|
8 | 8 | - [Window function pushdown for sharded keyspaces](#window-function-pushdown) |
9 | 9 | - [View Routing Rules](#view-routing-rules) |
10 | 10 | - [Tablet targeting via USE statement](#tablet-targeting) |
| 11 | + - **[Breaking Changes](#breaking-changes)** |
| 12 | + - [External Decompressor No Longer Read from Backup MANIFEST by Default](#vttablet-external-decompressor-manifest) |
11 | 13 | - **[Minor Changes](#minor-changes)** |
12 | 14 | - **[Logging](#minor-changes-logging)** |
13 | 15 | - [Structured logging](#structured-logging) |
|
28 | 30 | - **[VTOrc](#minor-changes-vtorc)** |
29 | 31 | - [New `--cell` Flag](#vtorc-cell-flag) |
30 | 32 | - [Improved VTOrc Discovery Logging](#vtorc-improved-discovery-logging) |
| 33 | + - [Ordered Recovery Execution and Semi-Sync Rollout](#vtorc-ordered-recovery-semi-sync) |
31 | 34 | - [Deprecated VTOrc Metric Removed](#vtorc-deprecated-metric-removed) |
32 | 35 | - [Deprecation of Snapshot Topology feature](#vtorc-snapshot-topology-deprecation) |
33 | 36 | - [Deprecated `/api/replication-analysis` Endpoint Removed](#vtorc-replication-analysis-api-removed) |
@@ -91,6 +94,16 @@ Once set, all subsequent queries in the session route to the specified tablet un |
91 | 94 |
|
92 | 95 | Note: A shard must be specified when using tablet targeting. Like shard targeting, this bypasses vindex-based routing, so use with care. |
93 | 96 |
|
| 97 | +### <a id="breaking-changes"/>Breaking Changes</a> |
| 98 | + |
| 99 | +#### <a id="vttablet-external-decompressor-manifest"/>External Decompressor No Longer Read from Backup MANIFEST by Default</a> |
| 100 | + |
| 101 | +The external decompressor command stored in a backup's `MANIFEST` file is no longer used at restore time by default. Previously, when no `--external-decompressor` flag was provided, VTTablet would fall back to the command specified in the `MANIFEST`. This posed a security risk: an attacker with write access to backup storage could modify the `MANIFEST` to execute arbitrary commands on the tablet. |
| 102 | + |
| 103 | +Starting in v24, the `MANIFEST`-based decompressor is ignored unless you explicitly opt in with the new `--external-decompressor-use-manifest` flag. If you rely on this behavior, add the flag to your VTTablet configuration, but be aware of the security implications. |
| 104 | + |
| 105 | +See [#19460](https://github.com/vitessio/vitess/pull/19460) for details. |
| 106 | + |
94 | 107 | ## <a id="minor-changes"/>Minor Changes</a> |
95 | 108 |
|
96 | 109 | ### <a id="minor-changes-logging"/>Logging</a> |
@@ -220,6 +233,14 @@ VTOrc's `DiscoverInstance` function now includes the tablet alias in all log mes |
220 | 233 |
|
221 | 234 | This improvement makes it easier to identify and debug issues with specific tablets when discovery operations fail. |
222 | 235 |
|
| 236 | +#### <a id="vtorc-ordered-recovery-semi-sync"/>Ordered Recovery Execution and Semi-Sync Rollout</a> |
| 237 | + |
| 238 | +VTOrc now executes recoveries per-shard with defined ordering, rather than per-tablet in isolation. Problems that have ordering dependencies (e.g., semi-sync configuration) are executed serially first, while independent problems are executed concurrently. This ensures that dependent recoveries happen in the correct sequence within a shard. |
| 239 | + |
| 240 | +The main user-facing improvement is to semi-sync rollouts: VTOrc now ensures replicas have semi-sync enabled before updating the primary. Previously, enabling semi-sync on the primary before enough replicas were ready could stall writes while the primary waited for semi-sync acknowledgements that no replica was prepared to send. |
| 241 | + |
| 242 | +See [#19427](https://github.com/vitessio/vitess/pull/19427) for details. |
| 243 | + |
223 | 244 | #### <a id="vtorc-deprecated-metric-removed"/>Deprecated VTOrc Metric Removed</a> |
224 | 245 |
|
225 | 246 | The `DiscoverInstanceTimings` metric has been removed from VTOrc in v24. This metric was deprecated in v23. |
|
0 commit comments