Releases: authzed/spicedb
Releases · authzed/spicedb
v1.17.0
Highlights
🎉 Caveats are now Generally Available!
🚀 APIs without configurable consistency have been reduced by one datastore roundtrip
☑ WriteRelationships validation now batch-loads schemas
🪳The CockroachDB datastore GC window now warns instead of failing if the user configures an invalid window
What's Changed
- pkg/cache: implement a central collector by @jzelinskie in #1149
- makes dispatch metrics toggleable by @vroldanbet in #1151
- Change release notes update mode by @ecordell in #1150
- make cache collector unregister on close by @vroldanbet in #1152
- Mark caveats as a production-ready feature by @josephschorr in #1154
- Remove now-unused caveats flag by @josephschorr in #1155
- Fix MySQL parseTime check to use the DSN lib by @josephschorr in #1159
- improve CRDB GC error message by @vroldanbet in #1166
- adds caveats to AppliedSchemaChanges by @vroldanbet in #1167
- Fix spanner telemetry by @ecordell in #1156
- does not return an error if GC windows aren't aligned by @vroldanbet in #1169
- Move to Golang 1.19.6 to bring some security fixes by @josephschorr in #1172
- Use the shared relationships validation in dev package by @josephschorr in #1171
- Have validation for WriteRelationships batch load namespaces by @josephschorr in #1175
- Skip loading of head revision on write calls by @josephschorr in #1176
Full Changelog: v1.16.2...v1.17.0
Docker Images
This release is available at authzed/spicedb:v1.17.0, quay.io/authzed/spicedb:v1.17.0, ghcr.io/authzed/spicedb:v1.17.0
Contributors
ecordell, jzelinskie, and 2 other contributors
Assets 15
v1.16.2
What's Changed
- Expose the V1 API debug information in dev package by @josephschorr in #1107
- fixes problem with caveats not resolving protobuf types by @vroldanbet in #1109
- Make sure to catch error tokens in caveat parsing by @josephschorr in #1111
- .github: explicit github token for buf-generate by @jzelinskie in #1113
- Add additional option to CEL to compile caveat macro expressions by @josephschorr in #1112
- Part 2 of consistency tests using caveats by @josephschorr in #1106
- fixes positional argument errors failing silently by @vroldanbet in #1101
- Add a consistency test for the ipaddress type for caveats by @josephschorr in #1116
- Add consistency test for maps in caveats and better typed errors on caveat evaluation by @josephschorr in #1115
- pkg/cache: default TTL of 2x quantization window by @jzelinskie in #1110
- Remove TODOs in caveat CEL code by @josephschorr in #1121
- Only write caveats that have been possibly updated by @josephschorr in #1120
Docker Images
This release is available at:
authzed/spicedb:v1.16.2quay.io/authzed/spicedb:v1.16.2ghcr.io/authzed/spicedb:v1.16.2authzed/spicedb:v1.16.2-debugquay.io/authzed/spicedb:v1.16.2-debugghcr.io/authzed/spicedb:v1.16.2-debug
Full Changelog: v1.16.1...v1.16.2
Contributors
jzelinskie, josephschorr, and vroldanbet
Assets 15
v1.16.1
What's Changed
- Add additional goroutine leak testing to Lookup* and fix possible deadlock in ReachableResources by @josephschorr in #1086
- README: rephrase project description by @samkim in #1091
- refactor datastore flags to make them reusable by @vroldanbet in #1089
- Update reported min version for Postgres by @josephschorr in #1093
- align datastore defaults by @vroldanbet in #1092
- adds log.Ctx(ctx) calls (almost) everywhere by @vroldanbet in #1094
- Add an API test for deleting a relationship that does not exist by @josephschorr in #1095
- Consistency test reimplementation by @josephschorr in #1087
- Cleanup lock handling in task runner by @josephschorr in #1096
- Add consistency test for reading relationships by @josephschorr in #1097
- Add a distinct validation error type for schema write by @josephschorr in #1102
- Add additional consistency test cases and enable chunk size changing by @josephschorr in #1099
- Fix flake in debug tests by @josephschorr in #1104
- Optimize allocations by removing sprintf, using strings.Cut by @jzelinskie in #1098
Docker Images
This release is available at:
authzed/spicedb:v1.16.1quay.io/authzed/spicedb:v1.16.1ghcr.io/authzed/spicedb:v1.16.1authzed/spicedb:v1.16.1-debugquay.io/authzed/spicedb:v1.16.1-debugghcr.io/authzed/spicedb:v1.16.1-debug
Full Changelog: v1.16.0...v1.16.1
Contributors
samkim, jzelinskie, and 2 other contributors
Assets 15
v1.16.0
Highlights
- Major performance improvements to the Watch API for the Postgres datastore
- v1.CheckPermission is now uses an optimization when there are many subjects with the same relation
- Caveats (experimental) are now supported in the development API
- Dispatch concurrency limits are now configurable per request type (e.g.
--dispatch-check-permission-concurrency-limit)
What's Changed
- HTTP gateway graceful termination by @vroldanbet in #1001
- move off ristretto fork by @vroldanbet in #1012
- Add brief sleeps to fix flaky test on macos by @josephschorr in #1014
- Return a more descriptive error for watch when not enabled by @josephschorr in #1009
- Fix memdb to always generate unique revision IDs by @josephschorr in #1015
- Early iterator closing in dispatch by @josephschorr in #1016
- Debug API improvements by @josephschorr in #963
- Add configurable concurrency limits per dispatch type by @josephschorr in #1010
- Switch the namespace cache to use estimated costs and no serialization by @josephschorr in #1019
- internal/datastore: remove unused lock by @jzelinskie in #1021
- Fix the flake in the estimated size test for nsdefs by @josephschorr in #1023
- Fix metadata on ErrCannotWriteToPermission by @josephschorr in #1025
- Add a metric for estimated check direct queries by @josephschorr in #1024
- Remove old error message from CRDB test by @josephschorr in #1036
- Add support for caveat name and context to tuple syntax by @josephschorr in #1028
- Dependabot updates for Dec 2022 by @josephschorr in #1037
- Adjust estimated query count metric to only count dispatch if it was necessary by @josephschorr in #1030
- Link to annotated paper by @samkim in #1044
- Move to golang 1.19.4 by @josephschorr in #1049
- datastore/crdb: upgrade to v22.2.0 to get arm support by @jakedt in #1042
- Add warning when PG max connection count is lower than min by @josephschorr in #1052
- Improve the watch API performance and correctness for postgres by @jakedt in #1039
- Add prom metric for number of batch check dispatches by @josephschorr in #1048
- Add retries to the estimated size test to remove flakiness by @josephschorr in #1053
- Debug supporting caveats by @josephschorr in #1041
- Add support for tracking caveats in membership for development by @josephschorr in #1047
- Fix revision checking in memdb to allow for past
nowby @josephschorr in #1029 - Add another relationship parsing test by @josephschorr in #1056
- Change confusing flag help output. by @ensonic in #1043
- gomod: update cobraotel to support sample ratios by @jzelinskie in #1058
- Fix concurrent access issue in reachable resources and add additional testing and a small perf improvement by @josephschorr in #1061
- Fix debug tracing for batch dispatches by @josephschorr in #1060
- improvements on context cancellation by @vroldanbet in #1062
- Add test for dispatch metadata on all endpoints by @josephschorr in #1066
- redesigns middlware options for RunnableServer v2 by @vroldanbet in #1063
- datastore/proxy: add prom metrics to datastore operations by @jakedt in #1069
- Add exponential backoff to the GC worker for datastores by @josephschorr in #1068
- Add accessor in the dev package for V1 API by @josephschorr in #1071
- Fix bug in reachable resources that was causing extra work by @josephschorr in #1073
- Add a linter for improper use of panics and fix all found instances by @josephschorr in #1054
- Add datastore GC command to synchronously run GC by @josephschorr in #1067
- Add support for caveats in development package by @josephschorr in #1064
- reference libraries through awesome spicedb by @vroldanbet in #1076
- Dependabot updates for Jan 2023 by @josephschorr in #1084
- Direct check performance improvements by @josephschorr in #839
Docker Images
This release is available at:
authzed/spicedb:v1.16.0quay.io/authzed/spicedb:v1.16.0ghcr.io/authzed/spicedb:v1.16.0authzed/spicedb:v1.16.0-debugquay.io/authzed/spicedb:v1.16.0-debugghcr.io/authzed/spicedb:v1.16.0-debug
New Contributors
Full Changelog: v1.15.0...v1.16.0
Contributors
samkim, jzelinskie, and 4 other contributors
Assets 15
v1.15.0
Upgrade Notes
Warning
This is release includes changes for dispatching, which can result in an increased error rate during rollout. To avoid, deploy as a distinct cluster and switch over your load balancer(s)
CockroachDB, Spanner, MySQL, Postgres
(no migrations from v1.14.1)
What's Changed
- Update BaseSubjectSet to support caveat expressions by @josephschorr in #932
- Add support in LookupResources for caveats by @josephschorr in #938
- Remove support for the v1alpha1 API by @josephschorr in #976
- Fix observable proxy to use the more efficient namespace lookup by @josephschorr in #989
- Refactor the datastore testfixtures for better code reuse by @josephschorr in #988
- Provide additional capabilities around schema writing by @josephschorr in #990
- logging and error handling improvements by @vroldanbet in #986
- Fix test flake in loader by sorting the expected tuples by @josephschorr in #991
- Add support for caveats in LookupSubjects API by @josephschorr in #987
- address some caveat TODOs by @vroldanbet in #995
- Make sure ReadSchema returns caveats as well by @josephschorr in #997
- Add testutil packages and clean up copy-pasted code by @josephschorr in #996
- fixes broken docker compose link by @vroldanbet in #999
- datastore/postgres: remove the compensation code for migration phases by @jakedt in #992
- Add validation of relationships to file loader by @josephschorr in #981
- Fix for PG when schema is specified in the db url by @jvassev in #994
- Improve the error message for duplicate rels within a single WriteRel… by @josephschorr in #1003
- Return InvalidArgument if caveats are disabled in WriteRels call by @josephschorr in #1004
- Add context and default timeout for validationfile loading by @josephschorr in #1002
- Add len checks to WriteCaveats before attempting to write nothing by @peterfoldes in #1006
- Catch nil values for FoundSubjectsByResourceID map and return as errors by @josephschorr in #1008
Docker Images
This release is available at:
authzed/spicedb:v1.15.0quay.io/authzed/spicedb:v1.15.0ghcr.io/authzed/spicedb:v1.15.0authzed/spicedb:v1.15.0-debugquay.io/authzed/spicedb:v1.15.0-debugghcr.io/authzed/spicedb:v1.15.0-debug
New Contributors
- @jvassev made their first contribution in #994
- @peterfoldes made their first contribution in #1006
Full Changelog: v1.14.1...v1.15.0
Contributors
jvassev, peterfoldes, and 3 other contributors
Assets 15
v1.14.1
What's Changed
- prevent poisoning via build job by @vroldanbet in #961
- Fix panic in validationfile loader when no schema is specified by @josephschorr in #979
- datastore/cache: clear the RWT namespace cache when writing namespaces by @jakedt in #982
- Dispatch goleak checking by @josephschorr in #983
- cmd/serve: fix deprecated usage of jaeger by @jzelinskie in #984
Full Changelog: v1.14.0...v1.14.1
Docker Images
This release is available at authzed/spicedb:v1.14.1, quay.io/authzed/spicedb:v1.14.1, ghcr.io/authzed/spicedb:v1.14.1
Contributors
jzelinskie, jakedt, and 2 other contributors
Assets 16
v1.14.0
Highlights
- Memory management for caching vastly improved by more accurately tracking the size of cache entries
- Postgres datastore rewritten with massive improvements to write performance
- Experimental caveats support
- Massive performance improvement for LookupResources
- GemFury DEB & RPM repositories are now available for SpiceDB releases
Upgrade Notes
Warning
This is release includes migrations for all datastores, but a more complex migration for Postgres.
You must have already upgraded to v1.13.0 before upgrading to v1.14.0.
To learn more about migrations, see the migration documentation.
To automate migrations, Kubernetes users can run the SpiceDB Operator.
CockroachDB, Spanner, MySQL
CockroachDB, Spanner, MySQL datastore users can run the command spicedb migrate head from a SpiceDB v1.14 binary to migrate a v1.13 cluster. This may result in a brief latency spike, but will otherwise cause no downtime. After the migration is complete, v1.13 processes can be replaced with v1.14 ones.
Postgres
PostgreSQL users have two options: zero downtime or not.
Downtime
- Ensure SpiceDB v1.13.0 was running
- Shut off SpiceDB in all clusters
- Run
spicedb migrate headusing SpiceDB v1.14 - Rollout v1.14 to your cluster(s)
Zero-downtime
- Ensure SpiceDB v1.13.0 is currently running
- Run
spicedb migrate add-xid-columnsusing SpiceDB v1.14 - Rollout v1.14 to your cluster(s) with the following flag:
--datastore-migration-phase=write-both-read-old - Once the rollout is fully complete, run
spicedb migrate add-xid-constraintsusing SpiceDB v1.14 - Rollout v1.14 to your cluster(s) with the following flag:
--datastore-migration-phase=write-both-read-new - Once the rollout is fully complete, run
spicedb migrate drop-id-constraintsusing SpiceDB v1.14 - Rollout v1.14 to your cluster(s) with the
--datastore-migration-phaseflag removed
What's Changed
- Improves Postgres write performance by @jakedt in #852
- streamline logging by @vroldanbet in #844
- Implement structured errors for all user facing errors by @josephschorr in #858
- disable async logging by @vroldanbet in #888
- adds tests to demonstrate various caveat use-cases by @vroldanbet in #878
- fix datastore integration tests not running by @vroldanbet in #893
- Incremental migrations by @jakedt in #891
- Enable goreleaser pro, push linux packages to gemfury by @jzelinskie in #897
- add caveat support to postgres datastore by @vroldanbet in #890
- refactoring of caveat datastore methods by @vroldanbet in #899
- fix calls to logger that are not being sent by @vroldanbet in #904
- Batch check for lookup by @josephschorr in #843
- Add a lint check for zerolog expression statements without Send or Msg calls by @josephschorr in #907
- integrates caveat context in PermissionService API methods by @vroldanbet in #886
- more follow ups to caveats in datastore by @vroldanbet in #906
- Fix stack overflow on error marshalling for zerolog by @ecordell in #909
- Tech Debt cleanup: move LogOnError into common datastore package by @josephschorr in #912
- internal: store serialized protos in caches by @jzelinskie in #900
- Add a namespace proxy cache test suite using a real datastore by @josephschorr in #919
- Add caveat references to schema and full type checking by @josephschorr in #896
- fix more instances of zerolog marshall recursion by @vroldanbet in #922
- add missing caveat test, update caveat example by @vroldanbet in #924
- Sever namespace read context by @ecordell in #925
- introduce caveat support in CockroachDB by @vroldanbet in #921
- Encode xmin in postgres revisions to respect zedtoken order by @jakedt in #930
- implement caveat support for spanner by @ecordell in #929
- Add support for defining caveats in schema, and associated type checks by @josephschorr in #926
- include sboms in release by @ecordell in #927
- Elide updates of namespaces which have not changed at all by @josephschorr in #913
- datastore/postgres: stop casting xid in queries altogether by @jakedt in #942
- Don't return the caveat key in the ObjectDefinitionNames in v1alpha1 … by @josephschorr in #944
- Mark devtools gRPC endpoint enabled by default for the serve-devtools command by @josephschorr in #945
- Breakout the integration test suite from unit tests by @josephschorr in #947
- refactor: add context to write methods within a datastore transaction by @jakedt in #948
- parallelize consistent hashring test by @ecordell in #949
- Faster CI Feedback Loop by @vroldanbet in #950
- introduce caveat support in MySQL by @vroldanbet in #936
- fixes caching of loop variable in the wrong place by @vroldanbet in #951
- internal/datastore: add observable proxy by @jzelinskie in #952
- Add datastore proxy for separating context by @jzelinskie in #953
- Update authzed-go for the additional validation rules by @josephschorr in #957
- specifies cache-dependency-path to prevent poisoning by @vroldanbet in #960
- pg: move column defaults to backfill migration by @ecordell in #955
- do not run CRDB migration in transaction by @vroldanbet in #956
- Change experimental caveats flag to be handled at the service level by @josephschorr in #962
- datastore: DeleteNamespace => DeleteNamespaces by @jzelinskie in #940
- Add shorter timeouts and better config to gRPC dialing in tests by @josephschorr in #965
- Depbot updates for Nov 1, 2022 by @josephschorr in #972
Full Changelog: v1.13.0...v1.14.0
Docker Images
This release is available at authzed/spicedb:v1.14.0, quay.io/authzed/spicedb:v1.14.0, ghcr.io/authzed/spicedb:v1.14.0
Contributors
ecordell, jzelinskie, and 3 other contributors
Assets 16
v1.13.0
v1.13.0
This tag was signed with the committer’s verified signature.
jzelinskie
Jimmy Zelinskie
Highlights
- Dispatched checks are now batched performed improving performance
- Protobuf serialization is now much faster by using vtprotobuf to avoid reflection
- Dispatch API is now compressed with Snappy
- Cache sizes can now be configured with percentages of free memory
Warning
This release contains a change to the internaldispatchAPI, which means that v1.13.0 and v1.12.0 can not dispatch to each other during a rolling upgrade. To upgrade without downtime, run these as separate Kubernetes services, or disable dispatch before upgrading.
What's Changed
- Add an error case for redefining a type in schema by @josephschorr in #810
- Add govulncheck to the linters by @josephschorr in #813
- don't generate nsswitch.conf (base images have it now) by @ecordell in #815
- Fix fallback for MySQL stats to fix test flake by @josephschorr in #812
- replace custom pgxpool collector with opensource module by @vroldanbet in #809
- dispatch: use Snappy S2 compression and vtprotobuf by @jzelinskie in #821
- gomod: bump compress to v1.15.10 by @jzelinskie in #822
- Disable GC in datastore drivers when in read-only mode by @josephschorr in #811
- bump kuberesolver to pick up serviceaccount token refresh by @ecordell in #817
- Ensure that internal errors are returned before dev errors by @josephschorr in #823
- Use MarshalVT() and UnmarshalVT() everywhere by @jzelinskie in #824
- internal/datastore: use proto.Marshal by @jzelinskie in #825
- Add a test for writing and reading back a serialized namespace in the datastores by @josephschorr in #826
- caveat in MemDB datastore by @vroldanbet in #807
- forward cli flags GCMaxOperationTime and SplitAtUsersetCount to MySQL datastore by @vroldanbet in #829
- Change all user-visible type errors into proper wrapped error structs by @josephschorr in #831
- reduce e2e flakes by @ecordell in #834
- Batch check improvements by @josephschorr in #777
- Fix performance for large schema writes in V1Alpha1 by @josephschorr in #837
- Fix chunking util to never call for an empty chunk by @josephschorr in #840
- Change caching to sort order resource and subject IDs by @josephschorr in #841
- Improve the WASM developer package interface by @josephschorr in #828
- internal/dispatch: gofumpt 4.0 by @jzelinskie in #845
- update cobrautil to latest commit by @vroldanbet in #842
- pkg/cmd: support cache sizes in percentages of free memory by @jzelinskie in #827
- Add building of WASM developer binary to releases by @samkim in #833
- pkg/cache: implement metrics for noop cache by @jzelinskie in #848
- introduce caveat support in WriteRelationships/ReadRelationships by @vroldanbet in #838
- Start work for dispatch for caveats by adding MembershipSet by @josephschorr in #849
- internal: add docker build tag to transitives by @jzelinskie in #854
- docker: switch to chainguard base images by @jzelinskie in #857
- Switch check dispatch to use the new MembershipSet by @josephschorr in #855
- Dependabot updates for Oct 2022 by @josephschorr in #867
- Dependabot updates for Oct 2022, Part 2 by @josephschorr in #873
- Change check dispatching to support caveat expr evaluation by @josephschorr in #865
- Dependabot updates for Oct 2022, Part 3 by @josephschorr in #876
- Add caveats flag to disable writing by default on all datastores by @josephschorr in #866
Full Changelog: v1.12.0...v1.13.0
Docker Images
This release is available at authzed/spicedb:v1.13.0, quay.io/authzed/spicedb:v1.13.0, ghcr.io/authzed/spicedb:v1.13.0
Contributors
ecordell, samkim, and 3 other contributors
Assets 15
v1.12.0
Highlights
- new
lookupsubjectsRPC answers the question "which subjects have a given permission over a specific resource?" - CRDB Store now exposes prometheus metrics for the connection pool
- new
debugcontainers now being published, which includesbusybox. This is convenient for development environments that require a shell - PGX driver no longer logs on debug by default, cleaning up SpiceDB's
infolevel - CRDB datastore now properly supports connection draining procedures
- added configurable limits for write and delete relationship APIs
- leaner and more secure docker images based on distroless.dev
What's Changed
- hack: mv install-tools into hack dir by @jzelinskie in #737
- fix panic on cached optimized revisions by @vroldanbet in #740
- README: add OpenSSF best practices badge by @jzelinskie in #742
- bump crdb in tests to 22.1.5 by @ecordell in #745
- update spanner emulator logs by @ecordell in #746
- more resilient CRDB datastore on connection draining by @vroldanbet in #744
- Use distroless.dev/static base, add debug variants by @imjasonh in #750
- adds trivy security scanner to lint CI job by @vroldanbet in #751
- Begin work on LookupSubjects by @josephschorr in #736
- Add a nightly build for spicedb by @ecordell in #762
- Revert "Add a nightly build for spicedb" by @ecordell in #763
- fixes link to go-memdb by @vroldanbet in #766
- Fix various error references by @josephschorr in #769
- removes v1.RelationshipUpdate from datastore.ReadWriteTransaction by @vroldanbet in #771
- Fully implement the LookupSubjects API by @josephschorr in #770
- add datastore metrics to CockroachDB datastore by @vroldanbet in #774
- Begin implementation of a library for processing caveat expressions by @josephschorr in #760
- newly added lookup subject metrics weren't being unregistered by @vroldanbet in #778
- Add configurable limits for write and delete relationship APIs by @josephschorr in #775
- Dependabot Updates for Sept 1 by @josephschorr in #785
- Dependabot Updates for Sept 1, part 2 by @josephschorr in #792
- Dependabot updates for Sept 1, part 3 by @josephschorr in #795
- Handle duplicate writes in a nicer way by @josephschorr in #796
- remove dupe validation in WriteRelationships by @vroldanbet in #799
- map pgx info logging level to debug by @vroldanbet in #798
- Change v1alpha1 WriteSchema to only read namespaces it needs by @josephschorr in #805
- Update authzed-go client by @samkim in #806
- Improve write constraint failures by @josephschorr in #801
- reduce differences between release and dev dockerfiles by @vroldanbet in #797
- Remove checks on configurable PermissionService limits and rely upon defaults by @josephschorr in #808
Docker Images
This release is available at:
authzed/spicedb:v1.12.0quay.io/authzed/spicedb:v1.12.0ghcr.io/authzed/spicedb:v1.12.0authzed/spicedb:v1.12.0-debugquay.io/authzed/spicedb:v1.12.0-debugghcr.io/authzed/spicedb:v1.12.0-debug
New Contributors
Full Changelog: v1.11.0...v1.12.0
Contributors
ecordell, imjasonh, and 4 other contributors
Assets 15
v1.11.0
Warning
This release contains a change to the internaldispatchAPI, which means that v1.10.0 and v1.11.0 can not dispatch to each other during a rolling upgrade. To upgrade without downtime, run these as separate Kubernetes services, or disable dispatch before upgrading.
Highlights
- Check requests can now be traced using the zed CLI using
zed permission check --explain serve-testingnow supports HTTP- Performance improvements for LookupResources, WriteSchemas, and dispatch in general
- The Watch API is disabled automatically if CRDB datatstores don't support Change Feeds
What's Changed
- Have WASM development package return updated validation YAML by @josephschorr in #710
- Add a flag for disabling stat writes by @ecordell in #711
- Add ability to trace a check request by @josephschorr in #703
- Implement support for batch reachability by @josephschorr in #691
- Add issue links to readme by @samkim in #694
- Concurrency limit by @jakedt in #713
- Add ability to enable the REST gateway for the test server by @josephschorr in #714
- remove rangefeed config from crdb migrations by @ecordell in #707
- Depbot updates for Aug 1 by @josephschorr in #721
- Depbot updates for Aug 1 - part 2 by @josephschorr in #727
- Depbot updates for Aug 1 - part 3 by @josephschorr in #732
- Fix bounds on check test by @josephschorr in #728
- switch crdb watch feature detection to only require CONTROLCHANGEFEED by @ecordell in #722
- Skip checking of permissions for relationships in WriteSchema by @josephschorr in #734
Full Changelog: v1.10.0...v1.11.0
Docker Images
This release is available at authzed/spicedb:v1.11.0, quay.io/authzed/spicedb:v1.11.0, ghcr.io/authzed/spicedb:v1.11.0
Contributors
ecordell, samkim, and 2 other contributors