Previous change logs can be found at CHANGELOG-3.4.
- Fix watchserver related goroutine leakage
- Fix risk of a partial write txn being applied
- Fix panicking occurred due to improper error handling during defragmentation
- Compile binaries using go 1.22.9.
- Fix performance regression issue caused by the
ensureLeadershipin lease renew. - Keep the tombstone during compaction if it happens to be the compaction revision
- Add
etcd --experimental-compaction-sleep-intervalflag to control the sleep interval between each compaction batch.
- Compile binaries using go 1.22.7.
- Upgrade bbolt to v1.3.11.
- Fix add prometheus metric registration for metric
etcd_disk_wal_write_duration_seconds. - Add Support multiple values for allowed client and peer TLS identities
- Fix noisy logs from simple auth token expiration by reducing log level to debug
- Differentiate the warning message for rejected client and peer connections
- Compile binaries using go 1.21.12.
- Fully address CVE-2023-45288 and fix govulncheck CI check
- Fix LeaseTimeToLive returns error if leader changed.
- Add metrics
etcd_disk_wal_write_duration_seconds. - Fix ignore raft messages if member id mismatch.
- Update the compaction log when bootstrap.
- Fix Revision decreasing after panic during compaction
- Add
etcd --experimental-stop-grpc-service-on-defragto enable client failover on defrag. - Add support for
AllowedCNandAllowedHostnamethrough config file
- Add requests retry when receiving ErrGPRCNotSupportedForLearner and endpoints > 1.
- Fix initialization for mu in client context.
- Compile binaries using go 1.21.10.
- Upgrade bbolt to v1.3.10.
- Fix leases wrongly revoked by the leader by ignoring old leader's leases revoking request.
- Fix no progress notification being sent for watch that doesn't get any events.
- Fix watch event loss after compaction.
- Add client backoff and retry config options.
- Ignore SetKeepAlivePeriod errors on OpenBSD.
- Support unix/unixs socket in client or peer URLs
- Add three flags (see below) for grpc-proxy
--dial-keepalive-time--dial-keepalive-timeout--permit-without-stream
- Upgrade bbolt to v1.3.9.
- Compile binaries using go 1.21.8.
- Upgrade google.golang.org/protobuf to v1.33.0 to address CVE-2024-24786.
- Upgrade github.com/sirupsen/logrus to v1.9.3 to address PRISMA-2023-0056.
- Fix not validating database consistent index, and panicking on nil backend
- Document
experimental-enable-lease-checkpoint-persistflag in etcd help - Fix needlessly flocking snapshot files when deleting
- Add digest for etcd base image
- Fix delete inconsistencies in read buffer
- Add mvcc: print backend database size and size in use in compaction logs
- Compile binaries using go 1.20.13
- Upgrade golang.org/x/crypto to v0.17+ to address CVE-2023-48795
- Fix distributed tracing by ensuring
--experimental-distributed-tracing-sampling-rateconfiguration option is available to set tracing sample rate. - Fix url redirects while checking peer urls during new member addition
- Add livez/readyz HTTP endpoints
- Compile binaries using go 1.20.12
- Fix CVE-2023-47108 by bumping go.opentelemetry.io/otel to 1.20.0 and go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to 0.46.0.
- Fix
--socket-reuse-portand--socket-reuse-addressnot able to be set in configuration file. - Fix corruption check may get a
ErrCompactederror when server has just been compacted - Improve Lease put performance for the case that auth is disabled or the user is admin
- Improve Skip getting authInfo from incoming context when auth is disabled
- Fix Hash and HashKV have duplicated RESTful API
- Fix Multiple endpoints with same prefix got mixed up
- Fix Unexpected blocking when barrier waits on a nonexistent key
- Fix Reset auth token when failing to authenticate due to auth being disabled
- Fix panic in etcd validate secure endpoints
- Compile binaries using go 1.20.10.
- Upgrade gRPC to 1.58.3 in #16625, #16781 and #16790. Note that gRPC server will reject requests with connection header (refer to grpc/grpc-go#4803).
- Upgrade bbolt to v1.3.8
- Compile binaries using go 1.19.9.
- Add
etcd --tls-min-version --tls-max-versionto enable support for TLS 1.3. - Add
etcd --listen-client-http-urlsflag to support separating http server from grpc one, thus giving full immunity to watch stream starvation under high read load. - Change http2 frame scheduler to random algorithm
- Fix Watch response traveling back in time when reconnecting member downloads snapshot from the leader
- Fix race when starting both secure & insecure gRPC servers on the same address
- Fix server/auth: disallow creating empty permission ranges
- Fix aligning zap log timestamp resolution to microseconds. Etcd now uses zap timestamp format:
2006-01-02T15:04:05.999999Z0700(microsecond instead of milliseconds precision). - Fix wsproxy did not print log in JSON format.
- Fix CVE-2021-28235 by clearing password after authenticating the user.
- Fix etcdserver may panic when parsing a JWT token without username or revision.
- Fix Requested watcher progress notifications are not synchronised with stream.
- Recommend Go 1.19+.
- Compile binaries using go to 1.19.8
- Upgrade golang.org/x/net to v0.7.0
- Upgrade bbolt to v1.3.7.
- Fix Remove memberID from data corrupt alarm.
- Fix Allow non mutating requests pass through quotaKVServer when NOSPACE.
- Fix nil pointer panic for readonly txn due to nil response.
- Fix The last record which was partially synced to disk isn't automatically repaired.
- Fix etcdserver might promote a non-started learner.
- Reverted the fix to auth invalid token and old revision errors in watch.
- Recommend Go 1.17+.
- Compile binaries using Go 1.17.13
- Bumped some dependencies to address some HIGH Vulnerabilities.
- Use distroless base image to address critical Vulnerabilities.
- Updated base image from base-debian11 to static-debian11 and removed dependency on busybox.
- Fix auth invalid token and old revision errors in watch
- Fix avoid closing a watch with ID 0 incorrectly
- Fix auth: fix data consistency issue caused by recovery from snapshot
- Fix revision might be inconsistency between members when etcd crashes during processing defragmentation operation
- Fix timestamp in inconsistent format
- Fix Failed resolving host due to lost DNS record
- Fix Add backoff before retry when watch stream returns unavailable.
- Fix stack overflow error in double barrier
- Fix Refreshing token on CommonName based authentication causes segmentation violation in client.
- Add
etcd grpc-proxy start --listen-cipher-suitesflag to support adding configurable cipher list.
- Fix do not overwrite authTokenBundle on dial.
- Fix IsOptsWithPrefix returns false even if WithPrefix() is included.
- Build official darwin/arm64 artifacts.
- Add
etcd --max-concurrent-streamsflag to configure the max concurrent streams each client can open at a time, and defaults to math.MaxUint32. - Add
etcd --experimental-compact-hash-check-enabled --experimental-compact-hash-check-timeflags to support enabling reliable corruption detection on compacted revisions. - Fix unexpected error during txn.
- Fix lease leak issue due to tokenProvider isn't enabled when restoring auth store from a snapshot.
- Fix the race condition between goroutine and channel on the same leases to be revoked.
- Fix lessor may continue to schedule checkpoint after stepping down leader role.
- Fix Restrict the max size of each WAL entry to the remaining size of the WAL file.
- Fix Protect rangePermCache with a RW lock correctly
- Fix memberID equals zero in corruption alarm
- Fix Durability API guarantee broken in single node cluster
- Fix etcd fails to start after performing alarm list operation and then power off/on
- Fix authentication data not loaded on member startup
- Bump golang.org/x/crypto to latest version to address CVE-2022-27191.
- Bump OpenTelemetry to 1.0.1 and gRPC to 1.41.0.
- Revert the change of trimming the trailing dot from SRV.Target returned by DNS lookup
- Fix Provide a better liveness probe for when etcd runs as a Kubernetes pod
- Fix inconsistent log format
- Fix Inconsistent revision and data occurs
- Fix Etcdserver is still in progress of processing LeaseGrantRequest when it receives a LeaseKeepAliveRequest on the same leaseID
- Fix consistent_index coming from snapshot is overwritten by the old local value
- Update container base image snapshot
- Fix Defrag unsets backend options.
- Trim the suffix dot from the target in SRV records returned by DNS lookup
- Always print the raft_term in decimal when displaying member list in json.
v3.5.2 (2022-02-01)
See code changes and v3.5 upgrade guide for any breaking changes.
- Fix exclude the same alarm type activated by multiple peers.
- Add
etcd --experimental-enable-lease-checkpoint-persistflag to enable checkpoint persisting. - Fix Lease checkpoints don't prevent to reset ttl on leader change, requires enabling checkpoint persisting.
- Fix assertion failed due to tx closed when recovering v3 backend from a snapshot db
- Fix segmentation violation(SIGSEGV) error due to premature unlocking of watchableStore
v3.5.1 (2021-10-15)
See code changes and v3.5 upgrade guide for any breaking changes.
- Fix self-signed-cert-validity parameter cannot be specified in the config file.
- Fix ensure that cluster members stored in v2store and backend are in sync
- Endpoints self identify now as
etcd-endpoints://{id}/{authority}where authority is based on first endpoint passed, for exampleetcd-endpoints://0xc0009d8540/localhost:2079
- Updated base image from
debian:buster-v1.4.0todebian:bullseye-20210927to fix the following critical CVEs:- CVE-2021-3711: miscalculation of a buffer size in openssl's SM2 decryption
- CVE-2021-35942: integer overflow flaw in glibc
- CVE-2019-9893: incorrect syscall argument generation in libseccomp
- CVE-2021-36159: libfetch in apk-tools mishandles numeric strings in FTP and HTTP protocols to allow out of bound reads.
See code changes and v3.5 upgrade guide for any breaking changes.
- v3.5.0 (2021 TBD), see code changes.
- v3.5.0-rc.1 (2021-06-10), see code changes.
- v3.5.0-rc.0 (2021-06-04), see code changes.
- v3.5.0-beta.4 (2021-05-26), see code changes.
- v3.5.0-beta.3 (2021-05-18), see code changes.
- v3.5.0-beta.2 (2021-05-18), see code changes.
- v3.5.0-beta.1 (2021-05-18), see code changes.
Again, before running upgrades from any previous release, please make sure to read change logs below and v3.5 upgrade guide.
go.etcd.io/etcdGo packages have moved togo.etcd.io/etcd/{api,pkg,raft,client,etcdctl,server,raft,tests}/v3to follow the Go modules conventionsgo.etcd.io/clientv3/snapshotSnapshotManager class have moved togo.etcd.io/clientv3/etcdctl. The methodsnapshot.Saveto download a snapshot from the remote server was preserved in 'go.etcd.io/clientv3/snapshot`.- `go.etcd.io/client' package got migrated to 'go.etcd.io/client/v2'.
- Changed behavior of clientv3 API MemberList.
- Previously, it is directly served with server's local data, which could be stale.
- Now, it is served with linearizable guarantee. If the server is disconnected from quorum,
MemberListcall will fail.
- gRPC gateway only supports
/v3endpoint.- Deprecated
/v3beta. curl -L http://localhost:2379/v3beta/kv/put -X POST -d '{"key": "Zm9v", "value": "YmFy"}'doesn't work in v3.5. Usecurl -L http://localhost:2379/v3/kv/put -X POST -d '{"key": "Zm9v", "value": "YmFy"}'instead.
- Deprecated
etcd --experimental-enable-v2v3flag remains experimental and to be deprecated.- v2 storage emulation feature will be deprecated in the next release.
- etcd 3.5 is the last version that supports V2 API. Flags
--enable-v2and--experimental-enable-v2v3are now deprecated and will be removed in etcd v3.6 release.
etcd --experimental-backend-bbolt-freelist-typeflag has been deprecated. Useetcd --backend-bbolt-freelist-typeinstead. The default type is hashmap and it is stable now.etcd --debugflag has been deprecated. Useetcd --log-level=debuginstead.- Remove
embed.Config.Debug. etcd --log-outputflag has been deprecated. Useetcd --log-outputsinstead.etcd --logger=zap --log-outputs=stderris now the default.etcd --logger=capnslogflag value has been deprecated.etcd --logger=zap --log-outputs=defaultflag value is not supported..- Use
etcd --logger=zap --log-outputs=stderr. - Or, use
etcd --logger=zap --log-outputs=systemd/journalto send logs to the local systemd journal. - Previously, if etcd parent process ID (PPID) is 1 (e.g. run with systemd),
etcd --logger=capnslog --log-outputs=defaultredirects server logs to local systemd journal. And if write to journald fails, it writes toos.Stderras a fallback. - However, even with PPID 1, it can fail to dial systemd journal (e.g. run embedded etcd with Docker container). Then, every single log write will fail and fall back to
os.Stderr, which is inefficient. - To avoid this problem, systemd journal logging must be configured manually.
- Use
etcd --log-outputs=stderris now the default.etcd --log-package-levelsflag forcapnsloghas been deprecated. Now,etcd --logger=zap --log-outputs=stderris the default.[CLIENT-URL]/config/local/logendpoint has been deprecated, as isetcd --log-package-levelsflag.curl http://127.0.0.1:2379/config/local/log -XPUT -d '{"Level":"DEBUG"}'won't work.- Please use
etcd --logger=zap --log-outputs=stderrinstead.
- Deprecated
etcd_debugging_mvcc_db_total_size_in_bytesPrometheus metric. Useetcd_mvcc_db_total_size_in_bytesinstead. - Deprecated
etcd_debugging_mvcc_put_totalPrometheus metric. Useetcd_mvcc_put_totalinstead. - Deprecated
etcd_debugging_mvcc_delete_totalPrometheus metric. Useetcd_mvcc_delete_totalinstead. - Deprecated
etcd_debugging_mvcc_txn_totalPrometheus metric. Useetcd_mvcc_txn_totalinstead. - Deprecated
etcd_debugging_mvcc_range_totalPrometheus metric. Useetcd_mvcc_range_totalinstead. - Main branch
/versionoutputs3.5.0-pre, instead of3.4.0+git. - Changed
proxypackage function signature to support structured logger.- Previously,
NewClusterProxy(c *clientv3.Client, advaddr string, prefix string) (pb.ClusterServer, <-chan struct{}), nowNewClusterProxy(lg *zap.Logger, c *clientv3.Client, advaddr string, prefix string) (pb.ClusterServer, <-chan struct{}). - Previously,
Register(c *clientv3.Client, prefix string, addr string, ttl int), nowRegister(lg *zap.Logger, c *clientv3.Client, prefix string, addr string, ttl int) <-chan struct{}. - Previously,
NewHandler(t *http.Transport, urlsFunc GetProxyURLs, failureWait time.Duration, refreshInterval time.Duration) http.Handler, nowNewHandler(lg *zap.Logger, t *http.Transport, urlsFunc GetProxyURLs, failureWait time.Duration, refreshInterval time.Duration) http.Handler.
- Previously,
- Changed
pkg/flagsfunction signature to support structured logger.- Previously,
SetFlagsFromEnv(prefix string, fs *flag.FlagSet) error, nowSetFlagsFromEnv(lg *zap.Logger, prefix string, fs *flag.FlagSet) error. - Previously,
SetPflagsFromEnv(prefix string, fs *pflag.FlagSet) error, nowSetPflagsFromEnv(lg *zap.Logger, prefix string, fs *pflag.FlagSet) error.
- Previously,
- ClientV3 supports grpc resolver API.
- Endpoints can be managed using endpoints.Manager
- Previously supported GRPCResolver was decomissioned. Use resolver instead.
- Turned on --pre-vote by default. Should prevent disrupting RAFT leader by an individual member.
- ETCD_CLIENT_DEBUG env: Now supports log levels (debug, info, warn, error, dpanic, panic, fatal). Only when set, overrides application-wide grpc logging settings.
- Embed Etcd.Close() needs to called exactly once and closes Etcd.Err() stream.
- Embed Etcd does not override global/grpc logger be default any longer. If desired, please call
embed.Config::SetupGlobalLoggers()explicitly. - Embed Etcd custom logger should be configured using simpler builder
NewZapLoggerBuilder. - Client errors of
context cancelledorcontext deadline exceededare exposed ascodes.Canceledandcodes.DeadlineExceeded, instead ofcodes.Unknown.
- WAL log's snapshots persists raftpb.ConfState
- Backend persists raftpb.ConfState in the
metabucketconfStatekey. - Backend persists applied term in the
metabucket. - Backend persists
downgradein theclusterbucket
- Add
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256andTLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256toetcd --cipher-suites. - Changed the format of WAL entries related to auth for not keeping password as a plain text.
- Add third party Security Audit Report.
- A log warning is added when etcd uses any existing directory that has a permission different than 700 on Linux and 777 on Windows.
- Add optional
ClientCertFileandClientKeyFileoptions for peer and client tls configuration when split certificates are used.
See List of metrics for all metrics per release.
Note that any etcd_debugging_* metrics are experimental and subject to change.
- Deprecated
etcd_debugging_mvcc_db_total_size_in_bytesPrometheus metric. Useetcd_mvcc_db_total_size_in_bytesinstead. - Deprecated
etcd_debugging_mvcc_put_totalPrometheus metric. Useetcd_mvcc_put_totalinstead. - Deprecated
etcd_debugging_mvcc_delete_totalPrometheus metric. Useetcd_mvcc_delete_totalinstead. - Deprecated
etcd_debugging_mvcc_txn_totalPrometheus metric. Useetcd_mvcc_txn_totalinstead. - Deprecated
etcd_debugging_mvcc_range_totalPrometheus metric. Useetcd_mvcc_range_totalinstead. - Add
etcd_debugging_mvcc_current_revisionPrometheus metric. - Add
etcd_debugging_mvcc_compact_revisionPrometheus metric. - Change
etcd_cluster_versionPrometheus metrics to include only major and minor version. - Add
etcd_debugging_mvcc_total_put_size_in_bytesPrometheus metric. - Add
etcd_server_client_requests_totalwith"type"and"client_api_version"labels. - Add
etcd_wal_write_bytes_total. - Add
etcd_debugging_auth_revision. - Add
os_fd_usedandos_fd_limitto monitor current OS file descriptors. - Add
etcd_disk_defrag_inflight.
- Add don't attempt to grant nil permission to a role.
- Add don't activate alarms w/missing AlarmType.
- Add
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256andTLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256toetcd --cipher-suites. - Automatically create parent directory if it does not exist (fix issue#9609).
- v4.0 will configure
etcd --enable-v2=true --enable-v2v3=/aaato enable v2 API server that is backed by v3 storage. - [
etcd --backend-bbolt-freelist-type] flag is now stable.etcd --experimental-backend-bbolt-freelist-typehas been deprecated.
- Support downgrade API.
- Deprecate v2 apply on cluster version. Use v3 request to set cluster version and recover cluster version from v3 backend.
- Use v2 api to update cluster version to support mixed version cluster during upgrade.
- Fix corruption bug in defrag.
- Fix quorum protection logic when promoting a learner.
- Improve peer corruption checker to work when peer mTLS is enabled.
- Log
[CLIENT-PORT]/healthcheck in server side. - Log successful etcd server-side health check in debug level.
- Improve compaction performance when latest index is greater than 1-million.
- Refactor consistentindex.
- Add log when etcdserver failed to apply command.
- Improve count-only range performance.
- Remove redundant storage restore operation to shorten the startup time.
- With 40 million key test data,it can shorten the startup time from 5 min to 2.5 min.
- Fix deadlock bug in mvcc.
- Fix inconsistency between WAL and server snapshot.
- Previously, server restore fails if it had crashed after persisting raft hard state but before saving snapshot.
- See #10219 for more.
- Add missing CRC checksum check in WAL validate method otherwise causes panic.
- See #11918.
- Improve logging around snapshot send and receive.
- Push down RangeOptions.limit argv into index tree to reduce memory overhead.
- Add reason field for /health response.
- Add exclude alarms from health check conditionally.
- Add
etcd --unsafe-no-fsyncflag.- Setting the flag disables all uses of fsync, which is unsafe and will cause data loss. This flag makes it possible to run an etcd node for testing and development without placing lots of load on the file system.
- Add
etcd --auth-token-ttlflag to customizesimpleTokenTTLsettings. - Improve
runtime.FDUsagecall pattern to reduce objects malloc of Memory Usage and CPU Usage. - Improve mvcc.watchResponse channel Memory Usage.
- Log expensive request info in UnaryInterceptor.
- Fix invalid Go type in etcdserverpb.
- Improve healthcheck by using v3 range request and its corresponding timeout.
- Add
etcd --experimental-watch-progress-notify-intervalflag to make watch progress notify interval configurable. - Fix server panic in slow writes warnings.
- Fixed via PR#12238.
- Fix server panic when force-new-cluster flag is enabled in a cluster which had learner node.
- Add
etcd --self-signed-cert-validityflag to support setting certificate expiration time.- Notice, certificates generated by etcd are valid for 1 year by default when specifying the auto-tls or peer-auto-tls option.
- Add
etcd --experimental-warning-apply-durationflag which allows apply duration threshold to be configurable. - Add
etcd --experimental-memory-mlockflag which prevents etcd memory pages to be swapped out. - Add
etcd --socket-reuse-portflag- Setting this flag enables
SO_REUSEPORTwhich allows rebind of a port already in use. User should take caution when using this flag to ensure flock is properly enforced.
- Setting this flag enables
- Add
etcd --socket-reuse-addressflag- Setting this flag enables
SO_REUSEADDRwhich allows binding to an address inTIME_WAITstate, improving etcd restart time.
- Setting this flag enables
- Reduce around 30% memory allocation by logging range response size without marshal.
ETCD_VERIFY="all"environment triggers additional verification of consistency of etcd data-dir files.- Add
etcd --enable-log-rotationboolean flag which enables log rotation if true. - Add
etcd --log-rotation-config-jsonflag which allows passthrough of JSON config to configure log rotation for a file output target. - Add experimental distributed tracing boolean flag
--experimental-enable-distributed-tracingwhich enables tracing. - Add
etcd --experimental-distributed-tracing-addressstring flag which allows configuring the OpenTelemetry collector address. - Add
etcd --experimental-distributed-tracing-service-namestring flag which allows changing the default "etcd" service name. - Add
etcd --experimental-distributed-tracing-instance-idstring flag which configures an instance ID, which must be unique per etcd instance. - Add
--experimental-bootstrap-defrag-threshold-megabyteswhich configures a threshold for the unused db size and etcdserver will automatically perform defragmentation on bootstrap when it exceeds this value. The functionality is disabled if the value is 0.
- Remove
embed.Config.Debug.- Use
embed.Config.LogLevelinstead.
- Use
- Add
embed.Config.ZapLoggerBuilderto allow creating a custom zap logger. - Replace global
*zap.Loggerwith etcd server logger object. - Add
embed.Config.EnableLogRotationwhich enables log rotation if true. - Add
embed.Config.LogRotationConfigJSONto allow passthrough of JSON config to configure log rotation for a file output target. - Add
embed.Config.ExperimentalEnableDistributedTracingwhich enables experimental distributed tracing if true. - Add
embed.Config.ExperimentalDistributedTracingAddresswhich allows overriding default collector address. - Add
embed.Config.ExperimentalDistributedTracingServiceNamewhich allows overriding default "etcd" service name. - Add
embed.Config.ExperimentalDistributedTracingServiceInstanceIDwhich allows configuring an instance ID, which must be uniquer per etcd instance.
- Remove excessive watch cancel logging messages.
- Add
TryLockmethod toclientv3/concurrency/Mutex. A non-blocking method onMutexwhich does not wait to get lock on the Mutex, returns immediately if Mutex is locked by another session. - Fix client balancer failover against multiple endpoints.
- Fix IPv6 endpoint parsing in client.
- Fix errors caused by grpc changing balancer/resolver API. This change is compatible with grpc >= v1.26.0, but is not compatible with < v1.26.0 version.
- Use ServerName as the authority after bumping to grpc v1.26.0. Remove workaround in #11184.
- Fix
"hasleader"metadata embedding.- Previously,
clientv3.WithRequireLeader(ctx)was overwriting existing context keys.
- Previously,
- Fix watch leak caused by lazy cancellation. When clients cancel their watches, a cancel request will now be immediately sent to the server instead of waiting for the next watch event.
- Make sure save snapshot downloads checksum for integrity checks.
- Fix auth token invalid after watch reconnects. Get AuthToken automatically when clientConn is ready.
- Improve clientv3:get AuthToken gracefully without extra connection.
- Changed clientv3 dialing code to use grpc resolver API instead of custom balancer.
- Endpoints self identify now as
etcd-endpoints://{id}/#initially={list of endpoints}e.g.etcd-endpoints://0xc0009d8540/#initially=[localhost:2079]
- Endpoints self identify now as
- Make sure save snapshot downloads checksum for integrity checks.
- Fix memory leak in follower nodes.
- Make sure grant/revoke won't be applied repeatedly after restarting etcd.
- Add
etcd_wal_write_bytes_total. - Handle out-of-range slice bound in
ReadAlland entry limit indecodeRecord.
- Fix
etcdctl member addcommand to prevent potential timeout. (PR#11194 and PR#11638) - Add
etcdctl watch --progress-notifyflag. - Add
etcdctl auth statuscommand to check if authentication is enabled - Add
etcdctl get --count-onlyflag for output typefields. - Add
etcdctl member list -w=json --hexflag to print memberListResponse in hex format json. - Changed
etcdctl lock <lockname> exec-commandto return exit code of exec-command. - New tool:
etcdutlincorporated functionality of:etcdctl snapshot status|restore,etcdctl backup,etcdctl defrag --data-dir .... - ETCDCTL_API=3
etcdctl migratehas been decommissioned. Use etcd <=v3.4 to restore v2 storage.
- gRPC gateway only supports
/v3endpoint.- Deprecated
/v3beta. curl -L http://localhost:2379/v3beta/kv/put -X POST -d '{"key": "Zm9v", "value": "YmFy"}'does work in v3.5. Usecurl -L http://localhost:2379/v3/kv/put -X POST -d '{"key": "Zm9v", "value": "YmFy"}'instead.
- Deprecated
- Set
enable-grpc-gatewayflag to true when using a config file to keep the defaults the same as the command line configuration.
- Fix
panic on errorfor metrics handler. - Add gRPC keepalive related flags
grpc-keepalive-min-time,grpc-keepalive-intervalandgrpc-keepalive-timeout. - Fix grpc watch proxy hangs when failed to cancel a watcher .
- Add metrics handler for grpcproxy self.
- Add health handler for grpcproxy self.
- Fix NoPassword check when adding user through GRPC gateway (issue#11414)
- Fix bug where some auth related messages are logged at wrong level
- Fix a data corruption bug by saving consistent index.
- Improve checkPassword performance.
- Add authRevision field in AuthStatus.
- Fix a bug of not refreshing expired tokens.
- Add
/v3/auth/statusendpoint to check if authentication is enabled - Add
Linearizablefield toetcdserverpb.MemberListRequest. - Learner support Snapshot RPC.
- Remove
netutil.DropPort/RecoverPort/SetLatency/RemoveLatency.- These are not used anymore. They were only used for older versions of functional testing.
- Removed to adhere to best security practices, minimize arbitrary shell invocation.
- Upgrade
google.golang.org/grpcfromv1.23.0tov1.37.0. - Upgrade
go.uber.org/zapfromv1.14.1tov1.16.0.
- etcd now officially supports
arm64.- See #12928 for adding automated tests with
arm64EC2 instances (Graviton 2). - See etcd-io/website#273 for new platform support tier policies.
- See #12928 for adding automated tests with
- Require Go 1.16+.
- Compile with Go 1.16+
- etcd uses go modules (instead of vendor dir) to track dependencies.
- The etcd team has added, a well defined and openly discussed, project governance.