[RELEASE] ScyllaDB Enterprise 2023.1.2

The ScyllaDB team announces ScyllaDB Enterprise 2023.1.2, a bug-fix production-ready ScyllaDB Enterprise patch release for ScyllaDB Enterprise 2023.1 LTS Release.

This patch release enables cluster-level configuration for Encryption at Rest, a new configuration to control streaming bandwidth, and multiple minor bug fixes.

You are encouraged to upgrade to it in coordination with the ScyllaDB Support team.

Related Links

• Get ScyllaDB Enterprise 2023.1 (customers only, or 30-day evaluation)
• Upgrade from ScyllaDB Enterprise 2022.1.x to 2023.1.y
• Upgrade from ScyllaDB Enterprise 2022.2.x to 2023.1.y
• Upgrade from ScyllaDB Open Source 5.2 to ScyllaDB Enterprise 2023.1.x
• Upgrade from ScyllaDB Enterprise 2023.1.x to 2023.1.y
• Submit a ticket

Transparent Data Encryption

Scylla Enterprise has supported Encryption at Rest (EaR) for a long time. So far, one can store the keys for EaR locally, in an encrypted table, or an external KMIP server.

Release 2023.1.1 added the ability to use Amazon KMS keys.

Release 2023.1.2 adds Transparent Data Encryption (TDE), a way to define Encryption at Rest parameters per cluster, not only per table.

This allows the system administrator to enforce encryption of all tables using the same master key, for example, from KMS, without specifying the encryption parameter per table.

For example, with the following in scylla.yaml, all tables will be encrypted using encryption parameters of my-kms1

user_info_encryption:
  enabled: true
  key_provider: KmsKeyProviderFactory,
  kms_host: my_kms1

See more examples and info here.

Streaming: Add stream_plan_ranges_fraction

This option allows user to change the number of ranges to stream in

batch per stream plan. Currently, each stream plan streams 10% of the total ranges.

The default value is the same as before: 10% of total ranges. #14191

Bug fixes

The following issues are fixed in this release (with an open-source reference, if available):

• Nodetool: nodetool stop RESHAPE stops individual task, but doesn’t abort the whole operation #15058
• Stability: INSERT JSON without a JSON value crashes Scylla #14709, #14705
• Stability: When removing a service level, the node might stop applying workload prioritization changes, like CREATE/DROP/ALTER SERVICE_LEVEL, until it restarts. #15198
• Stability: when tables are dropped during a running repair, a repair_tracker run failed: data_dictionary::no_such_column_family #13045
• Stability: Scylla should skip mode validation of snapshot files #12010
• Init: scylla_raid_setup: --online-discard option always enables ‘discard’ #14963
• Stability: Some gossiper apis may return stale information from non-zero shards, for example REST API gossiper/endpoint/down/ falsely reports a node down #15088, #12261
• Stability: gossiper/endpoint/down/ falsely reports a node down #12261
• UX: Warning message does not includes enough details: capped tombstone local_deletion_time warning does not indicate the respective sstable #15015
• UX: Handle TLS version of broken pipe same as “normal”, making the error message less scary. #14625
• Log: Compaction throughput is incorrectly based on the amount of data written #14533