Skip to content
Switch branches/tags
Go to file
Cannot retrieve contributors at this time
496 lines (333 sloc) 16.8 KB
Release Notes
AceQL HTTP is a secure framework of REST like HTTP APIs that allow to
access to remote SQL databases over HTTP from any device that supports HTTP.
AceQL HTTP is provided with three client SDKs:
- The AceQL C# Client SDK allows to wrap the HTTP APIs using Microsoft SQL
Server like calls in their code, just like they would for a local database.
- The AceQL Java Client SDK allows to wrap the HTTP APIs using JDBC calls
in their code, just like they would for a local database.
- The AceQL Python Client SDK allows SQL calls to be encoded with standard
unmodified DB-API 2.0 syntax.
Security has been taken into account from the design: it is allowed to specify
and code strong security rules in order to protect the databases.
AceQL HTTP is licensed through the GNU Lesser General Public License
(LGPL v2.1).
AceQL HTTP Version 6.4 - 16-Feb-2020
What's New:
- Java start parameters values have been changed to -Xms256M -Xmx4096M for
Linux version.
- Tomcat base libraries have been upgraded to 8.5.63.
AceQL HTTP Version 6.3 - 05-Dec-2020
What's New:
- In addition to UserAuthenticator, the new RequestHeadersAuthenticator interface
provides an alternate or supplementary authentication mechanism.
RequestHeadersAuthenticator implementation allows to check the HTTP request
headers sent by the client side, and thus to grant or forbid access to the AceQL Server.
- Tomcat base libraries have been upgraded to 8.5.60.
AceQL HTTP Version 6.2 - 17-Nov-2020
What's New:
- The new session.timelifeMinutes property in file
allows defining the session lifetime of client users without any programming.
- In SessionConfigurator interface and dependencies: the getSessionTimelife() method
has been renamed to getSessionTimelifeMinutes() for the sake of clarity.
Bugs fixed:
- JwtSessionConfigurator.verifySessionId(String sessionId) and
DefaultSessionConfigurator.verifySessionId(String sessionId) would not
verify correctly session expirations. This has been fixed.
AceQL HTTP Version 6.1 - 24-Oct-2020
What's New:
- Default Java memory configurations are now -Xms256m -Xmx4096m on both
Windows and Linux in order to support a heavy load.
- Most base libraries have been upgraded to the latest version.
AceQL HTTP Version 6.0 - 19-Sep-2020
What's New:
- Java vendor and version are displayed at server startup.
- JDBC Statement.execute() calls are now supported.
- Statement.setMaxRows(int) is now supported when called
by a Java client.
- The model file contains now documentation
on testOnBorrow & validationQuery attributes and how to ensure that
the JDBC Connection Pool will still accessible after the restart
of the SQL engine in use.
- Implement server side JDBC metadata calls. This will
allow the Client Java SDK to be plugged as a real JDBC Driver.
(The AceQL JDBC Driver is work in progress).
- Add /get_catalog and /get_schema API.
- Included PostgreSQL Driver has been updated to 42.2.5.
- Tomcat base libraries have been upgraded to 8.5.58.
Bugs fixed:
- An SQLException could be swallowed during a transaction (autocommit off). This
could lead to subsequent errors when trying to re-use the Connection in some
db engines such as PostgreSQL.
(org.postgresql.util.PSQLException: ERROR: current transaction is aborted,
commands ignored until end of transaction block).
This has been fixed: Connections in autocommit off are now always rollbacked
in case of SQLException.
- Columns were in lowercase when sent to the client. This has been fixed.
- Empty string SQL parameters ("") were refused by the AceQL Server.
This has been fixed.
AceQL HTTP Version 5.1 - 03-Aug-2020
What's New:
- The new API WebServerAPI.isServerRunning() has been added.
- An error message is displayed if an attempt of calling more than one
AceQL instance in the JVM is detected.
- NullPointerException throws are replaced by Objects.requireNonNull().
This makes easier for API users to debug NullPointerExceptions.
- Tomcat base libraries have been updated to 8.5.57 because of security
Bugs fixed:
- Remote client Windows authentication calls could stop the server. This has
been fixed.
- The database schema download could fail for SQL Server. This has
been fixed.
AceQL HTTP Version 5.0.4 - 04-Jul-2020
What's New:
- Some base libraries have been updated.
- The conf/ includes now an example of the usage of
the Tomcat JDBC Pool removeAbandoned & removeAbandonedTimeout properties.
Bugs fixed:
- nvarchar, nchar, ntext would not support NULL values. This has been fixed.
AceQL HTTP Version 5.0.3 - 15-Jun-2020
What's New:
- Windows interface signals when the user tries to reopen the app instead
of redisplaying it from the taskbar.
- Tomcat base libraries have been updated to 8.5.56 because of security
Bugs fixed:
- Float values could be rounded. This could be a problem for Python client SDK.
This has been fixed.
WINDOWS VERSION ONLY - AceQL HTTP Version 5.0.2b - 25-Apr-2020
What's New:
- Support for Java 13 and 14.
It is highly recommended to upgrade to this AceQL version on all
Windows installations using Java > 8.
AceQL HTTP Version 5.0.2 - 22-Apr-2020
What's New:
- Javadoc has been enhanced for the UserAuthenticator interface and for
the provided implementation classes.
- Special chars (in escaped format) are now supported in LDAP Distinguished Names.
Bugs fixed:
- The schema produced by the db_schema_download API would not include correctly
the database tables with MS SQL Server. This has been fixed.
AceQL HTTP Version 5.0.1 - 10-Apr-2020
Bugs fixed:
- SELECT calls with more than 20Kb output could randomly fail because
of a bug in Glassfish javax.json JSON parser that inserts a \r\n at
each 20Kb output.
This has been fixed by calling JsonGenerator.flush() on each
SQL row dump.
AceQL HTTP Version 5.0 - 08-Apr-2020
What's New:
- The software has been rewritten to allow quick start & standard usage
without any coding and without code injection: standard but complete
configuration may be done entirely by defining values in the file.
Sophisticated firewalling can be done through a CSV File without any coding.
Advanced usage is still possible through code injection using Java classes.
- The new authentication architecture allows to plug-and-play existing built-in
authentication classes without any coding or code injection, just by defining
values in the file.
This version provides default authentication against a LDAP server, against a
SSH Server, against a Windows Server and against a Web Service.
Your own legacy authentication usage is nonetheless supported through code
injection with Java classes.
- The file has been reorganized and simplified.
- JSON parser javax.json has been updated to 1.1.4. Tomcat base libraries
have been updated to 8.3.53 because of Security requirements.
AceQL HTTP Version 4.1 - 13-Feb-2020
What's New:
- The new CsvRulesManager SqlFirewallManager implementation allows to
fine control access to SQL tables without any Java programming.
Rules are declared in a CSV file that is loaded at server startup.
Rules are checked for each incoming SQL call.
See the User Guides & Javadoc for more info.
AceQL HTTP Version 4.0 - 15-Jan-2020
What's New:
- SQL firewalling is now done through the SqlFirewallManager
interface. SqlFirewallManager concrete classes may be chained
to easily add new rulesets. This also allows to
properly isolate and reuse firewalling code.
Default built-in implementations are provided for an easy
startup without any coding.
- The new metadata API allows downloading a remote database schema
in HTML or text format, to get a remote database main properties,
to get the list of tables, and to get the details of each table.
It also allows wrapping remote tables, columns, indexes, etc. into
easy to use provided Java, C# and Python classes in the client SDKs:
Table, Index, Column, etc.
HTML and text schemas are rendered with SchemaCrawler (
The metadata API allows exposing more easily the databases along with the
schemas, without any need to communicate, maintain or synchronize separated
documentation for the API users. Users are thus autonomous to explore
the metadata and schema of the exposed databases.
- StatementAnalyzer has been retrofitted with an external heavily used
and highly supported SQL parser (JSqlParser library -
- Tomcat base libraries have been updated to 8.5.50 (Security requirements).
- AceQL HTTP requires now Java 8 or higher.
AceQL HTTP Version 3.2.2 - 16-Sep-2019
Bugs fixed:
- DECIMAL SQL type passed from client side was ignored. Thus has been fixed.
- DATE, TIME, TIMESTAMP could be malformed when called from a stored
procedure this has been fixed.
What's new:
- Update Tomcat base libraries to 8.5.45 (Security requirements).
AceQL HTTP Version 3.2.1 - 10-aug-2019
Bugs fixed:
- aceql-server -stop was returning -1 exit code instead of 0. It
could cause a problem when using CI tools like Jenkins. This has been fixed.
AceQL HTTP Version 3.2 - 23-apr-2019
What's new:
- Update Tomcat base libraries to 8.5.40 (Security requirements).
AceQL HTTP Version 3.1 - 24-dec-2018
What's new:
- destroy() call has been added to main servlet ServerSqlManager for
clean shutdown of ThreadPoolExecutor without warnings.
Bugs fixed:
- HttpServletRequestHolder could in rare cases collide request parameters
from concurrent clients. This has been fixed.
AceQL HTTP Version 3.0 - 17-dec-2018
- AceQL open source / Community Edition now supports all main database
- Main servlet is now async for better reliability and performances.
- DatabaseConfigurator.allowStatementAfterAnalysis method
has been renamed to allowSqlRunAfterAnalysis for the sake of
- Uses newest Tomcat 8.5.35 embedded libraries for security reasons.
- Update other misc Maven dependencies.
AceQL HTTP Version 2.1 - 18-jun-2018
What's new:
- This version now supports stored procedure calls from client side.
See you preferred AceQL client SDK for usage.
- Server could crash in case or RuntimeException. These runtime exceptions
are now caught.
- Windows version is now fully 64 bit.
AceQL HTTP Version 2.0 - 28-feb-2018
What's new:
- Server allows to create new Connection without re-authentication.
- It is now possible to create and use from client side more than
one Connection on the same database.
- Stateful mode is now the main and only mode. This simplifies
the software architecture, the user documentation and ease of
used for developers.
- DatabaseConfigurator.getConnectionMaxAge() has been removed
because of duplicate usage. (Same kind of value can be set when
defining Connection pool whatever pool system is used).
- DefaultSessionConfigurator: getSessionTimelife() is now 0
(infinite session lifetime) instead of 12 hours.
- Connections Store cleaning has been completely rewritten. A
cleaning thread is regularly launched instead of a permanent
- Use last Tomcat 8.5 librairies (v. 8.5.28).
WINDOWS VERSION ONLY - AceQL HTTP Version 1.0 - 27-dec-2017
What's new:
- Java 9 is now fully supported on Windows.
AceQL HTTP Version 1.0 - 20-dec-2017
What's new:
- Java 9 is now fully supported on Linux.
- DefaultDatabaseConfigurator.getConnectionMaxAge() returns now 0
for consistency with other APIs.
- Dependencies have been updated.
- As Beta period is expired, AceQL HTTP Professional requires now
a 30-day license key.
Bugs fixed:
- Setting DatabaseConfigurator.getConnectionMaxAge() to 0 was
not taken into account by internal code. This has been fixed.
PRO EDITION ONLY - AceQL HTTP Version 1.0-beta-5.2 - 31-oct-2017
What's new:
- Beta period has been extended to November 10, 2017.
WINDOWS VERSION ONLY - AceQL HTTP Version 1.0-beta-5.1 - 20-sep-2017
What's new:
- An item menu has been added in Help Menu to display Release Notes.
- Standard Mode: useless & annoying Tomcat red warnings messages
are not anymore displayed at server startup.
- Jar icons are displayed.
AceQL HTTP Version 1.0-beta-5 - 13-sep-2017
What's New:
- The signature of DatabaseConfigurator.login method has been changed
and has 2 more parameters: database and ipAddress.
This allows implementation code to know to which database the
client wants to connect and to get IP address of client if
necessary for security reasons.
- Thus, the previous 1.0-beta-4 DatabaseConfigurator implementations
are not compatible with this 1.0-beta-5 version: the login method
signature must be changed.
- The org.kawanfw.sql.api.server.util.HttpServletRequestStore and
org.kawanfw.sql.api.server.util.ServerInfo have been suppressed.
The methods were useless.
- The Tomcat dependencies have been updated to in order to use last
8.5.20 version.
- The property sslConnector.keyAlias must now be defined for SSL
activation. This is imposed by Tomcat version 8.5.20.
- Windows version: the JDBC Drivers installation is now done with
a "Browse" or paste/copy of files.
Bugs fixed:
- Windows version: the console could display warnings and hang.
This has been fixed.
- Miscellaneous Javadoc errors.
AceQL HTTP Version 1.0-beta-4 - 04-sep-2017
What's New:
- In files: database is now the prefix for all
properties (instead of being the trailer in previous versions.)
- Windows version has now a clean installer and all configuration is done
through a provided Window interface.
- Windows: Server run may be configured as a Windows service. Configuration
& start/stop is done through the provided Windows interface.
- Linux: AceQL HTTP Web Server run may be configured as an /etc/init.d
service. A documented and ready to use script is provided.
- It is now possible to add servlets that can interact with JDBC pools
when server is running. See conf/ file.
- A default servlet is provided for JDBC pools query and update while server
is running. See conf/ file.
Bugs fixed:
- The bound Web port was not correctly released at AceQL server stop for reuse
in the same JVM. This has been fixed.
- There was a missing carriage return line feed after execute_update
and execute_query APIs. This has been fixed.
AceQL HTTP Version 1.0-beta-3 - 17-jul-2017
What's New:
- AceQL uses now embedded Tomcat version 8.5.
- ConnectionStore has been cleaned & simplified
(no more Map to store if a Connection is Stateless/Stateful).
AceQL HTTP Version 1.0-beta-2 - 07-jul-2017
What's New:
- Server Result Sets were dumped into an intermediary file.
Result Sets are now dumped directly on servlet output stream.
Bugs fixed:
- A SQLException logging message could throw an Exception. This has been fixed.
AceQL HTTP Version 1.0-beta-1 - 27-jun-2017
What's New:
- First release.