Release Notes¶

Bug fixes¶

Fix a problem during error compaction functionality that cause failure in the query processing.

Bug fixes¶

Removed count queries for types that have been forbidden for direct query access. This means that SOML types that have been defined with access: none or access: protected would not be possible to be counted. This now matches the behavior for not allowing these types to be queried from root level.

Improvements¶

Added the capability to the GraphQL responder to compact the produced error messages. This is enabled with either the application level configuration graphql.response.compactErrorMessages set to true or with compactErrorMessages: true set in the config section of a SOML schema or by using the argument errorsFormat: COMPACT per GraphQL request. Any of the mentioned options configure the Semantic Objects GraphQL responder to accumulate the repeated messages and return single message for each of the 5 supported cases:

• Failure to execute a mutation due to lack of permissions
• Unable to return all data due to lack of permissions
• Missing required data
• Multiple values are found for single-valued properties
• Unexpected or bad data format for properties.

Introduced an optimization for the SPARQL generation for GraphDB 10.4 or later. More information could be found in the configuration section here.

Deployment Improvements¶

To address the latest security vulnerabilities found in dependent libraries, the following library versions have been updated:

• Updated Spring WebMVC to 5.3.34
• Updated Tomcat to 9.0.89
• Updated Jackson databind to 2.16.2

Improvements¶

Added the capability to update the schema configured for preloading on service start. This feature is enabled with a new configuration, soml.preload.forceUpdate, which needs to be set to true. Please note that changes made to the schema through the service between service restarts will be overridden by the preload schema.

Also, introduced the ability to change the bound schema on service start to the configured schema for preloading, regardless of the previous bound schema. This functionality can be enabled with the configuration soml.preload.forceBind set to true.

With both of the above configurations in place, the Semantic Objects service can now be configured and updated seamlessly, without requiring manual input, via deployment tools like Docker or Helm.

Deployment Improvements¶

To address the latest security vulnerabilities found in dependent libraries, the following library versions have been updated:

• Updated Spring Security to 5.7.12
• Updated Tomcat Service to 9.0.87
• Updated GraphDB to 10.6.2
• Updated Netty/Transport/Native/Epoll to 4.1.108.Final

Bug fixes¶

Optimized mutation processing by:

• Optimized mutation validation by introducing asynchronous validation for database operations with the following new configurations: graphql.validation.asyncValidationEnabled, graphql.validation.maxConcurrentValidationsPerRequest and graphql.validation.asyncValidationTimeoutSeconds. For information about the configurations could be found in the Configuration section of the documentation.
• Optimized post mutation processing by aggregating the cleanup operations into single transaction operation.

Bug fixes¶

Update Semantic Objects health checks to better work with GraphDB 10 cluster installations. Previous versions cause the transaction log to be increased when the health check is called.

Fixed the IRI validation for the mutations’ patch arguments. The issue prevented the use of multiple IDs in the patch argument.

Removed the need for the nested count properties to be accompanied by the respective collections.

Deployment Improvements¶

To address the latest security vulnerabilities found in dependent libraries, the following library versions have been updated:

• Updated Spring and Spring Web to 5.3.32
• Updated Tomcat Service to 9.0.86
• Updated Jackson databind to 2.16.1
• Updated commons codec to 1.16.1
• Updated commons lang3 to 3.14.0
• Updated commons io to 2.15.1
• Updated fastutil to 8.5.13
• Updated Netty/Transport/Native/Epoll to 4.1.107.Final

Bug fixes¶

Update SPARQL queries generation with RBAC filters. Previous filter optimizations, combined with alterations in GraphDB’s query plan optimizations, resulted in some filters incorrectly yielding empty result.

Add missing constraints from the @constraints GraphQL directive. Added the constraints for: minLength, maxLength, minInclusive, maxInclusive, minExclusive and maxExclusive.

Extended the support of the SOML types access characteristic. More information could be found here.

Deployment Improvements¶

To address the latest security vulnerabilities found in dependent libraries, the following library versions have been updated:

• Updated Spring Hateoas to 1.5.6
• Updated Tomcat Service to 9.0.85
• Updated Jackson databind to 2.16.1
• Updated httpclient to 4.5.14
• Updated json-path to 2.9.0
• Updated Netty/Transport/Native/Epoll to 4.1.106.Final

Bug fixes¶

Fix behavior of sparql.endpoint.enableStatistics to properly disable the relevant GraphQL query validations when GraphDb statistics collection, in Semantic Objects, are disabled.

Deployment Improvements¶

Add support to read Semantic Objects license file encoded as Base64 in Azure.

Add the ability to configure the Semantic Objects license via Base64 encoded value with the configuration platform.license.base64. More information could be found at Set Up License Through a Parameter

Deployment and Operations Improvements¶

To address the latest security vulnerabilities found in dependent libraries, the following library versions have been updated:

• Updated Spring Boot to 2.7.18
• Updated Spring Boot Starter Security to 2.7.18
• Updated Spring Core to 5.3.31
• Updated Spring Web to 5.3.31
• Updated Json to 20231013
• Updated Tomcat Service to 9.0.83
• Updated Micrometer Registry to 1.9.17
• Updated Netty/Transport/Native/Epoll to 4.1.101.Final
• Include micrometer-registry-prometheus into the deployment. Enables support for Prometheus statistics exporting.

Bug Fixes¶

The following fixes are included in the release:

• Make sure to rebind the bound schema when the persistent value changes

Bug Fixes¶

The following fixes are included in the release:

• Add option to disable the pattern, prefix and regex inheritance restrictions. More information could be found here.
• Fix an issue when fetching validation data for max cardinality validation for properties with SPARQL templates.
• Fix several issues related to SHACL validation.

Deployment and Operations Improvements¶

To address the latest security vulnerabilities found in dependent libraries, the following library versions have been updated:

• Updated GraphDB Cluster client to 10.4.1
• Updated RDF4J API to 4.3.6
• Updated Spring Boot to 2.7.17
• Updated Spring Boot Starter Security to 2.7.17
• Updated Spring Core to 5.3.30
• Updated Spring Web to 5.3.30
• Updated Spring Security to 5.7.11
• Updated SnakeYaml to 2.2
• Updated jsonld-java to 0.13.6
• Updated Json to 20230227
• Updated Guava to 32.1.3-jre
• Updated Tomcat Service to 9.0.82
• Updated Micrometer Registry to 1.9.16
• Updated Netty/Transport/Native/Epoll to 4.1.100.Final

Semantic Objects Improvements¶

The release includes the following list of new features, improvements and bug fixes:

• Added support for multiple object type filters when running schema validation against data
• Added support for multiple property filters when running schema validation against data including support for wildcard matching using asterisk (* ``) like ``rdf* or *Color or aaa*bbb
• Added an option to specify which exact validations to run for the schema validation against data
• Added support the for the schema validation against data report to include the offending data. This could be disabled with the configuration property soml.validation.disableViolatingDataReporting
• Added support for immediate/blocking schema validation against data. More information could be found at Immediate Validation section.
• Improved GraphQL request memory consumption and time to first byte
• Added support in interface based queries to sort the results by one or more properties from the concrete sub types. Example and explanation could be found here.
• Added support for absolute IRIs in the rdfProp characteristics in property definitions. Such values would not be subject to namespace manipulations.
• Updated OWL2SOML generator to use absolute IRIs when it fails to convert them to short IRIs based on the available prefix definitions.
• Added support for global variables in SPARQL templates across single GraphQL query. More information and examples could be found in the example Query GraphDB Connectors with Facets.
• Added support for transitive types in SOML that could be used to represent a data structure without specific type restriction from the data. Most useful for complex inheritance or returning multiple results from a complex SPARQL template. More information could be found here.
• Added support for a SOML type to be defined as read-only by adding access: read or access: read-only to object definition.
• Added support for any claim to be referenced in the RBAC filters in the form of ${ctx.claims.<claim_key>}. More information could be found in the documentation page here.
• Added support for user roles to be access via the ${ctx.claims.authorities} key. It will always return a list so it should be used with IN and NIN expressions only. An example query could be found here: here.
• Added support for claim values that have multiple values either in the token or separated by a comma or semicolon like so: value1, value2; value3. In this case the only supported expression are IN and NIN. In order this to be triggered the claim key should be defined as: ${ctx.claims.multi_val_claim+}. An example query could be found here: here.
• Added new SOML configuration option exposeSomlInGraphQL. It could be used to enable the outputting a directives, in the GraphQL schema, that describes the types and properties based on the SOML information. Disabled by default.
• Added an option to configure the name of the default RBAC management role. This is done with a service configuration under the name security.rbacManagementRole with default value SchemaRBACAdmin.
• Added logic that will create the missing RBAC managment admin role in the /soml/soml-rbac schema.
• SPARQL template arguments are now synchronized in the whole type hierarchy where the particular property is present
• Updated full IRI conversion to short IRI to use the IRI as is when is unable to resolve prefix instead of using vocab_prefix by default.
• Improved default RBAC role processing so that the default role will be used if none of the user roles match any of the configured roles.
• Allowed changing the name of the default RBAC role in the SOML config section with the following keys: defaultRole and defaultIntegrationRole. These are the roles that will be assigned if the user does not have any roles or none of the roles found in the token match the one in the schema for the default GraphQL access and the external API integration roles respectively.
• Added new monitoring timer for the total request processing under the name of soaas.query.
• Improved monitoring support, so GraphQL requests are not required to always provide explicit operationName parameter in order for the request to appear in the monitoring events stream.

Workbench Improvements¶

Workbench 4.0.3 include the following improvements:

• Improve security configuration by adding additional options for setting up security with more Identity providers. More information could be found in the Workbench Administration section.
• Added support for single valued role, represented as single string instead of an array with single element, in the JWT token
• Added support to be able to override the JWT claim names, read by the workbench,

Bug Fixes¶

Fixed an issue that causes a ClassCastException to be thrown for JWT tokens with a single role, represented as a string.

Deployment and Operations Improvements¶

To address the latest security vulnerabilities found in dependent libraries, the following library versions have been updated:

• Updated Spring Boot to 2.7.15
• Updated Tomcat Service to 9.0.80

Semantic Objects Improvements¶

The release of Semantic Objects includes a bug fix related to RDF4J connection management. The issue was causing an excessive memory usage, ultimately causing the service to run out of memory. This problem has been identified in versions 4.0.0, 4.0.1, and 4.0.2. We highly recommend upgrading to the most recent version available.

Deployment and Operations Improvements¶

To address the latest security vulnerabilities found in dependent libraries, the following library versions have been updated:

• Updated GraphQL Java to 20.4
• Updated RDF4j API to 4.2.4
• Updated Spring Boot to 2.7.13
• Updated Spring Boot Starter Security to 2.7.10
• Updated Spring Core to 5.3.29
• Updated Spring Web to 5.3.29
• Updated Spring Hateos to 1.5.5
• Updated Json Smart to 2.4.11
• Updated Tomcat Service to 9.0.78
• Updated Micrometer Registry to 1.9.10
• Updated Kryo to 5.5.0
• Updated fastutil to 8.5.12
• Updated Eclipse Collections to 11.1.0
• Updated guava to 32.1.1-jre
• Updated jjwt to 0.11.5. Note that this change may be a breaking in some deployments. For more information check below.

Semantic Objects Improvements¶

In this release of Semantic Objects, there are no functional changes. However, noteworthy updates are related to the dependency upgrades for GraphQL Java and Json Web Token (JWT) handling.

Regarding GraphQL Java, version 20.0 initially introduced stricter argument validation, which was later reverted in version 20.3 . The current version included in Semantic Objects, 20.4 , also addresses the Guava vulnerability CVE-2023-2976

Regarding Java Json Web Token (JJWT) handling library, the update brings in more stringent handling of secret keys used for decrypting token information. The previous implementation lacked sufficient enforcement of keys for the decryption algorithms. For additional details about the minimum key lengths, please refer to the Signature Algorithms Keys section on the Java JWT library page.

Workbench Improvements¶

Workbench 4.0.1 include the following improvements:

• Improved integration with different OpenID/OAuth2 identity providers like Auth0 by changing the authentication flow to send the request parameters in a HTTP POST body instead of URL parameters.

Deployment and Operations Improvements¶

To address the latest security vulnerabilities found in dependent Docker images, the following image versions have been updated:

• Updated Elasticsearch to 7.17.9
• Updated Kibana to 7.17.9
• Updated Postgres to 11.19-alpine

To address the latest security vulnerabilities found in dependent libraries, the following library versions have been updated:

• Updated GraphDB Cluster client to 10.1.5
• Updated rdf4j API to 4.2.2
• Updated Spring Boot to 2.7.9
• Updated Spring Boot Starter Security to 2.7.9
• Updated Spring Core to 5.3.25
• Updated Spring Web to 5.3.25
• Updated Spring Hateos to 1.5.3
• Updated Jackson databind to 2.13.5
• Updated SnakeYaml to 2.0
• Updated jsonld-java to 0.13.4
• Updated Json to 20230227
• Updated Json Smart to 2.4.8
• Updated Tomcat Service to 9.0.70
• Updated GraphQL Java to 20.0
• Updated Micrometer Registry to 1.9.8

Semantic Objects now fully supports GraphDB 10 and the new cluster implementation. This version also drops the support for GraphDB 9.x due to incompatibility of rdf4j 4 with previous versions.

Semantic Objects Improvements¶

The release includes the following list of new features, improvements and bug fixes:

• Added support for GraphDB 10 cluster and removed the support for GraphDB 9. This also includes changes to configurations. The new configurations could be found in the cluster config section.
• Added support for passing HTTP request headers to GraphDB. This includes the Authorization header so requests could authenticate at GraphDB. More information about the supported authentication mechanisms could be found at Docker Compose section.
• Added support for xsd:duration, xsd:dayTimeDuration, xsd:yearMonthDuration and xsd:dateTimeStamp literals and improved the overall temporal types support. This includes handling fraction seconds up to 9 positions and proper time zone offset handling for the types: xsd:time, xsd:dateTime and xsd:dateTimeStamp. More information about the supported types could be found at Datatypes section.
• Optimized GraphQL schema generation to no longer includes scalars and other related inputs for types that are not used in the GraphQL schema. For schemas that do not use great variety of types it will greatly reduce the schema and the service memory requirement.
• Updated mutation validators to properly report evaluation errors like insufficient security permissions or lack of network connectivity for example.
• Enforced mutation argument validation to properly terminate the request in case of invalid input data for example xsd:dateTimeStamp field missing a time zone offset.
• Improved extensions and plugin loading. Spring beans could also be loaded as plugins. All plugins now could benefit from injection of defined extensions.
• Reorganized loggers so that SPARQL queries and mutations are logged in separate loggers sparql.query and sparql.update respectively. Also consolidated several GraphQL related loggers in a single one named graphql.
• Updated query and mutation preloading to properly work with enabled security.
• Removed support for MongoDB as SOML schema store option and all related configurations.
• Removed the migration support from Mongo to rdf4j schema store and related configurations. If you are using older version of Semantic Objects migrate your schemas using the latest 3.x version and then deploy the 4.x version.
• Changed AffectedCount.count type from PositiveInteger to NonNegativeInteger
• Updated query and mutation preloading to properly work with enabled security

Workbench Improvements¶

Workbench 4.0.0 include the following improvements:

• Improve security configuration by adding additional options for setting up security with more Identity providers. More information could be found in the Workbench Administration section.

Deployment and Operations Improvements¶

To address the latest security vulnerabilities found in dependent Docker images, the following image versions have been updated:

• Updated Elasticsearch to 7.17.9
• Updated Kibana to 7.17.9
• Updated Postgres to 11.19-alpine

To address the latest security vulnerabilities found in dependent libraries, the following library versions have been updated:

• Updated Spring Boot to 2.7.9
• Updated Spring Boot Starter Security to 2.7.9
• Updated Spring Core to 5.3.25
• Updated Spring Web to 5.3.25
• Updated Spring Hateos to 1.5.3
• Updated Jackson databind to 2.13.5
• Updated SnakeYaml to 2.0
• Updated jsonld-java to 0.13.4
• Updated Json to 20230227
• Updated Json Smart to 2.4.8
• Updated Tomcat Service to 9.0.70
• Updated GraphQL Java to 20.0
• Updated Micrometer Registry to 1.9.8

Semantic Objects Improvements¶

The release includes the following list of new features, improvements and bug fixes:

• Added support for xsd:dateTimeStamp literals and improved the overall temporal types support. This includes handling fraction seconds up to 9 positions and proper time zone offset handling for the types: xsd:time, xsd:dateTime and xsd:dateTimeStamp.
• Added support for new types xsd:duration, xsd:dayTimeDuration and xsd:yearMonthDuration.
• Optimized GraphQL schema generation to no longer includes scalars and other related inputs for types that are not used in the GraphQL schema. For schemas that do not use great variety of types it will greatly reduce the schema and the service memory requirement.
• Updated mutation validators to properly report evaluation errors like insufficient security permissions or lack of network connectivity for example.
• Enforced mutation argument validation to properly terminate the request in case of invalid input data for example xsd:dateTimeStamp field missing a time zone offset.
• Reorganized loggers so that SPARQL queries and mutations are logged in separate loggers sparql.query and sparql.update respectively. Also consolidated several GraphQL related loggers in a single one named graphql.
• Updated query and mutation preloading to properly work with enabled security.
• Changed AffectedCount.count type from PositiveInteger to NonNegativeInteger
• Updated query and mutation preloading to properly work with enabled security

Deployment and Operations Improvements¶

To address the latest security vulnerabilities found in dependent libraries, the following library versions have been updated:

• Updated Spring Boot to 2.7.5
• Updated Spring Boot Starter Security to 2.7.5
• Updated Spring Security to 5.7.5
• Updated Jackson databind to 2.13.4.1
• Updated Apache Commons Text to 1.10.0

There is limited support for GraphDB 10.0.x and 10.1. The limitations include:

• GraphDB 10.x
  • Only single address needs to be provided for GraphDB cluster deployments. Specifying multiple addresses will use the ‘old’ GraphDB enterprise client that is not compatible with the cluster architecture of GraphDB 10.
  • The configuration sparql.endpoint.cluster.forceClusterClient should not be set to true.
• GraphDB 10.0.3
  • SHACL validations are not supported
  • The configuration sparql.endpoint.enableStatistics must be set to false as negatively affects some of the filtering optimizations
• GraphDB 10.1
  • SHACL validations are not supported

Semantic Objects Improvements¶

The release includes the following list of improvements and bug fixes:

• Fixed the support for filters of multi-valued literal properties.
• Improved the performance of the SPARQL value escape operation.
• Added option to preload mutations during service startup. The new functionality is controlled by the configurations: graphql.preload.enabled and graphql.preload.location. Failures in the request will be ignored.

Deployment and Operations Improvements¶

To address the latest security vulnerabilities found in dependent libraries, the following library versions have been updated:

• Updated Micrometer to 1.9.3
• Updated Spring Boot to 2.7.4
• Updated Spring Boot Starter Security to 2.7.3
• Updated Spring Framework to 5.3.23
• Updated Spring Security to 5.7.3
• Updated Spring Hateoas to 1.5.2
• Updated Hydra Java to 0.4.4-onto
• Updated Jackson libraries to 2.13.4
• Updated SnakeYaml to 1.33
• Updated Embedded Mongo to 3.4.8
• Updated Mockito to 4.7.0
• Updated GraphQl Java to 17.4
• Updated GraphQl Java External Scalars to 17.1

Semantic Objects Improvements¶

The release includes the following list of new features, improvements and bug fixes:

• Added support to allow changing the accessed repository per request.
• Added support to control the query inference and owl:sameAs expansion per request.
• Added support to control the query dataset selection using FROM.
• Added support to control the mutation dataset selection with USING and WITH.
• Added support for JSON Web Key Set used to verify JSON Web Tokens (JWT) and asymmetric signing keys.
• Improved SPARQL query builder for SPARQL federated queries for treating abstract, non-federated types as federated if all sub-types are also federated. This greatly improves the queries that rely on such a type.
• PLATFORM-4601: SPARQL query variable like text should not be escaped in SPARQL fragments
• PLATFORM-4599: SPARQL fragments do not process prefixes in query paths

Deployment and Operations Improvements¶

To address the latest security vulnerabilities found in dependent libraries, the following library versions have been updated:

• Updated Tomcat to 9.0.64
• Updated Micrometer to 1.9.1
• Updated Spring Boot 2.5.14
• Updated Spring Framework 5.3.21
• Updated Spring Security 5.6.6

To address the latest security vulnerabilities found in dependent Docker images, the following image versions have been updated:

• Replaced the Adopt Open JDK Alpine Docker image with Eclipse Temurin Alpine JRE image
• Updated Kong to 2.6.1
• Updated Node.js to 12.22.12-alpine3.15
• Updated Postgres to 11.16-alpine

Deployment and Operations Improvements¶

To address the latest security vulnerabilities found in dependent libraries, the following library versions have been updated:

• Updated Spring Boot to 2.5.13
• Updated Spring Security to 5.6.4
• Updated Spring Web MVC to 5.3.20

Semantic Objects Improvements¶

The release includes the following list of improvements and bug fixes:

• Improved memory footprint during response processing.
• PLATFORM-4562 Improve query parsing
• PLATFORM-4535 Semantic Objects generated addresses do not work when behind proxy context path
• PLATFORM-4557 Update GraphQL generation to properly escape Type.name
• OMDS-587 Fix inline fragment merging
• OMDS-525 Allow custom jwt processing

Deployment and Operations Improvements¶

To address the latest security vulnerabilities found in dependent libraries, the following library versions have been updated:

• Upgraded to GraphDB 9.11.1
• Updated Spring Boot to 2.5.12
• Updated Spring Security to 5.6.2
• Updated Spring Web MVC to 5.3.18
• Updated Jackson Core, Jackson Annotations, and Jackson Dataformat YAML to 2.12.6
• Updated Jackson Databind to 2.12.6.1
• Updated Micrometer Registry StatsD to 1.8.4

Semantic Objects Improvements¶

The release includes the following list of improvements and bug fixes:

• Updated the default value for objects and properties label to be more human-friendly
• Removed default suffix from descriptions in the GraphDL schema @descr directive
• Allowed overriding of the JWT claim mappings. The new configurations can be found here.
• PLATFORM-4553 Improve handling of invalid type values
• PLATFORM-4535 Semantic Objects generated addresses do not work when behind proxy context path

Deployment and Operations Improvements¶

• Upgraded to GraphDB 9.10.3
• Updated Spring Boot to 2.5.9
• Updated Spring Security to 5.5.4
• Updated Spring Web MVC to 5.3.15

• Semantic Objects
  • Semantic Objects capability for Elasticsearch connector management has been moved to the Semantic Search:
    • Removed the Elasticsearch connector management
    • Removed the Elasticsearch health check
    • Removed the Elasticsearch libraries from the deployment
    • Moved the Elasticsearch related configurations to Semantic Search
  • Added support for GraphQL Mesh
  • Allow child class to overwrite parent’s template property

Semantic Objects Improvements¶

The release includes the following list of new features, improvements and bug fixes:

• Added support for Enumeration types in SOML and GraphQL.
• PLATFORM-4471 Schema notifications do not detect schema removal
• PLATFORM-4454 SHACL cluster: different error message for type constraints
• PLATFORM-4453 Default values in variable definitions are not processed
• PLATFORM-4448 ‘hasRole’ directive is missing from introspection with security
• PLATFORM-4421 Meta directive’s value is not properly serialized
• PLATFORM-4400 Nested create fails if property range is with a prefix
• PLATFORM-4250 lang characteristics is not applied on Delete mutation response