What’s New in Version 7.6

      +
      Couchbase is the modern database for enterprise applications. Couchbase Server 7.6 combines the strengths of relational databases with the flexibility, performance, and scale of Couchbase.

      For information about platform support changes, deprecation notifications, notable improvements, and fixed and known issues, refer to the Release Notes.

      New Features and Enhancements

      The following new features are provided in this release.

      Platform Support

      • Couchbase Server 7.6 adds support for the following platforms:

        • Alma Linux 9

        • Debian Linux 12 (Bookworm)

        • Rocky Linux 9

        • macOS 13 "Ventura"

        • macOS 14 "Sonoma"

        See Supported Platforms for a full list of supported platforms.

      • In response to CVE-2023-5363 and CVE-2023-5678, OpenSSL upgraded to version 3.1.4.

        This update changes the available ciphers for TLS connections. If you have not updated your client applications to use recent TLS libraries, you may experience an inability to connect and TLS handshake failures. Before upgrading, we recommend testing compatibility in a separate environment – especially if you are unsure that your platform TLS (OpenSSL, Java Secure Socket Extensions, .NET Security Provider, etc.) has compatible ciphers.

      Cluster Manager

      • A required minimum can be established for the number of replicas configured for a bucket. See Setting a Replica-Minimum.

      • In each user-created or sample bucket, a _system scope is created and maintained by default. This scope contains collections used by Couchbase services, for service-specific data. See _system Scope and its Collections.

      • A rank can be assigned to each bucket on the cluster, whereby each bucket’s handling by the rebalance process is appropriately prioritized. Assignment can be made by means of either the CLI or the REST API. This feature allows the cluster’s most mission-critical data to be rebalanced most quickly. See Creating and Editing Buckets.

      • You can now have Couchbase Server prune rotated audit logs after a period of time. You set how long Couchbase Server should keep audit logs by using the new pruneAge parameter for the /settings/audit endpoint. The default value of 0 means that Couchbase Server does not prune audit logs. See Configure Auditing.

      • You can add one or more arbiter nodes to a cluster. An arbiter node helps your cluster in two ways:

        • It provides fast failover which helps decrease the cluster’s latency when reacting to a failover.

        • It provides quorum arbitration that helps avoid contention issues if the nodes in the cluster become partitioned.

      • The sampleBuckets/install REST API method now returns a JSON object containing the list of tasks Couchbase Server started to load the buckets. In addition, the /pools/default/tasks REST API endpoint now takes an optional taskId parameter to view details about a sample bucket loading task. See Install Sample Buckets with the REST API for more information.

      Backup and Restore

      • The Role-Based Access Control (RBAC) REST API has a new backup endpoint that lets you backup and restore user and user groups. See Backup and Restore Users and Groups.

      • The cbbackupmgr command has a new --enable-users flag that backs up user groups and users including roles and permissions. When you supply the new argument, cbbackupmgr saves user passwords in the backup in a hashed format. When restoring a backup, cbbackupmgr defaults to not overwriting existing users in the database with identically named users in the backup. You can change this default behavior using the new --overwrite-users command-line argument. See cbbackupmgr config and cbbackupmgr restore for more about user backup.

      • The cbbackupmgr encrypted backups feature is now GA for both cbbackupmgr CLI and the Backup Service. See Backup Encryption.

      Cross Data Center Replication (XDCR)

      Performance

      • You can now migrate buckets from one storage backend to another. This feature supports migrating buckets from Couchstore to Magma and from Magma to Couchstore. You can migrate buckets while the database continues running. To complete the migration you must trigger a swap rebalance or a graceful failover followed by a full recovery on each node that contains the bucket. See Migrate a Bucket’s Storage Backend.

      Security and Authentication

      • Security settings now provide additional parameters, for the configuration of Couchbase-Server user-password hashing. See Configure On-the-Wire Security.

      • Credentials for Couchbase-Server internal users can now be rotated at any time, by means of the REST API. See Rotate Internal Credentials.

      • LDAP authentication now supports using regular expressions to map users to LDAP users and groups. You can supply multiple regular expressions that Couchbase attempts to match against the user name supplied during an authentication attempt. This feature gives you greater flexibility when authenticating users. For example, you can use a regular expression to map the domain name in an email address to an LDAP organization. See Advanced Query under User Authentication Enablement.

      • The Couchbase Server Web Console now supports using Structured Authentication Markup Language (SAML) for authentication. When you enable SAML authentication, a Sign In Using SSO button appears on the Web Console login screen. This button lets users who have already authenticated with the SAML identity provider (Okta, for example) to skip having to enter credentials. See SAML Authentication for more information.

      • Couchbase Server’s LDAP support now has a setting that turns on and off TLS middlebox compatibility. This setting controls low-level network communication options when Couchbase Server securely connects to an LDAP server through intermediate systems such as proxies and firewalls. See Advanced Settings on the Configure LDAP page for more information about this setting.

      • Couchbase Server now supports using Public-Key Cryptography Standard (PKCS) #12 format certificates for node certificates. This format lets you bundle the node’s private key, public key, and certificate chain into a single file. See PKCS #12 Certificates for Nodes for more information.

      • Couchbase Server now supports the X.509 Elliptic Curve Key cipher suites. Elliptic Curve Key ciphers are less resource-intensive than other cipher suites. They’re useful when communicating with resource-constrained devices such as IoT hardware. See Private Keys for more information.

      • Couchbase Server no longer supports TLS versions 1.0 and 1.1. When upgrading to version 7.6 or later, the upgrade process automatically sets minTLSVersion to tlsv1.2 if it’s set to tlsv1 or tlsv1.1. Before you upgrade, be sure all the clients you use support TLS 1.2 or greater. See On-the-Wire Security for more information.

      • To prevent LUCKY13 attacks, Couchbase Server 7.6 removes the following ciphers from the default cipher list:

        • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

        • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

        • TLS_RSA_WITH_AES_256_CBC_SHA

        • TLS_RSA_WITH_AES_128_CBC_SHAa

      • You can now enable alerts for certificate expiration. When enabled, Couchbase Server alerts you when server, node, or XDCR certificates are within 30 days of expiration. You can change the alert period via the new certExpirationDays alert limit setting. Couchbase Server sends a second alert when certificates expire. See Certificate Expiration for more information.

      • Couchbase Server now defaults to using the (Argon2id algorithm to hash passwords for new users. This hashing algorithm is more secure than the SHA1 algorithm used to hash passwords in earlier server versions.

      • If you upgrade a database to Couchbase Server 7.6 or later, it continues to use the older SHA1 hashing algorithm for existing user passwords. You can enable a new setting that has Couchbase Server migrate user passwords from SHA1 to Argon2id when a user authenticates. This setting works only if the entire cluster is running Couchbase Server version 7.6 or later. For more information, see Automatic Password Hash Migration.

      Metrics

      • Couchbase Server has a new service discovery endpoint to help you configure the Prometheus event monitoring system. The old endpoint, named /prometheus_sd_config.yaml is now deprecated. The new endpoint is able to produce the same output as the old endpoint and has additional features. See Configure Prometheus to Collect Couchbase Metrics.

      • Disk usage statistics now include transient files in progress, state files, and configuration files.

      Index Service

      • You can choose to have the rebalance process move an index’s files between nodes instead of rebuilding them from scratch. This setting improves rebalance performance as moving the files is faster than rebuilding them. See Index Rebalance Methods.

      Search Service

      • Couchbase Server 7.6 introduces Vector Search to enable AI integration, semantic search, and the RAG framework. A developer-friendly vector indexing engine exposes a vector database and search functionality. With Couchbase Vector Search, you can enable fast and highly accurate semantic search, ground LLM responses in relevant data to reduce hallucinations, and enhance or enable use cases like personalized searches in e-commerce and media & entertainment, product recommendations, fraud detection, and reverse image search. You can also enable full access to an AI ecosystem with a LangChain integration, the most popular open-source framework for LLM-driven applications.

        A Vector Search database includes:

        • Standard Couchbase vertical/horizontal scaling

        • Indexing capable of efficient Insert/Update/Removal of Items (or documents)

        • Storage of raw Embedding Vectors in the Data Service in the documents themselves

        • Querying Vector Indexes (REST and UI via a JSON object/fragment, Couchbase SDKs, and SQL++)

        • SQL++/N1QL integration

        • Third-party framework integration: LangChain (later LlamaIndex + others)

        • Full support for Replicas Partitions and file-based Rebalance

      Vector Search is currently only supported on Couchbase Server 7.6.0 deployments running on Linux platforms. MacOS and Windows platforms are not supported.

      For more information about vector search, see Use Vector Search for AI Applications

      Data Service

      • Introduces KV Range Scan, used to retrieve all documents in a specified range directly from the Data service. Note that in this initial version, you will achieve better performance using a direct fetch or retrieval from a Query with an Index. See the SDK docs for more information.

      • Two changes in Couchbase Server 7.6 affect the maxTTL setting for collections:

        • In earlier versions, you could only set a collection’s maxTTL setting when creating the collection. You can now change the maxTTL setting on a collection after creation.

        • You can now set a collection’s maxTTL to -1 to prevent a bucket’s non-zero maxTTL setting from causing documents in the collection to expire automatically. This new setting is useful if you want most of the documents in a bucket to automatically expire, but want to prevent the documents in one or more collections from expiring by default.

        See Expiration for more information.

      Query Service

      • SQL++ language additions:

      • cbq shell additions. See cbq:

        • The -query_context command line option.

        • The -advise command line option.

      • The WITH clause adds support for recursive CTEs. See WITH RECURSIVE Clause.

      • The CREATE COLLECTION statement adds support for maxTTL. See CREATE COLLECTION.

      • The /clusterInit endpoint in the Nodes and Clusters REST API adds support for Query memory quotas. See Initializing a Cluster.

      • Named and positional parameters can now be prefixed by $ or @ in a query. See Named Parameters and Positional Parameters.

      • The system:indexes catalog now enables you to find the number of replicas configured for each index. See Query Indexes.

      • The Query Service adds cluster-level and node-level parameters to limit the size of explain plans in the cache. See queryPreparedLimit and prepared-limit.

      • The Query Service adds support for sequential scans, controlled by RBAC, which enables querying without an index. See Query without Indexes.

      • The node-level N1QL Feature Control parameter now accepts hexadecimal strings or decimal integers. See n1ql-feat-ctrl.

      • Queries can now read from replica vBuckets when active vBuckets are inaccessible. The Query service adds new cluster-level, node-level, and request-level parameters to configure this feature. See Query Settings.

      • The CREATE FUNCTION statement now enables users to create a SQL++ user-defined function and the corresponding external JavaScript code in a single operation, without having to create an external library. See SQL++ Managed User-Defined Functions.

      • When a query executes a user-defined function, profiling information is now available for any queries within the UDF. See Manage and Monitor Queries.

      • The Query service collects statistics for the cost-based optimizer automatically when an index is created or built. See Understand the Cost-Based Optimizer for Queries.

      • The ORDER BY and GROUP BY operations overspill to disk if they exceed the Query service memory quota.

      Eventing Service

      • The optional parameter { "self_recursion": true } can be used with the INSERT, UPSERT, and REPLACE advanced operations to prevent the suppression of recursive source bucket mutations. For more information, see Optional { "self_recursion": true } Parameter.

      • The built-in ANALYTICS() function allows the Eventing Service to integrate directly with SQL++ Analytics. This integration simplifies Eventing code logic and lets Eventing benefit from the high availability and load balancing of SQL++ Analytics. For more information, see ANALYTICS() Function Call.

      • The advanced TOUCH operation allows you to modify the expiration time of a document without having to access that document first. For more information, see Advanced TOUCH Operation.

      • The Sub-Document MUTATEIN operation allows you to modify only parts of a document instead of the entire document. This Sub-Document operation is faster and more efficient than a full-document operation like REPLACE or UPSERT. For more information, see Sub-Document MUTATEIN Operation.

      Analytics

      Install & Upgrade

      • Due to an Erlang compatibility issue, you cannot directly upgrade to Couchbase Server 7.6 from version 6.5 through 7.0. To upgrade a database running one of these earlier versions to 7.6, first upgrade it to Couchbase Server 7.1 or 7.2. See Upgrade for more information.

      Couchbase Server Community Edition

      • You can no longer set the sendStats to false in Couchbase Server Community Edition clusters. You can still set sendStats to false on Couchbase Server Enterprise Edition clusters.

      .NET SDK Compatibility

      Use version 3.5.1 or later of the .NET SDK with Couchbase Server 7.6. Earlier versions of this SDK have some compatibility issues.