|
| 1 | +--- |
| 2 | +title: Release notes 3.9.2 |
| 3 | +tags: [release_notes] |
| 4 | +published: true |
| 5 | +keywords: release notes, announcements, changelog |
| 6 | +summary: "Version 3.9.2 of Eclipse Ditto, released on 12.06.2026" |
| 7 | +permalink: release_notes_392.html |
| 8 | +--- |
| 9 | + |
| 10 | +This is a bugfix release, no new features since [3.9.1](release_notes_391.html) were added. |
| 11 | + |
| 12 | +## Changelog |
| 13 | + |
| 14 | +Compared to the latest release [3.9.1](release_notes_391.html), the following changes and bugfixes were added. |
| 15 | + |
| 16 | +### Changes |
| 17 | + |
| 18 | +This is a complete list of the |
| 19 | +[merged pull requests](https://github.com/eclipse-ditto/ditto/pulls?q=is%3Apr+milestone%3A3.9.2). |
| 20 | + |
| 21 | +#### Defer CBOR/string pre-encoding in `SoftReferencedFieldMap` until needed |
| 22 | + |
| 23 | +PR [#2461](https://github.com/eclipse-ditto/ditto/pull/2461) eliminates eager CBOR (or string fallback) serialization |
| 24 | +in the `ImmutableJsonObject` constructor chain. JFR profiling of production `things-service` pods on 3.9.1 showed the |
| 25 | +combined `SoftReferencedFieldMap.<init>` / `createCborRepresentation` / `JacksonSerializationContext` allocation and |
| 26 | +flush samples accounting for ~6–10% of CPU. Intermediate `JsonObject` instances produced by transformation and |
| 27 | +projection pipelines paid this cost without ever benefiting, because the cached bytes were discarded along with the |
| 28 | +object. |
| 29 | + |
| 30 | +Encoding is now deferred to the first call that actually needs it (`toString` / `writeValue` / |
| 31 | +`upperBoundForStringSize`), and the field-map reference is only softened once a recoverable representation exists. |
| 32 | +JMH benchmarks show 2.6×–2.9× speedups on build-without-serialize paths and a 1.5× speedup on build-then-access |
| 33 | +paths, with no public API change and no behavior change in the size-validation contract. |
| 34 | + |
| 35 | +#### Remove regex from `ImmutableJsonPointer` escape/parse hot path |
| 36 | + |
| 37 | +PR [#2460](https://github.com/eclipse-ditto/ditto/pull/2460) replaces `Pattern`/`Matcher` usage in |
| 38 | +`ImmutableJsonPointer.escapeTilde`, `decodeTilde`, and the consecutive-slash check with manual single-pass |
| 39 | +character scans that fast-return the input string unchanged when no tilde is present — the dominant production case. |
| 40 | + |
| 41 | +JFR profiling of production `things-service` pods on 3.9.1 had identified `escapeTilde` as the single hottest Ditto |
| 42 | +method at ~3.8% of CPU. JMH benchmarks show 1.19×–2.57× speedups across realistic scenarios, with behavior that is |
| 43 | +character-for-character identical to the prior implementation. |
| 44 | + |
| 45 | +### Bugfixes |
| 46 | + |
| 47 | +#### Fix partial-access filter stripping `thingId` and audit fields from SSE/WebSocket events |
| 48 | + |
| 49 | +PR [#2465](https://github.com/eclipse-ditto/ditto/pull/2465) fixes a regression introduced with the 3.9.0 |
| 50 | +partial-events feature where the emitted Thing JSON was filtered by exact path match against the subscriber's policy |
| 51 | +grants. Top-level entity fields that were not a listed grant were stripped, including `thingId`. A subscriber with |
| 52 | +READ on `thing:/attributes` therefore received SSE events without any way to identify which Thing the change applied |
| 53 | +to — a behavior regression versus 3.8.x. The same code path also stripped identity and audit fields from WebSocket |
| 54 | +payloads of full-Thing events (`ThingCreated` / `ThingModified` / `ThingMerged`) and from user-requested |
| 55 | +`extraFields`. |
| 56 | + |
| 57 | +The fix preserves `thingId`, `_namespace`, `_revision`, `_modified`, and `_created` whenever the subscriber holds at |
| 58 | +least partial READ access on the Thing, applied consistently across the SSE filter, the adaptable payload and extras |
| 59 | +filters, and the `RetrieveThing` response allowlist. `policyId` and `_metadata` are intentionally excluded from the |
| 60 | +allowlist and remain per-path policy-enforced. |
| 61 | + |
| 62 | + |
| 63 | +## Migration notes |
| 64 | + |
| 65 | +No known migration steps are required for this release. |
0 commit comments