Today, we are thrilled to announce the release of Kurrent’s new enterprise product: EventStoreDB 24.10. With this release, it’s easier than ever to deploy, secure and manage your event-native environments at enterprise scale.
| Note: You may have noticed that Event Store is rebranding to Kurrent. As a result, 24.10 is the last release where the product is named ‘EventStoreDB’. In all subsequent releases, the product will be named ‘Kurrent.’ |
EventStoreDB 24.10 is a significant update that introduces important operational features and a mature set of connectors to help you build event-native applications. Here are the highlights, with more detailed descriptions below:
- Single package: A single software artifact contains both core database features and enterprise features, accessible via a license key. Simplifies deployment, platform management and upgrade processes
- Connectors: Licensed connectors: Kafka, MongoDB, RabbitMQ. Free connectors: HTTP sink, Serilog sink
- Automated scavenge: Fully automated scheduling and execution of scavenging across nodes. The system handles configuration and scheduling, and prevents simultaneous node scavenging, ensuring cluster performance and clean leadership transitions. License key required.
- Policy-based stream authorization: Replaces ACLs with category-wide policies. Enables immediate policy updates, easy data segregation by tenant/microservice, and faster authorized operations. Reduces maintenance burden while improving security controls. License key required.
- Encryption-at-rest: File encryption within Kurrent provides additional data protection against unauthorized access. Beta feature with limitations: not available for Kurrent Cloud, supports only file-stored master keys, not recommended for compliance-regulated production environments. License key required.
Single package
Until today, EventStoreDB was distributed in two packages:
- EventStore-OSS - built from the Open Source codebase, containing core database features
- EventStore-Commercial - based on the OSS package, including features only available for Event Store customers, as well as (partially) in Event Store Cloud
Based on the changes to the package name, upgrades from previous ESDB versions require you to uninstall the previous version, add the new package registry to the operating system, and install the latest version using the new package name.
Additional details on the upgrade process can be found here.
To activate enterprise features, you can request a free trial license key here. Existing customers, please contact your Kurrent account executive or contact us here.
Connectors
Our connectors allow you to integrate ESDB with other systems without writing code or with a small amount of code focused on what needs to be done rather than how.
With 24.10, we have added Enterprise sink connectors for Kafka, RabbitMQ and MongoDB that can be enabled with a valid license key. Our HTTP and Serilog sink connectors are now freely available.
- Kafka connector - the Kafka sink writes events from EventStoreDB to a Kafka topic. It can extract the partition key from the record based on specific sources such as the stream ID, headers, or record key and also supports basic authentication and resilience features to handle transient errors. License key required.
- RabbitMQ connector - the RabbitMQ sink pulls messages from EventStoreDB and sends them to a RabbitMQ exchange using a specified routing key. This sink is designed for high reliability and supports graceful error handling and recovery mechanisms to ensure consistent message delivery in a production environment. License key required.
- MongoDB connector - The MongoDB sink pulls messages from an EventStoreDB stream and stores the messages to a collection. It supports data transformation for modifying event data or metadata and the inclusion of additional headers before sending messages to the MongoDB collection. It also supports at-least-once delivery and resilience features to handle transient errors. License key required.
- HTTP connector - the HTTP sink allows for integration between EventStoreDB and external APIs over HTTP or HTTPS. This connector consumes events from an EventStoreDB stream and converts each event's data into JSON format before sending it in the request body to a specified URL. Freely available.
- Serilog connector - the Serilog sink logs detailed messages about the connector and record details. Freely available.
All of our sink connectors are also available in Kurrent Cloud.
Automated scavenge
A common operational challenge with EventStoreDB is correctly automating the scavenging process across cluster nodes. It’s not always obvious how to properly automate the process, as it might require knowing the node role in the cluster and whether the scavenge is already running on other nodes.
The 24.10 automated scavenge is a fantastic new feature that removes this operational complexity. After the auto-scavenge configuration is provided, the cluster will execute scavenge operations on a specified schedule. It monitors progress to enforce two nodes not to be scavenged simultaneously and ensures the cluster changes its leader before trying to run scavenge on the node. The cluster remains clean while maintaining its transactional performance.
This feature is available for Kurrent (EventStoreDB) and Kurrent Cloud customers with a valid license key.
Stream authorization policies
EventStoreDB historically provided powerful authorization features. Each stream can be protected by an access control list (ACL), allowing only specific users to read and write to it.
However, ACLs are very granular and must be set for each stream. It’s common for streams with the same prefix or category, for example, “Order,” to all require the same write and read permissions. It's also common that there may be millions of streams in one category. Changing authorization policies for the whole category of streams quickly becomes extremely complex and time-consuming. As a result, many users do not use ACLs for authorization and don’t maintain strong authorization policies for accessing data.
Policy-based authorization replaces ACLs. The two authorization methods cannot be used at the same time. The new process allows you to configure a policy and apply it to an entire category of streams. When the policy changes, it is immediately applied to all relevant streams. Users are no longer required to adjust individual streams in the category. This feature allows our customers to introduce proper authorization for accessing data without the high maintenance burden. Scenarios where data segregation is required can now be easily implemented. For example, you can have specific policies per tenant, microservice, or any other logical boundary if the context name is captured in stream names.
Using policies also speeds up authorized reads and writes because ESDB doesn’t need to read ACLs for specific streams.
In the future, we plan to support authorized reads and subscriptions to $all stream, which currently require administrator access.
This feature is available for Kurrent (EventStoreDB) and Kurrent Cloud customers with a valid license key.
Encryption-at-rest
This new feature adds additional protection to data stored in EventStoreDB. It is common to use filesystem-based encryption of data volumes, as done in Kurrent Cloud. Still, encrypted volumes are accessible by anyone with access to the physical or virtual machine where the volume is mounted and reads data directly from database chunk files.
With encryption-at-rest, data files are protected by encryption inside EventStoreDB. If a malicious user manages to retrieve data files from a production database, the data remains inaccessible without the encryption key.
EventStoreDB only supports master keys stored in files. While providing value when the key file is mounted from a protected volume, based on the security levels of file-based key storage, we don’t currently recommend using this feature for production environments that fall under strict compliance regulations.
We aim to evolve this feature over time. We encourage our customers to provide feedback on where they wish to store their keys so we can add integrations to third-party key management systems.
This feature is available for Kurrent (EventStoreDB) customers with a valid license key. It is not available for Kurrent Cloud customers.
Installation and upgrades
For installing new clusters - please reference our installation guidelines.
For upgrading existing clusters - please read through our upgrade guide carefully as the upgrade process is different from previous versions.
To activate enterprise features - you can request a free trial license key here. Existing customers, please contact your Kurrent account executive or contact us here.
Feedback
Please feel free to contact us and give feedback about the new version. You can use one of the following feedback options: