Release 21.1.1

Enhancements

• Made execution time of queries more consistent to prevent some types of timing attacks.
• Debug logs for queries always show the ingesting data state.
  This prevents an attack where the presence of this line could be used to determine whether a query result contains any rows.

Changes

• It is no longer possible to observe the difference between the database
  processing phase and the data ingestion phase of a query.

Release 21.1.0

Breaking changes

• The Oracle column type date now maps to an Aircloak datetime.
  This accounts for the fact that dates in Oracle can also include a time component.
  Existing analyst tables which include date columns must be updated to reflect this change.
  Analyst tables are updated by resaving their definition in Insights Air interface.

New features

• Added support for UNION between non-restricted queries.
• Analysts now get feedback about errors and query structure as they type.
• Administrators now get a dashboard for exploring query performance issues.

Enhancements

• Simpler offloaded queries are generated when using bounds analysis.
• Virtual table queries don't use safe operators anymore, leading to better performance in some cases.
• Indicate query starting location in per-query compilation error messages.

Changes

• Data source query history is now loaded by default on page load.

Release 20.1.4

Bugfixes

• Fixed invalid optimization when executing queries over analyst tables.

Release 20.1.3

Bugfixes

• Fixed duplication of noise layers when using count(distinct column) aggregators.
• Fixed incorrect rounding in Oracle when using bucket functions.

Version 20.1.2

Bugfixes

• Fixed crash when executing query over analyst table.
• Fixed crash when using ranges with different boundary types.

Release 20.1.1

New features

• Support for excluding columns from a data source table. This can be done using the exclude_columns parameter.
• Support for marking columns as unselectable. This can be done using the unselectable_columns parameter.

Bugfixes

• Fixed handling of dotted table names and aliases.
• Fixed performance degradation bug introduced in version 20.1.0.
• Fixed periodically occurring bug that would prevent queries from being run.
• Fixed high CPU usage after startup caused by shadow values cache initialization.

Release 20.1.0

Breaking changes

• Support for median was removed.
• Support for distinct modifier was removed for all aggregate functions except count and count_noise.
• Support for SAMPLE_USERS was removed.
• Support for the hash function was removed.
• Minimum Oracle version supported is now 12c.
• The minimum supported version of Postgres is now 9.6 (dropping support for version 9.1 through 9.5).
• Support for the auto_aircloak_export configuration parameter in the Insights Air config was removed.
  Consult the Upgrade guide for additional information.
• Support for some obsolete data source configuration features was removed: decoders, projections, explicit
  user_id-field.
• Anonymizing queries using raw user_id columns are rejected instead of automatically censoring the user_id column.

New features

• Added beta support for Apache Impala (Cloudera Distribution) data sources.

Enhancements

• When a user changes their password all their other sessions are automatically revoked.
• Admins can add custom messages to the login and main screens.
• Admins can add performance hints to Oracle queries from the cloak's data source config file, by setting the
  select_hints field in the parameters section.
• The Oracle Instant Client version 18.3 is bundled with the container and no longer needs to be
  provided separately.
• Various data source connection timeouts can now be adjusted in the Cloak config file, under the timeouts field.
• Improved support for boolean expressions.
• Allowed inequalities between datetime columns and the current date.
• Added support for CASE statements in standard queries.
  Experimental support for restricted queries can be enabled
  in the Cloak config using the enable_case_support flag.
• The HTTP REST API query result endpoint no longer returns internal logging data.
• The number of analysis queries needed when multiple copies of a data source exist was reduced.
• The query editor and query results interface was made wider and more suitable for larger screens.

Bugfixes

• Fixed detection of recursive aggregators usage inside the HAVING clause.
• Various fixes for Oracle data source:
  • the parameter order of the trim function in the generated SQL was fixed
  • date/time conversion was not always correct
• Views and analyst tables now appear in popular analytics tools such as Tableau.
• Fixed verification of isolated columns usage in non-clear expressions in the SELECT clause.

Changes

• The set of query restrictions was simplified and clarified.
• Allow date ranges from 1900-01-01 to 9999-12-31.
• Date function weekday is now consistent across data sources.
  Returned values are in interval 1 (Sunday) to 7 (Saturday).
  This behavior may change if database defaults are modified.
• Aircloak Insights no longer tracks pseudonymized usage information. The default
  privacy policy has been simplified to reflect this change. Please consult
  the Upgrade guide for further information.

Release 19.3.0

Breaking changes

• GROUP BY clause is no longer allowed to contain constants.
• Minimum supported MongoDB version is now 3.6.

Enhancements

• The LDAP section has a Sync now button in Admin -> Users and Admin -> Groups
• Improved offloading of joins on MongoDB.
• It is possible to force long polling instead of websocket as a transport mechanism for pushing notifications to browsers. See Insights Air configuration for details.
• Enabled statistics-based min/max aggregators (with a higher users count threshold).
• Enabled statistics-based count(distinct) aggregators.
• Added protection against join timing attacks.
• Added protection against exceptions in offloaded functions attacks.
• Added support for GROUPING SETS, ROLLUP and CUBE
• Reduced restrictions for columns-only conditions.

Bugfixes

• Fixed handling of null and undefined values in MongoDB data sets.
• Fixed parsing of data source configuration files using the keys and content_type fields simultaneously.
• Anonymization restrictions were incorrectly applied to top-level HAVING-clauses

Changes

• Support for Apache Drill was deprecated.

Known issues

• Views and analyst tables are not tracked in the shadow DB, so they won't appear in \d commands issued from psql or
  in some tools that use pg-specific means of detecting the schema.

Release 19.2.0

Upgrade guide

Breaking changes

• The air configuration must contain the mandatory name property in the Insights Air configuration.
  See Insights Air configuration for details.
• When quoting db_name in drill data sources, the double quote (") character must be used instead of backtick (`).

Bugfixes

• Fixed date/time literals support on Oracle.
• Fixed crash in anonymising median and stddev aggregators.

Features

• Support noise aggregators in non-anonymising queries.
• Support for current date/time functions.
• Support for signing out all sessions of a user from the settings page or from the admin panel
• Support for analyst tables. See the Analyst tables section for details.

Enhancements

• Added support for configuring the maximum allowed number of concurrent PostgreSQL connections accepted by the Insights Air. See the section on configuring Insights Air PostgreSQL interface for details.
• Added the support for the VARIANCE function.
• Added validation of virtual queries.
• Implemented offloading of complex per-user grouping.
• Inequalities between raw columns are now allowed both as col1 >/>=/</<= col2 and col1 BETWEEN col2 AND col3
• Extended support for filters in the HAVING clause.
• Resetting the password automatically signs out all sessions

Changes

• Removed support for extract_words.
• Password reset tokens and links will now expire after a single use. All password reset linkes/tokens generated with a
  previous version will be invalid as a consequence of this change.

Release 19.1.0

Features

• The share button under a query result allows creating permalinks to queries
• You can statically configure Aircloak Insights for fully automated deployments
• Support for limiting maximum number of simultaneous queries per each cloak. See the section on configuring Insights Cloak for details.
• Faster statistics-based (no-uid) anonymization implemented for certain cases.
• Support for Oracle 11g

Enhancements

• Per-user data aggregation is offloaded to the database in some cases.

Changes

• The format in which cloak memory is reported has changed
• By default, the cloak accepts at most 10 simultaneous queries. This setting can be changed with the max_parallel_queries cloak configuration parameter. See the section on configuring Insights Cloak for details.