Release Notes

---

Release 2.0.0

Enhancements:

• NEW: Redesigned web interface with modernized layout, sidebar navigation, and consistent theming across all pages

  • Added a Dashboard landing page with system overview diagram, host metrics, ingest stream status, and standing query status
  • Add a Streams management page for easily creating and managing ingest streams and standing queries through the UI
  • Added JSON-LD graph export option to the Exploration UI download menu
  • Exploration UI nodes are now pinned in place by default when dragged, and Shift+click-hold unpins them
  • Default node appearance now renders the "name" property for all nodes regardless of label; customizable in the same way with UI Styling endpoints

• NEW: Official release of API V2 which is now the default in the UI; API V1 is still available for backwards compatibility but will be deprecated in the future

  • Follows the Google API style guides with established patterns and strategies for modern REST APIs
  • Enhanced ingest and output capabilities with persistent configuration, expanded source and destination support, and improved error handling bringing parity across all products. Includes javascript transformation of data in all ingests and outputs, and a customizable dead letter queue for unreadable ingested events
  • Standing Query outputs enhanced with workflow steps, providing clearer output structures; can be chained together
  • Cypher query parameter support for executing queries via API
  • Added support for targeting specific cluster members via query parameter
  • Comprehensive developer documentation with examples is built in and enhanced
  • Recipes now support a schema version 2, enabling configuration enhancements supported by API V2

• NEW: Role-Based Access Control (RBAC) with OIDC authentication

  • Added OIDC Authorization Code Flow with login and callback endpoints
  • Added direct session support for browser consumers with session invalidation on logout
  • Integrated RBAC into UI with login/logout functionality and permission-based component rendering
  • API V2 is required when RBAC is enabled

• Hot spare cluster members now respond to API requests and proxy them to active members

• Enhanced audit logging with SP 800-53 compatibility and configurable rolling logs

• Docker base image updated to eclipse-temurin 21.0.10_7-jre-noble

• Added Kafka output destination connectivity validation on configuration, returning an early error when bootstrap servers are unreachable

• BREAKING-CHANGE: Default namespaced metrics are now prefixed with the graph name (e.g., quine.) for consistency with other graph-scoped metrics

• All-node scan queries now filter out empty nodes with no current edges, properties, or labels at the queried historical moment

Security Fixes:

• AWS credentials are automatically redacted in API responses and logs
• Kafka configuration sensitive values (SSL passwords, SASL credentials) are redacted in API responses and logs
• Disallow unsafe-eval from Content Security Policy
• Updated Bouncy Castle to 1.84 (CVE-2026-5598)
• Switched lz4 compression library to maintained fork (CVE-2025-66566)
• Updated Netty to patched version (CVE-2025-67735)
• Updated msgpack (CVE-2026-21452)
• Fixed multiple JavaScript dependency vulnerabilities

Bugfixes:

• Fixed Cassandra OAuth2 password handling causing NullPointerException during authentication
• Fixed Kafka output property values being incorrectly serialized
• Fixed reverse proxy path prefix support for UI routing and V2 OpenAPI endpoints
• Fixed checkpoint forward/backward navigation on the Exploration UI restoring incorrect state
• Fixed SVG export cutting off node labels at the viewbox edge
• Fixed standing query output failures causing the standing query to be deleted in some cases
• Fixed standing query error message to clarify when edge labels are required
• Fixed namespaces not being properly restored and distributed after a cluster restart in some cases
• Fixed GraalJS 25+ compatibility with Multi-Release JAR manifest

Updates:

• Apache Pekko to 1.5.0
• Pekko HTTP to 1.3.0
• Pekko Connectors (CSV, Kinesis, S3, SNS, SQS) to 1.3.0
• Pekko Management to 1.2.1
• RocksDB JNI to 10.10.1.1
• Tapir to 1.13.15
• Scala to 2.13.18
• Cats Effect to 3.7.0
• Circe JSON libraries to 0.14.15
• GraalVM JS engine to 25.0.2
• protobuf-java to 4.34.1
• Kafka clients to 3.9.2
• Amazon Kinesis Client to 3.4.2
• Netty to 4.1.130.Final
• Cassandra Java driver to 4.19.2
• AWS SDK to 2.42.24
• JJWT to 0.13.0
• jwt-scala to 11.0.4
• sttp-oauth2 to 0.21.0
• sttp client4 to 4.0.22
• OIDC authentication library to 0.13.5
• logback-classic to 1.5.32
• ANTLR4 to 4.13.2
• Dropwizard Metrics to 4.2.38
• PureConfig to 0.17.10
• commons-codec to 1.21.0
• commons-text to 1.15.0
• boopickle to 1.5.0
• jnr-posix to 3.1.22
• schema-registry-serde to 1.1.27
• Docker base image to eclipse-temurin 21.0.10_7-jre-noble

---

Release 1.10.0

Enhancements

• License key and internet access required to run Quine Enterprise
• Added license usage UI with visual reporting of entitlements and consumption
• Improved graph query performance by limiting edges returned during traversals
• Increased default max SSE line and event sizes to 5MB to prevent infinite retry loops on large messages
• API errors now return correlation codes for easier troubleshooting and support

Security Fixes

• File ingest operations now require an allowedDirectories configuration; files loaded by recipe or from ./file_ingests are allowed by default
• Reduced in-memory lifecycle of passwords by using character arrays that are blanked after use
• Enhanced UUID generation to use FIPS 140-2 compliant cryptographically secure random values
• Enforced strict-transport-security HTTP header across all endpoints
• Added additional HTTP security headers including tightened CSP
• Improved secret redaction in configuration printing
• ClickHouse persistence now requires credentials to be set via environment variables instead of configuration files

Bugfixes

• Fixed cluster shutdown process that could throw errors during termination
• Fixed keyspace name for AWS Keyspaces to be case-sensitive
• Fixed empty Kafka message handling to prevent exceptions from tombstone messages
• Removed application base URL configuration in favor of runtime inference
• Improved error response formatting by using correlation codes that link user-facing errors to detailed server logs for easier troubleshooting
• Replaced documented IP addresses with RFC 5737 TEST-NET addresses

Updates

• Updated amazon-kinesis-client to 3.1.3
• Updated logback-classic to 1.5.20
• Updated caffeine to 3.2.3
• Updated pekko-actor, pekko-cluster, and related components to 1.2.1
• Updated avro to 1.12.1
• Updated commons-csv to 1.14.1
• Updated commons-codec to 1.19.0
• Updated commons-io to 2.20.0
• Updated netty-handler to 4.1.127.Final (security update)
• Updated ayza (formerly sslcontext-kickstart) to 10.0.1
• Updated AWS Glue dependencies (security updates)
• Updated AWS SDK components (aws-core, aws-query-protocol, kinesis, kinesis-video, and others) to 2.31.78
• Updated scalajs-dom to 2.8.1
• Updated msgpack-core to 0.9.10
• Updated java-driver-core and java-driver-query-builder to 4.19.1
• Updated metrics-core, metrics-jmx, and metrics-json to 4.2.37
• Updated amqp-client to 5.26.0
• Updated scalacheck to 1.19.0
• Updated scala-logging to 3.9.6
• Updated pprint to 0.9.4
• Updated kind-projector to 0.13.4
• Updated org.eclipse.jgit to 7.3.0.202506031305-r
• Updated sbt and related components to 1.11.7
• Updated sbt-scalafmt to 2.5.6
• Updated sbt-jmh to 0.4.8
• Updated sbt-sbom to 0.5.0
• Updated sbt-scalajs and scalajs-compiler to 1.20.1

---

Release 1.9.3

Bugfixes

• Initialize browser history on UI page load, correcting behavior of browser navigation when navigating between tabs, and using the back/forward browser buttons

---

Release 1.9.2

This patch release includes foundational changes in preparation for an upcoming major release; current functionality remains unaffected.

Enhancements

• Show Java runtime version in admin build-info endpoint
• Handle yaml format errors in API endpoint requests

Bugfixes

• Use reverse-proxy compatible path definitions for resources and introduce optional server advertise path parameter. Thank you for the contribution @kollolsb!
• Removing quotes from keyspace names in keyspaceExistsQuery for AWS Keyspaces. Thank you for the contribution @fredsensibill!
• Remove use of SELECT COUNT(*), not supported in Keyspaces. Thank you for the contribution @LeifW!

Updates

• Remove now-redundant reactor-netty-* dependency overrides
• Update aws-sdk, ... to 2.31.54
• Update pekko-http-circe to 3.0.1
• Update pureconfig to 0.17.9
• Update embedded-cassandra to 5.0.2
• Update cats-effect to 3.6.1
• Update kafka-clients to 3.9.1
• Update tapir-core, tapir-json-circe, ... to 1.11.33
• Update pekko-management, ... to 1.1.1
• Update protobuf-java to 3.25.8
• Update amazon-kinesis-client to 3.0.3
• Update pekko-http, pekko-http-spray-json, ... to 1.2.0
• Update graalvm.js to 24.2.1
• Update bootstrap to 5.3.6
• Update @stoplight/elements to 9.0.1
• Update plotly.js to 2.25.2

---

Release 1.9.1

Enhancements

• Add support for KCL-based Kinesis ingestion, offering stronger delivery guarantees through checkpointing via DynamoDB, advanced configuration options, and optional enhanced fan-out support.
• Optionally support NGINX in Docker image for basic auth by setting USE_NGINX and USE_BASIC_AUTH env vars to “true”
• Introduce OAuth2 optionally for Cassandra persistor

Bugfixes

• Fix AWS SQS ingest with missing dependency
• Fix Exploration UI header logo when rendered on Safari on latest macOS update

Updates

• Update circe-core, circe-generic, ... to 0.14.12
• Update logback-classic to 1.5.18
• Update marketplacemetering, s3, sso, ssooidc, ... to 2.30.38
• Update shapeless to 2.3.13
• Update flatbuffers-java to 25.2.10
• Update tapir-core, tapir-json-circe, ... to 1.11.20
• Update circe-yaml from 0.11.7 to 0.11.9

---

Release 1.9.0

Enhancements:

• Cluster members now gracefully supports SIGTERM and SIGKILL for any or all members, including graceful shutdown when dropping below target cluster size
• Gracefully support rolling updates from a cluster orchestrator like Kubernetes, including performing persister migrations
• Add JMX Prometheus agent to Docker image
• Enable thatDot products to stream data directly to each other using reactive streams
• Support optionally omitting metadata from Standing Query output by setting the new structure property Bare
• Simplified logging of awake nodes and cluster member startup

Bugfixes:

• Improve stability when rehydrating large nodes with multi-part snapshots from the persister
• Improve loading of non-default namespaces during cluster startup
• Always report results in MVSQ when last reported value is unknown
• Add netty-handler override for CVE-2025-24970

Updates:

• Update Pekko dependencies to 1.1.3
• Update pekko-connectors-*, ... to 1.1.0
• Update Tapir dependencies to 1.11.16
• Update sttp:tapir/sttp:apispec to 1.10.15 / 0.11.2
• Update rocksdbjni 9.7.3
• Update pekko-management to 1.1.0
• Update logback-classic to 1.5.17
• Update clickhouse-http-client to 0.7.0
• Update jnr-posix to 3.1.20
• Update kafka-clients to 3.9.0
• Update project reactor netty version
• Update cats-effect to 3.5.7
• Update marketplacemetering, s3, sso, ssooidc, ... to 2.30.31
• Update pureconfig to 0.17.8
• Update schema-registry-serde to 1.1.22
• Update openapi-circe-yaml to 0.11.7
• Update sslcontext-kickstart, ... to 9.0.0
• Update protobuf-java to 3.25.6
• Update scala-library to 2.13.16
• Update cats-core to 2.13.0
• Update caffeine to 3.2.0
• Update msgpack-core to 0.9.9
• Update software.amazon.glue:schema-registry-serde to 1.1.23
• Update rsocket-core, rsocket-transport-netty to 1.1.5
• Update embedded-cassandra to 5.0.1
• Update java-driver-query-builder to 4.19.0
• Update jcl-over-slf4j to 2.0.17
• Update jwt-circe to 10.0.4
• Update rocksdbjni to 9.7.4
• Update commons-text to 1.13.0
• Update commons-codec to 1.18.0
• Update commons-csv to 1.13.0