index creation operates in deferred build mode by default. In deferred build mode, creating an index does not trigger the index build phase: you must trigger the index build before you can use the index. For details, see CREATE INDEX.

In Couchbase Server Versions 7.6.0 and 7.6.1, enabling file-based index rebalance prevented you from controlling which Index Service nodes contain an index. Version 7.6.2 removes this restriction. You can now use the WITH <node> clause of the CREATE INDEX SQL++ statement when your cluster has file-based index rebalancing enabled. See Index Rebalance Methods for more information.

Version 7.6.2 adds multiple improvements to the Search Service, including Vector Search:

Version 7.6.2 adds the following improvements to the Eventing Service:

Alongside Version 7.6.2, Couchbase announces the 1.0.0 GA release of the C++ SDK. This SDK has been long used as the core of our Node.js, PHP, Python, and Ruby SDKs, to handle communicating with the cluster over Couchbase’s binary protocols. and is now released as a full, standalone SDK for applications needing the speed of C++.

Version 7.6.2 adds the ability to use multi-document ACID transactions with binary documents, alongside the current handling of JSON documents. This feature is initially implemented in the C++ and Java SDKs.

From version 7.6.2, the Couchbase Server tools package includes the cbq shell, alongside the previously-provided tools such as cbimport, cbexport, and cbbackupmgr. For details, see CLI Reference.

Couchbase Server 7.6 adds support for the following platforms:

In response to CVE-2023-5363 and CVE-2023-5678, OpenSSL upgraded to version 3.1.4.

A required minimum can be established for the number of replicas configured for a bucket. See Setting a Replica-Minimum.

In each user-created or sample bucket, a _system scope is created and maintained by default. This scope contains collections used by Couchbase services, for service-specific data. See _system Scope and its Collections.

A rank can be assigned to each bucket on the cluster, whereby each bucket’s handling by the rebalance process is appropriately prioritized. Assignment can be made by means of either the CLI or the REST API. This feature allows the cluster’s most mission-critical data to be rebalanced most quickly. See Creating and Editing Buckets.

You can now have Couchbase Server prune rotated audit logs after a period of time. You set how long Couchbase Server should keep audit logs by using the new pruneAge parameter for the /settings/audit endpoint. The default value of 0 means that Couchbase Server does not prune audit logs. See Configure Auditing.

You can add one or more arbiter nodes to a cluster. An arbiter node helps your cluster in two ways:

The sampleBuckets/install REST API method now returns a JSON object containing the list of tasks Couchbase Server started to load the buckets. In addition, the /pools/default/tasks REST API endpoint now takes an optional taskId parameter to view details about a sample bucket loading task. See Install Sample Buckets with the REST API for more information.

The Role-Based Access Control (RBAC) REST API has a new backup endpoint that lets you backup and restore user and user groups. See Backup and Restore Users and Groups.

The cbbackupmgr command has a new --enable-users flag that backs up user groups and users including roles and permissions. When you supply the new argument, cbbackupmgr saves user passwords in the backup in a hashed format. When restoring a backup, cbbackupmgr defaults to not overwriting existing users in the database with identically named users in the backup. You can change this default behavior using the new --overwrite-users command-line argument. See cbbackupmgr config and cbbackupmgr restore for more about user backup.

The cbbackupmgr encrypted backups feature is now GA for both cbbackupmgr CLI and the Backup Service. See Backup Encryption.

Node-connectivity can be checked, prior to the creation of an XDCR reference. See Checking Connections.

Binary documents can optionally be included in, or excluded from XDCR replications. See Filtering Binary Documents.

You can now migrate buckets from one storage backend to another. This feature supports migrating buckets from Couchstore to Magma and from Magma to Couchstore. You can migrate buckets while the database continues running. To complete the migration you must trigger a swap rebalance or a graceful failover followed by a full recovery on each node that contains the bucket. See Migrate a Bucket’s Storage Backend.

Security settings now provide additional parameters, for the configuration of Couchbase-Server user-password hashing. See Configure On-the-Wire Security.

Credentials for Couchbase-Server internal users can now be rotated at any time, by means of the REST API. See Rotate Internal Credentials.

LDAP authentication now supports using regular expressions to map users to LDAP users and groups. You can supply multiple regular expressions that Couchbase attempts to match against the user name supplied during an authentication attempt. This feature gives you greater flexibility when authenticating users. For example, you can use a regular expression to map the domain name in an email address to an LDAP organization. See Advanced Query under User Authentication Enablement.

The Couchbase Server Web Console now supports using Structured Authentication Markup Language (SAML) for authentication. When you enable SAML authentication, a Sign In Using SSO button appears on the Web Console login screen. This button lets users who have already authenticated with the SAML identity provider (Okta, for example) to skip having to enter credentials. See SAML Authentication for more information.

Couchbase Server’s LDAP support now has a setting that turns on and off TLS middlebox compatibility. This setting controls low-level network communication options when Couchbase Server securely connects to an LDAP server through intermediate systems such as proxies and firewalls. See Advanced Settings on the Configure LDAP page for more information about this setting.

Couchbase Server now supports using Public-Key Cryptography Standard (PKCS) #12 format certificates for node certificates. This format lets you bundle the node’s private key, public key, and certificate chain into a single file. See PKCS #12 Certificates for Nodes for more information.

Couchbase Server now supports the X.509 Elliptic Curve Key cipher suites. Elliptic Curve Key ciphers are less resource-intensive than other cipher suites. They’re useful when communicating with resource-constrained devices such as IoT hardware. See Private Keys for more information.

Couchbase Server no longer supports TLS versions 1.0 and 1.1. When upgrading to version 7.6 or later, the upgrade process automatically sets minTLSVersion to tlsv1.2 if it’s set to tlsv1 or tlsv1.1. Before you upgrade, be sure all the clients you use support TLS 1.2 or greater. See On-the-Wire Security for more information.

To prevent LUCKY13 attacks, Couchbase Server 7.6 removes the following ciphers from the default cipher list:

You can now enable alerts for certificate expiration. When enabled, Couchbase Server alerts you when server, node, or XDCR certificates are within 30 days of expiration. You can change the alert period via the new certExpirationDays alert limit setting. Couchbase Server sends a second alert when certificates expire. See Certificate Expiration for more information.

Couchbase Server now defaults to using the (Argon2id algorithm to hash passwords for new users. This hashing algorithm is more secure than the SHA1 algorithm used to hash passwords in earlier server versions.

If you upgrade a database to Couchbase Server 7.6 or later, it continues to use the older SHA1 hashing algorithm for existing user passwords. You can enable a new setting that has Couchbase Server migrate user passwords from SHA1 to Argon2id when a user authenticates. This setting works only if the entire cluster is running Couchbase Server version 7.6 or later. For more information, see Automatic Password Hash Migration.

Couchbase Server has a new service discovery endpoint to help you configure the Prometheus event monitoring system. The old endpoint, named /prometheus_sd_config.yaml is now deprecated. The new endpoint is able to produce the same output as the old endpoint and has additional features. See Configure Prometheus to Collect Couchbase Metrics.

Disk usage statistics now include transient files in progress, state files, and configuration files.

You can choose to have the rebalance process move an index’s files between nodes instead of rebuilding them from scratch. This setting improves rebalance performance as moving the files is faster than rebuilding them. See Index Rebalance Methods.

Couchbase Server 7.6 introduces Vector Search to enable AI integration, semantic search, and the RAG framework. A developer-friendly vector indexing engine exposes a vector database and search functionality. With Couchbase Vector Search, you can enable fast and highly accurate semantic search, ground LLM responses in relevant data to reduce hallucinations, and enhance or enable use cases like personalized searches in e-commerce and media & entertainment, product recommendations, fraud detection, and reverse image search. You can also enable full access to an AI ecosystem with a LangChain integration, the most popular open-source framework for LLM-driven applications.

Introduces KV Range Scan, used to retrieve all documents in a specified range directly from the Data service. Note that in this initial version, you will achieve better performance using a direct fetch or retrieval from a Query with an Index. See the SDK docs for more information.

Two changes in Couchbase Server 7.6 affect the maxTTL setting for collections:

SQL++ language additions:

cbq shell additions. See cbq:

The WITH clause adds support for recursive CTEs. See WITH RECURSIVE Clause.

The CREATE COLLECTION statement adds support for maxTTL. See CREATE COLLECTION.

The /clusterInit endpoint in the Nodes and Clusters REST API adds support for Query memory quotas. See Initializing a Cluster.

Named and positional parameters can now be prefixed by $ or @ in a query. See Named Parameters and Positional Parameters.

The system:indexes catalog now enables you to find the number of replicas configured for each index. See Query Indexes.

The Query Service adds cluster-level and node-level parameters to limit the size of explain plans in the cache. See queryPreparedLimit and prepared-limit.

The Query Service adds support for sequential scans, controlled by RBAC, which enables querying without an index. See Query without Indexes.

The node-level N1QL Feature Control parameter now accepts hexadecimal strings or decimal integers. See n1ql-feat-ctrl.

Queries can now read from replica vBuckets when active vBuckets are inaccessible. The Query service adds new cluster-level, node-level, and request-level parameters to configure this feature. See Query Settings.

The CREATE FUNCTION statement now enables users to create a SQL++ user-defined function and the corresponding external JavaScript code in a single operation, without having to create an external library. See SQL++ Managed User-Defined Functions.

When a query executes a user-defined function, profiling information is now available for any queries within the UDF. See Manage and Monitor Queries.

The Query service collects statistics for the cost-based optimizer automatically when an index is created or built. See Understand the Cost-Based Optimizer for Queries.

The ORDER BY and GROUP BY operations overspill to disk if they exceed the Query service memory quota.

The optional parameter { "self_recursion": true } can be used with the INSERT, UPSERT, and REPLACE advanced operations to prevent the suppression of recursive source bucket mutations. For more information, see Optional { "self_recursion": true } Parameter.

The built-in ANALYTICS() function allows the Eventing Service to integrate directly with SQL++ Analytics. This integration simplifies Eventing code logic and lets Eventing benefit from the high availability and load balancing of SQL++ Analytics. For more information, see ANALYTICS() Function Call.

The advanced TOUCH operation allows you to modify the expiration time of a document without having to access that document first. For more information, see Advanced TOUCH Operation.

The Sub-Document MUTATEIN operation allows you to modify only parts of a document instead of the entire document. This Sub-Document operation is faster and more efficient than a full-document operation like REPLACE or UPSERT. For more information, see Sub-Document MUTATEIN Operation.

Power BI Connector version 1.0 released. (Power BI Connector documentation)

Due to an Erlang compatibility issue, you cannot directly upgrade to Couchbase Server 7.6 from version 6.5 through 7.0. To upgrade a database running one of these earlier versions to 7.6, first upgrade it to Couchbase Server 7.1 or 7.2. See Upgrade for more information.

You can no longer set the sendStats to false in Couchbase Server Community Edition clusters. You can still set sendStats to false on Couchbase Server Enterprise Edition clusters.