2.4 Changelogs#
v2.4.0#
Released: 2025-05-13
Services#
All Services#
Updates#
Kafka Encryption configuration has been updated for more clarity, to say Encrypted instead of just Encrypt:
Old Configuration (Deprecated):
Serializer:
com.inrupt.components.kafka.encryption.EncryptMessageSerializer
Deserializer:
com.inrupt.components.kafka.encryption.DecryptMessageDeserializer
New Configuration (Required):
Serializer:
com.inrupt.components.kafka.encryption.EncryptedMessageSerializer
Deserializer:
com.inrupt.components.kafka.encryption.EncryptedMessageDeserializer
If these have been set in a custom Kubernetes kustomization then please update your configuration to use these new class names.
The new class names improve clarity by reflecting the encrypted message format rather than the action.
The ESS base JVM images are now based on UBI 9, aligning with Red Hat’s supported and hardened base images.
Access Grant Service#
Additions#
The Access Grant Service emits Access Request/Access Grant change events. These events will be sent to the Notifications Service which will forward them to subscribers.
The paginated response from the query endpoint now contains a summary that includes a total of all Access Credentials matched.
Notification Service#
Additions#
The Notification Service adds an HTTPS API where agents can subscribe to events from the Access Grant Service. These subscriptions will direct notifications to client-defined webhook URLs where they can be received.
Pod Storage Service#
Updates#
The Pod Storage Service HTTP conditional requests management is now compliant with RFC 7232 HTTP Conditional Requests. In particular,
ETag
headers are now prioritized overIf-Modified-Since
.
Additions#
New metric for tracking the number of active Storages called:
application_com_inrupt_storage_metrics_MetricsCollector_sum{resourceStatus=active)`
Bugs fixed#
The provision endpoint is now configured so it is included in the Solid Discovery Resource on the Pod Storage Service.
Added extra validation to storage URIs on purge. Storage URIs now must end with a
/
.
Purger Service#
Additions#
User data and Pods can now be deleted from ESS using the new Purger Service.
Solid OIDC Broker Service#
Additions#
Added an allow list to the OpenID configuration that identifies trusted clients. The OpenID Consent screen will not be shown for trusted clients.
Removals#
Responses will no longer serialize null fields in JSON.
Bugs fixed#
The icons on the Consent screen and Application Registration page are now embedded, so they are consistently available.
WebID Service#
Additions#
Database connection pool updates to improve graceful backoff under load.
Deployment#
Updates#
inrupt-kustomizer
has been updated to use Kustomize version 5.5.The Kubernetes bases for
ess-fragments-ingest
andess-fragments-query
have been changed to require TLS v1.3 connections to the Postgres database by default. Setting this as the default helps ensure security.The stability of the Keycloak Kubernetes deployment used in the standalone overlay has been improved by removing resource constraints. Additionally, the health endpoint port (9000) from the Kubernetes service is now exposed.
Removals#
Suspend
ess-storage-migrate-system-resource
Kubernetes CronJobs from running as they were only needed for migrating to ESS 2.2.0.ESS 2.3 included a set of migration jobs for the Access Grant Service. These jobs, once run, can be removed from a Kubernetes deployment. For new (2.4+) deployments, the migration jobs are not relevant.