# Release Notes *ESS 2.4.0 Released 2025-05-13* ## New Configuration Requirements ### Database Requirements The ESS 2.4 release introduces new database requirements for the scalable cloud deployment: * **Purger Service**: Requires a new dedicated database to manage Pod deletion requests and their status. * **Notification Service**: Requires a new dedicated database to store subscription information and event data. {% hint style="warning" %} **Important** Operators must set up and configure these databases prior to upgrading to ESS 2.4. {% endhint %} For scalable cloud deployments, update the following files in the **`inputs/`** directory of your ESS installation: * **`ess-purger-postgres-credentials.env`** - Configure the Purger Service database connection * **`ess-notification-postgres-credentials.env`** - Configure the Notification Service database connection These files contain the necessary parameters including database user, password, host, port, and database name. Ensure that you: 1. Create the required databases on your PostgreSQL server 2. Create database users with appropriate read & write permissions 3. Update the credential files with the correct connection information 4. Verify that the **`inputs/kustomization.yaml`** file includes entries for both **`ess-purger-postgres-credentials`** and **`ess-notification-postgres-credentials`** in the **`secretGenerator`** section 5. Apply the configuration changes following your standard deployment process ### Kafka Message Encryption ESS 2.4 introduces new Kafka topics for change notifications that require encryption passwords. Before upgrading to ESS 2.4, you must configure the following new encryption settings in the **`inputs/kafka-credentials.env`** file: * **`INRUPT_KAFKA_CHANGE_NOTIFICATION_CIPHER_PASSWORD`** - Password used for encrypting messages sent over the “change-notification” topic * **`INRUPT_NOTIFICATION_DISPATCH_CIPHER_PASSWORD`** - Password used for encrypting messages sent over the “change-notification-dispatch”, “change-notification-failed-dispatch”, and related retry topics For security best practices: 1. Generate strong, unique passwords for each encryption setting 2. Ensure passwords are at least 16 characters long with a mix of characters 3. Store these passwords securely in your password management system 4. Never reuse passwords across different encryption settings ### New Purger Service Starting in 2.4, ESS includes a new Purger Service for deleting user data and Pods from ESS. This service hosts HTTPS API endpoints that can be called as part of a workflow. This helps organizations using ESS comply with legislative requirements such as GDPR/CCPA and the right to have personal data deleted. For more information, see [Purger Service](/ess/2.4/services/service-purger/purger-service.md). ### Change Notifications The Notification Service now includes an HTTPS API for agents to subscribe to notifications from the Access Grant Service. An agent provides a webhook URL as part of the subscription that will receive events from the Notification Service. The Access Grant Service generates events for each of the following: * An Access Request is awaiting review * An Access Request was denied * An Access Grant was issued * An Access Grant expired * An Access Grant was revoked For more information, see [Notification Delivery Service](/ess/2.4/services/service-notification/notification-delivery-service.md). ### Third-Party Dependency Updates Various third-party dependencies used by ESS have been updated in 2.4. Key dependency upgrades include: ### UBI 9 ESS images are now based on UBI 9, aligning with Red Hat’s supported and hardened base images. This change was backported to ESS 2.3.4, so it will not impact the migration of ESS deployments on the latest version of the 2.3 series. ### Kafka 3.9 ESS has upgraded to Kafka 3.9 in the **`standalone`** overlay. ### Changelogs For changelogs, see [2.4 Changelogs](/ess/2.4/releases/changelog.md). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.inrupt.com/ess/2.4/releases.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.