Hotfix Release
MentisDB 0.10.4.49 fixes a dashboard login bug introduced in 0.10.2.47, corrects a session-lifetime miscalculation, and simplifies the build by making HNSW and local-embeddings unconditional default features.
For the full feature list and benchmark numbers from the prior release, see 0.10.3.48.
Hotfix
-
Dashboard login fix — The session cookie's
Secureattribute was hardcoded, so browsers silently dropped it when the dashboard sat behind a TLS-terminating reverse proxy (nginx, Caddy, Traefik) that talked plain HTTP to the daemon. Login would succeed but the browser would discard the cookie, bouncing the user back to/dashboard/loginon every request. TheSecureattribute is now conditional onX-Forwarded-Proto. -
Session lifetime fix — The session timeout was 5 hours instead of the intended 8 hours due to
RATE_LIMIT_WINDOW_SECS * 60being used for session expiry (the rate-limit window is already in seconds). Replaced with an explicitSESSION_TIMEOUT_SECSconstant independent of the brute-force rate-limit window.
Simplifications
-
HNSW is now unconditional — The
hnsw-backendCargo feature has been removed entirely. HNSW is always compiled in — no feature flag needed. TheHnswBackendNotEnablederror variant and its test have been deleted. -
local-embeddingsis now a default feature —cargo install mentisdbjust works, no--featuresflag needed. The self-updater, Makefile, and non-interactive update messages have been simplified. The 0.10.3.48 hotfix that added--features local-embeddingsto the self-updater is now superseded.
Upgrade
cargo install mentisdb --forceNo --features flag needed anymore — HNSW and local-embeddings are both included by default.