9.4.2

QuestDB 9.4.2

QuestDB 9.4.2 is a hardening release that builds on 9.4.1, driven by continued fuzz testing and stricter query-result assertions. The posting and covering index introduced in 9.4.0 gets the most attention: this release fixes incorrect results from indexed reads and a crash on specific partition-maintenance paths, and reclaims an on-disk file leak. On the Parquet side, one fix keeps a table from being suspended when an all-null column is converted back to native form, and others harden reads of malformed or foreign files. The remaining fixes span temporal joins, GROUP BY, SELECT DISTINCT, and aggregates. The release also upgrades the web console to 1.2.3.

Two behavior changes are worth noting before upgrading: a bare INDEX TYPE POSTING is now non-covering by default, and SHOW CREATE TABLE now rejects views and materialized views. Both are detailed below.

For any questions or feedback, please join us on Slack or on Discourse.

See also our prettier release notes page.

Breaking changes 💥

A bare INDEX TYPE POSTING (no INCLUDE) is now non-covering. In 9.4.0–9.4.1 a posting index declared without an explicit INCLUDE clause silently auto-appended the designated timestamp to its covering set, turning it into a covering index — an unintended default. From 9.4.2, a posting index with no INCLUDE is non-covering; the timestamp auto-include (cairo.posting.index.auto.include.timestamp, still default true) now only rounds out an explicit INCLUDE set and never makes a non-covering index covering on its own. Existing tables are unaffected — the covering flag is persisted per-column in _meta and read back unchanged — so this changes only newly created or re-declared indexes. SHOW CREATE TABLE now renders such a column as INDEX TYPE POSTING rather than INDEX TYPE POSTING INCLUDE (ts), and a WHERE sym = ... predicate takes the plain posting-filter cursor instead of the covering cursor. (#7203)
SHOW CREATE TABLE now rejects views and materialized views. Previously it rendered a misleading CREATE TABLE statement for any object kind; executing that DDL would have created a plain table rather than the view. It now errors with table name expected, got view or materialized view name. Use SHOW CREATE VIEW / SHOW CREATE MATERIALIZED VIEW for those objects. The sibling statements now also name the actual object kind in their mismatch errors. (#7208)

Web Console

Upgraded to 1.2.3 (#7199):

Share links to queries from the editor dropdown and via keyboard shortcuts.
Storage policy now shows in table details and is supported in the "create materialized view" quick action.
Fixed stale user and data after SSO logout.
Increased the query-validation debounce time.

Bug fixes

SQL

Fixed a use-after-free crash (SIGSEGV) on random access over a Parquet partition — for example a query with LIMIT over a Parquet-backed scan. (#7195)
Fixed a ClassCastException crash in parallel keyed GROUP BY reading through a covering index. (#7150)
Fixed crashes in ASOF/LT joins between STRING/VARCHAR and SYMBOL keys, on both the full-fat and Light paths. (#7150)
Fixed an assertion crash when a NULL array value is used as a GROUP BY map key. (#7150)
Fixed an aggregate (count(), sum(), ...) over a UNION ALL of aliased sub-queries crashing query compilation with an internal error (a 500 in the web console). UNION columns are now matched by position; the previous by-name matching was silently wrong for differently-aliased branches. A cairo.sql.legacy.union.column.propagation flag (default false) restores the old behavior as an operational rollback. (#7210)
Fixed an ASOF join (Dense algorithm) dropping matches when its cursor is read more than once — for example by a window function, a cached factory re-running the query, or a parent operator. (#7195)
Fixed <symbols> IN (...) LATEST ON ts over a multi-partition table returning rows not ordered by the designated timestamp. (#7195)
Fixed count() over a keyed GROUP BY subquery filtered on the aggregate alias (a HAVING-style predicate) reporting phantom duplicate groups that do not exist. (#7202)
Fixed count(*) and full-scan size calculation throwing instead of contributing zero rows when an empty partition is absent from disk — for example one omitted by a backup or restore. (#7195)
Fixed LIMIT lo, hi and result-size calculation over a cross join with an unknown-size input counting or skipping too few rows. (#7195)
Fixed compile-time failures (Invalid column, ArrayIndexOutOfBoundsException) on SELECT DISTINCT and GROUP BY queries with qualified (t.col), duplicated, or constant-aliased projections. (#7150)
Fixed last() / mode() over a constant SYMBOL returning the constant instead of NULL. (#7150)
Fixed wrong JIT-filter results when a LONG value appears only as a literal inside narrow-integer arithmetic; the JIT path now matches the scalar path at 64-bit width. (#7150)
Fixed native-memory leaks: posting-index reader buffers stranded when a row cursor errors mid-iteration, and per-worker array GROUP BY keys orphaned under a mixed thread-safe / non-thread-safe key set. (#7150)
IN now accepts IPv4 list literals, e.g. addr IN ('1.2.3.4'::ipv4, '5.6.7.8'::ipv4), instead of failing to compile. (#7150)

Posting and covering index

Fixed a JVM crash (covering index) or missing/short indexed counts (non-covering index) after a partition squash, an in-range O3 commit, or a WAL auto-squash that spills past the indexer budget on a hot key. (#7203)
Fixed covered reads returning NULL for a whole partition after an O3 or squash reseal of a Parquet partition carrying a covering posting index. (#7203)
Fixed an incomplete covered sidecar on the WAL fast-lag apply path when a mid-stream spill flush occurred during indexing, which could over-read on a later covered read. (#7203)
Fixed the covering configuration being lost after ALTER TABLE ... ALTER COLUMN ... SYMBOL CAPACITY, which silently demoted the posting index to non-covering for all later readers. (#7203)
Fixed an on-disk value-file (.pv) leak when a Parquet index reseal spilled; the superseded intermediate file is now reclaimed through the writer's scoreboard-gated purge queue. (#7203)
Hardened the Parquet seal-purge state with a single leaf lock, so the concurrent O3-worker and writer-thread paths are safe by construction rather than by thread-join timing. (#7203)

Parquet

Fixed a Parquet read failure on an all-null integer column (INT/LONG) page that used DELTA_BINARY_PACKED encoding. The failure surfaced on an eager, full-row-group read — converting a Parquet partition back to native, or WAL apply re-running that conversion, notably under replication where it suspended the table on both primary and replica — while a lazy SELECT over the same partition was unaffected. Files already written by affected versions stay readable; newly written files carry a valid header. There is no format or version bump. (#7212)
Hardened the Parquet reader against malformed or foreign-produced files reachable through the read_parquet() function and partition conversion: a range of inputs (out-of-range delta bit widths, bad DELTA_BINARY_PACKED headers, integer-overflowing miniblock sizes, oversized varint values) that previously aborted the JVM via a Rust panic now return a clean error instead. Valid files decode exactly as before. (#7212)

Changelog

chore(ui): upgrade web console to 1.2.3 by @emrberk in #7199
fix(core): fix posting index crash and missing rows after partition squash by @nwoolmer in #7203
fix(core): fix all-null Parquet column reads and crashes on malformed files by @glasstiger in #7212
fix(sql): fix wrong results and memory leaks in posting-index, join and group-by queries by @puzpuzpuz in #7150
fix(sql): fix a parquet query crash and wrong results in latest-by, ASOF joins, and counts by @bluestreak01 in #7195
fix(sql): fix count() over a GROUP BY subquery reporting phantom duplicates by @ideoma in #7202
fix(sql): fix UNION ALL column mismatch under aggregates by @nwoolmer in #7210
fix(sql): reject views and materialized views in SHOW CREATE TABLE by @nwoolmer in #7208

Full Changelog: 9.4.1...9.4.2

4 hours ago

openssl