From 9f61c3b3a1f1af25fd3e68f8a8f038da1d708832 Mon Sep 17 00:00:00 2001 From: Tim Vaillancourt Date: Thu, 26 Feb 2026 20:21:22 +0100 Subject: [PATCH 1/2] Add missing v24.0.0 changelog entries for #19460 and #19427 - Breaking change: external decompressor no longer read from backup MANIFEST by default - VTOrc: ordered recovery execution and semi-sync rollout improvements Co-Authored-By: Claude Opus 4.6 Signed-off-by: Tim Vaillancourt --- changelog/24.0/24.0.0/summary.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/changelog/24.0/24.0.0/summary.md b/changelog/24.0/24.0.0/summary.md index c4b95a4874f..f52d361c463 100644 --- a/changelog/24.0/24.0.0/summary.md +++ b/changelog/24.0/24.0.0/summary.md @@ -8,6 +8,8 @@ - [Window function pushdown for sharded keyspaces](#window-function-pushdown) - [View Routing Rules](#view-routing-rules) - [Tablet targeting via USE statement](#tablet-targeting) + - **[Breaking Changes](#breaking-changes)** + - [External Decompressor No Longer Read from Backup MANIFEST by Default](#vttablet-external-decompressor-manifest) - **[Minor Changes](#minor-changes)** - **[Logging](#minor-changes-logging)** - [Structured logging](#structured-logging) @@ -30,6 +32,7 @@ - [Improved VTOrc Discovery Logging](#vtorc-improved-discovery-logging) - [Deprecated VTOrc Metric Removed](#vtorc-deprecated-metric-removed) - [Deprecation of Snapshot Topology feature](#vtorc-snapshot-topology-deprecation) + - [Ordered Recovery Execution and Semi-Sync Rollout](#vtorc-ordered-recovery-semi-sync) ## Major Changes @@ -90,6 +93,16 @@ Once set, all subsequent queries in the session route to the specified tablet un Note: A shard must be specified when using tablet targeting. Like shard targeting, this bypasses vindex-based routing, so use with care. +### Breaking Changes + +#### External Decompressor No Longer Read from Backup MANIFEST by Default + +The external decompressor command stored in a backup's `MANIFEST` file is no longer used at restore time by default. Previously, when no `--external-decompressor` flag was provided, VTTablet would fall back to the command specified in the `MANIFEST`. This posed a security risk: an attacker with write access to backup storage could modify the `MANIFEST` to execute arbitrary commands on the tablet. + +Starting in v24, the `MANIFEST`-based decompressor is ignored unless you explicitly opt in with the new `--external-decompressor-use-manifest` flag. If you rely on this behavior, add the flag to your VTTablet configuration, but be aware of the security implications. + +See [#19460](https://github.com/vitessio/vitess/pull/19460) for details. + ## Minor Changes ### Logging @@ -237,3 +250,11 @@ The lack of facilities to read the snapshots created by this feature coupled wit **Impact**: VTOrc can no longer create snapshots of the topology in it's backend database. +#### Ordered Recovery Execution and Semi-Sync Rollout + +VTOrc now executes recoveries per-shard with defined ordering, rather than per-tablet in isolation. Problems that have ordering dependencies (e.g., semi-sync configuration) are executed serially first, while independent problems are executed concurrently. This ensures that dependent recoveries happen in the correct sequence within a shard. + +The main user-facing improvement is to semi-sync rollouts: VTOrc now ensures replicas have semi-sync enabled before updating the primary. Previously, enabling semi-sync on the primary before enough replicas were ready could stall writes while the primary waited for semi-sync acknowledgements that no replica was prepared to send. + +See [#19427](https://github.com/vitessio/vitess/pull/19427) for details. + From 557122870b371a8a0825195a7811b51275d97355 Mon Sep 17 00:00:00 2001 From: Tim Vaillancourt Date: Thu, 26 Feb 2026 20:38:32 +0100 Subject: [PATCH 2/2] add Security topic w/`timvaillancourt` Signed-off-by: Tim Vaillancourt --- MAINTAINERS.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/MAINTAINERS.md b/MAINTAINERS.md index 54e77d831c3..2bbf7a9fdd7 100644 --- a/MAINTAINERS.md +++ b/MAINTAINERS.md @@ -59,6 +59,9 @@ derekperkins, mattlord ### High Availability mattlord, timvaillancourt +### Security +timvaillancourt + ## Past Maintainers We thank the following past maintainers for their contributions.