2020.07.0 Release

Docker tag: quay.io/pganalyze/enterprise:v2020.07.0

Notes

• We recommend upgrading 2020.07.2 or newer to avoid a bug related to duplicate server entries
• Important: This release requires at least PostgreSQL 10 for the pganalyze statistics database. Please make sure to upgrade your Postgres version if you are using an older Postgres release.
• This release includes all bugfixes from the 2019.04.1 patch release
• Upgrades need to follow our recommended upgrade steps to run necessary database migrations

New features

• New Charts and Date Picker
• Automated Postgres EXPLAIN Visualization & Insights
• New in-app design to match new pganalyze colors and logo
• Consistent date selection when navigating across the app
• New "Query Tags" section for queries to show where queries originate from
• Improved Query Performance Overview
  • 7-day trend analysis
  • Save query filter options across sessions
• Improved Platform support
  • Amazon RDS: Add RDS 2019 certificate support
  • Azure DB for PostgreSQL and Google Cloud SQL: Add support for Log Insights & EXPLAIN plans
• Alert policies
  • Ability to configure different alert policies for different team members
• VACUUM statistics
  • 7 day retention for detailed statistics (increased from 24h)
  • 30 day view of dead tuples for tables (increased from 24h)
• Smarter server list in navigation menu
  • Shows 5 most recently visited servers
  • This avoids issues when having a lot of servers (which are better viewed on the per-organization server list)
• Update wait events to include Postgres 12 support
• Add 7-day trend analysis to table overview

Bugfixes

• Log Insights
  • Ensure that "temp file created" log events correctly filter for database
  • Improve in-app integration instructions to be correct for setup type
  • Fix Checkpoint Starting and Temp File Created bucketing for larger timeframes
  • Fix visualization bugs for Z00 classification of unknown log lines
  • Connection tracing: Fix connection logs for cases where the log_line_prefix is missing %d
• Internal Enterprise Server logging
  • Always output webserver logs to stdout, and hide request_id to make logs easier to read
  • Don't run collector in verbose mode
• Verify MAILER_URL setting when doing self-check
• Default to "localhost" for email application domain instead of "pganalyze.com"
  • We recommend setting DOMAIN_NAME to have the correct hostname used in emails sent by the system
• Turn off automatic retries for statistics snapshot processing
  • This didn't work correctly before and caused unnecessary unique constraint violation errors
• System data: Fix accidental reversal of network receive and transmit stats
• Query details: Fix link pointing to Postgres role

Performance improvements

• Pre-aggregation of multi-hour/multi-day statistics
  • This helps speed up the Query Performance view, as well as Log Insights views
• Improve performance for per-table query performance list
• Avoid timeouts processing high number of Postgres functions, cap at 5000 functions
• Improve per-server connection graph performance
• Improve Log Insights client-side performance
• Improve performance for VACUUM timeline and VACUUM history
• Paginate query performance list
• Server-side pagination for table/index/function lists
• Connections list: Automatically stop polling after 1 minute (reduces server performance impact)

Security improvements

• Non-critical security updates
  • rails (CVE-2020-8185, CVE-2020-8184, CVE-2020-8162, CVE-2020-8164, CVE-2020-8165, CVE-2020-8166, CVE-2020-8167, CVE-2020-5267)
  • websocket-extensions (CVE-2020-7663)
  • puma (CVE-2020-11077, CVE-2020-11076, CVE-2020-5247)
  • json (CVE-2020-10663)
• Invalidate all sessions on logout (to prevent reusing the session cookie)
• Use secure cookie flag when FORCE_SSL=1 is configured
• Add rate limiting for the following actions:
  • Signups (protect against spamming a publicly available installation with bogus accounts)
  • Login (protect against brute-force a user's password)
  • Password reset (protect against flood a user's inbox and lock them out)
• Filter out non-word characters in invite e-mail bodies (to avoid abuse of the invite system for sending spam)
• Fix XSS issues with notice messages
• Introduce audit events for significant user initiated/affecting actions
  • For now this is available in an internal table only. This covers the signup, login, password change and member invitation flows.

Other changes

• Update included pganalyze collector for Enterprise to 0.31.0
• Add an explicit Postgres version check (PostgreSQL 10 or newer is now required)
• Improve color scale colors for tree maps and VACUUM timeline
• Rename "self-hosted servers" to "self-managed servers"
• Per-server API keys are no longer created
  • They can still be used for compatibility purposes, going forward the collector utilizes organization API keys for authentication
  • We may deprecate that usage and fully remove per-server API keys in the future, please ensure you use organization API keys when running the collector separately from the main pganalyze container
• Send cookies with API requests
  • This helps support reverse proxy setups, such as when using Cloudflare Access (which requires the special CF_Authorization cookie to be passed)
• Add Docker command to perform automated actions using the Rails runner command
  • This should not be needed in normal operations, but may be used to help with support requests
• Data retention
  • Historic data is now consistently 35 days (Query Performance data) or 7 days (Log Insights data) across the system
  • Previously additional data was stored, but not accessible, which caused performance issues
  • Add appropriate feature notices for pages with limited data available (e.g. Connection Traces)