Release 2025-24-10 (#2172)

Co-authored-by: Paul <paul.erlenwein@gmail.com>
Co-authored-by: sjvans <30337871+sjvans@users.noreply.github.com>
Co-authored-by: Christian Georgi <christian.georgi@sap.com>
Co-authored-by: Evgeny Andreev <eugene.andreev@gmail.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Steffen Waldmann <steffen.waldmann@sap.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: chgeo <7470719+chgeo@users.noreply.github.com>
Co-authored-by: ecklie <52252271+ecklie@users.noreply.github.com>
Co-authored-by: Marc Becker <marc.becker@sap.com>
Co-authored-by: Steffen Weinstock <79531202+stewsk@users.noreply.github.com>
Co-authored-by: Dr. David A. Kunz <david.kunz@sap.com>
Co-authored-by: Johannes Vogt <j.vogt@sap.com>
Co-authored-by: Jakob Marius Kjaer <jakob.m.kjaer@gmail.com>
Co-authored-by: vincentatsap <152401717+vincentatsap@users.noreply.github.com>

Author: 15 people

.vitepress/config.js

@@ -106,7 +106,7 @@ config.rewrites = rewrites
 // Add custom capire info to the theme config
 config.themeConfig.capire = {
   versions: {
-    java_services: '4.4.0',
+    java_services: '4.4.1',
     java_cds4j: '4.4.1'
   },
   gotoLinks: []

advanced/fiori.md

@@ -490,8 +490,8 @@ For this feature to work correctly, CAP adds additional elements to your draft-e
 This feature initiates a database schema update, as it adds an additional element to `DraftAdministrativeData`.
 :::
 
-::: warning Requires OData V4 and UI5 version >=1.135.0
-State messages require UI5 to use _document URLs_. CAP sets the `@Common.AddressViaNavigationPath` annotation to enable this. You need OData V4 and UI5 version >= 1.135.0. OData V2 does not support this annotation.
+::: warning Requires OData V4 and UI5 version >=1.136.0
+State messages require UI5 to use _document URLs_. CAP sets the `@Common.AddressViaNavigationPath` annotation to enable this. You need OData V4 and UI5 version >= 1.136.0. OData V2 does not support this annotation.
 :::
 To disable this feature, set <Config>cds.fiori.draft_messages:false</Config>.
 

cds/cdl.md

@@ -979,7 +979,7 @@ Essentially, Compositions are the same as _[associations](#associations)_, just
 :::
 
 ::: warning Limitations of Compositions of one
-Using of compositions of one for entities is discouraged. There is often no added value of using them as the information can be placed in the root entity. Compositions of one have limitations as follow:
+Using compositions of one for entities is discouraged. There is often no added value of using them as the information can be placed in the root entity. Compositions of one have limitations as follow:
 - Very limited Draft support. Fiori elements does not support compositions of one unless you take care of their creation in a custom handler.
 - No extensive support for modifications over paths if compositions of one are involved. You must fill in foreign keys manually in a custom handler.
 :::

cds/types.md

@@ -39,8 +39,8 @@ These types are used to define the structure of entities and services, and are m
 | `Time` | e.g. `24:59:59` | _TIME_  |
 | `DateTime` | _sec_ precision | _TIMESTAMP_  |
 | `Timestamp` | _µs_ precision, with up to 7 fractional digits |  _TIMESTAMP_  |
-| `String` (`length`) | Default *length*: 255; on HANA: 5000 <sup>(4)</sup> | _NVARCHAR_  |
-| `Binary` (`length`) | Default *length*: 255; on HANA: 5000 <sup>(5)</sup> |  _VARBINARY_  |
+| `String` (`length`) | Default *length*: 255; on HANA: 5000 <sup>(4)(5)</sup> | _NVARCHAR_  |
+| `Binary` (`length`) | Default *length*: 255; on HANA: 5000 <sup>(4)(6)</sup> |  _VARBINARY_  |
 | `LargeBinary` | Unlimited data, usually streamed at runtime | _BLOB_ |
 | `LargeString` | Unlimited data, usually streamed at runtime | _NCLOB_  |
 | `Map` | Mapped to *NCLOB* for HANA. | *JSON* type |
@@ -54,9 +54,11 @@ These types are used to define the structure of entities and services, and are m
 >
 > <sup>(3)</sup> Not available on PostgreSQL and H2.
 >
-> <sup>(4)</sup> Configurable through `cds.cdsc.defaultStringLength`.
+> <sup>(4)</sup> Productive apps should always use an explicit length. Use the default only for rapid prototyping.
 >
-> <sup>(5)</sup> Configurable through `cds.cdsc.defaultBinaryLength`.
+> <sup>(5)</sup> Configurable through `cds.cdsc.defaultStringLength`.
+>
+> <sup>(6)</sup> Configurable through `cds.cdsc.defaultBinaryLength`.
 
 #### See also...
 

guides/data-privacy/annotations.md

@@ -141,9 +141,10 @@ annotate my.Customers with @PersonalData: {
 
 Use this annotation to identify data subject's unique key, or a reference to it. References are commonly associations or foreign keys in subject details entities, or related ones, referring to a subject entity.
 
-- Each `@PersonalData` entity needs to identify a  the `DataSubjectID` element.
+- Each `@PersonalData` entity needs to identify a `DataSubjectID` element.
 - For entities with `DataSubject` semantics, this is typically the primary key.
 - For entities with `DataSubjectDetails` or `Other`  semantics, this is usually an association to the data subject.
+- Fields marked as `DataSubjectID` should use [`not null`](../databases#not-null) to guarantee a value is present at all times.
 
 Hence, we annotate our model as follows:
 

guides/deployment/to-cf.md

@@ -236,11 +236,14 @@ cf target
 ```
 [Learn more about `cf login`](https://help.sap.com/products/BTP/65de2977205c403bbc107264b8eccf4b/7a37d66c2e7d401db4980db0cd74aa6b.html){.learn-more}
 
-::: tip Prevent outdated lock file issues
-If your project already includes a _package-lock.json_, run `npm update` to make sure it’s in sync with your _package.json_ before proceeding.
-:::
 
-You can now freeze dependencies, build, and deploy the application:
+If your project already includes a _package-lock.json_, freeze your updated dependencies:
+
+```sh
+npm install --package-lock-only
+```
+
+You can now build and deploy the application:
 
 ```sh
 cds up

guides/extensibility/customization.md

@@ -139,7 +139,7 @@ This enforces the following restrictions:
 - Only entities in namespace `sap.capire.orders` can be extended, with a maximum 2 new fields allowed.
 - Only the `OrdersService` can be extended, with a maximum of 2 new entities allowed.
 
-[Learn more about extension restrictions.](../multitenancy/mtxs#extensibility-config){.learn-more}
+[Learn more about extension restrictions.](../multitenancy/mtxs#extension-restrictions){.learn-more}
 
 ### 3. Provide Template Projects {#templates}
 

guides/messaging/event-broker.md

@@ -120,6 +120,8 @@ Your SAP Cloud Application Event Hub configuration must include your system name
 resources:
   - name: incidents-event-broker
     type: org.cloudfoundry.managed-service
+    requires:
+      - name: incidents-srv-api
     parameters:
       service: event-broker
       service-plan: event-connectivity
@@ -128,8 +130,7 @@ resources:
         # should start with own namespace (i.e., "foo.bar") and may not be longer than 15 characters
         systemNamespace: cap.incidents
         webhookUrl: ~{incidents-srv-api/url}/-/cds/event-broker/webhook
-      requires:
-        - name: incidents-srv-api
+
 ```
 
 ```yaml [mta.yaml in Java]

guides/multitenancy/index.md

@@ -292,12 +292,6 @@ This is a known issue in CDS 9.
 
 ## Test-Drive Locally {#test-locally}
 
-For local testing, create a new profile that contains the multitenancy configuration:
-
-```sh
-cds add multitenancy --for local-multitenancy
-```
-
 <div class="impl java">
 
   For multitenancy you need additional dependencies in the _pom.xml_ of the `srv` directory. To support mock users in the local test scenario add `cds-starter-cloudfoundry`:
@@ -316,44 +310,25 @@ cds add multitenancy --for local-multitenancy
   ```yaml [application.yaml]
   ---
   spring:
-    config.activate.on-profile: local-multitenancy
+    config.activate.on-profile: with-mtx
   #...
   cds:
     multi-tenancy:
       mtxs.enabled: true
-    security.mock.users: // [!code focus]
-      - name: alice // [!code focus]
+    security.mock.users: # [!code focus]
+      alice: # [!code focus]
         tenant: t1
         roles: [ admin ]
-      - name: bob // [!code focus]
+      bob: # [!code focus]
         tenant: t1
         roles: [ cds.ExtensionDeveloper ]
-      - name:  erin // [!code focus]
+      erin: # [!code focus]
         tenant: t2
         roles: [ admin, cds.ExtensionDeveloper ]
   ```
 
   :::
 
-Configure the sidecar to use dummy authentication.
-
-::: code-group
-
-```json [mtx/sidecar/package.json]
-{
-  "cds": {
-    "profile": "mtx-sidecar",
-    "[development]": {
-      "requires": {
-        "auth": "dummy"
-      }
-    }
-  }
-}
-```
-
-:::
-
 </div>
 
 Before deploying to the cloud, you can test-drive common SaaS operations with your app locally, including SaaS startup, subscribing tenants, and upgrading tenants.
@@ -410,7 +385,7 @@ In the following steps, we start two servers, the main app and MTX sidecar, and
 <div class="impl node">
 
    ```sh
-   cds watch --profile local-multitenancy
+   cds watch --with-mtx
    ```
 
    ::: details  Persistent database
@@ -445,16 +420,15 @@ In the following steps, we start two servers, the main app and MTX sidecar, and
   <div class="impl java">
 
   ```sh
-  cd srv
-  mvn cds:watch -Dspring-boot.run.profiles=local-multitenancy
+  mvn cds:watch -Dspring-boot.run.profiles=with-mtx
   ```
 
   ::: details  Persistent database
 
   The server starts as usual, with the difference that a persistent database is used automatically instead of an in-memory one:
 
   ```log
-  2023-03-31 14:19:23.987  INFO 68528 --- [  restartedMain] c.s.c.bookshop.Application               : The following 1 profile is active: "local-mtxs"
+  2023-03-31 14:19:23.987  INFO 68528 --- [  restartedMain] c.s.c.bookshop.Application               : The following 1 profile is active: "with-mtx"
   ...
   2023-03-31 14:19:23.987  INFO 68528 --- [  restartedMain] c.s.c.services.impl.ServiceCatalogImpl   : Registered service ExtensibilityService$Default
   2023-03-31 14:19:23.999  INFO 68528 --- [  restartedMain] c.s.c.services.impl.ServiceCatalogImpl   : Registered service CatalogService

guides/multitenancy/mtxs.md

@@ -810,6 +810,8 @@ See the [list of possible `kind` values](../../cds/csn#def-properties).{.learn-m
 - `fields` lists the fields that are allowed to be extended. If the list is omitted, all fields can be extended.
 - `new-entities` specifies the maximum number of entities that can be added to a service.
 
+[Check Extension Restrictions for more details.](#extension-restrictions){.learn-more}
+
 ### GET `Extensions/<ID>` _→ [{ ID, csn, timestamp }]_ {#get-extensions}
 
 Returns a list of all tenant-specific extensions.
@@ -1044,6 +1046,142 @@ The response is similar to the following:
 
 The job and task status can take on the values `QUEUED`, `RUNNING`, `FINISHED` and `FAILED`.
 
+### Extension Restrictions
+
+You can restrict what parts of the application model can be extended by the SaaS customer.
+This section lists the restrictions that you can define via the `extension-allowlist`.
+
+> If an `extension-allowlist` is defined, only extensions in that list are allowed.
+
+Using `"for": ["*"]` allows to apply rules to all entities and services.
+
+:::info Most checks happen at design time
+`cds push` automatically builds the extension project, checking most restrictions locally.
+Some checks can only be performed at runtime, for example extension limit violations across multiple projects.
+:::
+
+#### Restrict Service Extensions
+
+By adding services to the `extension-allowlist`, services are enabled for extensions by Saas customers.
+In addition, you can restrict the number of bound entities by setting a limit for "new-entites".
+
+```jsonc
+"cds.xt.ExtensibilityService": {
+  "extension-allowlist": [
+    {
+      // at most 2 new entities in CatalogService
+      "for": ["CatalogService"],
+      "new-entities": 2
+    }
+  ]
+```
+
+#### Restrict Entities and Fields
+
+Entities can be extended with additional fields and also modifications of existing fields. Both kinds of extensions
+can be restricted.
+- `new-fields` specifies the maximum number of fields that can be added.
+- `fields` lists existing fields that are allowed to be extended. If the list is omitted, all fields can be extended.
+
+```jsonc
+"cds.xt.ExtensibilityService": {
+  "extension-allowlist": [
+    {
+      // at most 2 new fields in entities from the my.bookshop namespace
+      "for": ["my.bookshop"],
+      "new-fields": 2,
+      // allow extensions for field "description" only
+      "fields": ["description"]
+    },
+    {
+      // at most 1 new fields in my.bookshop.Authors
+      "for": ["my.bookshop.Authors"],
+      "new-fields": 1
+    }
+  ]
+}
+```
+This restriction allows two new fields for all entities in namespace `my.bookshop` but only one new field
+in entity `my.bookshop.Authors`.
+
+The `field` restriction allows
+```cds
+extend my.bookshop.Books:description with (length: 2000);
+```
+but not, for example
+```cds
+extend my.bookshop.Books:title with (length: 200);
+```
+
+#### Restrict / Enable Annotations
+
+The following annotations are blocked by default because they affect the persistence or security.
+```txt
+@restrict
+@requires
+@readonly
+@mandatory
+@assert.*
+@cds.persistence.*
+@sql.append
+@sql.prepend
+@path
+@impl
+@cds.autoexpose
+@cds.api.ignore
+@odata.etag
+@cds.query.limit
+@cds.localized
+@cds.valid.*
+@cds.search
+```
+
+You can, at your own risk, add exceptions for annotations.
+```jsonc
+"cds.xt.ExtensibilityService": {
+      "extension-allowlist": [
+        {
+          "for": ["my.bookshop.Books"],
+          "annotations": ["@mandatory", "@cds.api.ignore"]
+        },
+        {
+          "for": ["my.bookshop.Authors:placeOfBirth"],
+          "annotations": ["@mandatory"]
+        }
+      ]
+  }
+```
+> Exception: `@cds.persistence.journal` cannot be applied as an extension to base entities.
+
+#### Restrict Unbound Entities
+
+You can also restrict unbound entities via their namespace.
+
+For example
+```jsonc
+"cds.xt.ExtensibilityService": {
+  "extension-allowlist": [
+    {
+      // at most 1 new entities for namepace my.new
+      "for": ["my.new"],
+      "new-entities": 1
+    }
+  ]
+```
+only allows one unbound entity with namespace `my.new`.
+
+As a special case, you can also block any unbound entities:
+```jsonc
+"cds.xt.ExtensibilityService": {
+  "extension-allowlist": [
+    {
+      // no new entities for all namespaces
+      "for": ["*"],
+      "new-entities": 0
+    }
+  ]
+```
+
 ## DeploymentService
 
 The _DeploymentService_ handles `subscribe`, `unsubscribe`, and `upgrade` events for single tenants and single apps or micro services. Actual implementation is provided through internal plugins, for example, for SAP HANA and SQLite.