0.11.1 (2026-01-06)
- Remove dependency on unmaintained libraries (paste, fxhash, derivative) (f85128c)
- Update OpenFGA Client to 0.5.1 (retry after ModelWrite) (f85128c)
- Update rsa to 0.9.10 to avoid potential panic (836c2ec)
- dep: Update UI to v0.11.1 (836c2ec)
- docs: Add 0.11 docs section (02b421a)
- docs: Fix DuckDB WASM Bullets (f74ef80)
- docs: Improve S3 CORS guide (205ae0b)
- docs: Update Odometer (f85128c)
- OPA Use catalog config Endpoint to get warehouse id (#1558) (847ad13)
0.11.0 (2026-01-01)
- Default to S3
vended-credentialsinstead ofremote-signingif clients don't specify access delegation header - ci: Use gnu instead of musl for ARM images (#1508)
- Remove "name" filter in
ListRolesQuery. Use more efficient search instead - Deprecate Deprecate /permissions/.../actions Endpoints
- remove deprecated undrop_tabular and project_by_id endpoints
- Deprecate
idin favor ofwarehouse_idinGetWarehouseResponse - Require warehouse-id in the permissions/check API also for namespace-ids
- Add /authorizer-actions API (53a0e4a)
- add authorization-independent /actions endpoints (25d777b)
- Add etag method to
CommitTableResponse(#1530) (26353ec) - Add ETag to responses and evaluate If-None-Match Header (#1509) (dcaac70)
- add GET /actions endpoints for all entity types (server, projects, warehouses, namespaces, tables, views, roles, users) (25d777b)
- Add properties & protection to AuthZ Info (#1492) (e47a018)
- Add separate permission to get Endpoint Statistics (0b6ea38)
- Add separate permission to set Warehouse Protection (0b6ea38)
- Add source system & source ID fields to Roles (ca9153b)
- Add storage profile-level credential control flags (#1518) (1b69424)
- add support for legacy md5 checksum (#1551) (7dc818e)
- Add support for unmanaged Catalogs to trino OPA bridge (#1542) (a67a87e)
- Add Warehouse Cache to reduce DB requests (443548a)
- Allow Authorizers to use Table & Namespace properties (#1544) (8c00f6e)
- Allow x-user-agent header (#1453) (727f5b5)
- Apply sts tags also to Lakekeeper io operations (77bb206)
- Authorizer independant permission batch-check endpoint (#1529) (fed6b4a)
- AuthZ Server and Project Ops (#1471) (9ef02d1)
- Cache for Storage Secrets (#1485) (505f8c4)
- Caching Short-Term-Credentials (STC) (#1459) (c338372)
- Catalog returns full Namespace Hierarchy for nested Namespaces (#1472) (2fe38bf)
- Default to S3
vended-credentialsinstead ofremote-signingif clients don't specify access delegation header (2eaedf6) - Deprecate
idin favor ofwarehouse_idinGetWarehouseResponse(443548a) - Deprecate Deprecate /permissions/.../actions Endpoints (53a0e4a)
- Enrich Authorizer for Namespaces and Warehouses (#1480) (f8fa500)
- Extend /actions endpoint with
for_userparameter (7dd4bb0) - Extend Authorizer information for Tabulars (#1484) (d5db102)
- Extend ListRoles filter (ca9153b)
- Extend task system to support project-scoped tasks (#1534) (58583a7)
- implement action permission discovery API (25d777b)
- Improve compatibility for token refreshs (#1546) (429f6b9)
- Introduce AuthzWarehouseOps and AuthzNamespaceOps abstractions (e2da40f)
- Introduce CatalogWarehouseOps & CatalogNamespaceOps abstractions (e2da40f)
- Make Warehouse Cache case-insensitive (#1473) (7d4c7d7)
- Management endpoints now return full warehouse details after updates (443548a)
- Namespace Cache (#1478) (61b03a8)
- New get role Metadata Endpoint (cross-project) (#1516) (71efc01)
- Require warehouse-id in the permissions/check API also for namespace-ids (e2da40f)
- Separate Namespace IncludeInList permission from CanGetMetadata (#1491) (173ae32)
- Simplify Authorizer to only use
are_allowed_xxxmethods instead ofis_allowed_xxx(7dd4bb0) - Support "+" as space in path identifiers, prohibit "+" in tabular & ns identifiers (#1547) (a26b6f7)
- Support Authorizers which cannot list projects (#1481) (57663a2)
- Table & View Ops Abstractions, Improved Error Handling (#1454) (94996e4)
- ui: Add DuckDB routes to UI router (#1550) (dab8747)
- Update UI to Components (#1549) (e4c57b1)
- User & Role AuthZ Ops (#1490) (1759290)
- Version based Warehouse Cache (#1465) (c9c4b5e)
- ci: Revert 0.10.3 release (dfdbdcf)
- ci: Use gnu instead of musl for ARM images (#1508) (621dfa4)
- Concurrent Table Update Error message & Server side retry (#1527) (f283699)
- CORS allow access delegation & etag headers (#1455) (5f8c665)
- Debug assertion table identifier mismatch for signer (#1460) (684c690)
- Headers should be lowercase (#1457) (06ad77e)
- linter: fix linter errors for implicit cloning (#1477) (4865d53)
- Make get_role_metadata work accross projects (#1536) (ca344a1)
- openfga: Delete user relations pagination (#1507) (cb9908e)
- openfga: use url encode string when
ActorisPrincipalinto_openfga(#1521) (ca24218) - Remove explicit schema qualification to allow for dynamic override via: (#1528) (69b960d)
- remove redundant clone() before to_string() (#1489) (fe9cf81)
- Restrict cross-project Role Search, but allow cross-project Role Metadata get (0b6ea38)
- support view creation without "properties" (fix trino security invoker) (#1545) (74bfb5c)
- TaskQueueConfigFilter::WarehouseId should not require ProjectId (#1554) (f32251c)
- Trino OPA bridge execute procedures (#1541) (5d27125)
- Use fallbacks instead of Err for vended cred. / remote-signing (2eaedf6)
- Use read-pool for checks when flushing statistics (d9ddda8)
- Use read-pool for checks when flushing statistics (#1526) (989bc8d)
- Add reference to Starburst query engine (#1523) (32a17ea)
- add RisingWave as a REST-compatible client (#1496) (bd09d47)
- Bump MSRV to 1.88 (77bb206)
- Components UI (2b188d5)
- deps: Iceberg 0.8, openfga 0.5, tonic 0.14, middle 0.4, limes 0.3 (#1553) (a7abc10)
- deps: update all non-major dependencies (#1445) (4bf070c)
- docs: Cedar Authorizer (#1512) (375ebdf)
- docs: Document Credential Vending (#1531) (d3c41cf)
- docs: Update directory paths in getting-started.md (#1548) (d97b32a)
- Improve Azure SAS generation logs (#1522) (737d1ff)
- Improve IO Errors (#1487) (510c551)
- Introduce open-api feature to gate utoipa and swagger (#1458) (c39d96e)
- main: release 0.10.3 (#1446) (b8fcf54)
- permissions: Restrict Endpoint Statistics access to Warehouse Assignee and above (0b6ea38)
- Remove "name" filter in
ListRolesQuery. Use more efficient search instead (ca9153b) - Remove
Canprefix from rust Action types (53a0e4a) - remove build-with-alpine (#1514) (5d3436e)
- remove dependcy on forked rdkafka and remove unneccessaty build-dependency on openssl-sys (#1515) (c53be9b)
- remove deprecated undrop_tabular and project_by_id endpoints (25d777b)
- Rename
SecretIdenttoSecretIdfor consistency (443548a) - tests: Add trino information_schema.tables test (#1456) (665d8c9)
- Update examples to use new /actions endpoints (#1510) (3408454)
- Update Plus API, UI v0.11 (#1555) (790462b)
- Update README.md (cebc453)
- Update to edition 2024 (#1505) (203959a)
- use rustls for gcloud storage (#1506) (4233ca5)
- Use structured error logs (requires tracing_unstable) (#1504) (5c905df)
0.10.3 (2025-10-15)
- Add
debug_migrate_before_serveenv var (#1426) (8022192) - examples: add k8s iceberg sink connector (avro) (#1336) (41ec6aa)
- Expose License Information via API (#1432) (612b2f9)
- Move OpenFGA Authorizer to separate crate (#1421) (7a9f235)
- Validate Downscoping works on Warehouse creation (#1437) (6e1d3f9)
- Better normalization for ARNs in S3 Profile (#1441) (556b760)
- ci: Revert 0.10.3 release (dfdbdcf)
- deps: update all non-major dependencies (#1429) (e1865ab)
- Add info about installing sqlx to developer-guide.md (#1438) (2b2f14d)
- Update developer-guide.md (#1439) (cfd6f56)
- ci: Fix release please (#1433) (7605a91)
- deps: update all non-major dependencies (#1436) (be514cf)
- deps: update all non-major dependencies (#1442) (af4a629)
- main: release 0.10.3 (#1427) (8722399)
- Rename src/service -> src/server, trait Catalog -> CatalogStore (#1428) (602191b)
- renovate: Group dependencies (0475096)
- renovate: ignore additional deps (c9a6149)
- Restructure catalog_store into multiple modules (#1434) (dde8c75)