|
| 1 | +--- |
| 2 | +title: Release notes 3.9.3 |
| 3 | +tags: [release_notes] |
| 4 | +published: true |
| 5 | +keywords: release notes, announcements, changelog |
| 6 | +summary: "Version 3.9.3 of Eclipse Ditto, released on 06.07.2026" |
| 7 | +permalink: release_notes_393.html |
| 8 | +--- |
| 9 | + |
| 10 | +This is a bugfix release, no new features since [3.9.2](release_notes_392.html) were added. |
| 11 | + |
| 12 | +## Changelog |
| 13 | + |
| 14 | +Compared to the latest release [3.9.2](release_notes_392.html), the following changes and bugfixes were added. |
| 15 | + |
| 16 | +### Changes |
| 17 | + |
| 18 | +This is a complete list of the |
| 19 | +[merged pull requests](https://github.com/eclipse-ditto/ditto/pulls?q=is%3Apr+milestone%3A3.9.3). |
| 20 | + |
| 21 | +#### Cache partial-access-paths enrichment per Thing |
| 22 | + |
| 23 | +PR [#2481](https://github.com/eclipse-ditto/ditto/pull/2481) improves the performance of the partial-access-paths event |
| 24 | +enrichment introduced with the 3.9.0 partial-events feature. The accessible JSON paths per subject were previously |
| 25 | +recomputed for every `ThingEvent` of a Thing whose policy grants *restricted* READ to some subject. As the result only |
| 26 | +depends on the policy revision and the Thing structure (not on field values), it is now cached per Thing and reused |
| 27 | +across value-only updates. The cache can be disabled via `event.partial-access-events.cache.enabled` (default `true`, |
| 28 | +env `THING_EVENT_PARTIAL_ACCESS_EVENTS_CACHE_ENABLED`). |
| 29 | + |
| 30 | +#### Cache namespace-filtered policy enforcers |
| 31 | + |
| 32 | +PR [#2480](https://github.com/eclipse-ditto/ditto/pull/2480) improves the performance of policy enforcement for policies |
| 33 | +that use the namespace-scoped entries introduced with [#2325](https://github.com/eclipse-ditto/ditto/issues/2325) in |
| 34 | +3.9.0. The namespace-filtered enforcer, previously rebuilt on every enforced signal, is now cached per namespace and |
| 35 | +reused. The cache size is operator-configurable via |
| 36 | +`ditto.policies-enforcer-cache.namespace-filtered-enforcer-max-size` (default `100`, env |
| 37 | +`DITTO_POLICIES_ENFORCER_NAMESPACE_FILTERED_MAX_SIZE`), exposed through the Helm values and the policies, things and |
| 38 | +connectivity deployment templates. |
| 39 | + |
| 40 | +#### Dependency updates |
| 41 | + |
| 42 | +PR [#2475](https://github.com/eclipse-ditto/ditto/pull/2475) updates several third-party dependencies to their latest |
| 43 | +compatible versions. |
| 44 | + |
| 45 | +### Bugfixes |
| 46 | + |
| 47 | +#### Fix strict segment matching in HTTP gateway routes |
| 48 | + |
| 49 | +PR [#2479](https://github.com/eclipse-ditto/ditto/pull/2479) fixes a route matching issue where a path segment was |
| 50 | +matched as a prefix rather than requiring an exact match. For example, a request to `/devops/loggingA/...` matched the |
| 51 | +`logging` route as a prefix, the remainder was passed along, and — because the next handler strips a leading slash — the |
| 52 | +request was ultimately handled as if it targeted `/devops/logging`. Segment matching is now strict, so only exact segment |
| 53 | +names are matched. |
| 54 | + |
| 55 | + |
| 56 | +### Helm Chart |
| 57 | + |
| 58 | +The accompanying Helm chart was released as version `4.3.0`. It exposes the new |
| 59 | +`namespaceFilteredMaxSize` option (default `100`) on the policy-enforcer cache of the `policies`, `things` |
| 60 | +and `connectivity` services (PR [#2480](https://github.com/eclipse-ditto/ditto/pull/2480)) and includes a |
| 61 | +fix to the Swagger UI deployment so the OpenID Connect login works (PR |
| 62 | +[#2478](https://github.com/eclipse-ditto/ditto/pull/2478)). |
| 63 | + |
| 64 | + |
| 65 | +## Migration notes |
| 66 | + |
| 67 | +No known migration steps are required for this release. |
0 commit comments